forked from sigstore/cosign
-
Notifications
You must be signed in to change notification settings - Fork 0
82 lines (79 loc) · 2.99 KB
/
cross.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
on:
push:
paths:
- '**'
- '!**.md'
- '!doc/**'
- '!**.txt'
- '!images/**'
- '!LICENSE'
- 'test/**'
branches:
- main
- release-*
pull_request:
permissions: read-all
name: Cross
jobs:
build:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [macos-latest, ubuntu-latest, windows-latest]
include:
- os: macos-latest
COSIGN_TARGET: cosign-darwin-amd64
SGET_TARGET: sget-darwin-amd64
COSIGN_PASSWORD: COSIGN_PASSWORD
- os: ubuntu-latest
COSIGN_TARGET: cosign-linux-amd64
SGET_TARGET: sget-linux-amd64
COSIGN_PASSWORD: COSIGN_PASSWORD
- os: windows-latest
COSIGN_TARGET: cosign-windows-amd64.exe
SGET_TARGET: sget-windows-amd64.exe
COSIGN_PASSWORD: COSIGN_PASSWORD
steps:
- name: Install Go
uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v2.2.0
with:
go-version: '1.19'
check-latest: true
- name: Checkout code
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v2.4.0
- name: build cosign
run: |
make cosign && mv ./cosign ./${{matrix.COSIGN_TARGET}}
make sget && mv ./sget ./${{matrix.SGET_TARGET}}
- name: Create checksum file
shell: pwsh
run: |
$hash=Get-FileHash -Path ./${{matrix.COSIGN_TARGET}}
Write-Output $($hash.Hash + " " + $(([io.fileinfo]$hash.path).basename)) | Tee-Object -Path ${{matrix.COSIGN_TARGET}}.sha256
$hash=Get-FileHash -Path ./${{matrix.SGET_TARGET}}
Write-Output $($hash.Hash + " " + $(([io.fileinfo]$hash.path).basename)) | Tee-Object -Path ${{matrix.SGET_TARGET}}.sha256
- name: sign
shell: bash
env:
COSIGN_PASSWORD: ${{secrets[matrix.COSIGN_PASSWORD]}}
if: github.event_name != 'pull_request'
run: |
./${{matrix.COSIGN_TARGET}} sign-blob --key ./.github/workflows/cosign-test.key ./${{matrix.COSIGN_TARGET}} > ${{matrix.COSIGN_TARGET}}.sig
./${{matrix.COSIGN_TARGET}} sign-blob --key ./.github/workflows/cosign-test.key ./${{matrix.SGET_TARGET}} > ${{matrix.SGET_TARGET}}.sig
- name: verify
if: github.event_name != 'pull_request'
run: |
./${{matrix.COSIGN_TARGET}} verify-blob --key ./.github/workflows/cosign-test.pub --signature ${{matrix.COSIGN_TARGET}}.sig ./${{matrix.COSIGN_TARGET}}
./${{matrix.COSIGN_TARGET}} verify-blob --key ./.github/workflows/cosign-test.pub --signature ${{matrix.SGET_TARGET}}.sig ./${{matrix.SGET_TARGET}}
- name: Upload artifacts
if: github.event_name != 'pull_request'
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v2.3.1
with:
name: artifacts
path: |
cosign-*
cosign.-*sha256
cosign-*.sig
sget-*
sget.-*sha256
sget-*.sig