Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add more self tests to CI #23

Merged
merged 11 commits into from
Aug 5, 2022
Merged

Add more self tests to CI #23

Changes from 10 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
ee50903
Add a few more selftests
tetsuo-cpp Aug 5, 2022
797c5ef
Merge branch 'alex/remove-redundant-settings' into alex/selftests
tetsuo-cpp Aug 5, 2022
0ce30d3
Add selftest to verify OIDC issuer
tetsuo-cpp Aug 5, 2022
35bf777
Merge branch 'alex/remove-redundant-settings' into alex/selftests
tetsuo-cpp Aug 5, 2022
8fa92e1
Merge branch 'alex/remove-redundant-settings' into alex/selftests
tetsuo-cpp Aug 5, 2022
b66daf8
Fill in the expected OIDC issuer
tetsuo-cpp Aug 5, 2022
dc7c769
Fill in expected SAN
tetsuo-cpp Aug 5, 2022
6c2d8b6
Correct SAN
tetsuo-cpp Aug 5, 2022
6d3cb2b
Comment out verify SAN test
tetsuo-cpp Aug 5, 2022
3c529e6
Add selftest to exercise `identity-token` setting
tetsuo-cpp Aug 5, 2022
09a73be
Update .github/workflows/selftest.yml
woodruffw Aug 5, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 62 additions & 0 deletions .github/workflows/selftest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ jobs:
id: sigstore-python
with:
inputs: ./test/*.txt
staging: true

selftest-upload-artifacts:
runs-on: ubuntu-latest
Expand All @@ -53,3 +54,64 @@ jobs:
inputs: ./test/artifact.txt
staging: true
upload-signing-artifacts: true

selftest-custom-paths:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Sign artifact and publish signature
uses: ./
id: sigstore-python
with:
inputs: ./test/artifact.txt
signature: ./test/custom_signature.sig
certificate: ./test/custom_certificate.crt
staging: true

# NOTE(alex): `sigstore-python` doesn't support verifying URI SANs yet.
# selftest-verify-san:
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v3
# - name: Sign artifact and publish signature
# uses: ./
# id: sigstore-python
# with:
# inputs: ./test/artifact.txt
# verify-cert-email: https://github.com/trailofbits/gh-action-sigstore-python/.github/workflows/selftest.yml@refs/heads/main
woodruffw marked this conversation as resolved.
Show resolved Hide resolved
# staging: true

selftest-verify-issuer:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Sign artifact and publish signature
uses: ./
id: sigstore-python
with:
inputs: ./test/artifact.txt
verify-oidc-issuer: https://token.actions.githubusercontent.com
staging: true

selftest-identity-token:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Get OIDC token
id: get-oidc-token
run: |
identity_token=$( \
curl -H \
"Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
"$ACTIONS_ID_TOKEN_REQUEST_URL&audience=sigstore" \
| jq -r .value \
)
echo "::set-output name=identity-token::$identity_token"
shell: bash
- name: Sign artifact and publish signature
uses: ./
id: sigstore-python
with:
inputs: ./test/artifact.txt
identity-token: ${{ steps.get-oidc-token.outputs.identity-token }}
staging: true