Skip to content

Commit c61e7b1

Browse files
authored
chore: update contracts in chainloop oss (#1506)
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
1 parent f082321 commit c61e7b1

6 files changed

Lines changed: 37 additions & 35 deletions
Lines changed: 18 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,21 @@
1+
# contract used in chainloop-vault-release workflow
12
schemaVersion: v1
23
policies:
3-
materials:
4-
- ref: sbom-with-licenses
5-
- ref: sbom-freshness
6-
- ref: sbom-banned-licenses
7-
with:
8-
licenses: AGPL-1.0-only, AGPL-1.0-or-later, AGPL-3.0-only, AGPL-3.0-or-later
9-
- ref: sbom-banned-components
10-
with:
11-
components: log4j@2.14.1
124
attestation:
13-
- ref: sbom-present
14-
- ref: source-commit
5+
- ref: source-commit
6+
policyGroups:
7+
- ref: sbom-quality
8+
with:
9+
sbom_name: cas-cyclonedx
10+
bannedLicenses: AGPL-1.0-only, AGPL-1.0-or-later, AGPL-3.0-only, AGPL-3.0-or-later
11+
bannedComponents: log4j@2.14.1
12+
- ref: sbom-quality
13+
with:
14+
sbom_name: cli-cyclonedx
15+
bannedLicenses: AGPL-1.0-only, AGPL-1.0-or-later, AGPL-3.0-only, AGPL-3.0-or-later
16+
bannedComponents: log4j@2.14.1
17+
- ref: sbom-quality
18+
with:
19+
sbom_name: controlplane-cyclonedx
20+
bannedLicenses: AGPL-1.0-only, AGPL-1.0-or-later, AGPL-3.0-only, AGPL-3.0-or-later
21+
bannedComponents: log4j@2.14.1
Lines changed: 12 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
# Contract used in chainloop-docs-release workflow
12
schemaVersion: v1
23
runner:
34
type: GITHUB_ACTION
@@ -6,20 +7,17 @@ materials:
67
name: built-site
78
optional: false
89
output: true
9-
- type: SBOM_CYCLONEDX_JSON
10-
name: sbom-cdx
11-
output: false
12-
- type: SBOM_SPDX_JSON
13-
name: sbom-spdx
14-
output: false
1510
policies:
1611
attestation:
1712
- ref: source-commit
18-
materials:
19-
- ref: sbom-present
20-
- ref: sbom-banned-licenses
21-
with:
22-
licenses: AGPL-1.0-only, AGPL-1.0-or-later, AGPL-3.0-only, AGPL-3.0-or-later
23-
- ref: sbom-banned-components
24-
with:
25-
components: log4j@2.14.1
13+
policyGroups:
14+
- ref: sbom-quality
15+
with:
16+
sbom_name: sbom-cdx
17+
bannedLicenses: AGPL-1.0-only, AGPL-1.0-or-later, AGPL-3.0-only, AGPL-3.0-or-later
18+
bannedComponents: log4j@2.14.1
19+
- ref: sbom-quality
20+
with:
21+
sbom_name: sbom-spdx
22+
bannedLicenses: AGPL-1.0-only, AGPL-1.0-or-later, AGPL-3.0-only, AGPL-3.0-or-later
23+
bannedComponents: log4j@2.14.1
Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
# Contract for chainloop-vault-codeql workflow
12
schemaVersion: v1
23
runner:
34
type: GITHUB_ACTION
@@ -8,8 +9,3 @@ materials:
89
policies:
910
attestation:
1011
- ref: source-commit
11-
materials:
12-
- ref: vulnerabilities
13-
with:
14-
severity: MEDIUM
15-
- ref: cves-in-kev

.github/workflows/contracts/chainloop-vault-helm-package.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
# Contract for chainloop-vault-helm-package workflow
12
schemaVersion: v1
23
runner:
34
type: GITHUB_ACTION
@@ -14,3 +15,6 @@ materials:
1415
policies:
1516
attestation:
1617
- ref: source-commit
18+
materials:
19+
- ref: artifact-signed
20+

.github/workflows/contracts/chainloop-vault-release.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
# Contract for the chainloop-vault-build-and-package workflow
12
schemaVersion: v1
23
runner:
34
type: GITHUB_ACTION
Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
# Contract for chainloop-vault-scorecards workflow
12
schemaVersion: v1
23
runner:
34
type: GITHUB_ACTION
@@ -8,8 +9,3 @@ materials:
89
policies:
910
attestation:
1011
- ref: source-commit
11-
materials:
12-
- ref: vulnerabilities
13-
with:
14-
severity: MEDIUM
15-
- ref: cves-in-kev

0 commit comments

Comments
 (0)