This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test Witness Action Wrapper | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| jobs: | |
| test-basic: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: '16' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Test wrapper with basic attestation | |
| id: attestation | |
| uses: ./ | |
| with: | |
| # Action to run | |
| action-ref: "actions/hello-world-javascript-action@main" | |
| input-who-to-greet: "World" | |
| # Witness configuration | |
| step: "hello-world" | |
| attestations: "command" | |
| - name: Check attestation file | |
| run: | | |
| if [[ -f "/tmp/hello-world-attestation.json" ]]; then | |
| echo "Attestation created successfully" | |
| jq . "/tmp/hello-world-attestation.json" | head -n 20 | |
| else | |
| echo "Attestation file not found!" | |
| exit 1 | |
| fi | |
| test-multi-attestors: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: '16' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Test wrapper with multiple attestors | |
| id: multi-attestation | |
| uses: ./ | |
| with: | |
| # Action to run | |
| action-ref: "actions/hello-world-javascript-action@main" | |
| input-who-to-greet: "Witness" | |
| # Witness configuration | |
| step: "hello-world-multi" | |
| attestations: "command attestor.git attestor.sbom" | |
| attestor-sbom-export: "true" | |
| outfile: "./multi-attestation.json" | |
| - name: Check attestation file | |
| run: | | |
| if [[ -f "./multi-attestation.json" ]]; then | |
| echo "Multi-attestation created successfully" | |
| jq . "./multi-attestation.json" | head -n 20 | |
| else | |
| echo "Multi-attestation file not found!" | |
| exit 1 | |
| fi | |
| - name: Upload attestation as artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: attestation-files | |
| path: ./multi-attestation.json | |
| test-sigstore-archivista: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: '16' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Test with Sigstore and Archivista | |
| id: sigstore-attestation | |
| uses: ./ | |
| with: | |
| # Action to run | |
| action-ref: "actions/hello-world-javascript-action@main" | |
| input-who-to-greet: "Sigstore" | |
| # Witness configuration | |
| step: test-sigstore | |
| attestations: "environment git github slsa" | |
| attestor-slsa-export: "true" | |
| enable-sigstore: "true" | |
| enable-archivista: "true" | |
| outfile: "./sigstore-attestation.json" | |
| - name: Check GitOID output | |
| run: | | |
| if [[ -n "${{ steps.sigstore-attestation.outputs.git_oid }}" ]]; then | |
| echo "GitOID: ${{ steps.sigstore-attestation.outputs.git_oid }}" | |
| echo "Attestation succeeded with Sigstore and Archivista" | |
| else | |
| echo "No GitOID returned - this might be expected in PR builds without proper credentials" | |
| fi | |
| - name: Check attestation file | |
| run: | | |
| if [[ -f "./sigstore-attestation.json" ]]; then | |
| echo "Sigstore attestation created successfully" | |
| jq . "./sigstore-attestation.json" | head -n 20 | |
| else | |
| echo "Sigstore attestation file not found!" | |
| exit 1 | |
| fi | |
| - name: Upload sigstore attestation as artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: sigstore-attestation | |
| path: ./sigstore-attestation.json | |
| test-direct-command: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: '16' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Test direct command | |
| id: direct-command | |
| uses: ./ | |
| with: | |
| # Direct command to run | |
| command: "echo hello > hello.txt" | |
| # Witness configuration | |
| step: "direct-command" | |
| attestations: "command environment" | |
| outfile: "./direct-command.json" | |
| - name: Check command output | |
| run: | | |
| if [ -f "hello.txt" ]; then | |
| echo "Command output:" | |
| cat hello.txt | |
| else | |
| echo "Command output file not found!" | |
| exit 1 | |
| fi | |
| - name: Check attestation file | |
| run: | | |
| if [[ -f "./direct-command.json" ]]; then | |
| echo "Direct command attestation created successfully" | |
| jq . "./direct-command.json" | head -n 20 | |
| else | |
| echo "Direct command attestation file not found!" | |
| exit 1 | |
| fi |