Skip to content

Merge pull request #64 from Venafi/dependabot/go_modules/github.com/g… #116

Merge pull request #64 from Venafi/dependabot/go_modules/github.com/g…

Merge pull request #64 from Venafi/dependabot/go_modules/github.com/g… #116

name: Docker registry v2 tests
# Run on every push, and allow it to be run manually.
on:
workflow_dispatch:
push:
branches: ['main', 'v*']
pull_request:
env:
REGISTRY: localhost:5000
NOTATION_VERSION: 1.2.0
jobs:
docker-registry-v2-tests:
# Skip if running in a fork that might not have secrets configured.
if: ${{ github.repository == 'venafi/notation-venafi-csp' }}
name: Run tests
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/[email protected]
- uses: actions/[email protected]
with:
go-version: '1.22'
check-latest: true
- name: docker registry v2
run: |
docker run -d -p 5000:5000 --name registry registry:2
docker build -t ${{ env.REGISTRY }}/net-monitor:v1 https://github.com/wabbit-networks/net-monitor.git#main
docker build -t ${{ env.REGISTRY}}/sample-venafi-csp-image:signed https://github.com/zosocanuck/sample-venafi-csp-pipeline.git#main
docker image push ${{ env.REGISTRY }}/net-monitor:v1
docker image push ${{ env.REGISTRY }}/sample-venafi-csp-image:signed
- name: Create config.ini
uses: DamianReeves/[email protected]
with:
path: ${{ github.workspace }}/config.ini
contents: |
tpp_url=${{ secrets.TPP_URL }}
access_token=${{ secrets.ACCESS_TOKEN }}
tpp_project=${{ secrets.TPP_PROJECT }}
- name: build notation-venafi-csp plugin
run: |
make build
mkdir -p ~/.config/notation/plugins/venafi-csp
cp bin/notation-venafi-csp ~/.config/notation/plugins/venafi-csp/
- name: setup Notation CLI
uses: notaryproject/notation-action/setup@v1
- name: Sign with notation
run: |
notation key add ${{ secrets.CERTIFICATE_LABEL }} --plugin venafi-csp --id ${{ secrets.CERTIFICATE_LABEL }} --plugin-config "config"="${{ github.workspace }}/config.ini"
# notation certificate add --type ca --store ${{ secrets.DOMAIN }} ${{ github.workspace }}/vhroot.crt
echo "JWS envelope test"
notation sign -k ${{ secrets.CERTIFICATE_LABEL }} ${{ env.REGISTRY }}/net-monitor:v1
echo "COSE envelope test"
notation sign -k ${{ secrets.CERTIFICATE_LABEL }} --signature-format cose ${{ env.REGISTRY }}/sample-venafi-csp-image:signed
notation inspect ${{ env.REGISTRY }}/net-monitor:v1
notation inspect ${{ env.REGISTRY }}/sample-venafi-csp-image:signed