fix: set the right attestation-name #4545
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Main | ||
| on: | ||
| push: | ||
| branches-ignore: | ||
| - "dependabot/**" | ||
| pull_request_target: | ||
| types: [opened, synchronize, reopened] | ||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | ||
| cancel-in-progress: true | ||
| jobs: | ||
| pre-build: | ||
| if: github.event_name == 'push' || github.actor == 'dependabot[bot]' | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| tag: ${{ steps.prep.outputs.tag }} | ||
| trail_name: ${{ steps.prep.outputs.trail_name }} | ||
| trail_template_file: ${{ steps.prep.outputs.trail_template_file }} | ||
| checkout_ref: ${{ steps.prep.outputs.checkout_ref }} | ||
| report_to_kosli: ${{ steps.prep.outputs.report_to_kosli }} | ||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 | ||
| with: | ||
| egress-policy: audit | ||
| - uses: actions/checkout@v6 | ||
| with: | ||
| ref: ${{ github.event.pull_request.head.sha || github.sha }} | ||
| - name: Prepare | ||
| id: prep | ||
| run: | | ||
| if [ "${{ github.event_name }}" == "pull_request_target" ]; then | ||
| SHA=${{ github.event.pull_request.head.sha }} | ||
| else | ||
| SHA=$GITHUB_SHA | ||
| fi | ||
| TAG=$(echo $SHA | head -c7) | ||
| echo "TAG=${TAG}" >> ${GITHUB_ENV} | ||
| echo "tag=$TAG" >> $GITHUB_OUTPUT | ||
| echo "checkout_ref=$SHA" >> $GITHUB_OUTPUT | ||
| if [ "${GITHUB_REF}" == refs/tags/* ]; then | ||
| TRAIL_NAME=${GITHUB_REF##refs/tags/} | ||
| TRAIL_TEMPLATE_FILE=release-flow-template.yml | ||
| else | ||
| TRAIL_NAME=$(echo $SHA | head -c 7) | ||
| TRAIL_TEMPLATE_FILE=main-flow-template.yml | ||
| fi | ||
| echo "TRAIL_NAME=${TRAIL_NAME}" >> $GITHUB_ENV | ||
| echo "trail_name=$TRAIL_NAME" >> $GITHUB_OUTPUT | ||
| echo "TRAIL_TEMPLATE_FILE=${TRAIL_TEMPLATE_FILE}" >> $GITHUB_ENV | ||
| echo "trail_template_file=$TRAIL_TEMPLATE_FILE" >> $GITHUB_OUTPUT | ||
| if [ "${{ github.event_name }}" == "push" ] && [ "${GITHUB_REF}" == "refs/heads/main" ]; then | ||
| echo "report_to_kosli=all" >> $GITHUB_OUTPUT | ||
| elif [ "${{ github.event_name }}" == "push" ] && [[ "${GITHUB_REF}" == refs/tags/* ]]; then | ||
| echo "report_to_kosli=release" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "report_to_kosli=none" >> $GITHUB_OUTPUT | ||
| fi | ||
| init-kosli: | ||
| needs: [pre-build] | ||
| uses: ./.github/workflows/init_kosli.yml | ||
|
Check failure on line 70 in .github/workflows/main.yml
|
||
| with: | ||
| FLOW_NAME: cli | ||
| TRAIL_NAME: ${{ needs.pre-build.outputs.trail_name }} | ||
| FLOW_TEMPLATE_FILE: ${{ needs.pre-build.outputs.trail_template_file }} | ||
| KOSLI_ORG: kosli-public | ||
| checkout_ref: ${{ needs.pre-build.outputs.checkout_ref }} | ||
| report_to_kosli: ${{ needs.pre-build.outputs.report_to_kosli }} | ||
| secrets: | ||
| kosli_api_token: ${{ secrets.KOSLI_PUBLIC_API_TOKEN }} | ||
| pr_github_token: ${{ secrets.GITHUB_TOKEN }} | ||
| test: | ||
| needs: [pre-build, init-kosli] | ||
| uses: ./.github/workflows/test.yml | ||
| with: | ||
| AWS_ACCOUNT_ID: 772819027869 | ||
| AWS_REGION: eu-central-1 | ||
| FLOW_NAME: cli | ||
| TRAIL_NAME: ${{ needs.pre-build.outputs.trail_name }} | ||
| KOSLI_ORG: kosli-public | ||
| checkout_ref: ${{ needs.pre-build.outputs.checkout_ref }} | ||
| report_to_kosli: ${{ needs.pre-build.outputs.report_to_kosli }} | ||
| secrets: | ||
| github_access_token: ${{ secrets.KOSLI_GITHUB_TOKEN }} | ||
| gitlab_access_token: ${{ secrets.KOSLI_GITLAB_TOKEN }} | ||
| azure_access_token: ${{ secrets.KOSLI_AZURE_TOKEN }} | ||
| azure_client_id: ${{ secrets.AZURE_CLIENT_ID }} | ||
| azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }} | ||
| bitbucket_access_token: ${{ secrets.KOSLI_BITBUCKET_ACCESS_TOKEN }} | ||
| jira_api_token: ${{ secrets.KOSLI_JIRA_API_TOKEN }} | ||
| slack_webhook: ${{ secrets.MERKELY_SLACK_CI_FAILURES_WEBHOOK }} | ||
| slack_channel: ci-failures | ||
| snyk_token: ${{ secrets.SNYK_TOKEN }} | ||
| kosli_reporting_api_token: ${{ secrets.KOSLI_PUBLIC_API_TOKEN }} | ||
| kosli_querying_api_token: ${{ secrets.KOSLI_API_TOKEN_PROD }} | ||
| sonarqube_token: ${{ secrets.KOSLI_SONARQUBE_TOKEN }} | ||
| docker: | ||
| needs: [pre-build, test, init-kosli] | ||
| uses: ./.github/workflows/docker.yml | ||
| with: | ||
| tag: ${{ needs.pre-build.outputs.tag }} | ||
| platforms: linux/amd64,linux/arm64 | ||
| flow_name: cli | ||
| trail_name: ${{ needs.pre-build.outputs.trail_name }} | ||
| kosli_org: kosli-public | ||
| checkout_ref: ${{ needs.pre-build.outputs.checkout_ref }} | ||
| report_to_kosli: ${{ needs.pre-build.outputs.report_to_kosli }} | ||
| secrets: | ||
| slack_webhook: ${{ secrets.MERKELY_SLACK_CI_FAILURES_WEBHOOK }} | ||
| slack_channel: ci-failures | ||
| kosli_api_token: ${{ secrets.KOSLI_PUBLIC_API_TOKEN }} | ||
| snyk_token: ${{ secrets.SNYK_TOKEN }} | ||
| slack-notification-on-failure: | ||
| runs-on: ubuntu-24.04 | ||
| permissions: | ||
| actions: read | ||
| contents: read | ||
| needs: | ||
| [ | ||
| pre-build, | ||
| init-kosli, | ||
| test, | ||
| docker | ||
| ] | ||
| if: ${{ always() && contains(join(needs.*.result, ','), 'failure') && github.ref == 'refs/heads/main' }} | ||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 | ||
| with: | ||
| egress-policy: audit | ||
| - name: Slack Notification on Failure | ||
| uses: kosli-dev/reusable-actions/.github/actions/send-ci-failure-slack-message@main | ||
| with: | ||
| slack_url: ${{ secrets.MERKELY_SLACK_CI_FAILURES_WEBHOOK }} | ||
| github_token: ${{ secrets.GITHUB_TOKEN }} | ||
