124906d084
- Introduced multiple guides for workflows including Evidence Pack Validation, Incident Response, Model Validation, Performance & HIL, Release Signing, SBOM Validation, Secret Scanning, and Supply Chain Attestation. - Created dynamic badges for each workflow to reflect their status and compliance. - Implemented a checklist for validating CI/CD workflows and evidence packs. - Developed scripts for building firmware, testing, collecting evidence, and generating audit reports. - Added tools for generating community, documentation, quality, and security badges based on various reports. - Established endpoints for dynamic badges to be integrated into documentation and README files. - Enhanced the overall structure and traceability of CI/CD processes with evidence packs and automated checks.
28 lines
786 B
YAML
28 lines
786 B
YAML
name: Supply Chain Attestation
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
jobs:
|
|
supply_chain:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Build & provenance attestation
|
|
run: |
|
|
# Build (ex: PlatformIO, Docker, etc.)
|
|
echo "Build step..."
|
|
# Générer attestation provenance SLSA
|
|
slsa-generator provenance --output docs/supplychain-attestation.json
|
|
- name: Sign artefacts (cosign)
|
|
run: |
|
|
cosign sign --key ${{ secrets.SIGNING_KEY }} docs/supplychain-attestation.json
|
|
- name: Upload attestation
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: supplychain-attestation
|
|
path: docs/supplychain-attestation.json
|