Skip to content

Add sigstore attest CLI subcommand to sign using DSSE envelopes #2190

Add sigstore attest CLI subcommand to sign using DSSE envelopes

Add sigstore attest CLI subcommand to sign using DSSE envelopes #2190

Workflow file for this run

name: Lint
on:
push:
branches:
- main
pull_request:
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
with:
python-version: "3.x"
cache: "pip"
cache-dependency-path: pyproject.toml
- name: deps
run: make dev SIGSTORE_EXTRA=lint
- name: lint
run: make lint
check-readme:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
# NOTE: We intentionally check `--help` rendering against our minimum Python,
# since it changes slightly between Python versions.
- uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
with:
python-version: "3.8"
cache: "pip"
cache-dependency-path: pyproject.toml
- name: deps
run: make dev
- name: check-readme
run: make check-readme
licenses:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
# adapted from Warehouse's bin/licenses
- run: |
for fn in $(find . -type f -name "*.py"); do
if [[ ! "$(head -5 $fn | grep "^ *\(#\|\*\|\/\/\) .* License\(d*\)")" ]]; then
echo "${fn} is missing a license"
exit 1
fi
done
x509-testcases:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
# NOTE: We intentionally check test certificates against our minimum supported Python.
- uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
with:
python-version: "3.8"
cache: "pip"
cache-dependency-path: pyproject.toml
- name: deps
run: make dev
- name: ensure testcase generation does not regress
run: make gen-x509-testcases
all-lints-pass:
if: always()
needs:
- lint
- check-readme
- licenses
- x509-testcases
runs-on: ubuntu-latest
steps:
- name: check lint jobs
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2
with:
jobs: ${{ toJSON(needs) }}