Skip to content

Commit 4c82ea4

Browse files
tamalerhinotamalerhino
authored
update installation
1 parent 5cd663d commit 4c82ea4

File tree

1 file changed

+15
-25
lines changed

1 file changed

+15
-25
lines changed

.github/workflows/ci.yml

Lines changed: 15 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -23,9 +23,7 @@ jobs:
2323

2424
- name: Install Witness
2525
run: |
26-
curl -LO https://github.com/in-toto/witness/releases/download/v0.1.0/witness-linux-amd64
27-
chmod +x witness-linux-amd64
28-
sudo mv witness-linux-amd64 /usr/local/bin/witness
26+
bash <(curl -s https://raw.githubusercontent.com/in-toto/witness/main/install-witness.sh)
2927
3028
- name: Run CodeQL Analysis and Record with Witness
3129
run: |
@@ -46,10 +44,8 @@ jobs:
4644

4745
- name: Install Witness
4846
run: |
49-
curl -LO https://github.com/in-toto/witness/releases/download/v0.1.0/witness-linux-amd64
50-
chmod +x witness-linux-amd64
51-
sudo mv witness-linux-amd64 /usr/local/bin/witness
52-
47+
bash <(curl -s https://raw.githubusercontent.com/in-toto/witness/main/install-witness.sh)
48+
5349
- name: Set up Docker Buildx
5450
id: buildx
5551
uses: docker/setup-buildx-action@v3
@@ -72,9 +68,7 @@ jobs:
7268
steps:
7369
- name: Install Witness
7470
run: |
75-
curl -LO https://github.com/in-toto/witness/releases/download/v0.1.0/witness-linux-amd64
76-
chmod +x witness-linux-amd64
77-
sudo mv witness-linux-amd64 /usr/local/bin/witness
71+
bash <(curl -s https://raw.githubusercontent.com/in-toto/witness/main/install-witness.sh)
7872
7973
- name: Run Trivy Scan and Record with Witness
8074
run: |
@@ -86,15 +80,13 @@ jobs:
8680
needs: trivy
8781

8882
steps:
89-
- name: Install Cosign and Witness
83+
- name: Install Witness
9084
run: |
91-
curl -LO https://github.com/in-toto/witness/releases/download/v0.1.0/witness-linux-amd64
92-
chmod +x witness-linux-amd64
93-
sudo mv witness-linux-amd64 /usr/local/bin/witness
94-
curl -LO https://github.com/sigstore/cosign/releases/download/v1.13.1/cosign-linux-amd64
95-
chmod +x cosign-linux-amd64
96-
sudo mv cosign-linux-amd64 /usr/local/bin/cosign
97-
85+
bash <(curl -s https://raw.githubusercontent.com/in-toto/witness/main/install-witness.sh)
86+
87+
- name: Install Cosign
88+
uses: sigstore/[email protected]
89+
9890
- name: Sign Container Image and Record with Witness
9991
run: |
10092
witness run --name "cosign-sign" --step-name "Sign Image with Cosign" -- cosign sign --key-env COSIGN_KEY ${{ secrets.DOCKER_USERNAME }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
@@ -105,14 +97,12 @@ jobs:
10597
needs: sign
10698

10799
steps:
108-
- name: Install Cosign and Witness
100+
- name: Install Witness
109101
run: |
110-
curl -LO https://github.com/in-toto/witness/releases/download/v0.1.0/witness-linux-amd64
111-
chmod +x witness-linux-amd64
112-
sudo mv witness-linux-amd64 /usr/local/bin/witness
113-
curl -LO https://github.com/sigstore/cosign/releases/download/v1.13.1/cosign-linux-amd64
114-
chmod +x cosign-linux-amd64
115-
sudo mv cosign-linux-amd64 /usr/local/bin/cosign
102+
bash <(curl -s https://raw.githubusercontent.com/in-toto/witness/main/install-witness.sh)
103+
104+
- name: Install Cosign
105+
uses: sigstore/[email protected]
116106

117107
- name: Verify Cosign Signature and Record with Witness
118108
run: |

0 commit comments

Comments
 (0)