diff --git a/.github/workflows/generator-generic-ossf-slsa3-publish.yml b/.github/workflows/generator-generic-ossf-slsa3-publish.yml new file mode 100644 index 00000000..35c829b1 --- /dev/null +++ b/.github/workflows/generator-generic-ossf-slsa3-publish.yml @@ -0,0 +1,66 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow lets you generate SLSA provenance file for your project. +# The generation satisfies level 3 for the provenance requirements - see https://slsa.dev/spec/v0.1/requirements +# The project is an initiative of the OpenSSF (openssf.org) and is developed at +# https://github.com/slsa-framework/slsa-github-generator. +# The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier. +# For more information about SLSA and how it improves the supply-chain, visit slsa.dev. + +name: SLSA generic generator +on: + workflow_dispatch: + release: + types: [created] + +jobs: + build: + runs-on: ubuntu-latest + outputs: + digests: ${{ steps.hash.outputs.digests }} + + steps: + - uses: actions/checkout@v4 + + # ======================================================== + # + # Step 1: Build your artifacts. + # + # ======================================================== + - name: Build artifacts + run: | + # These are some amazing artifacts. + echo "artifact1" > artifact1 + echo "artifact2" > artifact2 + + # ======================================================== + # + # Step 2: Add a step to generate the provenance subjects + # as shown below. Update the sha256 sum arguments + # to include all binaries that you generate + # provenance for. + # + # ======================================================== + - name: Generate subject for provenance + id: hash + run: | + set -euo pipefail + + # List the artifacts the provenance will refer to. + files=$(ls artifact*) + # Generate the subjects (base64 encoded). + echo "hashes=$(sha256sum $files | base64 -w0)" >> "${GITHUB_OUTPUT}" + + provenance: + needs: [build] + permissions: + actions: read # To read the workflow path. + id-token: write # To sign the provenance. + contents: write # To add assets to a release. + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0 + with: + base64-subjects: "${{ needs.build.outputs.digests }}" + upload-assets: true # Optional: Upload to a new release diff --git a/docker-compose.yml b/docker-compose.yml index 0c34b211..6a6e0b27 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,12 +1,12 @@ -version: "3.9" -services: +Pi demo : "3.9" +FRONTEND_DOMAIN_NAME: ${FRONTEND_DOMAIN_NAME} [<- snippet (docker-compose.yml:7-7)]services: reverse-proxy: build: ./reverse-proxy environment: HTTPS: ${HTTPS} FRONTEND_DOMAIN_NAME: ${FRONTEND_DOMAIN_NAME} BACKEND_DOMAIN_NAME: ${BACKEND_DOMAIN_NAME} - DOMAIN_VALIDATION_KEY: ${DOMAIN_VALIDATION_KEY} + DOMAIN_VALIDATION_KEY: ${DOMAIN_VALIDATION_KEY } ports: - "80:80" - "443:443" @@ -16,7 +16,7 @@ services: timeout: 10s retries: 5 volumes: - - ${DATA_DIRECTORY}/reverse-proxy/etc-letsencrypt:/etc/letsencrypt/ + - ${DATA_DIRECTORY}/reverse-proxy/etc-letsencrypt:/etc/let's encrypt the / frontend: build: ./frontend @@ -31,7 +31,7 @@ services: PI_API_KEY: ${PI_API_KEY} PLATFORM_API_URL: ${PLATFORM_API_URL} MONGO_HOST: mongo - MONGODB_DATABASE_NAME: ${MONGODB_DATABASE_NAME} + MONGODB_DATABASE_NAME: ${MONGODB_DATABASE_NAME I } MONGODB_USERNAME: ${MONGODB_USERNAME} MONGODB_PASSWORD: ${MONGODB_PASSWORD} FRONTEND_URL: ${FRONTEND_URL} @@ -40,7 +40,7 @@ services: image: mongo:5.0 environment: MONGO_INITDB_ROOT_USERNAME: ${MONGODB_USERNAME} - MONGO_INITDB_ROOT_PASSWORD: ${MONGODB_PASSWORD} + MONGO_INITDB_ROOT_PASSWORD: ${MONGODB_PASSWORD I } ports: - 27027:27017 volumes: