root-signing GCS repository tests #50

Workflow file for this run

.github/workflows/test-gcs.yml at a2a78f0

	name: root-signing GCS repository tests

	on:
	workflow_call:
	workflow_dispatch:
	schedule:
	- cron: '17 4,10,16,22 * * *'

	permissions: {}

	jobs:
	smoke-test:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	persist-credentials:
	false

	- name: Set initial root for the smoke test
	run: cp metadata/root_history/5.root.json ./root.json

	- name: Smoke test Sigstore TUF repository with a TUF client
	uses: theupdateframework/tuf-on-ci/actions/test-repository@27c49c016591c7cfea57f6b15296f714a5c4a5f6 # v0.13.0
	with:
	metadata_url: https://tuf-repo-cdn.sigstore.dev/
	# when workflow is reused in publish.yml, do not require future validity
	valid_days: ${{ github.event_name == 'workflow_call' && 0 \|\| 3 }}
	offline_valid_days: ${{ github.event_name == 'workflow_call' && 0 \|\| 30 }}

	custom-smoke-test:
	permissions:
	id-token: 'write' # For signing with the GitHub workflow identity
	uses: ./.github/workflows/custom-test.yml
	with:
	metadata_url: https://tuf-repo-cdn.sigstore.dev/

	update-issue:
	runs-on: ubuntu-latest
	needs: [smoke-test, custom-smoke-test]
	# During workflow_call, caller updates issue
	if: always() && !cancelled() && github.workflow == 'root-signing GCS repository tests'
	permissions:
	issues: 'write' # for modifying Issues
	steps:
	- name: Update the issue for the workflow
	uses: theupdateframework/tuf-on-ci/actions/update-issue@27c49c016591c7cfea57f6b15296f714a5c4a5f6 # v0.13.0
	with:
	token: ${{ secrets.TUF_ON_CI_TOKEN \|\| secrets.GITHUB_TOKEN }}
	success: ${{ !contains(needs.*.result, 'failure') }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

root-signing GCS repository tests #50

Workflow file

root-signing GCS repository tests #50

Jobs

Run details

Workflow file for this run