This repository has been archived by the owner on Mar 13, 2024. It is now read-only.

feat(docs): Azure Key Vault guide (#158) #151

	name: Deploy

	on:
	push:
	branches:
	- main

	# Limit to a single workflow
	concurrency: "deploy-to-prod"

	jobs:
	deploy:
	name: Deploy
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3

	- name: Install Syft
	run: \|
	# Install Syft
	wget --no-verbose https://raw.githubusercontent.com/anchore/syft/main/install.sh -O - \| sh -s -- -b /usr/local/bin

	- uses: actions/setup-node@v3
	with:
	node-version: 18

	- name: yarn install
	run: yarn install

	- name: Build
	run: netlify build

	- name: Deploy
	run: \|
	netlify deploy --prod

	- name: Generate reports
	run: \|
	mkdir -p reports
	syft packages . -o cyclonedx-json --file reports/sbom.cyclonedx.json
	syft packages . -o spdx-json --file reports/sbom.spdx.json
	tar -czf reports/build.tar.gz build

	# Upload artifacts so they are shared with the chainloop job
	- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
	with:
	name: reports
	path: reports/*

	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
	NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}

	# Attest the uploaded artifacts listed in .chainloop.yaml
	chainloop:
	uses: chainloop-dev/labs/.github/workflows/chainloop.yml@main
	needs: deploy
	secrets:
	api_token: ${{ secrets.CHAINLOOP_WF_RELEASE }}
	signing_key: ${{ secrets.COSIGN_KEY }}
	signing_key_password: ${{ secrets.COSIGN_PASSWORD }}

Provide feedback