conformance.yml

name: Conformance Tests

on:
  push:
    branches:
      - main
  workflow_dispatch:
  pull_request_target:
    types: [labeled]

permissions:  # added using https://github.com/step-security/secure-workflows
  contents: read

jobs:
  conformance:
    permissions:
      # Needed to access the workflow's OIDC identity.
      id-token: write
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2

      - uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b
        with:
          python-version: "3.x"
          cache: "pip"
          cache-dependency-path: pyproject.toml

      - name: install sigstore-python
        run: python -m pip install .

      - uses: sigstore/sigstore-conformance@0748d63c53810e36cc3f4bbe4114301080f0d844 # v0.0.3
        with:
          entrypoint: ${{ github.workspace }}/test/integration/sigstore-python-conformance