-
Notifications
You must be signed in to change notification settings - Fork 23
101 lines (96 loc) · 2.72 KB
/
smoke-test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
name: Smoke test
on:
workflow_dispatch:
push:
branches: ['main']
pull_request:
branches: ['main']
permissions:
contents: read
jobs:
sign-verify:
name: Sign/Verify Artifact
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- name: Checkout source
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3
- name: Setup node
uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
with:
node-version: 18
cache: npm
- name: Install dependencies
run: npm ci
- name: Build sigstore-js
run: |
npm run build
- name: Create artifact to sign
run: |
echo -n "hello world" > artifact
- name: Sign artifact
run: |
./packages/cli/bin/run attest --type "text/plain" --out bundle.json artifact
- name: Verify bundle
run: |
./packages/cli/bin/run verify bundle.json
- name: Archive bundle
if: success() || failure()
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v3
with:
name: bundle.public-good.json
path: bundle.json
sign-verify-mock:
name: Sign/Verify Artifact (Mock Stack)
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
env:
DEBUG: "tuf:*"
SIGSTORE_URL: "http://localhost:8000"
steps:
- name: Checkout source
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3
- name: Setup node
uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
with:
node-version: 18
cache: npm
- name: Install dependencies
run: npm ci
- name: Build sigstore-js
run: |
npm run build
- name: Start mock server (background)
run: |
npm run start --workspace packages/mock-server &
- name: Retrieve TUF trusted root
run: |
wget "${SIGSTORE_URL}/1.root.json"
- name: Create artifact to sign
run: |
echo -n "hello world" > artifact
- name: Sign artifact
run: |
./packages/cli/bin/run attest \
--fulcio-url ${SIGSTORE_URL} \
--rekor-url ${SIGSTORE_URL} \
--tsa-server-url ${SIGSTORE_URL} \
--type "text/plain" \
--out bundle.json \
artifact
- name: Verify bundle
run: |
./packages/cli/bin/run verify \
--tuf-mirror-url ${SIGSTORE_URL} \
--tuf-root-path ./1.root.json \
bundle.json
- name: Archive bundle
if: success() || failure()
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v3
with:
name: bundle.mock.json
path: bundle.json