docker/actions-toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cosign version

Browse Source 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
This commit is contained in:
CrazyMax
2025-10-29 16:24:36 +01:00
parent 6b0ff671bc
commit 0f9a1c9368
3 changed files with 157 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
__tests__/cosign/cosign.test.ts Normal file
View File

@@ -0,0 +1,63 @@
/**
* Copyright 2025 actions-toolkit authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import {describe, expect, it, jest, test} from '@jest/globals';
import * as semver from 'semver';
import {Exec} from '../../src/exec';
import {Cosign} from '../../src/cosign/cosign';
describe('isAvailable', () => {
it('checks Cosign is available', async () => {
const execSpy = jest.spyOn(Exec, 'getExecOutput');
const cosign = new Cosign();
await cosign.isAvailable();
// eslint-disable-next-line jest/no-standalone-expect
expect(execSpy).toHaveBeenCalledWith(`cosign`, [], {
silent: true,
ignoreReturnCode: true
});
});
});
describe('printVersion', () => {
it('prints Cosign version', async () => {
const execSpy = jest.spyOn(Exec, 'exec');
const cosign = new Cosign();
await cosign.printVersion();
expect(execSpy).toHaveBeenCalledWith(`cosign`, ['version', '--json'], {
failOnStdErr: false
});
});
});
describe('version', () => {
it('valid', async () => {
const cosign = new Cosign();
expect(semver.valid(await cosign.version())).not.toBeUndefined();
});
});
describe('versionSatisfies', () => {
test.each([
['v0.4.1', '>=0.3.2', true],
['v0.8.0', '>0.6.0', true],
['v0.8.0', '<0.3.0', false]
])('given %p', async (version, range, expected) => {
const cosign = new Cosign();
expect(await cosign.versionSatisfies(range, version)).toBe(expected);
});
});

3
dev.Dockerfile
View File

@@ -20,6 +20,7 @@ ARG BUILDX_VERSION=0.29.1
ARG COMPOSE_VERSION=2.39.1
ARG UNDOCK_VERSION=0.10.0
ARG REGCTL_VERSION=v0.8.2
ARG COSIGN_VERSION=v3.0.2
FROM node:${NODE_VERSION}-alpine AS base
RUN apk add --no-cache cpio findutils git
@@ -81,6 +82,7 @@ FROM docker/buildx-bin:${BUILDX_VERSION} AS buildx
FROM docker/compose-bin:v${COMPOSE_VERSION} AS compose
FROM crazymax/undock:${UNDOCK_VERSION} AS undock
FROM ghcr.io/regclient/regctl:${REGCTL_VERSION} AS regctl
FROM ghcr.io/sigstore/cosign/cosign:${COSIGN_VERSION} AS cosign
FROM deps AS test
RUN --mount=type=bind,target=.,rw \
@@ -93,6 +95,7 @@ RUN --mount=type=bind,target=.,rw \
--mount=type=bind,from=compose,source=/docker-compose,target=/usr/bin/compose \
--mount=type=bind,from=undock,source=/usr/local/bin/undock,target=/usr/bin/undock \
--mount=type=bind,from=regctl,source=/regctl,target=/usr/bin/regctl \
--mount=type=bind,from=cosign,source=/ko-app/cosign,target=/usr/bin/cosign \
--mount=type=secret,id=GITHUB_TOKEN \
GITHUB_TOKEN=$(cat /run/secrets/GITHUB_TOKEN) yarn run test:coverage --coverageDirectory=/tmp/coverage

91
src/cosign/cosign.ts Normal file
View File

@@ -0,0 +1,91 @@
/**
* Copyright 2025 actions-toolkit authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import * as core from '@actions/core';
import {Exec} from '../exec';
import * as semver from 'semver';
export interface CosignOpts {
binPath?: string;
}
export class Cosign {
private readonly binPath: string;
private _version: string;
private _versionOnce: boolean;
constructor(opts?: CosignOpts) {
this.binPath = opts?.binPath || 'cosign';
this._version = '';
this._versionOnce = false;
}
public async isAvailable(): Promise<boolean> {
const ok: boolean = await Exec.getExecOutput(this.binPath, [], {
ignoreReturnCode: true,
silent: true
})
.then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
core.debug(`Cosign.isAvailable cmd err: ${res.stderr.trim()}`);
return false;
}
return res.exitCode == 0;
})
.catch(error => {
core.debug(`Cosign.isAvailable error: ${error}`);
return false;
});
core.debug(`Cosign.isAvailable: ${ok}`);
return ok;
}
public async version(): Promise<string> {
if (this._versionOnce) {
return this._version;
}
this._versionOnce = true;
this._version = await Exec.getExecOutput(this.binPath, ['version', '--json'], {
ignoreReturnCode: true,
silent: true
}).then(res => {
if (res.stderr.length > 0 && res.exitCode != 0) {
throw new Error(res.stderr.trim());
}
return JSON.parse(res.stdout.trim()).gitVersion;
});
return this._version;
}
public async printVersion() {
await Exec.exec(this.binPath, ['version', '--json'], {
failOnStdErr: false
});
}
public async versionSatisfies(range: string, version?: string): Promise<boolean> {
const ver = version ?? (await this.version());
if (!ver) {
core.debug(`Cosign.versionSatisfies false: undefined version`);
return false;
}
const res = semver.satisfies(ver, range) || /^[0-9a-f]{7}$/.exec(ver) !== null;
core.debug(`Cosign.versionSatisfies ${ver} statisfies ${range}: ${res}`);
return res;
}
}