Skip to content

fix: only sign statements #699

fix: only sign statements

fix: only sign statements #699

Workflow file for this run

name: test code
on:
push:
branches:
- main
pull_request:
workflow_dispatch:
jobs:
golang:
permissions:
contents: read
id-token: write
strategy:
matrix:
go-version: [1.22.x, 1.23.x]
# temp disable windows tests see https://github.com/docker/image-signer-verifier/pull/154
# os: [ubuntu-latest, macos-latest, windows-latest]
os: [ubuntu-latest, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Set git to use LF
run: git config --global core.autocrlf false
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go-version }}
- name: Login to Docker Hub
if: matrix.os == 'ubuntu-latest' && github.actor != 'dependabot[bot]'
uses: docker/login-action@v3
with:
username: dockerpublicbot
password: ${{ secrets.DOCKERPUBLICBOT_WRITE_PAT }}
- name: Authenticate to AWS
if: matrix.os == 'ubuntu-latest' && github.actor != 'dependabot[bot]'
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 #v4.0.2
with:
aws-region: "us-east-1"
role-to-assume: arn:aws:iam::175142243308:role/doi-github-actions-signing
- name: auth-with-gcp
if: matrix.os == 'ubuntu-latest' && github.actor != 'dependabot[bot]'
uses: google-github-actions/auth@v2
with:
project_id: 'attest-kms-test'
export_environment_variables: true
workload_identity_provider: 'projects/385966116051/locations/global/workloadIdentityPools/attest-kms-test/providers/attest-kms-test'
service_account: 'attest-kms-test@attest-kms-test.iam.gserviceaccount.com'
- name: Setup Testcontainers Cloud Client
uses: atomicjar/testcontainers-cloud-setup-action@v1
with:
token: ${{ secrets.TC_CLOUD_TOKEN }}
- name: go test including e2e
if: matrix.os == 'ubuntu-latest' && github.actor != 'dependabot[bot]'
run: go test -tags=e2e -v ./... -coverpkg=./... -coverprofile=coverage.out -covermode=atomic
- name: go test excluding e2e
if: matrix.os == 'macos-latest' || github.actor == 'dependabot[bot]'
run: go test -v ./...
- name: Upload coverage to Codecov
if: matrix.os == 'ubuntu-latest' && github.actor != 'dependabot[bot]'
uses: codecov/codecov-action@v4
with:
file: ./coverage.out
flags: unittests
name: codecov-umbrella
fail_ci_if_error: true
token: ${{ secrets.CODECOV_TOKEN }}