shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: reuse syft and cosign install actions across workflows (#16981)

Browse Source 
This pull request adds new GitHub Actions for installing `cosign` and
`syft`, and updates the CI, release, and security workflows.

**New Actions:**  
- [`install-cosign`](.github/actions/install-cosign/action.yaml):
Installs `cosign` with a configurable version.
- [`install-syft`](.github/actions/install-syft/action.yaml): Installs
`syft` with a configurable version.

**Workflow Updates:**  
- CI, release, and security workflows now use `install-cosign` and
`install-syft`.
This commit is contained in:
M Atif Ali
2025-03-25 06:22:17 +05:00
committed by GitHub
parent e8d5f98ede
commit 51cfec3261
5 changed files with 30 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/actions/install-cosign/action.yaml
+10
View File
@@ -0,0 +1,10 @@
name: "Install cosign"
description: |
Cosign Github Action.
runs:
using: "composite"
steps:
- name: Install cosign
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
with:
cosign-release: "v2.4.3"
.github/actions/install-syft/action.yaml
+10
View File
@@ -0,0 +1,10 @@
name: "Install syft"
description: |
Downloads Syft to the Action tool cache and provides a reference.
runs:
using: "composite"
steps:
- name: Install syft
uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0
with:
syft-version: "v1.20.0"
.github/workflows/ci.yaml
+2 -6
View File
@@ -1071,14 +1071,10 @@ jobs:
run: sudo apt-get install -y zstd
- name: Install cosign
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
with:
cosign-release: "v2.4.3"
uses: ./.github/actions/install-cosign
- name: Install syft
uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0
with:
syft-version: "v1.20.0"
uses: ./.github/actions/install-syft
- name: Setup Windows EV Signing Certificate
run: |
.github/workflows/release.yaml
+2 -6
View File
@@ -251,14 +251,10 @@ jobs:
rm /tmp/rcodesign.tar.gz
- name: Install cosign
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
with:
cosign-release: "v2.4.3"
uses: ./.github/actions/install-cosign
- name: Install syft
uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0
with:
syft-version: "v1.20.0"
uses: ./.github/actions/install-syft
- name: Setup Apple Developer certificate and API key
run: |
.github/workflows/security.yaml
+6
View File
@@ -85,6 +85,12 @@ jobs:
- name: Setup sqlc
uses: ./.github/actions/setup-sqlc
- name: Install cosign
uses: ./.github/actions/install-cosign
- name: Install syft
uses: ./.github/actions/install-syft
- name: Install yq
run: go run github.com/mikefarah/yq/v4@v4.44.3
- name: Install mockgen