From 503300cedf5a5baa16fa31c4c6f2b3b7b3272d9c Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Mon, 8 Jul 2024 11:59:54 -0400 Subject: [PATCH 1/2] action: remove old output settings Signed-off-by: William Woodruff --- .github/workflows/selftest.yml | 21 ---------- README.md | 75 ---------------------------------- action.py | 18 -------- action.yml | 15 ------- 4 files changed, 129 deletions(-) diff --git a/.github/workflows/selftest.yml b/.github/workflows/selftest.yml index f2edc93..16099d2 100644 --- a/.github/workflows/selftest.yml +++ b/.github/workflows/selftest.yml @@ -256,27 +256,6 @@ jobs: [[ -f ./artifact.txt.sigstore.json ]] || exit 1 working-directory: ./test/uploaded - selftest-custom-paths: - runs-on: ubuntu-latest - if: (github.event_name != 'pull_request') || !github.event.pull_request.head.repo.fork - steps: - - uses: actions/checkout@v4 - - name: Sign artifact and publish signature - uses: ./ - id: sigstore-python - with: - inputs: ./test/artifact.txt - signature: ./test/custom_signature.sig - certificate: ./test/custom_certificate.crt - bundle: ./test/custom_bundle.sigstore - staging: true - internal-be-careful-debug: true - - name: Check outputs - run: | - [[ -f ./test/custom_signature.sig ]] || exit 1 - [[ -f ./test/custom_certificate.crt ]] || exit 1 - [[ -f ./test/custom_bundle.sigstore ]] || exit 1 - selftest-verify: runs-on: ubuntu-latest if: (github.event_name != 'pull_request') || !github.event.pull_request.head.repo.fork diff --git a/README.md b/README.md index a192f31..5e10741 100644 --- a/README.md +++ b/README.md @@ -128,81 +128,6 @@ Example: oidc-client-secret: alternative-sigstore-secret ``` -### `signature` - -**Default**: Empty (signature files will get named as `{input}.sig`) - -The `signature` setting controls the name of the output signature file. This setting does not work -when signing multiple input files. - -Example: - -```yaml -- uses: sigstore/gh-action-sigstore-python@v2.1.1 - with: - inputs: file.txt - signature: custom-signature-filename.sig -``` - -However, this example is invalid: - -```yaml -- uses: sigstore/gh-action-sigstore-python@v2.1.1 - with: - inputs: file0.txt file1.txt file2.txt - signature: custom-signature-filename.sig -``` - -### `certificate` - -**Default**: Empty (certificate files will get named as `{input}.crt`) - -The `certificate` setting controls the name of the output certificate file. This setting does not -work when signing multiple input files. - -Example: - -```yaml -- uses: sigstore/gh-action-sigstore-python@v2.1.1 - with: - inputs: file.txt - certificate: custom-certificate-filename.crt -``` - -However, this example is invalid: - -```yaml -- uses: sigstore/gh-action-sigstore-python@v2.1.1 - with: - inputs: file0.txt file1.txt file2.txt - certificate: custom-certificate-filename.crt -``` - -### `bundle` - -**Default**: Empty (bundle files will get named as `{input}.sigstore`) - -The `bundle` setting controls the name of the output Sigstore bundle. This setting does not work -when signing multiple input files. - -Example: - -```yaml -- uses: sigstore/gh-action-sigstore-python@v2.1.1 - with: - inputs: file.txt - bundle: custom-bundle.sigstore -``` - -However, this example is invalid: - -```yaml -- uses: sigstore/gh-action-sigstore-python@v2.1.1 - with: - inputs: file0.txt file1.txt file2.txt - certificate: custom-bundle.sigstore -``` - ### `staging` **Default**: `false` diff --git a/action.py b/action.py index 1cd38fc..b6231b7 100755 --- a/action.py +++ b/action.py @@ -146,24 +146,6 @@ def _fatal_help(msg): if client_secret: sigstore_sign_args.extend(["--oidc-client-secret", client_secret]) -signature = os.getenv("GHA_SIGSTORE_PYTHON_SIGNATURE") -if signature: - sigstore_sign_args.extend(["--signature", signature]) - sigstore_verify_args.extend(["--signature", signature]) - signing_artifact_paths.append(signature) - -certificate = os.getenv("GHA_SIGSTORE_PYTHON_CERTIFICATE") -if certificate: - sigstore_sign_args.extend(["--certificate", certificate]) - sigstore_verify_args.extend(["--certificate", certificate]) - signing_artifact_paths.append(certificate) - -bundle = os.getenv("GHA_SIGSTORE_PYTHON_BUNDLE") -if bundle: - sigstore_sign_args.extend(["--bundle", bundle]) - sigstore_verify_args.extend(["--bundle", bundle]) - signing_artifact_paths.append(bundle) - if os.getenv("GHA_SIGSTORE_PYTHON_STAGING", "false") != "false": sigstore_global_args.append("--staging") diff --git a/action.yml b/action.yml index cf1d467..2fd642b 100644 --- a/action.yml +++ b/action.yml @@ -32,18 +32,6 @@ inputs: description: "the custom OpenID Connect client secret to use during OAuth2" required: false default: "" - signature: - description: "write a single signature to the given file; does not work with multiple input files" - required: false - default: "" - certificate: - description: "write a single certificate to the given file; does not work with multiple input files" - required: false - default: "" - bundle: - description: "write a single Sigstore bundle to the given file; does not work with multiple input files" - required: false - default: "" staging: description: "use sigstore's staging instances, instead of the default production instances" required: false @@ -102,9 +90,6 @@ runs: PYTHONUTF8: "1" VENV_PYTHON_PATH: "${{ steps.setup.outputs.venv-python-path }}" GHA_SIGSTORE_PYTHON_IDENTITY_TOKEN: "${{ inputs.identity-token }}" - GHA_SIGSTORE_PYTHON_SIGNATURE: "${{ inputs.signature }}" - GHA_SIGSTORE_PYTHON_CERTIFICATE: "${{ inputs.certificate }}" - GHA_SIGSTORE_PYTHON_BUNDLE: "${{ inputs.bundle }}" GHA_SIGSTORE_PYTHON_OIDC_CLIENT_ID: "${{ inputs.oidc-client-id }}" GHA_SIGSTORE_PYTHON_OIDC_CLIENT_SECRET: "${{ inputs.oidc-client-secret }}" GHA_SIGSTORE_PYTHON_STAGING: "${{ inputs.staging }}" From 702886071392a7d0847ecdc0d552769952401702 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Mon, 8 Jul 2024 12:01:29 -0400 Subject: [PATCH 2/2] selftest: remove old test ref Signed-off-by: William Woodruff --- .github/workflows/selftest.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/selftest.yml b/.github/workflows/selftest.yml index 16099d2..bc0e724 100644 --- a/.github/workflows/selftest.yml +++ b/.github/workflows/selftest.yml @@ -355,7 +355,6 @@ jobs: - selftest-glob - selftest-glob-multiple - selftest-upload-artifacts - - selftest-custom-paths - selftest-verify - selftest-xfail-verify-missing-options - selftest-identity-token