Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow empty inputs with release artifacts #110

Merged
merged 3 commits into from
Feb 23, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
env/
18 changes: 17 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ optional.
### `inputs`

The `inputs` setting controls what files `sigstore-python` signs. At least one input must be
provided.
provided unless [release-signing-artifacts](#release-signing-artifacts) is set to `true` on release events.

To sign one or more files:

Expand Down Expand Up @@ -405,6 +405,22 @@ permissions:
release-signing-artifacts: true
```

On release events, it is also valid to have no explicit inputs. When used on release
events with `release-signing-artifacts: true`, this action will sign any pre-existing
release artifacts:

```yaml
permissions:
contents: write

# ...

- uses: sigstore/gh-action-sigstore-python@v2.1.1
with:
# Only valid on release events
release-signing-artifacts: true
```

### Internal options
<details>
<summary>⚠️ Internal options ⚠️</summary>
Expand Down
10 changes: 9 additions & 1 deletion action.py
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,15 @@ def _fatal_help(msg):
sys.exit(1)


inputs = shlex.split(sys.argv[1])
# Allow inputs to be empty if the event type is release and release-signing-artifacts is
# set to true. This allows projects without artifacts to still sign the source
# archives in their releases.
inputs = shlex.split(sys.argv[1]) if len(sys.argv) == 2 else []
if not inputs and not _RELEASE_SIGNING_ARTIFACTS:
_fatal_help(
"inputs must be specified when release-signing-artifacts is disabled "
"and the event type is not release"
)

# The arguments we pass into `sigstore-python` get built up in these lists.
sigstore_global_args = []
Expand Down
2 changes: 1 addition & 1 deletion action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ description: "Use sigstore-python to sign Python packages"
inputs:
inputs:
description: "the files to sign, whitespace separated"
required: true
required: false
default: ""
identity-token:
description: "the OIDC identity token to use"
Expand Down