diff --git a/.github/workflows/anchore-sbom-evidence-example.yaml b/.github/workflows/anchore-sbom-evidence-example.yaml index d8c9f00..ec54e72 100644 --- a/.github/workflows/anchore-sbom-evidence-example.yaml +++ b/.github/workflows/anchore-sbom-evidence-example.yaml @@ -8,7 +8,7 @@ permissions: jobs: package-docker-image-with-anchore-evidence: - runs-on: ubuntu-latest + runs-on: self-hosted env: REGISTRY_DOMAIN: ${{ vars.JF_URL }} REPO_NAME: 'docker-anchore-repo' diff --git a/.github/workflows/anchore-scan-evidence-example.yaml b/.github/workflows/anchore-scan-evidence-example.yaml index 1ca789d..3f2ec85 100644 --- a/.github/workflows/anchore-scan-evidence-example.yaml +++ b/.github/workflows/anchore-scan-evidence-example.yaml @@ -8,7 +8,7 @@ permissions: jobs: package-docker-image-with-anchore-evidence: - runs-on: ubuntu-latest + runs-on: self-hosted env: REGISTRY_DOMAIN: ${{ vars.JF_URL }} REPO_NAME: 'docker-anchore-repo' diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 1e6eb5c..2304df3 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -1,7 +1,7 @@ name: Build and deploy with evidence on: - [push, workflow_dispatch] + [ push, workflow_dispatch ] permissions: id-token: write @@ -9,7 +9,8 @@ permissions: jobs: Docker-build-with-evidence: - runs-on: ubuntu-latest + runs-on: self-hosted + environment: evidence steps: - name: Install jfrog cli uses: jfrog/setup-jfrog-cli@v4 @@ -17,6 +18,13 @@ jobs: JF_URL: ${{ vars.ARTIFACTORY_URL }} JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} + - name: Override jf tool + run: | + rm -f /Users/mishas/actions-runner/_work/_tool/jf/2.75.0/arm64/jf + cp /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf /Users/mishas/actions-runner/_work/_tool/jf/2.75.0/arm64/jf + echo "jfrog cli tool overridden with jf" + jf -v + - uses: actions/checkout@v4 - name: Log in to Artifactory Docker Registry @@ -46,17 +54,20 @@ jobs: - name: Evidence on docker run: | + jf -v + /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf evd create -h echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json - jf evd create --package-name example-project-app --package-version ${{ github.run_number }} --package-repo-name example-project-docker-dev-local \ - --key "${{ secrets.PRIVATE_KEY }}" --key-alias KEY-ALIAS \ + /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf evd create --package-name example-project-app --package-version ${{ github.run_number }} --package-repo-name example-project-docker-dev-local \ + --key "${{ secrets.PRIVATE_KEY }}" --key-alias MISHAS-KEY \ --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1 echo '๐Ÿ”Ž Evidence attached: `signature` ๐Ÿ” ' - name: Upload readme file run: | + jf -v jf rt upload ./README.md example-project-generic-dev/readme/${{ github.run_number }}/ --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }} - jf evd create --subject-repo-path example-project-generic-dev/readme/${{ github.run_number }}/README.md \ - --key "${{ secrets.PRIVATE_KEY }}" --key-alias KEY-ALIAS \ + /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf evd create --subject-repo-path example-project-generic-dev/readme/${{ github.run_number }}/README.md \ + --key "${{ secrets.PRIVATE_KEY }}" --key-alias MISHAS-KEY \ --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1 - name: Collecting Information from Git @@ -70,10 +81,11 @@ jobs: - name: Sign build evidence run: | + jf -v echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json - jf evd create --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }} \ + /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf evd create --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }} \ --predicate ./sign.json --predicate-type https://jfrog.com/evidence/build-signature/v1 \ - --key "${{ secrets.PRIVATE_KEY }}" --key-alias KEY-ALIAS + --key "${{ secrets.PRIVATE_KEY }}" --key-alias MISHAS-KEY echo '๐Ÿ”Ž Evidence attached: `build-signature` ๐Ÿ” ' >> $GITHUB_STEP_SUMMARY - name: Create release bundle @@ -82,20 +94,24 @@ jobs: jf release-bundle-create ${{ vars.BUNDLE_NAME }} ${{ github.run_number }} --signing-key PGP-RSA-2048 --spec bundle-spec.json --sync=true NAME_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ vars.BUNDLE_NAME }}'&bundleToFlash='${{ vars.BUNDLE_NAME }}'&repositoryKey=release-bundles-v2&activeKanbanTab=promotion' VER_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ vars.BUNDLE_NAME }}'&bundleToFlash='${{ vars.BUNDLE_NAME }}'&releaseBundleVersion='${{ github.run_number }}'&repositoryKey=release-bundles-v2&activeVersionTab=Version%20Timeline&activeKanbanTab=promotion' + jf evd create --release-bundle ${{ vars.BUNDLE_NAME }} --release-bundle-version ${{ github.run_number }} \ + --key "${{ secrets.PRIVATE_KEY }}" --key-alias MISHAS-KEY \ + --predicate ./sign.json --predicate-type https://jfrog.com/evidence/release-bundle-signature/v1 echo '๐Ÿ“ฆ Release bundle ['${{ vars.BUNDLE_NAME }}']('${NAME_LINK}'):['${{ github.run_number }}']('${VER_LINK}') created' >> $GITHUB_STEP_SUMMARY Promote-to-qa-and-test: - needs: Docker-build-with-evidence - runs-on: ubuntu-latest + needs: Docker-build-with-evidence + runs-on: self-hosted + environment: evidence steps: - + - name: Install jfrog cli uses: jfrog/setup-jfrog-cli@v4 env: JF_URL: ${{ vars.ARTIFACTORY_URL }} JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} - + - name: Promote to QA run: | jf release-bundle-promote ${{ vars.BUNDLE_NAME }} ${{ github.run_number }} QA --signing-key PGP-RSA-2048 --sync=true @@ -106,23 +122,24 @@ jobs: echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'", "test": "CI test", "result": "success" }' > test_evidence.json JF_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ vars.BUNDLE_NAME }}'&bundleToFlash='${{ vars.BUNDLE_NAME }}'&releaseBundleVersion='${{ github.run_number }}'&repositoryKey=release-bundles-v2&activeVersionTab=Version%20Timeline&activeKanbanTab=promotion' echo 'Test on Release bundle ['${{ vars.BUNDLE_NAME }}':'${{ github.run_number }}']('${JF_LINK}') success' >> $GITHUB_STEP_SUMMARY - jf evd create --release-bundle ${{ vars.BUNDLE_NAME }} --release-bundle-version ${{ github.run_number }} \ + /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf evd create --release-bundle ${{ vars.BUNDLE_NAME }} --release-bundle-version ${{ github.run_number }} \ --predicate ./test_evidence.json --predicate-type https://jfrog.com/evidence/testing-results/v1 \ - --key "${{ secrets.PRIVATE_KEY }}" --key-alias KEY-ALIAS + --key "${{ secrets.PRIVATE_KEY }}" --key-alias MISHAS-KEY echo '๐Ÿ”Ž Evidence attached: integration-test ๐Ÿงช ' >> $GITHUB_STEP_SUMMARY Policy-check-and-promote-to-prod: - needs: Promote-to-qa-and-test - runs-on: ubuntu-latest + needs: Promote-to-qa-and-test + runs-on: self-hosted + environment: evidence steps: - + - name: Install jfrog cli uses: jfrog/setup-jfrog-cli@v4 env: JF_URL: ${{ vars.ARTIFACTORY_URL }} JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} - + - name: Checkout uses: actions/checkout@v4 @@ -147,7 +164,7 @@ jobs: - name: Promote to Production run: | if [ "${{ env.RESULT }}" == "true" ]; then - jf evd create --key "${{ secrets.PRIVATE_KEY }}" --key-alias KEY-ALIAS \ + /Users/mishas/dev/repos/jfrog-cli/jfrog-cli/jf evd create --key "${{ secrets.PRIVATE_KEY }}" --key-alias MISHAS-KEY \ --release-bundle ${{ vars.BUNDLE_NAME }} --release-bundle-version ${{ github.run_number }} \ --predicate ./policy.json --predicate-type https://jfrog.com/evidence/approval/v1 jf release-bundle-promote ${{ vars.BUNDLE_NAME }} ${{ github.run_number }} PROD --signing-key PGP-RSA-2048 --sync=true @@ -156,4 +173,3 @@ jobs: echo "Fail promotion policy check" >> $GITHUB_STEP_SUMMARY exit 1 fi - diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 178c1e1..c6a8679 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -10,7 +10,7 @@ permissions: jobs: Docker-build-with-evidence: - runs-on: ubuntu-latest + runs-on: self-hosted steps: - name: Install jfrog cli uses: jfrog/setup-jfrog-cli@v4 diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml index b341905..e4b9f7b 100644 --- a/.github/workflows/cla.yml +++ b/.github/workflows/cla.yml @@ -8,7 +8,7 @@ on: jobs: CLAssistant: - runs-on: ubuntu-latest + runs-on: self-hosted steps: - uses: actions-ecosystem/action-regex-match@v2 id: sign-or-recheck diff --git a/.github/workflows/codeql-evidence-example.yml b/.github/workflows/codeql-evidence-example.yml index 147514a..0bacd23 100644 --- a/.github/workflows/codeql-evidence-example.yml +++ b/.github/workflows/codeql-evidence-example.yml @@ -10,7 +10,7 @@ permissions: jobs: codeql: name: Analyse - runs-on: ubuntu-latest + runs-on: self-hosted env: ATTACH_OPTIONAL_CUSTOM_MARKDOWN_TO_EVIDENCE: true strategy: diff --git a/.github/workflows/cypress-evidence-example.yml b/.github/workflows/cypress-evidence-example.yml index 5000162..c6271c8 100644 --- a/.github/workflows/cypress-evidence-example.yml +++ b/.github/workflows/cypress-evidence-example.yml @@ -7,7 +7,7 @@ permissions: actions: read jobs: package-docker-image-with-cypress-evidence: - runs-on: ubuntu-latest + runs-on: self-hosted env: REGISTRY_URL: ${{ vars.JF_URL }} REPO_NAME: 'docker-cypress-repo' diff --git a/.github/workflows/dependabot-evidence-example.yml b/.github/workflows/dependabot-evidence-example.yml index 80b41cc..4e67a44 100644 --- a/.github/workflows/dependabot-evidence-example.yml +++ b/.github/workflows/dependabot-evidence-example.yml @@ -8,7 +8,7 @@ permissions: jobs: dependabot-evidence-example: - runs-on: ubuntu-latest + runs-on: self-hosted env: REPO_NAME: 'dependabot-docker-local' IMAGE_NAME: 'dependabot-docker-image' diff --git a/.github/workflows/jira-evidence-example.yml b/.github/workflows/jira-evidence-example.yml index c4d1244..d6a700f 100644 --- a/.github/workflows/jira-evidence-example.yml +++ b/.github/workflows/jira-evidence-example.yml @@ -14,7 +14,7 @@ permissions: jobs: docker-build-with-jira-evidence: - runs-on: ubuntu-latest + runs-on: self-hosted env: DOCKER_REPO: 'test-docker-local' IMAGE_NAME: 'my-very-cool-image:${{ github.run_number }}' diff --git a/.github/workflows/katalon-evidence-example.yml b/.github/workflows/katalon-evidence-example.yml index 6ec725d..40e8245 100644 --- a/.github/workflows/katalon-evidence-example.yml +++ b/.github/workflows/katalon-evidence-example.yml @@ -10,7 +10,8 @@ permissions: jobs: package-docker-image-with-katalon-evidence: - runs-on: windows-latest + runs-on: self-hosted + environment: evidence env: REGISTRY_URL: ${{ vars.JF_URL}} REPO_NAME: 'docker-katalon-repo' diff --git a/.github/workflows/promote-to-prod.yml b/.github/workflows/promote-to-prod.yml index a150889..672ce5a 100644 --- a/.github/workflows/promote-to-prod.yml +++ b/.github/workflows/promote-to-prod.yml @@ -16,7 +16,7 @@ permissions: jobs: policy-check-and-promote-to-prod: - runs-on: ubuntu-latest + runs-on: self-hosted steps: - name: Install jfrog cli diff --git a/.github/workflows/scorecard-evidence-example.yml