Skip to content
Verify Pull Request

docs: update README for v1 with hardening support #283

Sign in to view logs

docs: update README for v1 with hardening support

docs: update README for v1 with hardening support #283

Workflow file for this run

.github/workflows/verify-pr.yaml at 3a76e74
---
name: Verify Pull Request
on:
pull_request:
branches:
- main
permissions:
contents: read
# Cancel any in-flight jobs for the same pull request so there is only one job active at a time.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
verify:
runs-on: ubuntu-22.04
steps:
- name: Checkout Code
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Run Cimon
uses: ./
with:
client-id: ${{ secrets.CIMON_CLIENT_ID }}
secret: ${{ secrets.CIMON_SECRET }}
prevent: true
allowed-hosts: >
cycode.com
registry.npmjs.org
report-process-tree: true
fail-on-error: true
- name: Test
run: |
curl -I https://api.github.com
curl -I https://cycode.com
wget --quiet --timeout 1 https://registry.npmjs.org || true
verify-in-container:
runs-on: ubuntu-22.04
container:
image: alpine:3.18
options: --privileged
steps:
- name: Checkout Code
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Install dependencies
run: |
apk update
apk add curl wget
- name: Run Cimon
uses: ./
with:
client-id: ${{ secrets.CIMON_CLIENT_ID }}
secret: ${{ secrets.CIMON_SECRET }}
prevent: true
allowed-hosts: >
cycode.com
registry.npmjs.org
report-process-tree: true
fail-on-error: true
- name: Test
run: |
curl -I https://api.github.com
curl -I https://cycode.com
wget --quiet --timeout 1 https://registry.npmjs.org || true
verify-provenance:
runs-on: ubuntu-22.04
steps:
- name: Checkout Code
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Create Private Key
run: |
openssl genrsa -out private-key.pem 3072
- name: Run Cimon
uses: ./attest
with:
client-id: ${{ secrets.CIMON_CLIENT_ID }}
secret: ${{ secrets.CIMON_SECRET }}
subjects: NDgyY2U4YzhmN2U4NjdkYTNhM2MwNWE5YWVlNjM3NzAzZTE3NDcwZWQxY2Y4ODJhOWU1YjQwNWU4ZjgyNjE5ZCAgYXJ0aWZhY3QxCjg5Y2ZjNjk1NGU4OGIyZjkyYTdjMjg3OWQ5ZWIwODVjNDJmM2M3MDY1ZDAxMmE1MDY2ZjQ1MGRiZTU5YjJjMDAgIGFydGlmYWN0Mgo=
sign-key: private-key.pem
report-job-summary: true
report-artifact: true
fail-on-error: true
verify-provenance-image-ref:
runs-on: ubuntu-22.04
steps:
- name: Checkout Code
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Create Private Key
run: |
openssl genrsa -out private-key.pem 3072
- name: Run Cimon
uses: ./attest
with:
client-id: ${{ secrets.CIMON_CLIENT_ID }}
secret: ${{ secrets.CIMON_SECRET }}
subjects: 'cycodelabs/cimon@sha256:ad4ab84178621f359a5ec1ba9eff8ba46626d8d1999416646b6aaa96bfcbf802'
sign-key: private-key.pem
report-job-summary: true
report-artifact: true
fail-on-error: true
verify-agent-and-attest:
runs-on: ubuntu-22.04
steps:
- name: Checkout Code
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Run Cimon Agent
uses: ./
with:
client-id: ${{ secrets.CIMON_CLIENT_ID }}
secret: ${{ secrets.CIMON_SECRET }}
report-process-tree: true
fail-on-error: true
- name: Create Artifact
run: |
echo artifact > artifact.txt
- name: Run Cimon Attest
uses: ./attest
with:
client-id: ${{ secrets.CIMON_CLIENT_ID }}
secret: ${{ secrets.CIMON_SECRET }}
subjects: artifact.txt
report-job-summary: true
fail-on-error: true
- name: Test
run: |
curl -I https://api.github.com
curl -I https://cycode.com
wget --quiet --timeout 1 https://registry.npmjs.org || true