-
Notifications
You must be signed in to change notification settings - Fork 18
Expand file tree
/
Copy pathaction.yml
More file actions
81 lines (75 loc) · 3.27 KB
/
action.yml
File metadata and controls
81 lines (75 loc) · 3.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
name: "sigstore-conformance"
author: "Alex Cameron <alex.cameron@trailofbits.com>"
description: "Conformance testing for Sigstore clients"
inputs:
entrypoint:
description: "the command to invoke the Sigstore client"
required: true
default: ""
internal-be-careful-debug:
description: "run with debug logs (default false)"
required: false
default: "false"
skip-signing:
description: "skip tests that involve signing (default false)"
required: false
default: "false"
skip-result-upload:
description: "skip upload of conformance results (default false), staging environment runs are always skipped."
required: false
default: "false"
skip-cpython-release-tests:
description: "skip all CPython Sigstore bundle tests"
required: false
default: "false"
environment:
description: "'production' (default) or 'staging'"
required: false
default: "production"
xfail:
description: "one or more tests that are expected to fail, whitespace-separated"
required: false
default: ""
runs:
using: "composite"
steps:
- name: Check out latest CPython release metadata
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
repository: woodruffw/cpython-release-tracker
persist-credentials: false
path: cpython-release-tracker
ref: f5ef7e3a49c5b9aa2a5c8f9591e2c9feb1939060
- name: Set up sigstore-conformance
run: |
echo "::group::Install sigstore-conformance requirements"
# NOTE: Sourced, not executed as a script.
source "${{ github.action_path }}/setup/setup.bash"
echo "::endgroup::"
shell: bash
- name: Run sigstore-conformance
id: sigstore-conformance
run: |
./sigstore-conformance-env/bin/python ${{ github.action_path }}/action.py
env:
GHA_SIGSTORE_CONFORMANCE_ENVIRONMENT: "${{ inputs.environment }}"
GHA_SIGSTORE_CONFORMANCE_ENTRYPOINT: "${{ inputs.entrypoint }}"
GHA_SIGSTORE_CONFORMANCE_INTERNAL_BE_CAREFUL_DEBUG: "${{ inputs.internal-be-careful-debug }}"
GHA_SIGSTORE_CONFORMANCE_SKIP_SIGNING: "${{ inputs.skip-signing }}"
GHA_SIGSTORE_CONFORMANCE_SKIP_CPYTHON_RELEASE_TESTS: "${{ inputs.skip-cpython-release-tests }}"
GHA_SIGSTORE_CONFORMANCE_XFAIL: "${{ inputs.xfail }}"
GHA_SIGSTORE_CONFORMANCE_CLIENT_NAME: "${{ github.repository }}"
GHA_SIGSTORE_CONFORMANCE_CLIENT_URL: "${{ github.server_url }}/${{ github.repository }}"
GHA_SIGSTORE_CONFORMANCE_CLIENT_SHA: "${{ github.sha }}"
GHA_SIGSTORE_CONFORMANCE_CLIENT_SHA_URL: "${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}"
GHA_SIGSTORE_CONFORMANCE_WORKFLOW_RUN: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
GHA_SIGSTORE_CONFORMANCE_SELFTEST_ENV: "${{ github.workspace }}/sigstore-conformance-selftest-env/"
shell: bash
- name: Upload conformance result
if: ${{ always() && inputs.skip-result-upload == 'false' && inputs.environment == 'production' }}
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: conformance-results
overwrite: true
path: ./conformance-report.json
retention-days: 7