@@ -262,15 +262,6 @@ jobs:
262262 build/arm64/nginx-agent.sha256
263263 build/arm64/nginx-agent.buildstart
264264 build/arm64/nginx-agent.buildend
265-
266- name : Generate assertion documents
267- uses : ./.github/workflows/assertion.yml
268- continue-on-error : true
269- with :
270- packageVersion : ${{ inputs.packageVersion }}
271- ARTIFACTORY_USER : ${{ secrets.ARTIFACTORY_USER }}
272- ARTIFACTORY_TOKEN : ${{ secrets.ARTIFACTORY_TOKEN }}
273- ARTIFACTORY_URL : ${{ secrets.ARTIFACTORY_URL_PROD }}
274265
275266name : Install GPG tools
276267 if : ${{ inputs.publishPackages == true }}
@@ -295,6 +286,64 @@ jobs:
295286 run : |
296287 make release
297288
289+ assertion-document :
290+ name : Build and Generate Assertion Document
291+ runs-on : ubuntu-22.04
292+ needs : [build-and-upload-packages]
293+ permissions :
294+ contents : read
295+ strategy :
296+ matrix :
297+ osarch : [amd64, arm64]
298+ steps :
299+ - name : Checkout Repository
300+ uses : actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
301+ with :
302+ ref : improve-assertion-doc-generation
303+
304+ - name : Download nginx-agent binaries
305+ uses : actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # 6.0.0
306+ with :
307+ name : nginx-agent-binaries-${{ inputs.packageVersion }}-${{ matrix.osarch }}
308+
309+ - name : Gather build dependencies
310+ id : godeps
311+ run : |
312+ ls -la artifacts
313+ echo "agent_digest=$(cat artifacts/nginx-agent.sha256)" >> $GITHUB_ENV
314+ echo "agent_buildstart=$(cat artifacts/nginx-agent.buildstart)" >> $GITHUB_ENV
315+ echo "agent_buildend=$(cat artifacts/nginx-agent.buildend)" >> $GITHUB_ENV
316+
317+ echo "Checking dependencies..."
318+ go version -m build/${{ matrix.osarch }}/nginx-agent > goversionm_${{ github.run_id }}_${{ github.run_number }}.txt
319+ ls -l goversionm_*.txt
320+ echo "goversionm=$(find -type f -name "goversionm*.txt" | head -n 1)" >> $GITHUB_ENV
321+
322+ name : Generate Assertion Document
323+ id : assertiondoc
324+ uses : nginxinc/compliance-rules/.github/actions/assertion@83e452166aaf0ad8f07caf91a4f1f903b3dea1e6 # v0.3.0
325+ with :
326+ artifact-name : nginx-agent_${{ github.ref_name }}_${{ matrix.osarch }}
327+ artifact-digest : ${{ env.agent-digest }}
328+ build-type : ' github'
329+ builder-id : ' github.com'
330+ builder-version : ' ${{env.GO_VERSION}}_test'
331+ invocation-id : ${{ github.run_id }}.${{ github.run_number }}.${{ github.run_attempt }}
332+ artifactory-user : ${{ inputs.ARTIFACTORY_USER }}
333+ artifactory-api-token : ${{ inputs.ARTIFACTORY_TOKEN }}
334+ artifactory-url : ${{ inputs.ARTIFACTORY_URL }}
335+ artifactory-repo : ' f5-nginx-go-local-approved-dependency'
336+ assertion-doc-file : assertion_nginx-agent_${{ github.ref_name }}_${{matrix.osarch}}.json
337+ build-content-path : ${{ env.goversionm }}
338+ started-on : ' ${{ env.agent_buildstart }}'
339+ finished-on : ' ${{ env.agent_buildend }}'
340+
341+ - name : Sign and Store Assertion Document
342+ id : sign
343+ uses : nginxinc/compliance-rules/.github/actions/sign@83e452166aaf0ad8f07caf91a4f1f903b3dea1e6 # v0.3.0
344+ with :
345+ assertion-doc : ${{ steps.assertiondoc.outputs.assertion-document-path }}
346+
298347 merge-release :
299348 if : ${{ needs.vars.outputs.create_pull_request == 'true' }}
300349 name : Merge release branch back into main branch
0 commit comments