ratify support #36
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker registry v2 tests | |
| # Run on every push, and allow it to be run manually. | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: ['main', 'v*'] | |
| pull_request: | |
| env: | |
| REGISTRY: localhost:5000 | |
| NOTATION_VERSION: 1.0.0 | |
| jobs: | |
| docker-registry-v2-tests: | |
| # Skip if running in a fork that might not have secrets configured. | |
| if: ${{ github.repository == 'venafi/notation-venafi-csp' }} | |
| name: Run tests | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/[email protected] | |
| - uses: actions/[email protected] | |
| with: | |
| go-version: '1.21' | |
| check-latest: true | |
| - name: docker registry v2 | |
| run: | | |
| docker run -d -p 5000:5000 --name registry registry:2 | |
| docker build -t ${{ env.REGISTRY }}/net-monitor:v1 https://github.com/wabbit-networks/net-monitor.git#main | |
| docker build -t ${{ env.REGISTRY}}/sample-venafi-csp-image:signed https://github.com/zosocanuck/sample-venafi-csp-pipeline.git#main | |
| docker image push ${{ env.REGISTRY }}/net-monitor:v1 | |
| docker image push ${{ env.REGISTRY }}/sample-venafi-csp-image:signed | |
| - name: Create config.ini | |
| uses: DamianReeves/[email protected] | |
| with: | |
| path: ${{ github.workspace }}/config.ini | |
| contents: | | |
| tpp_url=${{ secrets.TPP_URL }} | |
| access_token=${{ secrets.ACCESS_TOKEN }} | |
| tpp_project=${{ secrets.TPP_PROJECT }} | |
| #- name: Create vhroot cert file | |
| # uses: DamianReeves/[email protected] | |
| # with: | |
| # path: ${{ github.workspace }}/vhroot.crt | |
| # contents: ${{ secrets.ROOT_CERT }} | |
| - name: build notation-venafi-csp plugin | |
| run: | | |
| make build | |
| mkdir -p ~/.config/notation/plugins/venafi-csp | |
| cp bin/notation-venafi-csp ~/.config/notation/plugins/venafi-csp/ | |
| echo "Downloading notation version" | |
| curl -sL https://github.com/notaryproject/notation/releases/download/v${{ env.NOTATION_VERSION }}/notation_${{ env.NOTATION_VERSION }}_linux_amd64.tar.gz -o notation.tar.gz | |
| tar xvf notation.tar.gz | |
| chmod +x notation | |
| - name: Sign with notation | |
| run: | | |
| export NOTATION_EXPERIMENTAL=1 | |
| ./notation key add ${{ secrets.CERTIFICATE_LABEL }} --plugin venafi-csp --id ${{ secrets.CERTIFICATE_LABEL }} --plugin-config "config"="${{ github.workspace }}/config.ini" | |
| # notation certificate add --type ca --store ${{ secrets.DOMAIN }} ${{ github.workspace }}/vhroot.crt | |
| echo "JWS envelope test" | |
| ./notation sign -k ${{ secrets.CERTIFICATE_LABEL }} ${{ env.REGISTRY }}/net-monitor:v1 | |
| echo "COSE envelope test" | |
| ./notation sign -k ${{ secrets.CERTIFICATE_LABEL }} --signature-format cose ${{ env.REGISTRY }}/sample-venafi-csp-image:signed | |
| ./notation inspect ${{ env.REGISTRY }}/net-monitor:v1 | |
| ./notation inspect ${{ env.REGISTRY }}/sample-venafi-csp-image:signed | |