Skip to content

tlsconfig fix

tlsconfig fix #38

name: Docker registry v2 tests
# Run on every push, and allow it to be run manually.
on:
workflow_dispatch:
push:
branches: ['main', 'v*']
pull_request:
env:
REGISTRY: localhost:5000
NOTATION_VERSION: 1.0.0
jobs:
docker-registry-v2-tests:
# Skip if running in a fork that might not have secrets configured.
if: ${{ github.repository == 'venafi/notation-venafi-csp' }}
name: Run tests
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/[email protected]
- uses: actions/[email protected]
with:
go-version: '1.21'
check-latest: true
- name: docker registry v2
run: |
docker run -d -p 5000:5000 --name registry registry:2
docker build -t ${{ env.REGISTRY }}/net-monitor:v1 https://github.com/wabbit-networks/net-monitor.git#main
docker build -t ${{ env.REGISTRY}}/sample-venafi-csp-image:signed https://github.com/zosocanuck/sample-venafi-csp-pipeline.git#main
docker image push ${{ env.REGISTRY }}/net-monitor:v1
docker image push ${{ env.REGISTRY }}/sample-venafi-csp-image:signed
- name: Create config.ini
uses: DamianReeves/[email protected]
with:
path: ${{ github.workspace }}/config.ini
contents: |
tpp_url=${{ secrets.TPP_URL }}
access_token=${{ secrets.ACCESS_TOKEN }}
tpp_project=${{ secrets.TPP_PROJECT }}
#- name: Create vhroot cert file
# uses: DamianReeves/[email protected]
# with:
# path: ${{ github.workspace }}/vhroot.crt
# contents: ${{ secrets.ROOT_CERT }}
- name: build notation-venafi-csp plugin
run: |
make build
mkdir -p ~/.config/notation/plugins/venafi-csp
cp bin/notation-venafi-csp ~/.config/notation/plugins/venafi-csp/
echo "Downloading notation version"
curl -sL https://github.com/notaryproject/notation/releases/download/v${{ env.NOTATION_VERSION }}/notation_${{ env.NOTATION_VERSION }}_linux_amd64.tar.gz -o notation.tar.gz
tar xvf notation.tar.gz
chmod +x notation
- name: Sign with notation
run: |
export NOTATION_EXPERIMENTAL=1
./notation key add ${{ secrets.CERTIFICATE_LABEL }} --plugin venafi-csp --id ${{ secrets.CERTIFICATE_LABEL }} --plugin-config "config"="${{ github.workspace }}/config.ini"
# notation certificate add --type ca --store ${{ secrets.DOMAIN }} ${{ github.workspace }}/vhroot.crt
echo "JWS envelope test"
./notation sign -k ${{ secrets.CERTIFICATE_LABEL }} ${{ env.REGISTRY }}/net-monitor:v1
echo "COSE envelope test"
./notation sign -k ${{ secrets.CERTIFICATE_LABEL }} --signature-format cose ${{ env.REGISTRY }}/sample-venafi-csp-image:signed
./notation inspect ${{ env.REGISTRY }}/net-monitor:v1
./notation inspect ${{ env.REGISTRY }}/sample-venafi-csp-image:signed