action: download default release assets to sign

README.md

@@ -367,6 +367,9 @@ Example:
 The `release-signing-artifacts` setting controls whether or not `sigstore-python`
 uploads signing artifacts to the release publishing event that triggered this run.
 
+If enabled, this setting also re-uploads and signs GitHub's default source code artifacts,
+as they are not guaranteed to be stable.
+
 By default, no release assets are uploaded.
 
 Requires the [`contents: write` permission](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token).

action.py

@@ -53,6 +53,34 @@ def _log(msg):
     print(msg, file=sys.stderr)
 
 
+def _download_ref_asset(ext):
+    repo = os.getenv('GITHUB_REPOSITORY')
+    ref = os.getenv("GITHUB_REF")
+
+    artifact = f"{os.getenv('GITHUB_REF_NAME')}-signed{ext}"
+
+    # GitHub supports /:org/:repo/archive/:ref<.tar.gz|.zip>.
+    # XX: will this work in Windows runners?
+    curl_status = subprocess.run(
+        ["curl",
+         "-f",
+         "-L",
+         "-o", str(artifact),
+         f"https://github.com/{repo}/archive/{ref}{ext}"],
+        text=True,
+        stdout=subprocess.PIPE,
+        stderr=subprocess.STDOUT,
+        # do not pass environment to curl
+    )
+    _debug(curl_status.stdout)
+
+    if curl_status.returncode != 0:
+        _summary(f"❌ failed to download {ext} archive for {ref}")
+        return None
+
+    return artifact
+
+
 def _sigstore_sign(global_args, sign_args):
     return ["python", "-m", "sigstore", *global_args, "sign", *sign_args]
 
@@ -163,6 +191,13 @@ def _fatal_help(msg):
 else:
     sigstore_verify_args.extend(["--cert-oidc-issuer", verify_oidc_issuer])
 
+if os.getenv("GHA_SIGSTORE_PYTHON_RELEASE_SIGNING_ARTIFACTS") == "true":
+    for filetype in [".zip", ".tar.gz"]:
+        artifact = _download_ref_asset(filetype)
+        if artifact is not None:
+            signing_artifact_paths.append(artifact)
+            inputs.append(artifact)
+
 for input_ in inputs:
     # Forbid things that look like flags. This isn't a security boundary; just
     # a way to prevent (less motivated) users from breaking the action on themselves.

action.yml

@@ -123,6 +123,7 @@ runs:
         GHA_SIGSTORE_PYTHON_VERIFY: "${{ inputs.verify }}"
         GHA_SIGSTORE_PYTHON_VERIFY_CERT_IDENTITY: "${{ inputs.verify-cert-identity }}"
         GHA_SIGSTORE_PYTHON_VERIFY_OIDC_ISSUER: "${{ inputs.verify-oidc-issuer }}"
+        GHA_SIGSTORE_PYTHON_RELEASE_SIGNING_ARTIFACTS: "${{ inputs.release-signing-artifacts }}"
         GHA_SIGSTORE_PYTHON_INTERNAL_BE_CAREFUL_DEBUG: "${{ inputs.internal-be-careful-debug }}"
       shell: bash