Bump github.com/sigstore/sigstore/pkg/signature/kms/gcp (#609) #1165
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright 2025 The Sigstore Authors. | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| name: CI Tests | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| name: Build CLI | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Extract version of Go to use | |
| run: echo "GOVERSION=$(awk -F'[:@]' '/FROM golang/{print $2; exit}' Dockerfile)" >> $GITHUB_ENV | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version: ${{ env.GOVERSION }} | |
| - name: Build | |
| run: make -C $GITHUB_WORKSPACE all | |
| - name: Ensure no files were modified as a result of the build | |
| run: git update-index --refresh && git diff-index --quiet HEAD -- || git diff --exit-code | |
| container-build: | |
| name: Build container | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Extract version of Go to use | |
| run: echo "GOVERSION=$(awk -F'[:@]' '/FROM golang/{print $2; exit}' Dockerfile)" >> $GITHUB_ENV | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version: ${{ env.GOVERSION }} | |
| - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 | |
| - name: container | |
| run: | | |
| make ko-local | |
| docker run --rm $(cat rekorImagerefs) version | |
| unit-tests: | |
| name: Run unit tests | |
| permissions: | |
| contents: read | |
| id-token: write # to authenticate with codecov | |
| runs-on: ubuntu-latest | |
| env: | |
| OS: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: './go.mod' | |
| check-latest: true | |
| - name: Run Go tests | |
| run: go test -covermode atomic -coverprofile coverage.txt $(go list ./... | grep -v third_party/) | |
| - name: Workaround buggy Codecov OIDC auth | |
| run: | | |
| # only set CODECOV_TOKEN if OIDC token is available | |
| [ -z $ACTIONS_ID_TOKEN_REQUEST_TOKEN ] && exit 0 | |
| TOKEN_RESPONSE=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=https://codecov.io") | |
| CODECOV_TOKEN=$(echo $TOKEN_RESPONSE | jq -r .value) | |
| echo "CODECOV_TOKEN=$CODECOV_TOKEN" >> "$GITHUB_ENV" | |
| - name: Upload Coverage Report | |
| uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1 | |
| with: | |
| env_vars: OS | |
| fail_ci_if_error: true | |
| # When github.com/codecov/codecov-action/issues/1791 is fixed, | |
| # remove workaround step above and uncomment: | |
| # use_oidc: true | |
| - name: Run Go tests w/ `-race` | |
| if: ${{ runner.os == 'Linux' }} | |
| run: go test -race $(go list ./... | grep -v third_party/) | |
| e2e-tests: | |
| name: Run E2E tests | |
| permissions: | |
| contents: read | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Run docker compose | |
| run: docker compose -f compose.yml up -d --build --wait --wait-timeout 60 | |
| - name: Run e2e tests | |
| run: go test -v -tags=e2e ./tests/ | |
| sharding-freeze: | |
| name: Run freeze log tests | |
| permissions: | |
| contents: read | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Run freeze tests | |
| run: | |
| ./tests/freeze-test.sh | |
| sharding-e2e: | |
| name: Run sharding E2E tests | |
| permissions: | |
| contents: read | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| with: | |
| persist-credentials: false | |
| - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 | |
| - name: Install faketime | |
| run: sudo apt install faketime -y | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: './go.mod' | |
| check-latest: true | |
| - name: Run tests | |
| working-directory: ./tests/sharding | |
| run: ./test.sh |