Merge pull request #63 from Venafi/dependabot/go_modules/github.com/g… #114
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker registry v2 tests | |
# Run on every push, and allow it to be run manually. | |
on: | |
workflow_dispatch: | |
push: | |
branches: ['main', 'v*'] | |
pull_request: | |
env: | |
REGISTRY: localhost:5000 | |
NOTATION_VERSION: 1.2.0 | |
jobs: | |
docker-registry-v2-tests: | |
# Skip if running in a fork that might not have secrets configured. | |
if: ${{ github.repository == 'venafi/notation-venafi-csp' }} | |
name: Run tests | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
steps: | |
- uses: actions/[email protected] | |
- uses: actions/[email protected] | |
with: | |
go-version: '1.22' | |
check-latest: true | |
- name: docker registry v2 | |
run: | | |
docker run -d -p 5000:5000 --name registry registry:2 | |
docker build -t ${{ env.REGISTRY }}/net-monitor:v1 https://github.com/wabbit-networks/net-monitor.git#main | |
docker build -t ${{ env.REGISTRY}}/sample-venafi-csp-image:signed https://github.com/zosocanuck/sample-venafi-csp-pipeline.git#main | |
docker image push ${{ env.REGISTRY }}/net-monitor:v1 | |
docker image push ${{ env.REGISTRY }}/sample-venafi-csp-image:signed | |
- name: Create config.ini | |
uses: DamianReeves/[email protected] | |
with: | |
path: ${{ github.workspace }}/config.ini | |
contents: | | |
tpp_url=${{ secrets.TPP_URL }} | |
access_token=${{ secrets.ACCESS_TOKEN }} | |
tpp_project=${{ secrets.TPP_PROJECT }} | |
- name: build notation-venafi-csp plugin | |
run: | | |
make build | |
mkdir -p ~/.config/notation/plugins/venafi-csp | |
cp bin/notation-venafi-csp ~/.config/notation/plugins/venafi-csp/ | |
- name: setup Notation CLI | |
uses: notaryproject/notation-action/setup@v1 | |
- name: Sign with notation | |
run: | | |
notation key add ${{ secrets.CERTIFICATE_LABEL }} --plugin venafi-csp --id ${{ secrets.CERTIFICATE_LABEL }} --plugin-config "config"="${{ github.workspace }}/config.ini" | |
# notation certificate add --type ca --store ${{ secrets.DOMAIN }} ${{ github.workspace }}/vhroot.crt | |
echo "JWS envelope test" | |
notation sign -k ${{ secrets.CERTIFICATE_LABEL }} ${{ env.REGISTRY }}/net-monitor:v1 | |
echo "COSE envelope test" | |
notation sign -k ${{ secrets.CERTIFICATE_LABEL }} --signature-format cose ${{ env.REGISTRY }}/sample-venafi-csp-image:signed | |
notation inspect ${{ env.REGISTRY }}/net-monitor:v1 | |
notation inspect ${{ env.REGISTRY }}/sample-venafi-csp-image:signed | |