feat: add a feature to verify the head of a branch (#684)

Signed-off-by: Asra Ali <asraa@google.com>

VERIFIER.md

@@ -23,7 +23,13 @@ This will download the Yubico root CA. For each key added, it will verify:
 
 If there is any repository data added in the PR, it will also check signatures in each top-level role.
 
-2. Other verifications:
+2. To verify the state of a ceremony branch, add the environment variable `BRANCH` to indicate the ceremony branch.
+
+```bash
+GITHUB_USER=${YOUR_GITHUB_USERNAME} BRANCH=${CEREMONY_BRANCH} ./scripts/verify.sh
+```
+
+3. Other verifications:
 
 * Verify the targets signed and their SHAs. You may choose to retrieve an independent local copy of the targets (Fulcio Root CA certificate, SigStore signing key, Rekor public key, CTFE key) and verify that the SHA-512 matches the sha in `targets.json`.
 

scripts/verify.sh

@@ -18,26 +18,24 @@
 set -o errexit
 set -o xtrace
 
-if [ -z "$GITHUB_USER" ]; then
-    echo "Set GITHUB_USER"
-    exit 1
-fi
-if [ -z "$REPO" ]; then
-    REPO=$(pwd)/repository
-    echo "Using default REPO $REPO"
-fi
+# shellcheck source=./scripts/utils.sh
+source "./scripts/utils.sh"
+
+# Check that a github user is set.
+check_user
 
-# Dump the git state
-git checkout main
-git status
-git remote -v
+# Set REPO
+set_repository
+
+# Dump the git state and clean-up
+print_git_state
+clean_state
 
 # Setup forks
-git remote rm upstream || true
-git remote add upstream git@github.com:sigstore/root-signing.git
-git remote rm origin || true
-git remote add origin git@github.com:"$GITHUB_USER"/root-signing.git
-git remote -v
+setup_forks
+
+# Checkout branch
+checkout_branch
 
 # build the verification binary
 go build -o verify ./cmd/verify