From 2800147fae854e44ae951f36063643783240cda0 Mon Sep 17 00:00:00 2001 From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com> Date: Wed, 17 Jun 2026 10:02:01 +0000 Subject: [PATCH 01/11] docs: add tutorial for publishing trail summaries to GitHub and GitLab CI --- config/navigation.json | 3 +- tutorials/trail_summaries_in_ci.md | 111 +++++++++++++++++++++++++++++ 2 files changed, 113 insertions(+), 1 deletion(-) create mode 100644 tutorials/trail_summaries_in_ci.md diff --git a/config/navigation.json b/config/navigation.json index b436386..18c62b1 100644 --- a/config/navigation.json +++ b/config/navigation.json @@ -107,7 +107,8 @@ "pages": [ "tutorials/querying_kosli", "tutorials/following_a_git_commit_to_runtime_environments", - "tutorials/tracing_a_production_incident_back_to_git_commits" + "tutorials/tracing_a_production_incident_back_to_git_commits", + "tutorials/trail_summaries_in_ci" ] }, { diff --git a/tutorials/trail_summaries_in_ci.md b/tutorials/trail_summaries_in_ci.md new file mode 100644 index 0000000..97a9259 --- /dev/null +++ b/tutorials/trail_summaries_in_ci.md @@ -0,0 +1,111 @@ +--- +title: "Adding trail summaries to CI pipeline runs" +description: "Use `kosli get trail --output markdown` to publish a Kosli trail summary directly to GitHub Actions and GitLab CI pipeline runs." +--- + +`kosli get trail --output markdown` renders a trail as GitHub-Flavored Markdown — compliance state, git commit, attestation statuses, and events, with links back to the Kosli app. Pipe it into your CI's job summary and every pipeline run becomes an information radiator for the trail it produced. + +By the end of this tutorial, you will have added a Kosli trail summary to a GitHub Actions job summary and to a GitLab CI pipeline. + +## Prerequisites + +* [Install Kosli CLI](/getting_started/install) on your CI runner (e.g. via [`kosli-dev/setup-cli-action`](https://github.com/marketplace/actions/setup-kosli-cli) on GitHub). +* A flow and trail you are already reporting to during the pipeline. See [Querying Kosli](/tutorials/querying_kosli) if you need to find the flow and trail name. +* `KOSLI_API_TOKEN` and `KOSLI_ORG` available to the job (see [Authenticating to Kosli](/getting_started/authenticating_to_kosli)). + +## What the markdown output looks like + +Run the command locally first to see what will end up in your CI summary: + +```shell +kosli get trail my-trail-name --flow my-flow --output markdown +``` + +The output is a markdown document with: + +- A `## Trail: ` heading linked to the trail page in the Kosli app. +- A metadata table (name, description, compliance, last modified, origin). +- A `### Git commit` table with the commit author, timestamp, and subject. +- An `### Attestations` section with one headerless table per artifact (and one for trail-level attestations), with each attestation linked to its place on the trail page. Statuses are prefixed with ✅ / ❌ / ⏳; attestations reported but not expected by the template are marked with `(+)`. +- An `### Events` table with timestamps, descriptions, commit links, and compliance state. + +## GitHub Actions + +GitHub Actions exposes a per-job markdown summary via the [`$GITHUB_STEP_SUMMARY`](https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#adding-a-job-summary) environment variable. Anything you append to that file is rendered on the workflow run page. + +Add a final step to your job that writes the trail summary to it: + +```yaml +jobs: + build: + runs-on: ubuntu-latest + env: + KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN }} + KOSLI_ORG: my-org + KOSLI_FLOW: my-flow + KOSLI_TRAIL: ${{ github.sha }} + steps: + - uses: actions/checkout@v4 + + - name: Setup Kosli CLI + uses: kosli-dev/setup-cli-action@v2 + + # ... your build, attest, and report steps ... + + - name: Publish Kosli trail summary + if: always() + run: | + kosli get trail "$KOSLI_TRAIL" \ + --flow "$KOSLI_FLOW" \ + --output markdown >> "$GITHUB_STEP_SUMMARY" +``` + +`if: always()` makes sure the summary is published even when an earlier step fails — that is when you most want to see which attestation is missing