From 086697f607a27e93ff5556d35334d2286d4c6b4b Mon Sep 17 00:00:00 2001
From: Clint <catsby@users.noreply.github.com>
Date: Thu, 17 Oct 2024 20:40:06 -0500
Subject: [PATCH] fix: revert "fix: remove unused GitHub Action install-tools"
 (#982)

Signed-off-by: catsby <clint@ctshryock.com>
---
 .github/actions/install-tools/action.yaml | 17 +++++++++++++++++
 .github/workflows/release.yaml            |  3 +++
 .grype.yaml                               |  9 +++++++++
 3 files changed, 29 insertions(+)
 create mode 100644 .github/actions/install-tools/action.yaml
 create mode 100644 .grype.yaml

diff --git a/.github/actions/install-tools/action.yaml b/.github/actions/install-tools/action.yaml
new file mode 100644
index 00000000..215b2b66
--- /dev/null
+++ b/.github/actions/install-tools/action.yaml
@@ -0,0 +1,17 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+name: install-tools
+description: "Install pipeline tools"
+
+runs:
+  using: composite
+  steps:
+    - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
+
+    - uses: anchore/sbom-action/download-syft@61119d458adab75f756bc0b9e4bde25725f86a7a # v0.17.2
+
+    - run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin"
+      shell: bash
+
+    - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 04beb572..8057d887 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -35,6 +35,9 @@ jobs:
       - name: Setup golang
         uses: ./.github/actions/golang
 
+      - name: Install tools
+        uses: ./.github/actions/install-tools
+
       - name: Download build artifacts
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
diff --git a/.grype.yaml b/.grype.yaml
new file mode 100644
index 00000000..a20e7f7c
--- /dev/null
+++ b/.grype.yaml
@@ -0,0 +1,9 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+ignore:
+  # This vulnerability does not affect UDS as we do not instantiate a rekor client
+  - vulnerability: GHSA-2h5h-59f5-c5x9
+
+  # This vulnerability does not affect UDS as we do not instantiate a rekor client
+  - vulnerability: GHSA-frqx-jfcm-6jjr