From 5bbfaa98e4d513f2d24b121712b297f6453e62c6 Mon Sep 17 00:00:00 2001 From: Utkarsh Mehta Date: Wed, 23 Feb 2022 00:47:32 +0530 Subject: [PATCH] Signing of SBOM reports (#99) * added cosign action * installing cosign using brew * minor fix * added actions step * removed the condition for testing * moved the cosign part to bottom * fixed cosign path * trying out moving some pieces * commented if condition * removed conditions for testing * uncommented if conditions Co-authored-by: Deepak Prabhakara --- .github/workflows/main.yml | 38 ++++++++++++++++++++++++-------------- hooks/useKeyPress.ts | 10 +++++----- hooks/useMediaQuery.ts | 6 +++--- hooks/useOnClickOutside.ts | 10 +++++----- postcss.config.js | 2 +- 5 files changed, 38 insertions(+), 28 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 527a3c7ef..fe4a3d48b 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -176,6 +176,20 @@ jobs: push: true tags: ${{ github.repository }}:latest,${{ github.repository }}:${{ steps.slug.outputs.sha7 }},${{ github.repository }}:${{ steps.npmversion.outputs.npmversion }} + - name: Image digest + run: echo ${{ steps.docker_build.outputs.digest }} + + - name: Login to GitHub Container Registry + run: | + echo "${{secrets.GITHUB_TOKEN}}" | docker login ghcr.io -u ${{github.repository_owner}} --password-stdin + + # - name: NPM Package SBOM Scan + # uses: anchore/scan-action@v3 + # with: + # path: './npm' + # fail-build: true + # severity-cutoff: high + - name: Set up Homebrew id: set-up-homebrew uses: Homebrew/actions/setup-homebrew@master @@ -191,23 +205,10 @@ jobs: - name: Sign the image if: github.ref == 'refs/heads/release' - run: cosign sign --key /tmp/cosign.key ${{ github.repository }}:${{ steps.slug.outputs.sha7 }} + run: cosign sign --key /tmp/cosign.key ${{ github.repository }}:${{ steps.slug.outputs.sha7 }} || true env: COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} - - name: Image digest - run: echo ${{ steps.docker_build.outputs.digest }} - - - name: Login to GitHub Container Registry - run: | - echo "${{secrets.GITHUB_TOKEN}}" | docker login ghcr.io -u ${{github.repository_owner}} --password-stdin - - # - name: NPM Package SBOM Scan - # uses: anchore/scan-action@v3 - # with: - # path: './npm' - # fail-build: true - # severity-cutoff: high - name: Create NPM Package SBOM Report [SPDX] uses: anchore/sbom-action@v0 with: @@ -313,6 +314,15 @@ jobs: cd npm ../oras_install/oras push ghcr.io/${{github.repository_owner}}/jackson/sbom:npm-${{ steps._npmversion.outputs.npmversion }} ./sbom.* cd .. + + - name: Sign the sbom images + if: github.ref == 'refs/heads/release' + run: | + cosign sign --key /tmp/cosign.key ghcr.io/${{github.repository_owner}}/jackson/sbom:service-${{ steps._npmversion.outputs.npmversion }} || true + cosign sign --key /tmp/cosign.key ghcr.io/${{github.repository_owner}}/jackson/sbom:docker-${{ steps._npmversion.outputs.npmversion }} || true + cosign sign --key /tmp/cosign.key ghcr.io/${{github.repository_owner}}/jackson/sbom:npm-${{ steps._npmversion.outputs.npmversion }} || true + env: + COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} publish: needs: build runs-on: ubuntu-latest diff --git a/hooks/useKeyPress.ts b/hooks/useKeyPress.ts index 9325b0e27..904595f1b 100644 --- a/hooks/useKeyPress.ts +++ b/hooks/useKeyPress.ts @@ -1,4 +1,4 @@ -import { useEffect, useState } from "react"; +import { useEffect, useState } from 'react'; export default function useKeyPress(targetKey: string): boolean { // State for keeping track of whether key is pressed @@ -17,12 +17,12 @@ export default function useKeyPress(targetKey: string): boolean { }; // Add event listeners useEffect(() => { - window.addEventListener("keydown", downHandler); - window.addEventListener("keyup", upHandler); + window.addEventListener('keydown', downHandler); + window.addEventListener('keyup', upHandler); // Remove event listeners on cleanup return () => { - window.removeEventListener("keydown", downHandler); - window.removeEventListener("keyup", upHandler); + window.removeEventListener('keydown', downHandler); + window.removeEventListener('keyup', upHandler); }; }, []); // Empty array ensures that effect is only run on mount and unmount return keyPressed; diff --git a/hooks/useMediaQuery.ts b/hooks/useMediaQuery.ts index 9d06c7500..240629e79 100644 --- a/hooks/useMediaQuery.ts +++ b/hooks/useMediaQuery.ts @@ -1,4 +1,4 @@ -import { useState, useEffect } from "react"; +import { useState, useEffect } from 'react'; const useMediaQuery = (query: string) => { const [matches, setMatches] = useState(false); @@ -9,8 +9,8 @@ const useMediaQuery = (query: string) => { setMatches(media.matches); } const listener = () => setMatches(media.matches); - window.addEventListener("resize", listener); - return () => window.removeEventListener("resize", listener); + window.addEventListener('resize', listener); + return () => window.removeEventListener('resize', listener); }, [matches, query]); return matches; diff --git a/hooks/useOnClickOutside.ts b/hooks/useOnClickOutside.ts index 2915d8b59..7bdb2c030 100644 --- a/hooks/useOnClickOutside.ts +++ b/hooks/useOnClickOutside.ts @@ -1,4 +1,4 @@ -import { RefObject, useEffect } from "react"; +import { RefObject, useEffect } from 'react'; // https://usehooks-ts.com/react-hook/use-on-click-outside @@ -17,11 +17,11 @@ export default function useOnClickOutside( } handler(event); }; - document.addEventListener("mousedown", listener); - document.addEventListener("touchstart", listener); + document.addEventListener('mousedown', listener); + document.addEventListener('touchstart', listener); return () => { - document.removeEventListener("mousedown", listener); - document.removeEventListener("touchstart", listener); + document.removeEventListener('mousedown', listener); + document.removeEventListener('touchstart', listener); }; }, // Add ref and handler to effect dependencies diff --git a/postcss.config.js b/postcss.config.js index 33ad091d2..12a703d90 100644 --- a/postcss.config.js +++ b/postcss.config.js @@ -3,4 +3,4 @@ module.exports = { tailwindcss: {}, autoprefixer: {}, }, -} +};