Add support for creating and verifying DSSE attestations #3188
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Conformance Tests | |
| permissions: | |
| contents: read | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: {} | |
| # TODO: add cron | |
| jobs: | |
| conformance: | |
| strategy: | |
| max-parallel: 1 | |
| matrix: | |
| java-version: [11, 17] | |
| sigstore-env: [production, staging] | |
| fail-fast: false | |
| concurrency: | |
| # On main/release, we don't want any jobs cancelled | |
| # On PR branches, we cancel the job if new commits are pushed | |
| # More info: https://stackoverflow.com/a/70972844/1261287 | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }}-${{ matrix.java-version }}-${{ matrix.sigstore-env }} | |
| cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| with: | |
| persist-credentials: false | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 | |
| with: | |
| java-version: 17 | |
| distribution: 'temurin' | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@748248ddd2a24f49513d8f472f81c3a07d4d50e1 # v4.4.4 | |
| - name: Build sigstore-java cli and server jar | |
| run: ./gradlew :sigstore-cli:serverShadowJar | |
| - name: Start test server in background | |
| run: java -jar ${{ github.workspace }}/sigstore-cli/build/libs/sigstore-cli-server-all.jar & | |
| - name: Wait for server to be ready | |
| run: curl --retry-connrefused --retry 10 --retry-delay 1 --fail http://localhost:8080/ | |
| - name: Set up JDK ${{ matrix.java-version }} | |
| uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 | |
| with: | |
| java-version: ${{ matrix.java-version }} | |
| distribution: 'temurin' | |
| - uses: sigstore/sigstore-conformance@244638a7a138ae9f6106cfe2d44a698eccd3bef7 # v0.0.21 | |
| with: | |
| entrypoint: ${{ github.workspace }}/sigstore-cli/sigstore-cli-server | |
| environment: ${{ matrix.sigstore-env }} | |
| xfail: "test_verify*intoto-with-custom-trust-root]" |