Signing of SBOM reports (#99)

* added cosign action * installing cosign using brew * minor fix * added actions step * removed the condition for testing * moved the cosign part to bottom * fixed cosign path * trying out moving some pieces * commented if condition * removed conditions for testing * uncommented if conditions Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
2022-02-23 00:47:32 +05:30 · 2022-02-23 00:47:32 +05:30 · 5bbfaa98e4
parent 44607459e0
commit 5bbfaa98e4
5 changed files with 38 additions and 28 deletions
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -176,6 +176,20 @@ jobs:
          push: true
          tags: ${{ github.repository }}:latest,${{ github.repository }}:${{ steps.slug.outputs.sha7 }},${{ github.repository }}:${{ steps.npmversion.outputs.npmversion }}

+      - name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}
+
+      - name: Login to GitHub Container Registry
+        run: |
+          echo "${{secrets.GITHUB_TOKEN}}" | docker login ghcr.io -u ${{github.repository_owner}} --password-stdin
+
+      # - name: NPM Package SBOM Scan
+      #   uses: anchore/scan-action@v3
+      #   with:
+      #     path: './npm'
+      #     fail-build: true
+      #     severity-cutoff: high
+
      - name: Set up Homebrew
        id: set-up-homebrew
        uses: Homebrew/actions/setup-homebrew@master
@ -191,23 +205,10 @@ jobs:

      - name: Sign the image
        if: github.ref == 'refs/heads/release'
-        run: cosign sign --key /tmp/cosign.key ${{ github.repository }}:${{ steps.slug.outputs.sha7 }}
+        run: cosign sign --key /tmp/cosign.key ${{ github.repository }}:${{ steps.slug.outputs.sha7 }} || true
        env:
          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}

-      - name: Image digest
-        run: echo ${{ steps.docker_build.outputs.digest }}
-
-      - name: Login to GitHub Container Registry
-        run: |
-          echo "${{secrets.GITHUB_TOKEN}}" | docker login ghcr.io -u ${{github.repository_owner}} --password-stdin
-
-      # - name: NPM Package SBOM Scan
-      #   uses: anchore/scan-action@v3
-      #   with:
-      #     path: './npm'
-      #     fail-build: true
-      #     severity-cutoff: high
      - name: Create NPM Package SBOM Report [SPDX]
        uses: anchore/sbom-action@v0
        with:
@ -313,6 +314,15 @@ jobs:
          cd npm
          ../oras_install/oras push ghcr.io/${{github.repository_owner}}/jackson/sbom:npm-${{ steps._npmversion.outputs.npmversion }} ./sbom.*
          cd ..
+
+      - name: Sign the sbom images
+        if: github.ref == 'refs/heads/release'
+        run: |
+          cosign sign --key /tmp/cosign.key ghcr.io/${{github.repository_owner}}/jackson/sbom:service-${{ steps._npmversion.outputs.npmversion }} || true
+          cosign sign --key /tmp/cosign.key ghcr.io/${{github.repository_owner}}/jackson/sbom:docker-${{ steps._npmversion.outputs.npmversion }} || true
+          cosign sign --key /tmp/cosign.key ghcr.io/${{github.repository_owner}}/jackson/sbom:npm-${{ steps._npmversion.outputs.npmversion }} || true
+        env:
+          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
  publish:
    needs: build
    runs-on: ubuntu-latest
--- a/hooks/useKeyPress.ts
+++ b/hooks/useKeyPress.ts
@ -1,4 +1,4 @@
-import { useEffect, useState } from "react";
+import { useEffect, useState } from 'react';

 export default function useKeyPress(targetKey: string): boolean {
  // State for keeping track of whether key is pressed
@ -17,12 +17,12 @@ export default function useKeyPress(targetKey: string): boolean {
  };
  // Add event listeners
  useEffect(() => {
-    window.addEventListener("keydown", downHandler);
-    window.addEventListener("keyup", upHandler);
+    window.addEventListener('keydown', downHandler);
+    window.addEventListener('keyup', upHandler);
    // Remove event listeners on cleanup
    return () => {
-      window.removeEventListener("keydown", downHandler);
-      window.removeEventListener("keyup", upHandler);
+      window.removeEventListener('keydown', downHandler);
+      window.removeEventListener('keyup', upHandler);
    };
  }, []); // Empty array ensures that effect is only run on mount and unmount
  return keyPressed;
--- a/hooks/useMediaQuery.ts
+++ b/hooks/useMediaQuery.ts
@ -1,4 +1,4 @@
-import { useState, useEffect } from "react";
+import { useState, useEffect } from 'react';

 const useMediaQuery = (query: string) => {
  const [matches, setMatches] = useState(false);
@ -9,8 +9,8 @@ const useMediaQuery = (query: string) => {
      setMatches(media.matches);
    }
    const listener = () => setMatches(media.matches);
-    window.addEventListener("resize", listener);
-    return () => window.removeEventListener("resize", listener);
+    window.addEventListener('resize', listener);
+    return () => window.removeEventListener('resize', listener);
  }, [matches, query]);

  return matches;
--- a/hooks/useOnClickOutside.ts
+++ b/hooks/useOnClickOutside.ts
@ -1,4 +1,4 @@
-import { RefObject, useEffect } from "react";
+import { RefObject, useEffect } from 'react';

 // https://usehooks-ts.com/react-hook/use-on-click-outside

@ -17,11 +17,11 @@ export default function useOnClickOutside<T extends HTMLElement = HTMLElement>(
        }
        handler(event);
      };
-      document.addEventListener("mousedown", listener);
-      document.addEventListener("touchstart", listener);
+      document.addEventListener('mousedown', listener);
+      document.addEventListener('touchstart', listener);
      return () => {
-        document.removeEventListener("mousedown", listener);
-        document.removeEventListener("touchstart", listener);
+        document.removeEventListener('mousedown', listener);
+        document.removeEventListener('touchstart', listener);
      };
    },
    // Add ref and handler to effect dependencies
--- a/postcss.config.js
+++ b/postcss.config.js
@ -3,4 +3,4 @@ module.exports = {
    tailwindcss: {},
    autoprefixer: {},
  },
-}
+};