or non-compliant. + +The summary appears on the run's page under the job, with the trail name linking back to the trail in the Kosli app and every attestation linking to its position on the trail. + +## GitLab CI + +GitLab renders [job-level markdown reports](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportsannotations) from a `summary.md` artifact. The artifact is shown on the job page and surfaced as a merge request annotation when the pipeline runs against an MR. + +Add a job (or a final step in your existing job) that produces that artifact: + +```yaml +kosli-trail-summary: + stage: .post + image: ubuntu:24.04 + variables: + KOSLI_FLOW: my-flow + KOSLI_TRAIL: $CI_COMMIT_SHA + before_script: + - apt-get update && apt-get install -y curl ca-certificates + - curl -fsSL https://get.kosli.com/install.sh | bash + script: + - kosli get trail "$KOSLI_TRAIL" + --flow "$KOSLI_FLOW" + --output markdown > summary.md + artifacts: + when: always + paths: + - summary.md + expose_as: "Kosli trail summary" +``` + +`KOSLI_API_TOKEN` and `KOSLI_ORG` should be set as [CI/CD variables](https://docs.gitlab.com/ci/variables/) on the project or group, masked, so the job picks them up automatically. + +`when: always` mirrors the GitHub `if: always()` pattern: the summary is uploaded even if earlier stages fail. + +## Tips + +- Pin a specific trail by exporting `KOSLI_TRAIL` early in the pipeline (commonly to the commit SHA you used in `kosli begin trail`). Every later step — including the summary — then targets the same trail. +- The markdown output is stable text. You can also commit it as a build artifact or attach it to a release for an audit-friendly record of what was reported for that build. +- Run `kosli get trail --output markdown` locally against a real trail before wiring it into CI. It is the fastest way to see what your team will see on the pipeline page. + +## What you've accomplished + +You have published a live Kosli trail summary — compliance state, attestations, and events — directly onto your GitHub Actions and GitLab CI pipeline pages, turning every build into a feedback channel for the trail it produced. + +From here you can: + +- Read the full [`kosli get trail`](/client_reference/kosli_get_trail) reference. +- Browse other [CI/CD integration patterns](/integrations/ci_cd). From 628b506f676c0423aba3c9a16a5cd59fa9f3bd0c Mon Sep 17 00:00:00 2001 From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com> Date: Thu, 18 Jun 2026 16:10:44 +0000 Subject: [PATCH 02/11] docs: add tutorial for publishing trail summaries to GitHub and GitLab CI --- tutorials/trail_summaries_in_ci.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/tutorials/trail_summaries_in_ci.md b/tutorials/trail_summaries_in_ci.md index 97a9259..464de00 100644 --- a/tutorials/trail_summaries_in_ci.md +++ b/tutorials/trail_summaries_in_ci.md @@ -29,7 +29,10 @@ The output is a markdown document with: - An `### Attestations` section with one headerless table per artifact (and one for trail-level attestations), with each attestation linked to its place on the trail page. Statuses are prefixed with ✅ / ❌ / ⏳; attestations reported but not expected by the template are marked with `(+)`. - An `### Events` table with timestamps, descriptions, commit links, and compliance state. -## GitHub Actions +## Publishing the summary + + + GitHub Actions exposes a per-job markdown summary via the [`$GITHUB_STEP_SUMMARY`](https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#adding-a-job-summary) environment variable. Anything you append to that file is rendered on the workflow run page. @@ -64,7 +67,8 @@ jobs: The summary appears on the run's page under the job, with the trail name linking back to the trail in the Kosli app and every attestation linking to its position on the trail. -## GitLab CI + + GitLab renders [job-level markdown reports](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportsannotations) from a `summary.md` artifact. The artifact is shown on the job page and surfaced as a merge request annotation when the pipeline runs against an MR. @@ -95,6 +99,9 @@ kosli-trail-summary: `when: always` mirrors the GitHub `if: always()` pattern: the summary is uploaded even if earlier stages fail. + + + ## Tips - Pin a specific trail by exporting `KOSLI_TRAIL` early in the pipeline (commonly to the commit SHA you used in `kosli begin trail`). Every later step — including the summary — then targets the same trail. From 87a81d0a67053a10eadd16ab0bb45b32500160cd Mon Sep 17 00:00:00 2001 From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com> Date: Thu, 18 Jun 2026 16:16:12 +0000 Subject: [PATCH 03/11] docs: bump actions to latest (checkout@v5, setup-cli-action@v5) --- tutorials/trail_summaries_in_ci.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tutorials/trail_summaries_in_ci.md b/tutorials/trail_summaries_in_ci.md index 464de00..4807a23 100644 --- a/tutorials/trail_summaries_in_ci.md +++ b/tutorials/trail_summaries_in_ci.md @@ -48,10 +48,10 @@ jobs: KOSLI_FLOW: my-flow KOSLI_TRAIL: ${{ github.sha }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Setup Kosli CLI - uses: kosli-dev/setup-cli-action@v2 + uses: kosli-dev/setup-cli-action@v5 # ... your build, attest, and report steps ... From 7829e1b7f0f0a683fad0d64285245265c62e4191 Mon Sep 17 00:00:00 2001 From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com> Date: Thu, 18 Jun 2026 16:17:09 +0000 Subject: [PATCH 04/11] docs: bump actions/checkout to v7 --- tutorials/trail_summaries_in_ci.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tutorials/trail_summaries_in_ci.md b/tutorials/trail_summaries_in_ci.md index 4807a23..dc3deb5 100644 --- a/tutorials/trail_summaries_in_ci.md +++ b/tutorials/trail_summaries_in_ci.md @@ -48,7 +48,7 @@ jobs: KOSLI_FLOW: my-flow KOSLI_TRAIL: ${{ github.sha }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v7 - name: Setup Kosli CLI uses: kosli-dev/setup-cli-action@v5 From 0199796d7e78b0221159d27f2b1c0712f9b024d4 Mon Sep 17 00:00:00 2001 From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com> Date: Thu, 18 Jun 2026 16:19:21 +0000 Subject: [PATCH 05/11] docs: address GitLab review feedback on trail summaries tutorial --- tutorials/trail_summaries_in_ci.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tutorials/trail_summaries_in_ci.md b/tutorials/trail_summaries_in_ci.md index dc3deb5..f5ebb7b 100644 --- a/tutorials/trail_summaries_in_ci.md +++ b/tutorials/trail_summaries_in_ci.md @@ -70,7 +70,7 @@ The summary appears on the run's page under the job, with the trail name linking -GitLab renders [job-level markdown reports](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportsannotations) from a `summary.md` artifact. The artifact is shown on the job page and surfaced as a merge request annotation when the pipeline runs against an MR. +GitLab does not natively render markdown inline on the job page, but [`artifacts:expose_as`](https://docs.gitlab.com/ci/yaml/#artifactsexpose_as) surfaces the `summary.md` artifact as a labeled link in the merge request widget, one click away from the rendered file in the GitLab UI. Add a job (or a final step in your existing job) that produces that artifact: @@ -85,9 +85,10 @@ kosli-trail-summary: - apt-get update && apt-get install -y curl ca-certificates - curl -fsSL https://get.kosli.com/install.sh | bash script: - - kosli get trail "$KOSLI_TRAIL" - --flow "$KOSLI_FLOW" - --output markdown > summary.md + - > + kosli get trail "$KOSLI_TRAIL" + --flow "$KOSLI_FLOW" + --output markdown > summary.md artifacts: when: always paths: From 8998d14bc17b2258faa7c5bec71d8efea548b6b6 Mon Sep 17 00:00:00 2001 From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com> Date: Thu, 18 Jun 2026 16:30:49 +0000 Subject: [PATCH 06/11] refactor: use Kosli Alpine runner image in GitLab tutorial job --- tutorials/trail_summaries_in_ci.