From 51cfec326172095aec8534d17aa9aabac6a7dfd3 Mon Sep 17 00:00:00 2001 From: M Atif Ali Date: Tue, 25 Mar 2025 06:22:17 +0500 Subject: [PATCH] chore: reuse syft and cosign install actions across workflows (#16981) This pull request adds new GitHub Actions for installing `cosign` and `syft`, and updates the CI, release, and security workflows. **New Actions:** - [`install-cosign`](.github/actions/install-cosign/action.yaml): Installs `cosign` with a configurable version. - [`install-syft`](.github/actions/install-syft/action.yaml): Installs `syft` with a configurable version. **Workflow Updates:** - CI, release, and security workflows now use `install-cosign` and `install-syft`. --- .github/actions/install-cosign/action.yaml | 10 ++++++++++ .github/actions/install-syft/action.yaml | 10 ++++++++++ .github/workflows/ci.yaml | 8 ++------ .github/workflows/release.yaml | 8 ++------ .github/workflows/security.yaml | 6 ++++++ 5 files changed, 30 insertions(+), 12 deletions(-) create mode 100644 .github/actions/install-cosign/action.yaml create mode 100644 .github/actions/install-syft/action.yaml diff --git a/.github/actions/install-cosign/action.yaml b/.github/actions/install-cosign/action.yaml new file mode 100644 index 0000000000..acaf7ba1a7 --- /dev/null +++ b/.github/actions/install-cosign/action.yaml @@ -0,0 +1,10 @@ +name: "Install cosign" +description: | + Cosign Github Action. +runs: + using: "composite" + steps: + - name: Install cosign + uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 + with: + cosign-release: "v2.4.3" diff --git a/.github/actions/install-syft/action.yaml b/.github/actions/install-syft/action.yaml new file mode 100644 index 0000000000..7357cdc08e --- /dev/null +++ b/.github/actions/install-syft/action.yaml @@ -0,0 +1,10 @@ +name: "Install syft" +description: | + Downloads Syft to the Action tool cache and provides a reference. +runs: + using: "composite" + steps: + - name: Install syft + uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 + with: + syft-version: "v1.20.0" diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 2d9979b3bb..2ff0978e5d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1071,14 +1071,10 @@ jobs: run: sudo apt-get install -y zstd - name: Install cosign - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 - with: - cosign-release: "v2.4.3" + uses: ./.github/actions/install-cosign - name: Install syft - uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 - with: - syft-version: "v1.20.0" + uses: ./.github/actions/install-syft - name: Setup Windows EV Signing Certificate run: | diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 1a26d6bb9a..07a57b8ad9 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -251,14 +251,10 @@ jobs: rm /tmp/rcodesign.tar.gz - name: Install cosign - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 - with: - cosign-release: "v2.4.3" + uses: ./.github/actions/install-cosign - name: Install syft - uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 - with: - syft-version: "v1.20.0" + uses: ./.github/actions/install-syft - name: Setup Apple Developer certificate and API key run: | diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index 13235f2dc2..88e6b51771 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -85,6 +85,12 @@ jobs: - name: Setup sqlc uses: ./.github/actions/setup-sqlc + - name: Install cosign + uses: ./.github/actions/install-cosign + + - name: Install syft + uses: ./.github/actions/install-syft + - name: Install yq run: go run github.com/mikefarah/yq/v4@v4.44.3 - name: Install mockgen