An example of how an approval in a GitHub workflow can be logged as an attestation in Kosli.
There is a separate GitHub workflow to create the flow and the custom attestation approval-github-workflow used in this demo.
Make a branch for your change:
git checkout -b backent-next-versionSimulate that you have done a change to the backend by increasing the counter in
apps/backend/backend-content.txtCommit and push the change to GitHub. Create a Pullrequest and merge the change back to main.
This will trigger a Build and deploy workflow in GitHub.
The GitHub workflow will stopp after a short period waiting for your approval of deploying the SW to Stage. Approve it and the workflow will finish.
You should now have a trail that matches the commit in the
github-release-example-backend flow.
The trail should have an artifact and a pull-request attestation.
We now want to release the new version of the backend.
Add and push a new version tag.
tag=v0.0.16
git tag -a $tag -m "Version $tag"
git push origin $tagThis will trigger the same workflow in GitHub
The trail name will match the version tag.
Approve the SW for Stage first, and then for Production.
In the Kosli trail for the release you will now have a release-approval in addition to the pull-request and artifact.