feat: added allow_referrers_api inputs (#26)

README.md

@@ -33,6 +33,7 @@ For example,
     target_artifact_reference: <target_artifact_reference_in_remote_registry>
     signature_format: <signature_envelope_format>
     plugin_config: <list_of_plugin_defined_configs>
+    allow_referrers_api: <boolean_flag_for_referrers_api>
 ```
 For example,
 ```yaml
@@ -49,6 +50,25 @@ For example,
       ca_certs=.github/cert-bundle/cert-bundle.crt
       self_signed=false
 ```
+Example of using the [Referrers API](https://github.com/opencontainers/distribution-spec/blob/v1.1.0-rc.3/spec.md#listing-referrers),
+```yaml
+- name: sign releasd artifact with notation-azure-kv plugin
+  uses: notaryproject/notation-action/sign@main
+  env:
+    NOTATION_EXPERIMENTAL: 1  # this is requried by Notation to use Referrers API
+  with:
+    allow_referrers_api: 'true'
+    plugin_name: azure-kv
+    plugin_url: https://github.com/Azure/notation-azure-kv/releases/download/v1.0.0-rc.2/notation-azure-kv_1.0.0-rc.2_linux_amd64.tar.gz
+    plugin_checksum: 4242054463089f4b04019805f2c009267dbcc9689e386bc88d3c4fc4E095e52c
+    key_id: https://testnotationakv.vault.azure.net/keys/notationLeafCert/c585b8ad8fc542b28e41e555d9b3a1fd
+    target_artifact_reference: myRegistry.azurecr.io/myRepo@sha256:aaabbb
+    signature_format: cose
+    plugin_config: |-
+      ca_certs=.github/cert-bundle/cert-bundle.crt
+      self_signed=false
+```
+
 ### Notation: Verify
 ```yaml
 - name: verify released artifact
@@ -57,6 +77,7 @@ For example,
     target_artifact_reference: <target_artifact_reference_in_remote_registry>
     trust_policy: <file_path_to_user_defined_trustpolicy.json>
     trust_store: <dir_to_user_trust_store>
+    allow_referrers_api: <boolean_flag_for_referrers_api>
 ```
 For example,
 ```yaml
@@ -67,9 +88,9 @@ For example,
     trust_policy: .github/trustpolicy/trustpolicy.json
     trust_store: .github/truststore
 ```
-where `.github/truststore` MUST follow the Notation [trust store specs](https://github.com/notaryproject/notaryproject/blob/main/specs/trust-store-trust-policy.md#trust-store).
+`.github/trustpolicy/trustpolicy.json` MUST follow the Notation [trust policy specs](https://github.com/notaryproject/specifications/blob/v1.0.0-rc.2/specs/trust-store-trust-policy.md#trust-policy).
 
-For example,
+`.github/truststore` MUST follow the Notation [trust store specs](https://github.com/notaryproject/specifications/blob/v1.0.0-rc.2/specs/trust-store-trust-policy.md#trust-store). For example,
 ```
 .github/truststore
 └── x509
@@ -80,4 +101,17 @@ For example,
     └── signingAuthority
         └── <my_trust_store2>
             ├── <my_certificate3>
-            └── <my_certificate4>
+            └── <my_certificate4>
+```
+Example of using the [Referrers API](https://github.com/opencontainers/distribution-spec/blob/v1.1.0-rc.3/spec.md#listing-referrers),
+```yaml
+- name: verify released artifact
+  uses: notaryproject/notation-action/verify@main
+  env:
+    NOTATION_EXPERIMENTAL: 1  # this is requried by Notation to use Referrers API
+  with:
+    allow_referrers_api: 'true'
+    target_artifact_reference: myRegistry.azurecr.io/myRepo@sha256:aaabbb
+    trust_policy: .github/trustpolicy/trustpolicy.json
+    trust_store: .github/truststore
+```

setup/action.yml

@@ -18,11 +18,11 @@ branding:
   color: blue
 inputs:
   version:
-    description: Version of official Notation CLI [release](https://github.com/notaryproject/notation/releases). This field is ignored if 'url' is present.
+    description: version of official Notation CLI [release](https://github.com/notaryproject/notation/releases). This field is ignored if 'url' is present.
     required: false
     default: 1.0.0-rc.7
   url:
-    description: URL of customized Notation CLI to install.
+    description: url of customized Notation CLI to install
     required: false
   checksum:
     description: SHA256 of the customized Notation CLI. Required if 'url' is present.