# Copyright 2021 The Sigstore Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. name: Test GitHub OIDC on: push: paths: - '**' - '!**.md' - '!doc/**' - '!**.txt' - '!images/**' - '!LICENSE' - 'test/**' branches: [ 'main', 'release-*' ] schedule: - cron: '0 1 * * *' # 1AM UTC workflow_dispatch: jobs: build: permissions: id-token: write packages: write contents: read env: GIT_HASH: ${{ github.sha }} GIT_VERSION: unstable GITHUB_RUN_ID: ${{ github.run_id }} GITHUB_RUN_ATTEMPT: ${{ github.run_attempt }} KO_PREFIX: ghcr.io/${{ github.repository }} runs-on: ubuntu-latest steps: - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version: '1.21' check-latest: true cache: true # Install tools. - uses: ko-build/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6 - name: build cosign from the HEAD run: | make cosign ./cosign version - name: Build and sign a container image run: | set -e # Build and publish an image. make sign-ci-keyless-containers - name: Build and sign a blob run: | set -e make sign-blob-experimental