Skip to content

chore(attest): run with sudo if possible #194

chore(attest): run with sudo if possible

chore(attest): run with sudo if possible #194

Workflow file for this run

---
name: Verify Pull Request
on:
pull_request:
branches:
- main
permissions:
contents: read
# Cancel any in-flight jobs for the same pull request so there is only one job active at a time.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
verify:
runs-on: ubuntu-22.04
steps:
- name: Checkout Code
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Run Cimon
uses: ./
with:
client-id: ${{ secrets.CIMON_CLIENT_ID }}
secret: ${{ secrets.CIMON_SECRET }}
prevent: true
allowed-hosts: >
cycode.com
registry.npmjs.org
report-process-tree: true
fail-on-error: true
- name: Test
run: |
curl -I https://api.github.com
curl -I https://cycode.com
wget --quiet --timeout 1 https://registry.npmjs.org || true
verify-fail-on-error:
runs-on: ubuntu-22.04
steps:
- name: Checkout Code
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Run Cimon
uses: ./
with:
client-id: ${{ secrets.CIMON_CLIENT_ID }}
secret: ${{ secrets.CIMON_SECRET }}
allowed-hosts: this,would,^$#yield,error
verify-provenance:
runs-on: ubuntu-22.04
steps:
- name: Checkout Code
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Create Private Key
run: |
openssl genrsa -out private-key.pem 3072
- name: Run Cimon
uses: ./attest
with:
subjects: NDgyY2U4YzhmN2U4NjdkYTNhM2MwNWE5YWVlNjM3NzAzZTE3NDcwZWQxY2Y4ODJhOWU1YjQwNWU4ZjgyNjE5ZCAgYXJ0aWZhY3QxCjg5Y2ZjNjk1NGU4OGIyZjkyYTdjMjg3OWQ5ZWIwODVjNDJmM2M3MDY1ZDAxMmE1MDY2ZjQ1MGRiZTU5YjJjMDAgIGFydGlmYWN0Mgo=
sign-key: private-key.pem
report-job-summary: true
report-artifact: true
fail-on-error: true