Skip to content

ci: Add provenance attestation #420

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
askpt merged 5 commits into from
Apr 9, 2025
Merged

ci: Add provenance attestation #420

askpt merged 5 commits into from
Apr 9, 2025

Conversation

@askpt
Copy link
Member

@askpt askpt commented Apr 8, 2025
edited
Loading

This PR

This pull request includes several updates to the GitHub Actions workflows to enhance CI/CD capabilities and improve artifact security. The key changes involve adding new permissions and steps to the workflows for both continuous integration and release processes.

Enhancements to CI workflow:

Enhancements to release workflow:

Related Issues

Fixes #409

Notes

The attestation for the PR can be checked here: https://github.com/open-feature/dotnet-sdk/attestations/6175280

@askpt askpt linked an issue Apr 8, 2025 that may be closed by this pull request
[FEATURE] Add provenance attestation #409
Closed
2 tasks
@askpt askpt force-pushed the askpt/409-feature-add-provenance-attestation branch from 26b6882 to ac28d6a Compare April 8, 2025 15:43
@codecov
Copy link

codecov bot commented Apr 8, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 85.71%. Comparing base (2bed467) to head (d16ad3e).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #420   +/-   ##
=======================================
  Coverage   85.71%   85.71%           
=======================================
  Files          39       39           
  Lines        1603     1603           
  Branches      171      171           
=======================================
  Hits         1374     1374           
  Misses        191      191           
  Partials       38       38

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@askpt askpt marked this pull request as ready for review April 8, 2025 16:47
@askpt askpt requested a review from a team as a code owner April 8, 2025 16:47
@askpt askpt requested review from a team and toddbaert April 9, 2025 10:57
@askpt askpt added this pull request to the merge queue Apr 9, 2025
Merged via the queue into main with commit 65615d8 Apr 9, 2025
16 checks passed
@askpt askpt mentioned this pull request Apr 10, 2025
Closed
@askpt askpt deleted the askpt/409-feature-add-provenance-attestation branch April 15, 2025 15:52
WeihanLi pushed a commit to WeihanLi/openfeature-dotnet-sdk that referenced this pull request May 14, 2025
@askpt @WeihanLi
ci: Add provenance attestation (open-feature#420)
c20a217 
<!-- Please use this template for your pull request. -->
<!-- Please use the sections that you need and delete other sections -->

## This PR
<!-- add the description of the PR here -->

This pull request includes several updates to the GitHub Actions
workflows to enhance CI/CD capabilities and improve artifact security.
The key changes involve adding new permissions and steps to the
workflows for both continuous integration and release processes.

Enhancements to CI workflow:

*
[`.github/workflows/ci.yml`](diffhunk://#diff-b803fcb7f17ed9235f1e5cb1fcd2f5d3b2838429d4368ae4c57ce4436577f03fL7-R11):
Adjusted the indentation for `paths-ignore` in both `push` and
`pull_request` triggers.
*
[`.github/workflows/ci.yml`](diffhunk://#diff-b803fcb7f17ed9235f1e5cb1fcd2f5d3b2838429d4368ae4c57ce4436577f03fR53-R54):
Added `id-token` and `attestations` permissions under `jobs`.
*
[`.github/workflows/ci.yml`](diffhunk://#diff-b803fcb7f17ed9235f1e5cb1fcd2f5d3b2838429d4368ae4c57ce4436577f03fR96-R100):
Introduced a step to generate artifact attestation using
`actions/attest-build-provenance`.

Enhancements to release workflow:

*
[`.github/workflows/release.yml`](diffhunk://#diff-87db21a973eed4fef5f32b267aa60fcee5cbdf03c67fafdc2a9b553bb0b15f34R33-R36):
Added `id-token`, `contents`, and `attestations` permissions under
`jobs`.
*
[`.github/workflows/release.yml`](diffhunk://#diff-87db21a973eed4fef5f32b267aa60fcee5cbdf03c67fafdc2a9b553bb0b15f34R63-R67):
Added a step to generate artifact attestation using
`actions/attest-build-provenance`.
*
[`.github/workflows/release.yml`](diffhunk://#diff-87db21a973eed4fef5f32b267aa60fcee5cbdf03c67fafdc2a9b553bb0b15f34L90-R99):
Simplified the `run` command for attaching SBOM to the artifact.

### Related Issues
<!-- add here the GitHub issue that this PR resolves if applicable -->

Fixes open-feature#409

### Notes
The attestation for the PR can be checked here:
https://github.com/open-feature/dotnet-sdk/attestations/6175280

---------

Signed-off-by: André Silva <[email protected]>
Signed-off-by: Weihan Li <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@beeme1mr beeme1mr beeme1mr approved these changes

@lukas-reining lukas-reining lukas-reining approved these changes

@toddbaert toddbaert Awaiting requested review from toddbaert

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[FEATURE] Add provenance attestation

4 participants

@askpt @beeme1mr @lukas-reining