Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add npm builder workflow #881

Merged
merged 11 commits into from
Sep 26, 2022
Merged

feat: Add npm builder workflow #881

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
0f29dbe
Add workflow for npm builder
laurentsimon Sep 20, 2022
499b109
update privacy-check
laurentsimon Sep 20, 2022
0104e08
update
laurentsimon Sep 20, 2022
72c8a08
update
laurentsimon Sep 20, 2022
2365899
update
laurentsimon Sep 20, 2022
ee471f4
update
laurentsimon Sep 20, 2022
ba64258
yaml lint
laurentsimon Sep 21, 2022
c83c314
update
laurentsimon Sep 21, 2022
8c3291d
update
laurentsimon Sep 21, 2022
959ffab
linter
laurentsimon Sep 22, 2022
0ee36b5
Merge branch 'main' into feat/npmworkflow
laurentsimon Sep 26, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 65 additions & 0 deletions .github/actions/checkout-node/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
name: "Checkout a repository for a Node project"
description: "Checkout and setup the environment for a Node project"
inputs:
repository:
description: "Repository name with owner."
required: false
# Same default as https://github.com/actions/checkout/blob/main/action.yml#L6.
default: ${{ github.repository }}
ref:
# Note: the logic is fairly involved https://github.com/actions/checkout/blob/main/src/ref-helper.ts,
# so we do not attempt to resolve it ourselves or provide a default value. We let the official `actions/checkout`
# do it for us.
description: "The branch, tag or SHA to checkout."
required: false
token:
description: "The token to use."
required: false
# Same default as https://github.com/actions/checkout/blob/main/action.yml#L24.
default: ${{ github.token }}
node-version:
description: "The Node version to use, as expected by https://github.com/actions/setup-node."
required: true

runs:
using: "composite"
steps:
# Note: we could use a single block:
# `uses: actions/checkout
# with:
# ref: "${{ inputs.ref }}"`
# and it would work, because the ref field does not have a default
# value set https://github.com/actions/checkout/blob/main/action.yml#L7-L11.
# However, if this were to change in the future, we'd be setting an empty value
# when the developer has not defined it; and it would overwrite the default value
# set by the `actions/checkout`. Even if it is highly unlikely the `actions/checkout` team
# will set a default value in the future, we want to be sure it does not affect us if they do.
# This is why we use 2 blocks to call the `actions/checkout`:
# 1. if inputs.ref != ''
# 2. if inputs.ref == ''
- name: Checkout the repository with user ref
if: inputs.ref != ''
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
with:
fetch-depth: 1
persist-credentials: false
repository: "${{ inputs.repository }}"
ref: "${{ inputs.ref }}"
token: "${{ inputs.token }}"

- name: Checkout the repository with default ref
if: inputs.ref == ''
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
with:
fetch-depth: 1
persist-credentials: false
repository: "${{ inputs.repository }}"
token: "${{ inputs.token }}"

- name: Verify checkout
uses: slsa-framework/slsa-github-generator/.github/actions/verify-checkout@e3220805577deb9d193f64e519abcb3b50851df5

- name: Set up Node environment
uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3.4.1
with:
node-version: "${{ inputs.node-version }}"
8 changes: 4 additions & 4 deletions .github/workflows/builder_go_slsa3.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,10 @@ env:
BUILDER_BINARY: slsa-builder-go-linux-amd64 # Name of the binary in the release assets.
BUILDER_DIR: internal/builders/go # Source directory if we compile the builder.

defaults:
run:
shell: bash

###################################################################
# #
# Input and output argument definitions #
Expand Down Expand Up @@ -156,7 +160,6 @@ jobs:

- name: Build dry project
id: build-dry
shell: bash
env:
CONFIG_FILE: "${{ inputs.config-file }}"
UNTRUSTED_ENVS: "${{ inputs.evaluated-envs }}"
Expand Down Expand Up @@ -195,7 +198,6 @@ jobs:
- name: Download dependencies
env:
UNTRUSTED_WORKING_DIR: "${{ needs.build-dry.outputs.go-working-dir }}"
shell: bash
run: |
set -euo pipefail

Expand All @@ -211,7 +213,6 @@ jobs:

- name: Build project
id: build-gen
shell: bash
env:
CONFIG_FILE: "${{ inputs.config-file }}"
UNTRUSTED_ENVS: "${{ inputs.evaluated-envs }}"
Expand Down Expand Up @@ -262,7 +263,6 @@ jobs:

- name: Create and sign provenance
id: sign-prov
shell: bash
env:
UNTRUSTED_BINARY_NAME: "${{ needs.build-dry.outputs.go-binary-name }}"
UNTRUSTED_BINARY_HASH: "${{ needs.build.outputs.go-binary-sha256 }}"
Expand Down
Loading