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/tutorials/trail_summaries_in_ci.md b/tutorials/trail_summaries_in_ci.md index f5ebb7b..fcf2edc 100644 --- a/tutorials/trail_summaries_in_ci.md +++ b/tutorials/trail_summaries_in_ci.md @@ -72,18 +72,15 @@ The summary appears on the run's page under the job, with the trail name linking GitLab does not natively render markdown inline on the job page, but [`artifacts:expose_as`](https://docs.gitlab.com/ci/yaml/#artifactsexpose_as) surfaces the `summary.md` artifact as a labeled link in the merge request widget, one click away from the rendered file in the GitLab UI. -Add a job (or a final step in your existing job) that produces that artifact: +Add a job (or a final step in your existing job) that produces that artifact. Use the [Kosli Alpine CI runner image](/integrations/ci_cd#ci-runner-image-alpine) so `kosli`, `git`, and `curl` are preinstalled and no `before_script` setup is needed: ```yaml kosli-trail-summary: stage: .post - image: ubuntu:24.04 + image: registry.example.com/ci/kosli-runner:2.13.2 variables: KOSLI_FLOW: my-flow KOSLI_TRAIL: $CI_COMMIT_SHA - before_script: - - apt-get update && apt-get install -y curl ca-certificates - - curl -fsSL https://get.kosli.com/install.sh | bash script: - > kosli get trail "$KOSLI_TRAIL" @@ -96,6 +93,8 @@ kosli-trail-summary: expose_as: "Kosli trail summary" ``` +Replace `registry.example.com/ci/kosli-runner:2.13.2` with whatever tag you pushed when you built the Alpine image — see [CI runner image (Alpine)](/integrations/ci_cd#ci-runner-image-alpine) for the build steps. + `KOSLI_API_TOKEN` and `KOSLI_ORG` should be set as [CI/CD variables](https://docs.gitlab.com/ci/variables/) on the project or group, masked, so the job picks them up automatically. `when: always` mirrors the GitHub `if: always()` pattern: the summary is uploaded even if earlier stages fail. From 16ffa891a033c1ea67e294b2e7d7d01b5024a315 Mon Sep 17 00:00:00 2001 From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com> Date: Thu, 18 Jun 2026 16:33:23 +0000 Subject: [PATCH 07/11] docs: bump kosli-runner image tag to 2.28.0 --- tutorials/trail_summaries_in_ci.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tutorials/trail_summaries_in_ci.md b/tutorials/trail_summaries_in_ci.md index fcf2edc..4027352 100644 --- a/tutorials/trail_summaries_in_ci.md +++ b/tutorials/trail_summaries_in_ci.md @@ -77,7 +77,7 @@ Add a job (or a final step in your existing job) that produces that artifact. Us ```yaml kosli-trail-summary: stage: .post - image: registry.example.com/ci/kosli-runner:2.13.2 + image: registry.example.com/ci/kosli-runner:2.28.0 variables: KOSLI_FLOW: my-flow KOSLI_TRAIL: $CI_COMMIT_SHA @@ -93,7 +93,7 @@ kosli-trail-summary: expose_as: "Kosli trail summary" ``` -Replace `registry.example.com/ci/kosli-runner:2.13.2` with whatever tag you pushed when you built the Alpine image — see [CI runner image (Alpine)](/integrations/ci_cd#ci-runner-image-alpine) for the build steps. +Replace `registry.example.com/ci/kosli-runner:2.28.0` with whatever tag you pushed when you built the Alpine image — see [CI runner image (Alpine)](/integrations/ci_cd#ci-runner-image-alpine) for the build steps. `KOSLI_API_TOKEN` and `KOSLI_ORG` should be set as [CI/CD variables](https://docs.gitlab.com/ci/variables/) on the project or group, masked, so the job picks them up automatically. From c3fa1f7b1eea7a6121c52ff0c850cc4e088366ed Mon Sep 17 00:00:00 2001 From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com> Date: Thu, 18 Jun 2026 16:37:58 +0000 Subject: [PATCH 08/11] docs: stabilize GitLab expose_as link, annotate image tag, bump ci_cd runner to 2.28.0 --- integrations/ci_cd.md | 8 ++++---- tutorials/trail_summaries_in_ci.md | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/integrations/ci_cd.md b/integrations/ci_cd.md index 0c10cdd..9830904 100644 --- a/integrations/ci_cd.md +++ b/integrations/ci_cd.md @@ -95,10 +95,10 @@ description: Use Kosli in CI Systems like GitHub Actions, GitLab CI, and more. ```bash # Clone or copy Dockerfile.alpine from https://github.com/kosli-dev/cli docker build \ - --build-arg KOSLI_VERSION=2.13.2 \ + --build-arg KOSLI_VERSION=2.28.0 \ -f Dockerfile.alpine \ - -t registry.example.com/ci/kosli-runner:2.13.2 . - docker push registry.example.com/ci/kosli-runner:2.13.2 + -t registry.example.com/ci/kosli-runner:2.28.0 . + docker push registry.example.com/ci/kosli-runner:2.28.0 ``` Then use it as the job image in `.gitlab-ci.yml`: @@ -109,7 +109,7 @@ description: Use Kosli in CI Systems like GitHub Actions, GitLab CI, and more. KOSLI_HOST: https://app.kosli.com attest: - image: registry.example.com/ci/kosli-runner:2.13.2 + image: registry.example.com/ci/kosli-runner:2.28.0 script: - kosli version - kosli attest generic diff --git a/tutorials/trail_summaries_in_ci.md b/tutorials/trail_summaries_in_ci.md index 4027352..3ae936a 100644 --- a/tutorials/trail_summaries_in_ci.md +++ b/tutorials/trail_summaries_in_ci.md @@ -70,14 +70,14 @@ The summary appears on the run's page under the job, with the trail name linking -GitLab does not natively render markdown inline on the job page, but [`artifacts:expose_as`](https://docs.gitlab.com/ci/yaml/#artifactsexpose_as) surfaces the `summary.md` artifact as a labeled link in the merge request widget, one click away from the rendered file in the GitLab UI. +GitLab does not natively render markdown inline on the job page, but [`artifacts:expose_as`](https://docs.gitlab.com/ci/yaml/artifacts/#expose_as) surfaces the `summary.md` artifact as a labeled link in the merge request widget, one click away from the rendered file in the GitLab UI. Add a job (or a final step in your existing job) that produces that artifact. Use the [Kosli Alpine CI runner image](/integrations/ci_cd#ci-runner-image-alpine) so `kosli`, `git`, and `curl` are preinstalled and no `before_script` setup is needed: ```yaml kosli-trail-summary: stage: .post - image: registry.example.com/ci/kosli-runner:2.28.0 + image: registry.example.com/ci/kosli-runner:2.28.0 # replace with the tag you pushed variables: KOSLI_FLOW: my-flow KOSLI_TRAIL: $CI_COMMIT_SHA From 4061f42be341d55154ff6bbcf1f05bfc8ccc2f06 Mon Sep 17 00:00:00 2001 From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com> Date: Thu, 18 Jun 2026 16:43:59 +0000 Subject: [PATCH 09/11] chore: bump kosli-dev/setup-cli-action to v5 across docs --- integrations/ci_cd.md | 2 +- labs/lab-02-flows-and-trails.mdx | 2 +- labs/lab-03-build-controls.mdx | 2 +- labs/lab-04-release-controls.mdx | 2 +- tutorials/report_k8s_envs.md | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/integrations/ci_cd.md b/integrations/ci_cd.md index 9830904..67e5a6f 100644 --- a/integrations/ci_cd.md +++ b/integrations/ci_cd.md @@ -59,7 +59,7 @@ description: Use Kosli in CI Systems like GitHub Actions, GitLab CI, and more. KOSLI_ORG: my-org steps: - name: setup kosli - uses: kosli-dev/setup-cli-action@v2 + uses: kosli-dev/setup-cli-action@v5 - name: create flow run: kosli create flow my-flow --template pull-request,artifact,test ``` diff --git a/labs/lab-02-flows-and-trails.mdx b/labs/lab-02-flows-and-trails.mdx index f537718..5b48fa7 100644 --- a/labs/lab-02-flows-and-trails.mdx +++ b/labs/lab-02-flows-and-trails.mdx @@ -139,7 +139,7 @@ Think of a Flow as the template for your process, and Trails as individual insta uses: actions/checkout@v4 - name: Setup Kosli CLI - uses: kosli-dev/setup-cli-action@v2 + uses: kosli-dev/setup-cli-action@v5 with: version: 2.11.32 diff --git a/labs/lab-03-build-controls.mdx b/labs/lab-03-build-controls.mdx index 4fdf84a..6a3426e 100644 --- a/labs/lab-03-build-controls.mdx +++ b/labs/lab-03-build-controls.mdx @@ -88,7 +88,7 @@ Kosli identifies artifacts by their **SHA256 fingerprint**. This uniquely identi ```yaml - name: Setup Kosli CLI - uses: kosli-dev/setup-cli-action@v2 + uses: kosli-dev/setup-cli-action@v5 with: version: 2.11.32 diff --git a/labs/lab-04-release-controls.mdx b/labs/lab-04-release-controls.mdx index 59587b0..d7fdf98 100644 --- a/labs/lab-04-release-controls.mdx +++ b/labs/lab-04-release-controls.mdx @@ -72,7 +72,7 @@ See [Flow Templates](/template-reference/flow_template) for the full template sp ```yaml - name: Setup Kosli CLI - uses: kosli-dev/setup-cli-action@v2 + uses: kosli-dev/setup-cli-action@v5 with: version: 2.11.32 diff --git a/tutorials/report_k8s_envs.md b/tutorials/report_k8s_envs.md index 31a2b22..f39999c 100644 --- a/tutorials/report_k8s_envs.md +++ b/tutorials/report_k8s_envs.md @@ -98,7 +98,7 @@ jobs: steps: - name: Install Kosli CLI - uses: kosli-dev/setup-cli-action@v2 + uses: kosli-dev/setup-cli-action@v5 # Replace this step with one that connects to your cluster if not using GKE - name: Connect to GKE From 474a835fe37245b9575f9f395842b8ab278a44b3 Mon Sep 17 00:00:00 2001 From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com> Date: Thu, 18 Jun 2026 16:48:52 +0000 Subject: [PATCH 10/11] chore: bump actions/checkout to v7 across docs --- labs/lab-02-flows-and-trails.mdx | 2 +- tutorials/linking_trails_across_branches.