Add a GitHub Action for installing slsa-verifier.

slsa-framework · Sep 19, 2022 · 632340c · 632340c
1 parent dc8be37
commit 632340c
Show file tree

Hide file tree

Showing 17 changed files with 19,558 additions and 0 deletions.
diff --git a/.github/workflows/pre-submit.actions.yml b/.github/workflows/pre-submit.actions.yml
@@ -0,0 +1,43 @@
+name: Actions pre submits
+on: [pull_request, workflow_dispatch]
+
+permissions: read-all
+
+jobs:
+  action-presubmit:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
+
+      - name: Setup Node.js 16
+        uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3.4.1
+        with:
+          node-version: 16
+
+      - name: Install dependencies
+        working-directory: actions/installer
+        run: npm ci
+
+      - name: Run build and tests
+        working-directory: actions/installer
+        run: npm run all
+
+      - name: Compare the expected and actual dist/ directories
+        working-directory: actions/installer
+        id: diff
+        run: |
+          set -euo pipefail
+          if [ "$(git diff --ignore-space-at-eol dist/ | wc -l)" -gt "0" ]; then
+            echo "Detected uncommitted changes after build.  See status below:"
+            git diff
+            exit 1
+          fi
+
+      # If there are uncommited changes in dist/, upload the directory
+      - name: Upload dist/
+        if: ${{ failure() && steps.diff.conclusion == 'failure' }}
+        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0
+        with:
+          name: dist
+          path: dist/
diff --git a/.github/workflows/pre-submit.yml → .github/workflows/pre-submit.cli.yml b/.github/workflows/pre-submit.yml → .github/workflows/pre-submit.cli.yml
diff --git a/actions/installer/.eslintignore b/actions/installer/.eslintignore
@@ -0,0 +1,3 @@
+dist/
+lib/
+node_modules/
diff --git a/actions/installer/.eslintrc.json b/actions/installer/.eslintrc.json
@@ -0,0 +1,53 @@
+{
+  "plugins": ["@typescript-eslint"],
+  "extends": ["plugin:github/recommended"],
+  "parser": "@typescript-eslint/parser",
+  "parserOptions": {
+    "ecmaVersion": 9,
+    "sourceType": "module",
+    "project": "./tsconfig.json"
+  },
+  "rules": {
+    "i18n-text/no-en": "off",
+    "eslint-comments/no-use": "off",
+    "import/no-namespace": "off",
+    "no-unused-vars": "off",
+    "@typescript-eslint/no-unused-vars": "error",
+    "@typescript-eslint/explicit-member-accessibility": ["error", {"accessibility": "no-public"}],
+    "@typescript-eslint/no-require-imports": "error",
+    "@typescript-eslint/array-type": "error",
+    "@typescript-eslint/await-thenable": "error",
+    "@typescript-eslint/ban-ts-comment": "error",
+    "camelcase": "off",
+    "@typescript-eslint/consistent-type-assertions": "error",
+    "@typescript-eslint/explicit-function-return-type": ["error", {"allowExpressions": true}],
+    "@typescript-eslint/func-call-spacing": ["error", "never"],
+    "@typescript-eslint/no-array-constructor": "error",
+    "@typescript-eslint/no-empty-interface": "error",
+    "@typescript-eslint/no-explicit-any": "error",
+    "@typescript-eslint/no-extraneous-class": "error",
+    "@typescript-eslint/no-for-in-array": "error",
+    "@typescript-eslint/no-inferrable-types": "error",
+    "@typescript-eslint/no-misused-new": "error",
+    "@typescript-eslint/no-namespace": "error",
+    "@typescript-eslint/no-non-null-assertion": "warn",
+    "@typescript-eslint/no-unnecessary-qualifier": "error",
+    "@typescript-eslint/no-unnecessary-type-assertion": "error",
+    "@typescript-eslint/no-useless-constructor": "error",
+    "@typescript-eslint/no-var-requires": "error",
+    "@typescript-eslint/prefer-for-of": "warn",
+    "@typescript-eslint/prefer-function-type": "warn",
+    "@typescript-eslint/prefer-includes": "error",
+    "@typescript-eslint/prefer-string-starts-ends-with": "error",
+    "@typescript-eslint/promise-function-async": "error",
+    "@typescript-eslint/require-array-sort-compare": "error",
+    "@typescript-eslint/restrict-plus-operands": "error",
+    "semi": "off",
+    "@typescript-eslint/type-annotation-spacing": "error",
+    "@typescript-eslint/unbound-method": "error"
+  },
+  "env": {
+    "node": true,
+    "es6": true
+  }
+}
diff --git a/actions/installer/.gitignore b/actions/installer/.gitignore
@@ -0,0 +1,2 @@
+node_modules
+lib
diff --git a/actions/installer/.prettierignore b/actions/installer/.prettierignore
@@ -0,0 +1,3 @@
+dist/
+lib/
+node_modules/
diff --git a/actions/installer/README.md b/actions/installer/README.md
@@ -0,0 +1,21 @@
+# slsa-verifier setup GitHub Action
+
+This action installs the SLSA verifier and adds it to your PATH.
+
+For more information about `slsa-verifier`, refer to [its documentation](https://github.com/slsa-framework/slsa-verifier#verification-of-provenance).
+
+For more information about SLSA in general, see [https://slsa.dev](https://slsa.dev).
+
+## Usage
+
+To install a specific version of `slsa-verifier`, use:
+
+```yaml
+uses: slsa-framework/slsa-verifier-installer@v1.3.0
+```
+
+See https://github.com/slsa-framework/slsa-verifier/releases for the list of available `slsa-verifier` releases.
+
+For a full example workflow, see [../../.github/workflows/test_installer.yml](https://github.com/slsa-framework/slsa-verifier/.github/workflows/test_installer.yml).
+
+This action requires using GitHub-provided Linux runners.
diff --git a/actions/installer/action.yml b/actions/installer/action.yml
@@ -0,0 +1,48 @@
+# Copyright 2022 SLSA Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: 'Install slsa-verifier'
+description: 'Installs SLSA verifier and adds it to your PATH'
+branding:
+  icon: 'package'
+  color: 'blue'
+runs:
+  using: 'composite'
+  steps:
+    - name: Checkout
+      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
+
+    - name: Setup Node.js 16
+      uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3.4.1
+      with:
+        node-version: 16
+
+    - name: Install dependencies
+      working-directory: actions/installer
+      shell: bash
+      run: npm ci
+
+    - name: Run build
+      working-directory: actions/installer
+      shell: bash
+      run: npm run build
+
+    - name: Run installer
+      env:
+        ACTION_REF: "${{ github.action_ref }}"
+        TOKEN: "${{ github.token }}"
+        REPOSITORY: "${{ github.repository }}"
+      working-directory: actions/installer/dist
+      shell: bash
+      run: nodejs index.js