From 2b8b83d78a7fff1160b759f47b41869e7265da99 Mon Sep 17 00:00:00 2001
From: Cole <cole@testifysec.com>
Date: Sat, 13 Jul 2024 11:38:46 -0500
Subject: [PATCH] Enable witness

---
 .github/workflows/pipeline.yml | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml
index b6c4372..48e7c59 100644
--- a/.github/workflows/pipeline.yml
+++ b/.github/workflows/pipeline.yml
@@ -39,15 +39,22 @@ jobs:
       uses: actions/checkout@v4.1.1
     
     - name: Build Image
-      shell: bash
-      run: |
-        docker buildx build -t ${{ steps.meta.outputs.tags }} --push .
+      uses: testifysec/witness-run-action@reusable-workflow # v0.2.0
+      with:
+        archivista-server: "https://judge-api.aws-sandbox-staging.testifysec.dev"
+        step: build-image
+        attestations: "environment git github slsa"
+        command: /bin/sh -c "docker buildx build -t ${{ steps.meta.outputs.tags }} --push ."
 
     - name: Generate SBOM
-      shell: bash
-      run: |
-        curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
-        syft ${{ steps.meta.outputs.tags }} --source-name=pkg:oci/${{ github.repository }} -o cyclonedx-json --file sbom.cdx.json
+      uses: testifysec/witness-run-action@reusable-workflow # v0.2.0
+      with:
+        archivista-server: "https://judge-api.aws-sandbox-staging.testifysec.dev"
+        step: gen-sbom
+        attestations: "environment git github sbom"
+        command: |
+          /bin/sh -c "curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin v1.7.0 && \
+            syft ${{ steps.meta.outputs.tags }} --source-name=pkg:oci/${{ github.repository }} -o cyclonedx-json --file sbom.cdx.json"
 
     - name: Upload SBOM
       uses: actions/upload-artifact@v4.3.3