Skip to content

models: require checkpoint in embedded inclusion proof (#723) #2120

models: require checkpoint in embedded inclusion proof (#723)

models: require checkpoint in embedded inclusion proof (#723) #2120

Workflow file for this run

name: Staging Instance Tests
permissions:
# Needed to access the workflow's OIDC identity.
id-token: write
# Needed to create an issue, on failure.
issues: write
on:
push:
branches:
- main
schedule:
- cron: '0 */8 * * *'
jobs:
staging-tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1
with:
python-version: "3.x"
cache: "pip"
cache-dependency-path: pyproject.toml
- name: staging tests
env:
SIGSTORE_LOGLEVEL: DEBUG
run: |
# This is similar to the "smoketest" that we run during the
# release workflow, except that we run against Sigstore's
# staging instances instead.
# We also don't bother to build distributions.
python -m venv staging-env
./staging-env/bin/python -m pip install .
# Our signing target is not important here, so we just sign
# the README in the repository.
./staging-env/bin/python -m sigstore --verbose --staging sign README.md
# Verification also requires a different Rekor instance, so we
# also test it.
./staging-env/bin/python -m sigstore --verbose --staging verify identity \
--cert-oidc-issuer https://token.actions.githubusercontent.com \
--cert-identity ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/.github/workflows/staging-tests.yml@${GITHUB_REF} \
README.md
- name: generate an issue if staging tests fail
if: failure()
run: |
cat <<- EOF > /tmp/staging-instance-issue.md
## Staging instance failure
A scheduled test against Sigstore's staging instance has failed.
This suggests one of three conditions:
* A backwards-incompatible change in a Sigstore component;
* A regression in \`sigstore-python\`;
* A transient error.
The full CI failure can be found here:
${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/$GITHUB_RUN_ID
EOF
- name: open an issue if the staging tests fail
if: failure()
uses: peter-evans/create-issue-from-file@433e51abf769039ee20ba1293a088ca19d573b7f # v4.0.1
with:
title: "[CI] Integration failure: staging instance"
# created in the previous step
content-filepath: /tmp/staging-instance-issue.md
labels: bug,component:cicd,component:tests
assignees: woodruffw,di,tetsuo-cpp