Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: OCI 1.1 support #82

Merged
merged 7 commits into from
Sep 27, 2024
Merged

feat: OCI 1.1 support #82

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
07186f1
oci 1.1
Two-Hearts Sep 25, 2024
474fa34
oci 1.1
Two-Hearts Sep 25, 2024
3bab3f4
fixed test
Two-Hearts Sep 25, 2024
de09f2c
update per code review
Two-Hearts Sep 26, 2024
d70c07f
updated per code review
Two-Hearts Sep 26, 2024
f75a9f5
update msg
Two-Hearts Sep 26, 2024
09a667e
update msg
Two-Hearts Sep 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
98 changes: 98 additions & 0 deletions .github/workflows/e2e-test-sign.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,69 @@ jobs:
timestamp_url: http://timestamp.digicert.com
timestamp_root_cert: ./tests/e2e/sign/tsaRootCert/DigiCertTSARootSHA384.cer

- name: Sign artifact with force_referrers_tag set to true
uses: ./sign
with:
plugin_name: e2e-test-plugin
plugin_url: https://github.com/notaryproject/notation-action/raw/e2e-test-plugin/tests/plugin_binaries/notation-e2e-test-plugin_0.1.0_linux_amd64.tar.gz
plugin_checksum: be8d035024d3a96afb4118af32f2e201f126c7254b02f7bcffb3e3149d744fd2
key_id: ${{ env.E2E_CERT }}
target_artifact_reference: ${{ env.target_artifact_reference }}
signature_format: cose
plugin_config: |-
keyFile=${{ env.E2E_KEY }}
force_referrers_tag: 'true'

- name: Sign artifact with force_referrers_tag set to false
uses: ./sign
with:
plugin_name: e2e-test-plugin
plugin_url: https://github.com/notaryproject/notation-action/raw/e2e-test-plugin/tests/plugin_binaries/notation-e2e-test-plugin_0.1.0_linux_amd64.tar.gz
plugin_checksum: be8d035024d3a96afb4118af32f2e201f126c7254b02f7bcffb3e3149d744fd2
key_id: ${{ env.E2E_CERT }}
target_artifact_reference: ${{ env.target_artifact_reference }}
signature_format: cose
plugin_config: |-
keyFile=${{ env.E2E_KEY }}
force_referrers_tag: 'false'

- name: Sign artifact with allow_referrers_api set to true
uses: ./sign
env:
NOTATION_EXPERIMENTAL: 1
with:
plugin_name: e2e-test-plugin
plugin_url: https://github.com/notaryproject/notation-action/raw/e2e-test-plugin/tests/plugin_binaries/notation-e2e-test-plugin_0.1.0_linux_amd64.tar.gz
plugin_checksum: be8d035024d3a96afb4118af32f2e201f126c7254b02f7bcffb3e3149d744fd2
key_id: ${{ env.E2E_CERT }}
target_artifact_reference: ${{ env.target_artifact_reference }}
signature_format: cose
plugin_config: |-
keyFile=${{ env.E2E_KEY }}
allow_referrers_api: 'true'

- name: Sign with force_referrers_tag set to invalid value
continue-on-error: true
id: invalid-force_referrers_tag
uses: ./sign
env:
E2E_SIGNING_KEY: ${{ secrets.E2E_SIGNING_KEY }}
with:
plugin_name: invalid-plugin
plugin_url: https://github.com/notaryproject/notation-action/raw/e2e-test-plugin/tests/plugin_binaries/notation-e2e-test-plugin_0.1.0_linux_amd64.tar.gz
plugin_checksum: be8d035024d3a96afb4118af32f2e201f126c7254b02f7bcffb3e3149d744fd2
key_id: ${{ env.E2E_CERT }}
target_artifact_reference: ${{ env.target_artifact_reference }}
signature_format: cose
plugin_config: |-
keyFile=${{ env.E2E_KEY }}
force_referrers_tag: 'invalid'
- name: 'Should Fail: Sign with force_referrers_tag set to invalid value'
if: steps.invalid-force_referrers_tag.outcome != 'failure'
run: |
echo "Sign with force_referrers_tag set to invalid value should fail, but succeeded."
exit 1