b/.github/workflows/scorecard-evidence-example.yml index 43afc8e..3ac1ce6 100644 --- a/.github/workflows/scorecard-evidence-example.yml +++ b/.github/workflows/scorecard-evidence-example.yml @@ -6,7 +6,7 @@ permissions: read-all jobs: ossf-scorecard-analysis: - runs-on: ubuntu-latest + runs-on: self-hosted env: REGISTRY_DOMAIN: ${{ vars.JF_URL }} REPO_NAME: 'docker-scorecard-repo' diff --git a/.github/workflows/semgrep-evidence-example.yml b/.github/workflows/semgrep-evidence-example.yml index 4ac7e5d..b767e82 100644 --- a/.github/workflows/semgrep-evidence-example.yml +++ b/.github/workflows/semgrep-evidence-example.yml @@ -5,7 +5,7 @@ on: jobs: semgrep_scan: name: semgrep/ci - runs-on: ubuntu-latest + runs-on: self-hosted container: image: semgrep/semgrep env: diff --git a/.github/workflows/simple-evidence.yml b/.github/workflows/simple-evidence.yml index 42e3a51..7cfde06 100644 --- a/.github/workflows/simple-evidence.yml +++ b/.github/workflows/simple-evidence.yml @@ -9,7 +9,7 @@ permissions: jobs: docker-build-with-evidence: - runs-on: ubuntu-latest + runs-on: self-hosted steps: - name: Install jfrog cli id: setup-cli diff --git a/.github/workflows/simple-flow.yml b/.github/workflows/simple-flow.yml index 76e0380..27b3e37 100644 --- a/.github/workflows/simple-flow.yml +++ b/.github/workflows/simple-flow.yml @@ -9,7 +9,7 @@ permissions: jobs: Docker-build: - runs-on: ubuntu-latest + runs-on: self-hosted steps: - name: Install jfrog cli uses: jfrog/setup-jfrog-cli@v4 diff --git a/.github/workflows/sonar-evidence-example.yml b/.github/workflows/sonar-evidence-example.yml index 41ffdd3..3600141 100644 --- a/.github/workflows/sonar-evidence-example.yml +++ b/.github/workflows/sonar-evidence-example.yml @@ -14,7 +14,7 @@ permissions: jobs: docker-build-with-sonar-evidence: - runs-on: ubuntu-latest + runs-on: self-hosted env: DOCKER_REPO: 'test-docker-local' IMAGE_NAME: 'my-very-cool-image:${{ github.run_number }}' diff --git a/.github/workflows/testRail-evidence-example.yml b/.github/workflows/testRail-evidence-example.yml index 59b8802..5f9ed5d 100644 --- a/.github/workflows/testRail-evidence-example.yml +++ b/.github/workflows/testRail-evidence-example.yml @@ -7,7 +7,7 @@ permissions: actions: read jobs: testRail-evidence-example: - runs-on: ubuntu-latest + runs-on: self-hosted env: REGISTRY_URL: ${{ vars.JF_URL }} REPO_NAME: 'docker-testrail-repo' diff --git a/.github/workflows/tfsec-evidence-example.yml b/.github/workflows/tfsec-evidence-example.yml index 3e11297..4448a34 100644 --- a/.github/workflows/tfsec-evidence-example.yml +++ b/.github/workflows/tfsec-evidence-example.yml @@ -9,7 +9,7 @@ permissions: jobs: package-terraform-with-tfsec-evidence: - runs-on: ubuntu-latest + runs-on: self-hosted env: ATTACH_OPTIONAL_CUSTOM_MARKDOWN_TO_EVIDENCE: true steps: diff --git a/.github/workflows/trivy-evidence-example.yml b/.github/workflows/trivy-evidence-example.yml index f193d47..4aca5f8 100644 --- a/.github/workflows/trivy-evidence-example.yml +++ b/.github/workflows/trivy-evidence-example.yml @@ -8,7 +8,7 @@ permissions: jobs: package-docker-image-with-trivy-evidence: - runs-on: ubuntu-latest + runs-on: self-hosted env: REGISTRY_DOMAIN: ${{ vars.JF_URL }} REPO_NAME: 'docker-trivy-repo' diff --git a/.github/workflows/zap-evidence-example.yml b/.github/workflows/zap-evidence-example.yml index ed7f631..78a16f0 100644 --- a/.github/workflows/zap-evidence-example.yml +++ b/.github/workflows/zap-evidence-example.yml @@ -15,7 +15,7 @@ permissions: jobs: zap-evidence-example: - runs-on: ubuntu-latest + runs-on: self-hosted env: DOCKER_REPO: 'test-docker-local' IMAGE_NAME: 'my-very-cool-image'