self-test: Install sigstore-python in separate virtualenv (#181) #615
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Self-test | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "10 10 * * *" | |
| jobs: | |
| selftest: | |
| strategy: | |
| matrix: | |
| include: | |
| - { sigstore-infra: production, skip-cpython-release-tests: false } | |
| - { sigstore-infra: production, skip-cpython-release-tests: true } | |
| - { sigstore-infra: staging, skip-cpython-release-tests: false } | |
| fail-fast: false | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: "3.x" | |
| cache: "pip" | |
| - name: install sigstore-python | |
| run: | | |
| python3 -m venv sigstore-env | |
| ./sigstore-env/bin/python -m pip install "sigstore >= 3.5.0, < 4.0" | |
| cat <<EOF > ./sigstore-env/bin/conformance | |
| #!/bin/sh | |
| # allow sigstore-python-conformance wrapper to find "sigstore" binary from venv | |
| PATH=$PWD/sigstore-env/bin/:$PATH | |
| $PWD/sigstore-env/bin/python $PWD/sigstore-python-conformance "\$@" | |
| EOF | |
| chmod +x ./sigstore-env/bin/conformance | |
| - name: conformance test sigstore-python | |
| uses: ./ | |
| with: | |
| entrypoint: ${{ github.workspace }}/sigstore-env/bin/conformance | |
| skip-cpython-release-tests: ${{ matrix.skip-cpython-release-tests }} | |
| environment: ${{ matrix.sigstore-infra }} | |
| xfail: "test_verify_with_trust_root test_verify_dsse_bundle_with_trust_root" |