Skip to content

Tags: ossf/allstar

Tags

v4.5

Verified

This tag was signed with the committer’s verified signature.
justaugustus Stephen Augustus
SSH Key Fingerprint: 6yjClfdGGlDHb5IySLbmwlvruAMnhFgXc0wHjVMn8Xo
Verified
Learn about vigilant mode

v4.4

Toggle v4.4's commit message

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
Learn about vigilant mode 
Bump workflow runner on release workflow

Signed-off-by: Jeff Mendoza <[email protected]>

v4.3

Toggle v4.3's commit message 
build(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.4.3 to 4.5.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@b4b15b8...6f51ac0)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

v4.2

Toggle v4.2's commit message

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
Learn about vigilant mode 
go.mod: Update `go` directive to go1.12.12

Signed-off-by: Stephen Augustus <[email protected]>

v4.1

Toggle v4.1's commit message 
Fix name of ko in cloudbuild

Signed-off-by: Jeff Mendoza <[email protected]>

v4.0

Toggle v4.0's commit message 
Build chainguard/busybox based images for use with GitHub Actions

We would like the option of running AllStar as a GitHub Action. The current container image uses `cgr.dev/chainguard/static` which is an excellent minimal base with very little surface area. Unfortunately, GitHub Actions requires `tail` to be available for use as a container:

~~~sh
/usr/bin/docker create --name ... --label ... --workdir /__w/.allstar/.allstar --network ...  -e "HOME=/github/home" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work":"/__w" -v "/home/runner/runners/2.306.0/externals":"/__e":ro -v "/home/runner/work/_temp":"/__w/_temp" -v "/home/runner/work/_actions":"/__w/_actions" -v "/opt/hostedtoolcache":"/__t" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflo→
~~~

This change updates the build workflow to build a second image based on `cgr.dev/chainguard/busybox` with the tag `VERSION-busybox`.
Combining this image with use of the `-once` flag makes it possible to run AllStar in GitHub Actions.

Example GitHub Actions jobs YAML:
~~~
name: "Scheduled AllStar Enforcement"
on:
  schedule:
  - cron: "0 * * * *"

jobs:
  deployment:
    runs-on: ubuntu-latest
    container: ghcr.io/ossf/allstar:v3.1-busybox
    environment: prod
    steps:
      - name: "AllStar Enforce"
        env:
          APP_ID: ${{ vars.APP_ID }}
          KEY_SECRET: ${{ vars.KEY_SECRET }}
          PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
        run: /ko-app/allstar -once
~~~

The standard minimal `cgr.dev/chainguard/stable` images are still built.

Signed-off-by: Paul Hirsch <[email protected]>

v3.0

Toggle v3.0's commit message 
Fix Go version in release.yaml

Signed-off-by: Jeff Mendoza <[email protected]>

v2.0

Toggle v2.0's commit message 
v2.0 Release