Skip to content

CI

CI #657

Workflow file for this run

name: CI
on:
push:
branches:
- main
pull_request:
schedule:
- cron: "0 12 * * *"
permissions: {}
jobs:
ruby-versions:
uses: ruby/actions/.github/workflows/ruby_versions.yml@3fbf038d6f0d8043b914f923764c61bc2a114a77
with:
engine: cruby-truffleruby
min_version: 3.1
test:
needs: ruby-versions
runs-on: ${{ matrix.os }}
name: Test Ruby ${{ matrix.ruby }} / ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
ruby: ${{ fromJson(needs.ruby-versions.outputs.versions) }}
os: [ubuntu-latest]
# os: [ ubuntu-latest, macos-latest, windows-latest ]
# include:
# - { os: windows-latest, ruby: ucrt }
# - { os: windows-latest, ruby: mingw }
# - { os: windows-latest, ruby: mswin }
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Ruby
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc # v1.202.0
with:
ruby-version: ${{ matrix.ruby }}
bundler-cache: true
- name: Run the tests
run: bin/rake test
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@985343d70564a82044c1b7fcb84c2fa05405c1a2 # v5.0.4
if: ${{ matrix.ruby }} == ${{ fromJson(needs.ruby-versions.outputs.latest) }} && ${{ matrix.os }} == "ubuntu-latest" && always()
with:
token: ${{ secrets.CODECOV_TOKEN }}
slug: sigstore/sigstore-ruby
sigstore-conformance:
needs: ruby-versions
runs-on: ${{ matrix.os }}
name: Sigstore Ruby ${{ matrix.ruby }} / ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
ruby: ${{ fromJson(needs.ruby-versions.outputs.versions) }}
os: [ubuntu-latest]
# os: [ ubuntu-latest, macos-latest, windows-latest ]
# include:
# - { os: windows-latest, ruby: ucrt }
# - { os: windows-latest, ruby: mingw }
# - { os: windows-latest, ruby: mswin }
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Ruby
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc # v1.202.0
with:
ruby-version: ${{ matrix.ruby }}
bundler-cache: true
- name: Run the conformance tests
uses: sigstore/sigstore-conformance@d93d46c0e864084fbb78015a5b7d4f5b1d7e641d
with:
entrypoint: ${{ github.workspace }}/bin/conformance-entrypoint
xfail: "${{ matrix.ruby != 'head' && 'test_verify_rejects_bad_tsa_timestamp' }}"
if: ${{ matrix.os }} == "ubuntu-latest"
- name: Run the conformance tests against staging
uses: sigstore/sigstore-conformance@d93d46c0e864084fbb78015a5b7d4f5b1d7e641d
with:
entrypoint: ${{ github.workspace }}/bin/conformance-entrypoint
xfail: "${{ matrix.ruby != 'head' && 'test_verify_rejects_bad_tsa_timestamp' }}"
environment: staging
if: ${{ matrix.os }} == "ubuntu-latest"
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@985343d70564a82044c1b7fcb84c2fa05405c1a2 # v5.0.4
if: ${{ matrix.ruby }} == ${{ fromJson(needs.ruby-versions.outputs.latest) }} && ${{ matrix.os }} == "ubuntu-latest" && always()
with:
token: ${{ secrets.CODECOV_TOKEN }}
slug: sigstore/sigstore-ruby
tuf-conformance:
needs: ruby-versions
runs-on: ${{ matrix.os }}
name: TUF Ruby ${{ matrix.ruby }} / ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
ruby: ${{ fromJson(needs.ruby-versions.outputs.versions) }}
os: [ubuntu-latest]
# os: [ ubuntu-latest, macos-latest, windows-latest ]
# include:
# - { os: windows-latest, ruby: ucrt }
# - { os: windows-latest, ruby: mingw }
# - { os: windows-latest, ruby: mswin }
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Ruby
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc # v1.202.0
with:
ruby-version: ${{ matrix.ruby }}
bundler-cache: true
- name: Touch requirements.txt
run: touch requirements.txt
- name: Run the TUF conformance tests
uses: theupdateframework/tuf-conformance@ad0e8bef1a9a1c7af993c3d56376ce624a0f10f2
with:
entrypoint: ${{ github.workspace }}/bin/tuf-conformance-entrypoint
artifact-name: "test repositories ${{ matrix.ruby }} ${{ matrix.os }}"
if: |
${{ matrix.os }} == "ubuntu-latest"
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@985343d70564a82044c1b7fcb84c2fa05405c1a2 # v5.0.4
if: ${{ matrix.ruby }} == ${{ fromJson(needs.ruby-versions.outputs.latest) }} && ${{ matrix.os }} == "ubuntu-latest" && always()
with:
token: ${{ secrets.CODECOV_TOKEN }}
slug: sigstore/sigstore-ruby
smoketest:
needs: ruby-versions
runs-on: ubuntu-latest
name: Smoketest
permissions:
id-token: write
strategy:
fail-fast: false
matrix:
ruby: ${{ fromJson(needs.ruby-versions.outputs.versions) }}
os: [ubuntu-latest]
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Set up Ruby
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc # v1.202.0
with:
ruby-version: ${{ fromJson(needs.ruby-versions.outputs.latest) }}
bundler-cache: true
- name: Build the gem
run: bin/rake build
- name: List built gems
id: list-gems
run: |
echo "gems=$(find pkg -type f -name '*.gem' -print0 | xargs -0 jq --compact-output --null-input --args '[$ARGS.positional[]]')" >> $GITHUB_OUTPUT
- name: Run the smoketest
run: |
./bin/smoketest ${BUILT_GEMS}
env:
BUILT_GEMS: ${{ join(fromJson(steps.list-gems.outputs.gems), ' ') }}
WORKFLOW_NAME: ci
all-tests-pass:
if: always()
needs:
- test
- sigstore-conformance
- tuf-conformance
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: check test jobs
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2
with:
jobs: ${{ toJSON(needs) }}
lint:
needs: ruby-versions
runs-on: ubuntu-latest
name: Lint
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Ruby
uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc # v1.202.0
with:
ruby-version: ${{ fromJson(needs.ruby-versions.outputs.latest) }}
bundler-cache: true
- name: Run the linter
run: bin/rubocop