From 58831be9d097b04f9b1b704f23a0d41463c142cb Mon Sep 17 00:00:00 2001 From: Dan Barr Date: Wed, 9 Oct 2024 12:16:33 -0400 Subject: [PATCH] Minor formatting --- .github/workflows/build-image-signed-cosign-malicious.yml | 2 -- .../workflows/build-image-signed-cosign-static-copied.yml | 4 +--- .github/workflows/build-image-signed-cosign-static.yml | 3 +-- .github/workflows/build-image-signed-cosign.yml | 1 - .../workflows/build-image-signed-ghat-static-copied.yml | 2 +- .github/workflows/build-image-signed-ghat-static.yml | 2 +- .github/workflows/build-image-unsigned.yml | 1 - README.md | 8 +++++--- 8 files changed, 9 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build-image-signed-cosign-malicious.yml b/.github/workflows/build-image-signed-cosign-malicious.yml index 929fbc9..2f411a6 100644 --- a/.github/workflows/build-image-signed-cosign-malicious.yml +++ b/.github/workflows/build-image-signed-cosign-malicious.yml @@ -8,7 +8,6 @@ env: jobs: build: - runs-on: ubuntu-latest permissions: contents: read @@ -58,7 +57,6 @@ jobs: cache-from: type=gha cache-to: type=gha,mode=max - - name: Sign the published Docker image env: TAGS: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/build-image-signed-cosign-static-copied.yml b/.github/workflows/build-image-signed-cosign-static-copied.yml index cd749b2..c8b40bb 100644 --- a/.github/workflows/build-image-signed-cosign-static-copied.yml +++ b/.github/workflows/build-image-signed-cosign-static-copied.yml @@ -8,7 +8,6 @@ env: jobs: build: - runs-on: ubuntu-latest permissions: contents: read @@ -47,8 +46,7 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} context: . - file : Dockerfile.static - + file: Dockerfile.static - name: Sign the published Docker image env: diff --git a/.github/workflows/build-image-signed-cosign-static.yml b/.github/workflows/build-image-signed-cosign-static.yml index dfb1ba0..3681b85 100644 --- a/.github/workflows/build-image-signed-cosign-static.yml +++ b/.github/workflows/build-image-signed-cosign-static.yml @@ -8,7 +8,6 @@ env: jobs: build: - runs-on: ubuntu-latest permissions: contents: read @@ -47,7 +46,7 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} context: . - file : Dockerfile.static + file: Dockerfile.static - name: Sign the published Docker image env: diff --git a/.github/workflows/build-image-signed-cosign.yml b/.github/workflows/build-image-signed-cosign.yml index 84369bc..b0ea08d 100644 --- a/.github/workflows/build-image-signed-cosign.yml +++ b/.github/workflows/build-image-signed-cosign.yml @@ -8,7 +8,6 @@ env: jobs: build: - runs-on: ubuntu-latest permissions: contents: read diff --git a/.github/workflows/build-image-signed-ghat-static-copied.yml b/.github/workflows/build-image-signed-ghat-static-copied.yml index 12da64f..354aa2f 100644 --- a/.github/workflows/build-image-signed-ghat-static-copied.yml +++ b/.github/workflows/build-image-signed-ghat-static-copied.yml @@ -41,7 +41,7 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} context: . - file : Dockerfile.static + file: Dockerfile.static - name: Attest image uses: actions/attest-build-provenance@v1.4.1 diff --git a/.github/workflows/build-image-signed-ghat-static.yml b/.github/workflows/build-image-signed-ghat-static.yml index c05ae55..9c89292 100644 --- a/.github/workflows/build-image-signed-ghat-static.yml +++ b/.github/workflows/build-image-signed-ghat-static.yml @@ -41,7 +41,7 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} context: . - file : Dockerfile.static + file: Dockerfile.static - name: Attest image uses: actions/attest-build-provenance@v1.4.1 diff --git a/.github/workflows/build-image-unsigned.yml b/.github/workflows/build-image-unsigned.yml index 3759df4..1c6fa43 100644 --- a/.github/workflows/build-image-unsigned.yml +++ b/.github/workflows/build-image-unsigned.yml @@ -8,7 +8,6 @@ env: jobs: build: - runs-on: ubuntu-latest permissions: contents: read diff --git a/README.md b/README.md index 324a8ae..685c556 100644 --- a/README.md +++ b/README.md @@ -3,12 +3,11 @@ ## Overview The `demo-repo-js` project is a repository template primarily intended for testing and -demonstration purposes with stacklok projects. It is a simple JS project that allows you to +demonstration purposes with Stacklok projects. It is a simple JavaScript project that allows you to quickly get started with testing and demonstrating how you can use Minder and Trusty with -your Python projects. It features continuous integration (CI) workflows that demonstrate how to +your JavaScript projects. It features continuous integration (CI) workflows that demonstrate how to build, test, and sign artifacts using Sigstore and GitHub Attestations. - ## Features - Pre-configured `package.json` with `react` and `next` dependencies @@ -17,18 +16,21 @@ build, test, and sign artifacts using Sigstore and GitHub Attestations. - Dockerfile for building a container image GitHub Actions workflows for: + - Producing signed and unsigned artifacts using Sigstore and GitHub attestations API - Producing artifacts such as container images and binaries - Producing container images that are reproducible (always the same digest) - Producing "malicious" container images for testing purposes (e.g., code content was altered while building the image) Makefile targets for simulating out-of-band signing of artifacts (both intended and not): + - Generating signed container images and "malicious" images - Pushing container images to container registry (GHCR) - Generating a local key pair for signing container images - Sign container images using Sigstore by using a local key pair or by going through the Sigstore OIDC sign-in flow Branches: + - Set of pre-created branches to use for opening PRs each demonstrating a different feature or use case with Minder and Trusty ## How to Use This Template