Bump docker/login-action from 3.7.0 to 4.1.0 (#787) #2027
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: E2E | |
| on: | |
| push: | |
| branches: | |
| - "main" | |
| pull_request: | |
| branches: | |
| - "main" | |
| workflow_dispatch: | |
| permissions: {} | |
| jobs: | |
| e2e: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Go | |
| uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| check-latest: true | |
| cache: 'false' | |
| - name: Install Gitsign | |
| run: | | |
| set -e | |
| make build-gitsign | |
| sudo mv ./gitsign /usr/local/bin/gitsign | |
| echo "PATH=${PATH}" | |
| whereis gitsign | |
| mkdir /tmp/git | |
| cd /tmp/git | |
| git init -b main . | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "gitsign" | |
| git config --global gpg.x509.program gitsign | |
| git config --global gpg.format x509 | |
| git config --global commit.gpgsign true | |
| # Verify tool is on our path | |
| gitsign -h | |
| - name: Get test OIDC token | |
| uses: sigstore-conformance/extremely-dangerous-public-oidc-beacon@main | |
| - name: export OIDC token | |
| run: | | |
| echo "SIGSTORE_ID_TOKEN=$(cat ./oidc-token.txt)" >> $GITHUB_ENV | |
| - name: e2e unit tests | |
| run: | | |
| set -e | |
| make e2e-test | |
| - name: Test Sign and Verify commit | |
| run: | | |
| set -e | |
| cd /tmp/git | |
| # Sign commit | |
| git commit --allow-empty -S --message="Signed commit" | |
| # Verify commit | |
| echo "========== git verify-commit ==========" | |
| git verify-commit HEAD | |
| echo "========== gitsign verify ==========" | |
| gitsign verify \ | |
| --certificate-github-workflow-repository="sigstore-conformance/extremely-dangerous-public-oidc-beacon" \ | |
| --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \ | |
| --certificate-identity="https://github.com/sigstore-conformance/extremely-dangerous-public-oidc-beacon/.github/workflows/extremely-dangerous-oidc-beacon.yml@refs/heads/main" | |
| # Extra debug info | |
| git cat-file commit HEAD | sed -n '/-BEGIN/, /-END/p' | sed 's/^ //g' | sed 's/gpgsig //g' | sed 's/SIGNED MESSAGE/PKCS7/g' | openssl pkcs7 -print -print_certs -text | |
| - name: Test Sign and Verify commit - offline verification | |
| env: | |
| GITSIGN_REKOR_MODE: "offline" | |
| run: | | |
| set -e | |
| cd /tmp/git | |
| # Sign commit | |
| git commit --allow-empty -S --message="Signed commit" | |
| # Verify commit | |
| echo "========== git verify-commit ==========" | |
| git verify-commit HEAD | |
| echo "========== gitsign verify ==========" | |
| gitsign verify \ | |
| --certificate-github-workflow-repository="sigstore-conformance/extremely-dangerous-public-oidc-beacon" \ | |
| --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \ | |
| --certificate-identity="https://github.com/sigstore-conformance/extremely-dangerous-public-oidc-beacon/.github/workflows/extremely-dangerous-oidc-beacon.yml@refs/heads/main" | |
| # Extra debug info | |
| git cat-file commit HEAD | sed -n '/-BEGIN/, /-END/p' | sed 's/^ //g' | sed 's/gpgsig //g' | sed 's/SIGNED MESSAGE/PKCS7/g' | openssl pkcs7 -print -print_certs -text | |
| - name: Debug log | |
| if: failure() | |
| run: cat "${GITSIGN_LOG}" |