Skip to content

feat: add Crash Override Chalk integration to Docker build workflow#19

Merged
gaahrdner merged 1 commit intomainfrom
pg.SEC-135
Apr 28, 2026
Merged

feat: add Crash Override Chalk integration to Docker build workflow#19
gaahrdner merged 1 commit intomainfrom
pg.SEC-135

Conversation

@gaahrdner
Copy link
Copy Markdown
Contributor

@gaahrdner gaahrdner commented Aug 12, 2025

Summary

  • Add Crash Override Chalk integration to ghcr-build.yml workflow
  • Positions Chalk setup after Docker login but before image builds
  • Adds id-token: write permissions for both ghcr_build_app and ghcr_build_runtime jobs
  • Uses profile: everything for comprehensive metadata collection
  • Uses continue-on-error: true to ensure builds proceed even if Chalk fails

Test plan

  • Verify workflow syntax is valid
  • Test that Docker builds still work with Chalk integration
  • Confirm Chalk metadata collection during build process
  • Validate that build failures don't occur if Chalk setup fails

This integrates supply chain security monitoring into the Docker image build process to enhance security visibility and tracking of build metadata.

@linear
Copy link
Copy Markdown

linear Bot commented Aug 12, 2025

SEC-135 Crash Override PoC: Docker Build Pipeline Integration

Overview

Integrate Crash Override into selected Docker build pipelines to enable "AirTag" tracking of artifacts from code to cloud.

Prerequisites

  • GitHub and AWS integrations completed (SEC-132, SEC-133)
  • Engineering teams recruited and onboarded (SEC-134)

Tasks

  • Work with engineering teams to identify target pipelines
  • For GitHub Actions pipelines:
    • Add Crash Override GitHub Action to workflow files
    • Configure setup-chalk-action with appropriate parameters
    • Test integration with sample builds
  • For other build tools (if applicable):
    • Implement generic shell and curl integration
    • Test integration functionality
  • Verify "AirTag" insertion and tracking
  • Document integration process and troubleshooting
  • Monitor initial pipeline runs for issues

Deliverables

  • Pipeline integrations completed
  • Build tracking verified
  • Integration documentation created
  • Initial monitoring established

Notes

  • Focus on GitHub Actions initially (4 lines of YAML)
  • Steps are built into the platform with examples available
  • Coordinate closely with engineering teams for minimal disruption
name: Build

permissions:
  id-token: write

jobs:
  ...

jobs:
  build:
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Set up Chalk
          uses: crashappsec/setup-chalk-action@main
          continue-on-error: true
          with:
            connect: true

@gaahrdner
feat: add Crash Override Chalk integration to Docker build workflow
76aab65 
Integrate Chalk supply chain security monitoring into the Docker image
build process to track build metadata and enhance security visibility.
Uses continue-on-error to ensure builds proceed even if Chalk fails.
@gaahrdner gaahrdner self-assigned this Oct 16, 2025
@gaahrdner gaahrdner requested a review from a team October 16, 2025 16:04
@gaahrdner gaahrdner merged commit 9943edc into main Apr 28, 2026
7 of 15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Shasheen8 Shasheen8 Shasheen8 approved these changes

Assignees

@gaahrdner gaahrdner

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gaahrdner @Shasheen8