Skip to content
Container Signing Test

Container Signing Test #27

Sign in to view logs

Container Signing Test

Container Signing Test #27

Workflow file for this run

.github/workflows/sign-test.yml at 8aada78
name: Container Signing Test
on:
workflow_dispatch:
inputs:
namespace:
description: |
Enter the namespace . Default: demo
required: false
type: string
default: 'demo'
api:
description: 'Environment to run the tests on'
required: true
default: 'https://api.staging.endorlabs.com'
type: choice
options:
- https://api.staging.endorlabs.com
- https://api.endorlabs.com
jobs:
release:
name: Build and Sign
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Build JAR
run: mvn clean install -Dskiptests=true
- name: Endor Labs Code Scan
uses: endorlabs/github-action@main
with:
namespace: ${{ inputs.namespace }}
api: ${{ inputs.api }}
scan_summary_output_type: "table"
pr: "false"
enable_github_action_token: "true"
scan_dependencies: "true"
scan_secrets: "true"
scan_git_logs: "true"
- name: Create container
run: docker build -t jscott932/app-java-demo:latest .
- name: Get Image Digest to Sign
run: |
IMAGE_SHA=$(docker inspect jscott932/app-java-demo:latest | jq -r '.[].Id')
IMAGE_NAME=jscott932/app-java-demo
SIGNING_TARGET="$IMAGE_NAME"@"$IMAGE_SHA"
echo ARTIFACT="$SIGNING_TARGET" >> $GITHUB_ENV
- name: Container Sign
uses: endorlabs/github-action/sign@main
with:
namespace: ${{ inputs.namespace }}
api: ${{ inputs.api }}
artifact_name: ${{ env.ARTIFACT }}
- name: Endor Labs Container Scan
uses: endorlabs/github-action@main
with:
namespace: ${{ inputs.namespace }}
api: ${{ inputs.api }}
scan_summary_output_type: "table"
pr: "false"
enable_github_action_token: "true"
scan_dependencies: "false"
scan_container: "true"
image: "jscott932/app-java-demo:latest"
- name: Get Image Digest to Verify
run: |
VERIFY_SHA=$(docker inspect jscott932/app-java-demo:latest | jq -r '.[].Id')
VERIFY_IMAGE_NAME=jscott932/app-java-demo
VERIFY_TARGET="$VERIFY_IMAGE_NAME"@latest
echo VERIFY_ARTIFACT="$VERIFY_TARGET" >> $GITHUB_ENV
- name: Container verify
uses: endorlabs/github-action/verify@main
with:
namespace: ${{ inputs.namespace }}
api: ${{ inputs.api }}
artifact_name: ${{ env.VERIFY_ARTIFACT }}
certificate_oidc_issuer: "https://token.actions.githubusercontent.com"