Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow empty inputs with release artifacts #110

Merged
merged 3 commits into from
Feb 23, 2024
Merged

Allow empty inputs with release artifacts #110

merged 3 commits into from
Feb 23, 2024

Conversation

JeanChristopheMorinPerso
Copy link
Contributor

@JeanChristopheMorinPerso JeanChristopheMorinPerso commented Feb 18, 2024
edited
Loading

Summary

Resolves #109

Some projects don't generate artifacts as part of their releases but would still like to have their source archives attached to releases signed (using release-signing-artifacts). This was previously not possible to do with this action because inputs was a required input.

With this pull request, it will be possible to not specify inputs and use release-signing-artifacts for releases:

permissions:
  contents: write

# ...

- uses: sigstore/gh-action-sigstore-python@v2.1.1
  with:
    # Only valid on release events
    release-signing-artifacts: true

Note that inputs is still required if release-signing-artifacts is not true and the event type is not release. In this case, the action will raise a descriptive error.

Release Note

  • inputs was made optional when the event type is release and release-signing-artifacts is true.

Documentation

I adjusted the README to reflect the changes.

Tests

I'm not sure if I should add tests or not. I tested locally different scenarios and also ran the selftest workflow in my fork (https://github.com/JeanChristopheMorinPerso/gh-action-sigstore-python/actions/runs/7949857773), but I'm not sure how to properly test the release scenario without releasing a fork of the action...

@JeanChristopheMorinPerso
Make inputs optional on releases if release-signing-artifacts is set …
7e5ae27 
…to true

Signed-off-by: Jean-Christophe Morin <jean_christophe_morin@hotmail.com>
@JeanChristopheMorinPerso
Add basic .gitignore to ignore venv
5b6e541 
Signed-off-by: Jean-Christophe Morin <jean_christophe_morin@hotmail.com>
@woodruffw
Copy link
Member

Thanks @JeanChristopheMorinPerso! I'm reviewing now.

@woodruffw woodruffw self-requested a review February 20, 2024 16:45
@woodruffw woodruffw added the enhancement New feature or request label Feb 20, 2024
woodruffw
woodruffw reviewed Feb 20, 2024
View reviewed changes
README.md Outdated Show resolved Hide resolved
woodruffw
woodruffw reviewed Feb 20, 2024
View reviewed changes
Copy link
Member

@woodruffw woodruffw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great! One nitpick.

@woodruffw
Copy link
Member

I'm not sure if I should add tests or not. I tested locally different scenarios and also ran the selftest workflow in my fork (https://github.com/JeanChristopheMorinPerso/gh-action-sigstore-python/actions/runs/7949857773), but I'm not sure how to properly test the release scenario without releasing a fork of the action...

Yeah, unfortunately tests here will probably be a PITA. I'm okay with skipping them for now; if we hit bugs on this path in the future, we'll investigate mocking up a release environment to test in.

@woodruffw woodruffw mentioned this pull request Feb 20, 2024
Open
@JeanChristopheMorinPerso
Make behavior more explicit
b1c5e30 
Signed-off-by: Jean-Christophe Morin <jean_christophe_morin@hotmail.com>
woodruffw
woodruffw approved these changes Feb 23, 2024
View reviewed changes
Copy link
Member

@woodruffw woodruffw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @JeanChristopheMorinPerso!

@woodruffw woodruffw merged commit 08a568c into sigstore:main Feb 23, 2024
17 checks passed
@JeanChristopheMorinPerso JeanChristopheMorinPerso deleted the allow_empty_inpts_with_release_artifacts branch February 23, 2024 23:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@woodruffw woodruffw woodruffw approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow inputs to be empty if release-signing-artifacts is true
2 participants
@JeanChristopheMorinPerso @woodruffw