aed959f858
`policy.Options` now contains the arguments to `tuf.Client`'s constructor rather than an actual Client. If these arguments are not provided, defaults pointing at Docker's TUF repo will be used. An actual TUF client can be passed in on the context (which is useful for testing). If this is not provided `attest.Verify` will create a TUF client using the options on `policy.Options`. --------- Co-authored-by: Joel Kamp <joel.kamp@docker.com>
66 lines
2.6 KiB
YAML
66 lines
2.6 KiB
YAML
name: test code
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
pull_request:
|
|
workflow_dispatch:
|
|
jobs:
|
|
golang:
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
strategy:
|
|
matrix:
|
|
go-version: [1.22.x]
|
|
# temp disable windows tests see https://github.com/docker/image-signer-verifier/pull/154
|
|
# os: [ubuntu-latest, macos-latest, windows-latest]
|
|
os: [ubuntu-latest, macos-latest]
|
|
runs-on: ${{ matrix.os }}
|
|
steps:
|
|
- name: Set git to use LF
|
|
run: git config --global core.autocrlf false
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/setup-go@v5
|
|
with:
|
|
go-version: ${{ matrix.go-version }}
|
|
- name: Login to Docker Hub
|
|
if: matrix.os == 'ubuntu-latest' && github.actor != 'dependabot[bot]'
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: dockerpublicbot
|
|
password: ${{ secrets.DOCKERPUBLICBOT_WRITE_PAT }}
|
|
- name: Authenticate to AWS
|
|
if: matrix.os == 'ubuntu-latest' && github.actor != 'dependabot[bot]'
|
|
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 #v4.0.2
|
|
with:
|
|
aws-region: "us-east-1"
|
|
role-to-assume: arn:aws:iam::175142243308:role/doi-github-actions-signing
|
|
- name: auth-with-gcp
|
|
if: matrix.os == 'ubuntu-latest' && github.actor != 'dependabot[bot]'
|
|
uses: google-github-actions/auth@v2
|
|
with:
|
|
project_id: 'attest-kms-test'
|
|
export_environment_variables: true
|
|
workload_identity_provider: 'projects/385966116051/locations/global/workloadIdentityPools/attest-kms-test/providers/attest-kms-test'
|
|
service_account: 'attest-kms-test@attest-kms-test.iam.gserviceaccount.com'
|
|
- name: Setup Testcontainers Cloud Client
|
|
uses: atomicjar/testcontainers-cloud-setup-action@v1
|
|
with:
|
|
token: ${{ secrets.TC_CLOUD_TOKEN }}
|
|
- name: go test including e2e
|
|
if: matrix.os == 'ubuntu-latest' && github.actor != 'dependabot[bot]'
|
|
run: go test -tags=e2e -v ./... -coverpkg=./... -coverprofile=coverage.out -covermode=atomic
|
|
- name: go test excluding e2e
|
|
if: matrix.os == 'macos-latest' || github.actor == 'dependabot[bot]'
|
|
run: go test -v ./...
|
|
- name: Upload coverage to Codecov
|
|
if: matrix.os == 'ubuntu-latest' && github.actor != 'dependabot[bot]'
|
|
uses: codecov/codecov-action@v4
|
|
with:
|
|
file: ./coverage.out
|
|
flags: unittests
|
|
name: codecov-umbrella
|
|
fail_ci_if_error: true
|
|
token: ${{ secrets.CODECOV_TOKEN }}
|