Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add sigstore signing integration test #324

Merged
merged 3 commits into from
Nov 27, 2024
Merged

add sigstore signing integration test #324

merged 3 commits into from
Nov 27, 2024

Conversation

spencerschrock
Copy link
Contributor

Summary

With the addition of #319, we can test OIDC signing more easily using Sigstore's extremely dangerous public OIDC beacon.

This is the first integration tests and relates to #5. The change is written such that hatch test will continue to only run unit tests. Devs and CI jobs that want to run the integration tests need to use the integration marker:

hatch test -m integration

I'm still playing with the test, particularly around handling of expired tokens.

Release Note

NONE

Documentation

@mihaimaruseac mihaimaruseac added this to the V1 release milestone Nov 19, 2024
@spencerschrock
Copy link
Contributor Author

This could also be moved to the higher API level now that #323 is merged

@mihaimaruseac
Copy link
Collaborator

This could also be moved to the higher API level now that #323 is merged

+1, let's migrate both this and the benchmarks to the higher level API

@spencerschrock spencerschrock mentioned this pull request Nov 20, 2024
Merged
@spencerschrock
Copy link
Contributor Author

I'll note there is a lot of variance in runtime depending on the GitHub action scheduling in the conformance repo, I've seen anything from 4s to 3m. So we could have this as a check on every PR (maybe not required?), or set it up on a schedule.

@spencerschrock
add integration test marker
8fb4593 
By default `hatch test` wont run integration tests, but they can be
run with `hatch test -m integration`.

Signed-off-by: Spencer Schrock <[email protected]>
@spencerschrock
add signing test using public OIDC beacon
29bfe9e 
Signed-off-by: Spencer Schrock <[email protected]>
@spencerschrock
add integration workflow
87d4e23 
Signed-off-by: Spencer Schrock <[email protected]>
@spencerschrock spencerschrock marked this pull request as ready for review November 26, 2024 17:15
@spencerschrock spencerschrock requested review from a team as code owners November 26, 2024 17:15
spencerschrock
spencerschrock commented Nov 26, 2024
View reviewed changes
.github/workflows/integration.yml
Comment on lines +37 to +39
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
python-version: ['3.10', '3.11', '3.12', '3.13']
Copy link
Contributor Author

@spencerschrock spencerschrock Nov 26, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can make this a smaller matrix if desired (currently 12 signing + verifying events per PR update), I know we talked about other OS test properties that may need to be manual. (sign on linux, verify on windows)

mihaimaruseac
mihaimaruseac approved these changes Nov 27, 2024
View reviewed changes
Copy link
Collaborator

@mihaimaruseac mihaimaruseac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@mihaimaruseac mihaimaruseac merged commit c7a94b2 into sigstore:main Nov 27, 2024
33 checks passed
@spencerschrock spencerschrock deleted the e2e branch November 27, 2024 16:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mihaimaruseac mihaimaruseac mihaimaruseac approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
V1 release
Development

Successfully merging this pull request may close these issues.
2 participants
@spencerschrock @mihaimaruseac