Skip to content
Smoke test

split prod/staging conformance test jobs #1957

Sign in to view logs

split prod/staging conformance test jobs

split prod/staging conformance test jobs #1957

Workflow file for this run

.github/workflows/smoke-test.yml at b8da16d
name: Smoke test
on:
workflow_dispatch:
push:
branches: ['main']
pull_request:
branches: ['main']
permissions:
contents: read
jobs:
sign-verify:
name: Sign/Verify Artifact
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- name: Checkout source
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Setup node
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: 18
cache: npm
- name: Install dependencies
run: npm ci
- name: Build sigstore-js
run: |
npm run build
- name: Create artifact to sign
run: |
echo -n "hello world" > artifact
- name: Sign artifact
run: |
./packages/cli/bin/run attest --type "text/plain" --out bundle.json artifact
- name: Verify bundle
run: |
./packages/cli/bin/run verify bundle.json
- name: Archive bundle
if: success() || failure()
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: bundle.public-good.json
path: bundle.json
sign-verify-mock:
name: Sign/Verify Artifact (Mock Stack)
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
env:
DEBUG: "tuf:*"
SIGSTORE_URL: "http://localhost:8000"
steps:
- name: Checkout source
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Setup node
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: 18
cache: npm
- name: Install dependencies
run: npm ci
- name: Build sigstore-js
run: |
npm run build
- name: Start mock server (background)
run: |
npm run start --workspace packages/mock-server &
- name: Retrieve TUF trusted root
run: |
wget "${SIGSTORE_URL}/1.root.json"
- name: Create artifact to sign
run: |
echo -n "hello world" > artifact
- name: Sign artifact
run: |
./packages/cli/bin/run attest \
--fulcio-url ${SIGSTORE_URL} \
--rekor-url ${SIGSTORE_URL} \
--tsa-server-url ${SIGSTORE_URL} \
--type "text/plain" \
--out bundle.json \
artifact
- name: Verify bundle
run: |
./packages/cli/bin/run verify \
--tuf-mirror-url ${SIGSTORE_URL} \
--tuf-root-path ./1.root.json \
bundle.json
- name: Archive bundle
if: success() || failure()
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: bundle.mock.json
path: bundle.json
sign-verify-staging:
name: Sign/Verify Artifact (Staging)
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
env:
DEBUG: "tuf:*"
TUF_MIRROR_URL: https://tuf-repo-cdn.sigstage.dev
steps:
- name: Checkout source
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Setup node
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: 18
cache: npm
- name: Install dependencies
run: npm ci
- name: Build sigstore-js
run: |
npm run build
- name: Retrieve TUF trusted root
run: |
wget ${TUF_MIRROR_URL}/1.root.json
- name: Create artifact to sign
run: |
echo -n "hello world" > artifact
- name: Sign artifact
run: |
./packages/cli/bin/run attest \
--fulcio-url https://fulcio.sigstage.dev \
--rekor-url https://rekor.sigstage.dev \
--type "text/plain" \
--out bundle.json \
artifact
- name: Verify bundle
run: |
./packages/cli/bin/run verify \
--tuf-mirror-url ${TUF_MIRROR_URL} \
--tuf-root-path ./1.root.json \
bundle.json
- name: Archive bundle
if: success() || failure()
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: bundle.staging.json
path: bundle.json