Skip to content

Harden pipeline: fix up #56

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 30, 2025
Merged

Harden pipeline: fix up #56

merged 2 commits into from
Jul 30, 2025

Conversation

@eNeRGy164
Copy link
Member

@eNeRGy164 eNeRGy164 commented Jul 30, 2025

  • Update attestation step
  • Order verification of unmodified git repo before upload

Copilot AI review requested due to automatic review settings July 30, 2025 20:56
Copilot AI reviewed Jul 30, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR hardens the build pipeline by fixing the attestation step configuration and reordering verification steps. The changes ensure that git repository verification occurs before artifact upload rather than before the push step, providing better security guarantees.

Key Changes

  • Fixed attestation configuration to use checksums instead of direct file paths
  • Moved git verification from Push target to Proof target for better security ordering
  • Minor syntax fix removing trailing quote in SBOM generation parameters

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
build/Build.cs Reorders git verification to occur before artifact creation and fixes SBOM parameter syntax
.github/workflows/continuous.yml Simplifies attestation step to use checksums instead of explicit file paths

@eNeRGy164 eNeRGy164 merged commit 92712a7 into dendrodocs:main Jul 30, 2025
2 checks passed
@coveralls
Copy link

coveralls commented Jul 30, 2025

Pull Request Test Coverage Report for Build 16633587372

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 98.148%
Totals Coverage Status
Change from base Build 16633434118: 0.0%
Covered Lines: 573
Relevant Lines: 578
💛 - Coveralls

@eNeRGy164 eNeRGy164 added the workflow Changes related to the project's pipeline, automation, or CI/CD workflows. label Jul 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

workflow Changes related to the project's pipeline, automation, or CI/CD workflows.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@eNeRGy164 @coveralls