Skip to content
This repository was archived by the owner on Nov 24, 2025. It is now read-only.

Commit 398313c

Browse files
authored
Merge pull request #123 from philips-software/job-summary
Add summary on end of the steps
2 parents 33d79be + eb289d9 commit 398313c

3 files changed

Lines changed: 36 additions & 10 deletions

File tree

container_digest.sh

Lines changed: 24 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -62,8 +62,10 @@ echo "==========================================================================
6262
echo "Finished getting docker digest and tags"
6363
echo "============================================================================================"
6464

65+
echo '## Secure Software Supply Chain :rocket:' >> "$GITHUB_STEP_SUMMARY"
6566
if [ -n "${SIGN}" ]
6667
then
68+
echo '### Sign image' >> "$GITHUB_STEP_SUMMARY"
6769
echo "Signing image"
6870

6971
COSIGN_KEY=$(mktemp /tmp/cosign.XXXXXXXXXX) || exit 1
@@ -78,13 +80,18 @@ then
7880

7981
echo "Verify signing"
8082
cosign verify --key "$COSIGN_PUB" "$docker_registry_prefix"/"$imagename"@"${containerdigest}"
81-
82-
echo "::notice::Image is signed. You can verify it with the following command."
83-
echo "::notice::cosign verify --key cosign.pub $docker_registry_prefix/$imagename@${containerdigest}"
83+
84+
{
85+
echo 'Image is signed. You can verify it with the following command:'
86+
echo '```bash'
87+
echo "cosign verify --key cosign.pub $docker_registry_prefix/$imagename@${containerdigest}"
88+
echo '```'
89+
} >> "$GITHUB_STEP_SUMMARY"
8490
fi
8591

8692
if [ -n "${SLSA_PROVENANCE}" ]
8793
then
94+
echo "### SLSA Provenance" >> "$GITHUB_STEP_SUMMARY"
8895
echo "Running SLSA Provenance"
8996

9097
encoded_github="$(echo "$GITHUB_CONTEXT" | base64 -w 0)"
@@ -116,13 +123,18 @@ then
116123
echo "Attest predicate"
117124
cosign attest --predicate provenance-predicate.json --key "$COSIGN_KEY" --type slsaprovenance "$docker_registry_prefix"/"$imagename"@"${containerdigest}"
118125

119-
echo "::notice::SLSA Provenance file is attested. You can verify it with the following command."
120-
echo "::notice::cosign verify-attestation --key cosign.pub $docker_registry_prefix/$imagename@${containerdigest} | jq '.payload |= @base64d | .payload | fromjson | select(.predicateType==\"https://slsa.dev/provenance/v0.2\" ) | .'"
126+
{
127+
echo "SLSA Provenance file is attested. You can verify it with the following command."
128+
echo '```bash'
129+
echo "cosign verify-attestation --key cosign.pub $docker_registry_prefix/$imagename@${containerdigest} | jq '.payload |= @base64d | .payload | fromjson | select(.predicateType==\"https://slsa.dev/provenance/v0.2\" ) | .'"
130+
echo '```'
131+
} >> "$GITHUB_STEP_SUMMARY"
121132
fi
122133
fi
123134

124135
if [ -n "${SBOM}" ]
125136
then
137+
echo "### SBOM" >> "$GITHUB_STEP_SUMMARY"
126138
echo "Using Syft to generate SBOM"
127139

128140
syft packages "$docker_registry_prefix"/"$imagename"@"${containerdigest}" -o spdx-json=sbom-spdx-formatted.json
@@ -145,8 +157,13 @@ then
145157

146158
echo "Done attesting the SBOM"
147159

148-
echo "::notice::SBOM file is attested. You can verify it with the following command."
149-
echo "::notice::cosign verify-attestation --key cosign.pub $docker_registry_prefix/$imagename@${containerdigest} | jq '.payload |= @base64d | .payload | fromjson | select( .predicateType==\"https://spdx.dev/Document\" ) | .predicate.Data | fromjson | .'"
160+
{
161+
echo "SBOM file is attested. You can verify it with the following command."
162+
echo '```bash'
163+
echo "cosign verify-attestation --key cosign.pub $docker_registry_prefix/$imagename@${containerdigest} | jq '.payload |= @base64d | .payload | fromjson | select( .predicateType==\"https://spdx.dev/Document\" ) | .predicate.Data | fromjson | .'"
164+
echo '```'
165+
} >> "$GITHUB_STEP_SUMMARY"
166+
150167
fi
151168
fi
152169

docker_push.sh

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -49,13 +49,22 @@ echo "Login to docker"
4949
echo "--------------------------------------------------------------------------------------------"
5050
echo "$DOCKER_PASSWORD" | docker login "$DOCKER_REGISTRY" -u "$DOCKER_USERNAME" --password-stdin
5151

52-
echo "::notice::Pushing $docker_registry_prefix/$imagename:$basetag"
52+
{
53+
echo '## Images pushed'
54+
echo ''
55+
echo '| Image |'
56+
echo '| ---- |'
57+
echo "| $docker_registry_prefix/$imagename:$basetag |"
58+
} >> "$GITHUB_STEP_SUMMARY"
59+
5360
docker push "$docker_registry_prefix"/"$imagename":"$basetag"
5461

5562
for tag in "${tags[@]:1}"; do
56-
echo "::notice::Pushing $docker_registry_prefix/$imagename:$tag"
63+
echo "| $docker_registry_prefix/$imagename:$tag |" >> "$GITHUB_STEP_SUMMARY"
5764
docker push "$docker_registry_prefix"/"$imagename":"$tag"
5865
done
66+
echo '' >> "$GITHUB_STEP_SUMMARY"
67+
5968
echo "--------------------------------------------------------------------------------------------"
6069

6170
echo "Update readme"

update_readme.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ RESPONSE_CODE=$(curl -s --write-out %{response_code} --output /dev/null -H "Auth
2121
echo "Received response code: $RESPONSE_CODE"
2222

2323
if [ "$RESPONSE_CODE" -eq 200 ]; then
24-
echo "Readme updated successfully"
24+
echo "Readme updated successfully" >> "$GITHUB_STEP_SUMMARY"
2525
else
2626
echo "Error updating readme"
2727
exit 1

0 commit comments

Comments
 (0)