track release signing identities too

Signed-off-by: William Woodruff <[email protected]>
woodruffw · Aug 16, 2024 · 5b8004a · 5b8004a
1 parent 6ff42c0
commit 5b8004a
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 4 deletions.
diff --git a/fetcher.py b/fetcher.py
@@ -14,16 +14,18 @@
 
 _FORCE = os.getenv("FORCE") is not None
 
-_OUT = Path(__file__).parent / "versions"
-assert _OUT.is_dir()
+_VERSIONS = Path(__file__).parent / "versions"
+assert _VERSIONS.is_dir()
+
+_SIGNING_IDENTITIES = Path(__file__).parent / "signing-identities.json"
 
 
 def log(msg: str) -> None:
     print(msg, file=sys.stderr)
 
 
 def do_release(version: Version, slug: str) -> None:
-    output = _OUT / f"{version}.json"
+    output = _VERSIONS / f"{version}.json"
 
     # Don't repeat ourselves unless told to.
     if output.is_file() and not _FORCE:
@@ -73,7 +75,7 @@ def do_release(version: Version, slug: str) -> None:
 
 
 def do_sigstore(version: Version) -> None:
-    input = _OUT / f"{version}.json"
+    input = _VERSIONS / f"{version}.json"
     artifacts = json.loads(input.read_text())
 
     for artifact in artifacts:
@@ -93,6 +95,21 @@ def do_sigstore(version: Version) -> None:
     input.write_text(json.dumps(artifacts))
 
 
+def do_sigstore_identities() -> None:
+    sigstore_info = urllib3.request("GET", "https://www.python.org/download/sigstore/")
+    sigstore_info_doc = html.fromstring(sigstore_info.data)
+
+    sigstore_table = sigstore_info_doc.xpath("//table")[0]
+    headers = sigstore_table.xpath(".//thead//tr//th//text()")
+
+    sigstore_identities = []
+    for row in sigstore_table.xpath(".//tbody//tr"):
+        col_values = row.xpath(".//td//text()")
+        sigstore_identities.append(dict(zip(headers, col_values)))
+
+    _SIGNING_IDENTITIES.write_text(json.dumps(sigstore_identities, indent=4))
+
+
 releases = urllib3.request(
     "GET", "https://www.python.org/api/v2/downloads/release/"
 ).json()
@@ -105,3 +122,5 @@ def do_sigstore(version: Version) -> None:
 
     do_release(version, slug)
     do_sigstore(version)
+
+do_sigstore_identities()
diff --git a/signing-identities.json b/signing-identities.json
@@ -0,0 +1,44 @@
+[
+    {
+        "Release": "3.7",
+        "PEP": "PEP 537",
+        "Release manager": "[email protected]",
+        "OIDC Issuer": "https://github.com/login/oauth"
+    },
+    {
+        "Release": "3.8",
+        "PEP": "PEP 569",
+        "Release manager": "[email protected]",
+        "OIDC Issuer": "https://github.com/login/oauth"
+    },
+    {
+        "Release": "3.9",
+        "PEP": "PEP 596",
+        "Release manager": "[email protected]",
+        "OIDC Issuer": "https://github.com/login/oauth"
+    },
+    {
+        "Release": "3.10",
+        "PEP": "PEP 619",
+        "Release manager": "[email protected]",
+        "OIDC Issuer": "https://accounts.google.com"
+    },
+    {
+        "Release": "3.11",
+        "PEP": "PEP 664",
+        "Release manager": "[email protected]",
+        "OIDC Issuer": "https://accounts.google.com"
+    },
+    {
+        "Release": "3.12",
+        "PEP": "PEP 693",
+        "Release manager": "[email protected]",
+        "OIDC Issuer": "https://accounts.google.com"
+    },
+    {
+        "Release": "3.13",
+        "PEP": "PEP 719",
+        "Release manager": "[email protected]",
+        "OIDC Issuer": "https://accounts.google.com"
+    }
+]