From 10c7da82a985ad4ede765bd14ef910f9cd3d83e6 Mon Sep 17 00:00:00 2001
From: Javan lacerda <javanlacerda@google.com>
Date: Wed, 10 Jul 2024 17:58:24 +0000
Subject: [PATCH] rollback

Signed-off-by: Javan lacerda <javanlacerda@google.com>
---
 .github/workflows/verify-k8s.yml | 33 ++++++++++++++++++--------------
 1 file changed, 19 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/verify-k8s.yml b/.github/workflows/verify-k8s.yml
index 216a0b932..0b05f1c63 100644
--- a/.github/workflows/verify-k8s.yml
+++ b/.github/workflows/verify-k8s.yml
@@ -39,14 +39,24 @@ jobs:
       - name: Install kubeval
         run: go install github.com/instrumenta/kubeval@v0.16.1
 
-      - name: Run kubeval for deployment
-        run: kubeval config/*.yaml
+      - run: kubeval config/*.yaml
 
   verify-k8s-deployment:
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false # Keep running if one leg fails.
-
+      matrix:
+        issuer:
+        - "OIDC Issuer"
+        - "Meta Issuer"
+
+        include:
+        - issuer: "OIDC Issuer"
+          issuer-config: |
+            "OIDCIssuers": {"https://kubernetes.default.svc": {"IssuerURL": "https://kubernetes.default.svc","ClientID": "sigstore","Type": "kubernetes"}}
+        - issuer: "Meta Issuer"
+          issuer-config: |
+            "MetaIssuers": {"https://kubernetes.*.svc": {"ClientID": "sigstore","Type": "kubernetes"}}
     env:
       # https://github.com/google/go-containerregistry/pull/125 allows insecure registry for
       # '*.local' hostnames. This works both for `ko` and our own tag-to-digest resolution logic,
@@ -104,6 +114,7 @@ jobs:
                 port: 2112
                 targetPort: 2112
           EOF
+
           # Overwrite the configuration to be what we need for KinD.
           cat <<EOF > config/fulcio-config.yaml
           apiVersion: v1
@@ -112,16 +123,10 @@ jobs:
             name: fulcio-config
             namespace: fulcio-system
           data:
-            config.yaml: |-
-              oidc-issuers:
-                https://kubernetes.default.svc:
-                  issuer-url: https://kubernetes.default.svc
-                  client-id: sigstore
-                  type: kubernetes
-              meta-issuers:
-                https://kubernetes.*.svc:
-                  client-id: sigstore
-                  type: kubernetes
+            config.json: |-
+              {
+                ${{ matrix.issuer-config }}
+              }
             server.yaml: |-
               host: 0.0.0.0
               port: 5555
@@ -133,7 +138,7 @@ jobs:
               ct-log-url: ""
               log_type: prod
           EOF
-
+          cat config/fulcio-config.yaml
           # Create secret needed to use fileca
           cat <<EOF > config/fulcio-secret.yaml
           apiVersion: v1