-
Notifications
You must be signed in to change notification settings - Fork 23
32 lines (29 loc) · 1.18 KB
/
update-tuf-seeds.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
name: Update TUF Seeds
on:
workflow_dispatch:
push:
permissions:
contents: read
jobs:
update-tuf-seeds:
runs-on: ubuntu-latest
env:
DEBUG: "tuf:*"
TUF_MIRROR: https://tuf-repo-cdn.sigstore.dev
steps:
- name: Get Targets
run: |
npx @tufjs/cli download --metadata-base-url ${TUF_MIRROR} --cache-path ${{ runner.temp }}/tuf --unsafe-root-download --target-name trusted_root.json
npx @tufjs/cli download --metadata-base-url ${TUF_MIRROR} --cache-path ${{ runner.temp }}/tuf --unsafe-root-download --target-name registry.npmjs.org/keys.json
- name: ls
run: tree ${{ runner.temp }}
- name: make new
env:
TUF_CACHE: ${{ runner.temp }}/tuf
run: |
jq -n -c \
--arg mirror ${TUF_MIRROR} \
--arg root "$(cat ${TUF_CACHE}/root.json | base64)" \
--arg trusted_root "$(cat ${TUF_CACHE}/targets/trusted_root.json | base64)" \
'{$mirror:{"root.json":$root,"targets":{"trusted_root.json":$trusted_root,"registry.npmjs.org%2Fkeys.json":"npm_keys"}}}'
# --arg npm_keys "$(cat ${TUF_CACHE}/targets/registry.npmjs.org%2Fkeys.json | base64)" \