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/labs/lab-02-flows-and-trails.mdx b/labs/lab-02-flows-and-trails.mdx index 5b48fa7..dd2ceeb 100644 --- a/labs/lab-02-flows-and-trails.mdx +++ b/labs/lab-02-flows-and-trails.mdx @@ -136,7 +136,7 @@ Think of a Flow as the template for your process, and Trails as individual insta ```yaml - name: Clone down repository - uses: actions/checkout@v4 + uses: actions/checkout@v7 - name: Setup Kosli CLI uses: kosli-dev/setup-cli-action@v5 diff --git a/tutorials/linking_trails_across_branches.md b/tutorials/linking_trails_across_branches.md index d47c6fc..245bd2a 100644 --- a/tutorials/linking_trails_across_branches.md +++ b/tutorials/linking_trails_across_branches.md @@ -173,7 +173,7 @@ Below is a simplified GitHub Actions workflow for a main-branch build that links build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v7 with: fetch-depth: 2 @@ -226,7 +226,7 @@ Below is a simplified GitHub Actions workflow for a main-branch build that links build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v7 with: fetch-depth: 2 From 20139f8c8210d160d79828d4f03e257427f099f2 Mon Sep 17 00:00:00 2001 From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com> Date: Thu, 18 Jun 2026 16:59:25 +0000 Subject: [PATCH 11/11] chore: strip backticks from tutorial description and bump pinned CLI to 2.28.0 --- labs/lab-02-flows-and-trails.mdx | 2 +- labs/lab-03-build-controls.mdx | 2 +- labs/lab-04-release-controls.mdx | 2 +- tutorials/trail_summaries_in_ci.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/labs/lab-02-flows-and-trails.mdx b/labs/lab-02-flows-and-trails.mdx index dd2ceeb..c292e0f 100644 --- a/labs/lab-02-flows-and-trails.mdx +++ b/labs/lab-02-flows-and-trails.mdx @@ -141,7 +141,7 @@ Think of a Flow as the template for your process, and Trails as individual insta - name: Setup Kosli CLI uses: kosli-dev/setup-cli-action@v5 with: - version: 2.11.32 + version: 2.28.0 - name: Create/Update Flow run: | diff --git a/labs/lab-03-build-controls.mdx b/labs/lab-03-build-controls.mdx index 6a3426e..6ca4703 100644 --- a/labs/lab-03-build-controls.mdx +++ b/labs/lab-03-build-controls.mdx @@ -90,7 +90,7 @@ Kosli identifies artifacts by their **SHA256 fingerprint**. This uniquely identi - name: Setup Kosli CLI uses: kosli-dev/setup-cli-action@v5 with: - version: 2.11.32 + version: 2.28.0 - name: Attest Docker image run: | diff --git a/labs/lab-04-release-controls.mdx b/labs/lab-04-release-controls.mdx index d7fdf98..9012b5c 100644 --- a/labs/lab-04-release-controls.mdx +++ b/labs/lab-04-release-controls.mdx @@ -74,7 +74,7 @@ See [Flow Templates](/template-reference/flow_template) for the full template sp - name: Setup Kosli CLI uses: kosli-dev/setup-cli-action@v5 with: - version: 2.11.32 + version: 2.28.0 - name: Assert compliance run: | diff --git a/tutorials/trail_summaries_in_ci.md b/tutorials/trail_summaries_in_ci.md index 3ae936a..9c69f57 100644 --- a/tutorials/trail_summaries_in_ci.md +++ b/tutorials/trail_summaries_in_ci.md @@ -1,6 +1,6 @@ --- title: "Adding trail summaries to CI pipeline runs" -description: "Use `kosli get trail --output markdown` to publish a Kosli trail summary directly to GitHub Actions and GitLab CI pipeline runs." +description: "Use kosli get trail --output markdown to publish a Kosli trail summary directly to GitHub Actions and GitLab CI pipeline runs." --- `kosli get trail --output markdown` renders a trail as GitHub-Flavored Markdown — compliance state, git commit, attestation statuses, and events, with links back to the Kosli app. Pipe it into your CI's job summary and every pipeline run becomes an information radiator for the trail it produced.