Merge pull request #685 from secure-systems-lab/dependabot/github_act… #132
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Run Sigstore Signer tests | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| permissions: {} | |
| jobs: | |
| test-sigstore: | |
| runs-on: ubuntu-latest | |
| if: github.repository_owner == 'secure-systems-lab' # only run upstream | |
| permissions: | |
| id-token: 'write' # ambient credential is used to sign | |
| issues: 'write' # for filing an issue on failure | |
| steps: | |
| - name: Checkout securesystemslib | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
| - name: Set up Python | |
| uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 | |
| with: | |
| python-version: '3.x' | |
| cache: 'pip' | |
| cache-dependency-path: 'requirements*.txt' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install --upgrade tox | |
| - run: | | |
| export CERT_ID=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/.github/workflows/test-sigstore.yml@${GITHUB_REF} | |
| export CERT_ISSUER=https://token.actions.githubusercontent.com | |
| tox -e sigstore | |
| - name: File an issue on failure | |
| if: ${{ failure() }} | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea | |
| with: | |
| script: | | |
| const repo = context.repo.owner + "/" + context.repo.repo | |
| const issues = await github.rest.search.issuesAndPullRequests({ | |
| q: "Sigstore+tests+failed+in:title+state:open+type:issue+repo:" + repo, | |
| }) | |
| if (issues.data.total_count > 0) { | |
| console.log("Issue open already, not creating.") | |
| } else { | |
| await github.rest.issues.create({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| title: "Sigstore tests failed", | |
| body: "Hey, it seems Sigstore tests have failed, please see - [workflow run](" + | |
| "https://github.com/" + repo + "/actions/runs/" + context.runId + ")" | |
| }) | |
| console.log("New issue created.") | |
| } |