Bump the prod-deps group with 2 updates #1481
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Smoke test | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: ['main'] | |
| pull_request: | |
| branches: ['main'] | |
| permissions: | |
| contents: read | |
| jobs: | |
| sign-verify: | |
| name: Sign/Verify Artifact | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Checkout source | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3 | |
| - name: Setup node | |
| uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3 | |
| with: | |
| node-version: 18 | |
| cache: npm | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Build sigstore-js | |
| run: | | |
| npm run build | |
| - name: Create artifact to sign | |
| run: | | |
| echo -n "hello world" > artifact | |
| - name: Sign artifact | |
| run: | | |
| ./packages/cli/bin/run attest --type "text/plain" --out bundle.json artifact | |
| - name: Verify bundle | |
| run: | | |
| ./packages/cli/bin/run verify bundle.json | |
| - name: Archive bundle | |
| if: success() || failure() | |
| uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v3 | |
| with: | |
| name: bundle.public-good.json | |
| path: bundle.json | |
| sign-verify-mock: | |
| name: Sign/Verify Artifact (Mock Stack) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| env: | |
| DEBUG: "tuf:*" | |
| SIGSTORE_URL: "http://localhost:8000" | |
| steps: | |
| - name: Checkout source | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3 | |
| - name: Setup node | |
| uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3 | |
| with: | |
| node-version: 18 | |
| cache: npm | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Build sigstore-js | |
| run: | | |
| npm run build | |
| - name: Start mock server (background) | |
| run: | | |
| npm run start --workspace packages/mock-server & | |
| - name: Retrieve TUF trusted root | |
| run: | | |
| wget "${SIGSTORE_URL}/1.root.json" | |
| - name: Create artifact to sign | |
| run: | | |
| echo -n "hello world" > artifact | |
| - name: Sign artifact | |
| run: | | |
| ./packages/cli/bin/run attest \ | |
| --fulcio-url ${SIGSTORE_URL} \ | |
| --rekor-url ${SIGSTORE_URL} \ | |
| --tsa-server-url ${SIGSTORE_URL} \ | |
| --type "text/plain" \ | |
| --out bundle.json \ | |
| artifact | |
| - name: Verify bundle | |
| run: | | |
| ./packages/cli/bin/run verify \ | |
| --tuf-mirror-url ${SIGSTORE_URL} \ | |
| --tuf-root-path ./1.root.json \ | |
| bundle.json | |
| - name: Archive bundle | |
| if: success() || failure() | |
| uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v3 | |
| with: | |
| name: bundle.mock.json | |
| path: bundle.json | |