CI Tools is a CLI application designed for normalising tools commonly used in CI/CD pipelines. Currently, the following phases are supported:
buildtest(planned)
Installation instructions can be found in the releases page.
The build phase supports a number of tools.
Tools are configured using "recipes", which are detailed in the recipes.tpl.yaml file.
Information about recipes can be found in RECIPES.md.
ci build --recipe <recipe-name>While ci can be run manually, it expects to be run in a CI system and pulls information from the ambient environment variables provided by the CI system.
It currently supports:
- GitLab CI
Add --help to any command to view the full set of options.
Information about environment variables can be found in ENVIRONMENT.md.
Information about signing can be found in COSIGN.md.
All execution of the build phase generate the following provenance:
sbom.cdx.json- Software Bill of Materials (SBOM) in CycloneDX formatprovenance.slsa.json- SLSA build provenance in InToto formatbuild.txt- text file containing the full path of the built image
These files are output to the build root and should be attested using Cosign.
Information about the build provenance can be found in PROVENANCE.md.