# # Copyright 2021 The Sigstore Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. name: e2e-with-binary # Run on every push, and allow it to be run manually. on: push: paths: - '**' - '!**.md' - '!doc/**' - '!**.txt' - '!images/**' - '!LICENSE' - 'test/**' branches: [ 'main' ] workflow_dispatch: jobs: e2e-tests-with-binary: # Skip if running in a fork that might not have secrets configured. if: ${{ github.repository == 'sigstore/cosign' }} name: Run tests runs-on: ${{ matrix.os }} strategy: matrix: os: [macos-latest, ubuntu-latest, windows-latest] permissions: id-token: write contents: read env: COSIGN_YES: "true" steps: - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version: '1.21' check-latest: true - name: build cosign and check sign-blob and verify-blob shell: bash run: | set -e make cosign ./cosign sign-blob --output-certificate certificate.pem --output-signature README.md.sig README.md if [ -s certificate.pem ] then echo "all good for key.pem" else echo "file does not exist, or is empty" exit 1 fi if [ -s README.md.sig ] then exit 0 else echo "file does not exist, or is empty" exit 1 fi # Verify with sign-blob ./cosign verify-blob README.md --certificate certificate.pem --signature README.md.sig