- name: Sign artifact with invalid plugin name
continue-on-error: true
id: invalid-plugin-name
Expand Down Expand Up @@ -291,6 +354,21 @@ jobs:
plugin_config: |-
keyFile=${{ env.E2E_KEY }}

- name: Sign with older Notation and allow_referrers_api set to true
uses: ./sign
env:
NOTATION_EXPERIMENTAL: 1
with:
plugin_name: e2e-test-plugin
plugin_url: https://github.com/notaryproject/notation-action/raw/e2e-test-plugin/tests/plugin_binaries/notation-e2e-test-plugin_0.1.0_linux_amd64.tar.gz
plugin_checksum: be8d035024d3a96afb4118af32f2e201f126c7254b02f7bcffb3e3149d744fd2
key_id: ${{ env.E2E_CERT }}
target_artifact_reference: ${{ env.target_artifact_reference }}
signature_format: cose
plugin_config: |-
keyFile=${{ env.E2E_KEY }}
allow_referrers_api: 'true'

- name: Sign artifact with timestamping using older Notation
continue-on-error: true
id: timestamping-with-older-notation
Expand All @@ -310,4 +388,24 @@ jobs:
if: steps.timestamping-with-older-notation.outcome != 'failure'
run: |
echo "Sign artifact with timestamping using older Notation should fail, but succeeded."
exit 1

- name: Sign artifact with force_referrers_tag set using older Notation
continue-on-error: true
id: force_referrers_tag-set-with-older-notation
uses: ./sign
with:
plugin_name: e2e-test-plugin
plugin_url: https://github.com/notaryproject/notation-action/raw/e2e-test-plugin/tests/plugin_binaries/notation-e2e-test-plugin_0.1.0_linux_amd64.tar.gz
plugin_checksum: be8d035024d3a96afb4118af32f2e201f126c7254b02f7bcffb3e3149d744fd2
key_id: ${{ env.E2E_CERT }}
target_artifact_reference: ${{ env.target_artifact_reference }}
signature_format: cose
plugin_config: |-
keyFile=${{ env.E2E_KEY }}
force_referrers_tag: 'false'
- name: 'Should Fail: Sign artifact with force_referrers_tag set using older Notation'
if: steps.force_referrers_tag-set-with-older-notation.outcome != 'failure'
run: |
echo "Sign artifact with force_referrers_tag set using older Notation should fail, but succeeded."
exit 1
15 changes: 14 additions & 1 deletion .github/workflows/e2e-test-verify.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@ jobs:
keyFile=${{ env.E2E_KEY }}
timestamp_url: http://timestamp.digicert.com
timestamp_root_cert: ./tests/e2e/sign/tsaRootCert/DigiCertTSARootSHA384.cer
force_referrers_tag: 'false'

# E2E test cases on Notation Verify
- name: Verify released artifact
Expand Down Expand Up @@ -110,6 +111,18 @@ jobs:
${{ env.target_artifact_reference2 }}
trust_policy: ./tests/e2e/verify/trustpolicy/trustpolicy.json
trust_store: ./tests/e2e/verify/truststore

- name: Verify with allow_referrers_api set to true
uses: ./verify
env:
NOTATION_EXPERIMENTAL: 1
with:
target_artifact_reference: |-
${{ env.target_artifact_reference }}
${{ env.target_artifact_reference2 }}
trust_policy: ./tests/e2e/verify/trustpolicy/trustpolicy.json
trust_store: ./tests/e2e/verify/truststore
allow_referrers_api: 'true'

- name: Verify multiple released artifacts with timestamp verification enabled
uses: ./verify
Expand All @@ -118,7 +131,7 @@ jobs:
${{ env.target_artifact_reference }}
${{ env.target_artifact_reference2 }}
trust_policy: ./tests/e2e/verify/trustpolicy/timestampVerificationEnabled.json
trust_store: ./tests/e2e/verify/truststore
trust_store: ./tests/e2e/verify/truststore

- name: Verify released artifact missing target artifact reference
continue-on-error: true
Expand Down
28 changes: 27 additions & 1 deletion dist/setup.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dist/setup.js.map
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

44 changes: 35 additions & 9 deletions dist/sign.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading
Loading