fix: only sign statements #699
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: test code | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
workflow_dispatch: | |
jobs: | |
golang: | |
permissions: | |
contents: read | |
id-token: write | |
strategy: | |
matrix: | |
go-version: [1.22.x, 1.23.x] | |
# temp disable windows tests see https://github.com/docker/image-signer-verifier/pull/154 | |
# os: [ubuntu-latest, macos-latest, windows-latest] | |
os: [ubuntu-latest, macos-latest] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Set git to use LF | |
run: git config --global core.autocrlf false | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ matrix.go-version }} | |
- name: Login to Docker Hub | |
if: matrix.os == 'ubuntu-latest' && github.actor != 'dependabot[bot]' | |
uses: docker/login-action@v3 | |
with: | |
username: dockerpublicbot | |
password: ${{ secrets.DOCKERPUBLICBOT_WRITE_PAT }} | |
- name: Authenticate to AWS | |
if: matrix.os == 'ubuntu-latest' && github.actor != 'dependabot[bot]' | |
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 #v4.0.2 | |
with: | |
aws-region: "us-east-1" | |
role-to-assume: arn:aws:iam::175142243308:role/doi-github-actions-signing | |
- name: auth-with-gcp | |
if: matrix.os == 'ubuntu-latest' && github.actor != 'dependabot[bot]' | |
uses: google-github-actions/auth@v2 | |
with: | |
project_id: 'attest-kms-test' | |
export_environment_variables: true | |
workload_identity_provider: 'projects/385966116051/locations/global/workloadIdentityPools/attest-kms-test/providers/attest-kms-test' | |
service_account: 'attest-kms-test@attest-kms-test.iam.gserviceaccount.com' | |
- name: Setup Testcontainers Cloud Client | |
uses: atomicjar/testcontainers-cloud-setup-action@v1 | |
with: | |
token: ${{ secrets.TC_CLOUD_TOKEN }} | |
- name: go test including e2e | |
if: matrix.os == 'ubuntu-latest' && github.actor != 'dependabot[bot]' | |
run: go test -tags=e2e -v ./... -coverpkg=./... -coverprofile=coverage.out -covermode=atomic | |
- name: go test excluding e2e | |
if: matrix.os == 'macos-latest' || github.actor == 'dependabot[bot]' | |
run: go test -v ./... | |
- name: Upload coverage to Codecov | |
if: matrix.os == 'ubuntu-latest' && github.actor != 'dependabot[bot]' | |
uses: codecov/codecov-action@v4 | |
with: | |
file: ./coverage.out | |
flags: unittests | |
name: codecov-umbrella | |
fail_ci_if_error: true | |
token: ${{ secrets.CODECOV_TOKEN }} |