Merge pull request #1 from testifysec/enable-witness

Enable witness
testifysec · Jul 13, 2024 · 8714747 · 8714747
2 parents d9a233a + 2b8b83d
commit 8714747
Showing 1 changed file with 14 additions and 7 deletions.
diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml
@@ -39,15 +39,22 @@ jobs:
       uses: actions/[email protected]
 
     - name: Build Image
-      shell: bash
-      run: |
-        docker buildx build -t ${{ steps.meta.outputs.tags }} --push .
+      uses: testifysec/witness-run-action@reusable-workflow # v0.2.0
+      with:
+        archivista-server: "https://judge-api.aws-sandbox-staging.testifysec.dev"
+        step: build-image
+        attestations: "environment git github slsa"
+        command: /bin/sh -c "docker buildx build -t ${{ steps.meta.outputs.tags }} --push ."
 
     - name: Generate SBOM
-      shell: bash
-      run: |
-        curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
-        syft ${{ steps.meta.outputs.tags }} --source-name=pkg:oci/${{ github.repository }} -o cyclonedx-json --file sbom.cdx.json
+      uses: testifysec/witness-run-action@reusable-workflow # v0.2.0
+      with:
+        archivista-server: "https://judge-api.aws-sandbox-staging.testifysec.dev"
+        step: gen-sbom
+        attestations: "environment git github sbom"
+        command: |
+          /bin/sh -c "curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin v1.7.0 && \
+            syft ${{ steps.meta.outputs.tags }} --source-name=pkg:oci/${{ github.repository }} -o cyclonedx-json --file sbom.cdx.json"
 
     - name: Upload SBOM
       uses: actions/[email protected]