Skip to content

Bump github/codeql-action from 3.27.0 to 3.27.1 in the minor-patch group #2346

Bump github/codeql-action from 3.27.0 to 3.27.1 in the minor-patch group

Bump github/codeql-action from 3.27.0 to 3.27.1 in the minor-patch group #2346

Workflow file for this run

name: Smoke test
on:
workflow_dispatch:
push:
branches: ['main']
pull_request:
branches: ['main']
permissions:
contents: read
jobs:
sign-verify:
name: Sign/Verify Artifact
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- name: Checkout source
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup node
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: 18.17
cache: npm
- name: Install dependencies
run: npm ci
- name: Build sigstore-js
run: |
npm run build
- name: Create artifact to sign
run: |
echo -n "hello world" > artifact
- name: Sign artifact
run: |
./packages/cli/bin/run attest --type "text/plain" --out bundle.json artifact
- name: Verify bundle
run: |
./packages/cli/bin/run verify bundle.json
- name: Archive bundle
if: success() || failure()
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: bundle.public-good.json
path: bundle.json
sign-verify-mock:
name: Sign/Verify Artifact (Mock Stack)
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
env:
DEBUG: "tuf:*"
SIGSTORE_URL: "http://localhost:8000"
steps:
- name: Checkout source
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup node
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: 18.17
cache: npm
- name: Install dependencies
run: npm ci
- name: Build sigstore-js
run: |
npm run build
- name: Start mock server (background)
run: |
npm run start --workspace packages/mock-server &
- name: Retrieve TUF trusted root
run: |
wget "${SIGSTORE_URL}/1.root.json"
- name: Create artifact to sign
run: |
echo -n "hello world" > artifact
- name: Sign artifact
run: |
./packages/cli/bin/run attest \
--fulcio-url ${SIGSTORE_URL} \
--rekor-url ${SIGSTORE_URL} \
--tsa-server-url ${SIGSTORE_URL} \
--type "text/plain" \
--out bundle.json \
artifact
- name: Verify bundle
run: |
./packages/cli/bin/run verify \
--tuf-mirror-url ${SIGSTORE_URL} \
--tuf-root-path ./1.root.json \
bundle.json
- name: Archive bundle
if: success() || failure()
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: bundle.mock.json
path: bundle.json
sign-verify-staging:
name: Sign/Verify Artifact (Staging)
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
env:
DEBUG: "tuf:*"
TUF_MIRROR_URL: https://tuf-repo-cdn.sigstage.dev
steps:
- name: Checkout source
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup node
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: 18.17
cache: npm
- name: Install dependencies
run: npm ci
- name: Build sigstore-js
run: |
npm run build
- name: Retrieve TUF trusted root
run: |
wget ${TUF_MIRROR_URL}/1.root.json
- name: Create artifact to sign
run: |
echo -n "hello world" > artifact
- name: Sign artifact
run: |
./packages/cli/bin/run attest \
--fulcio-url https://fulcio.sigstage.dev \
--rekor-url https://rekor.sigstage.dev \
--type "text/plain" \
--out bundle.json \
artifact
- name: Verify bundle
run: |
./packages/cli/bin/run verify \
--tuf-mirror-url ${TUF_MIRROR_URL} \
--tuf-root-path ./1.root.json \
bundle.json
- name: Archive bundle
if: success() || failure()
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: bundle.staging.json
path: bundle.json