From 620739dfa79c28c9ffe59f2a3e51b03e26fbc161 Mon Sep 17 00:00:00 2001
From: Billy Lynch <billy@chainguard.dev>
Date: Thu, 23 Mar 2023 11:05:23 -0400
Subject: [PATCH] Fix e2e tests by including --certificate-identity flag.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Apparently this is an required flag by cosign. 😭
---
 .github/workflows/e2e.yaml | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
index ff0dcf2a..70bfc533 100644
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -80,8 +80,15 @@ jobs:
           git commit --allow-empty -S --message="Signed commit"
 
           # Verify commit
+          echo "========== git verify-commit =========="
           git verify-commit HEAD
-          gitsign verify --certificate-github-workflow-repository=${{ github.repository }} --certificate-github-workflow-sha=${{ github.sha }} --certificate-oidc-issuer="https://token.actions.githubusercontent.com"
+
+          echo "========== gitsign verify =========="
+          gitsign verify \
+            --certificate-github-workflow-repository=${{ github.repository }} \
+            --certificate-github-workflow-sha=${{ github.sha }} \
+            --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
+            --certificate-identity="https://github.com/sigstore/gitsign/.github/workflows/e2e.yaml@refs/heads/main"
 
           # Extra debug info
           git cat-file commit HEAD | sed -n '/BEGIN/, /END/p' | sed 's/^ //g' | sed 's/gpgsig //g' | sed 's/SIGNED MESSAGE/PKCS7/g' | openssl pkcs7 -print -print_certs -text
@@ -105,8 +112,15 @@ jobs:
           git commit --allow-empty -S --message="Signed commit"
 
           # Verify commit
+          echo "========== git verify-commit =========="
           git verify-commit HEAD
-          gitsign verify --certificate-github-workflow-repository=${{ github.repository }} --certificate-github-workflow-sha=${{ github.sha }} --certificate-oidc-issuer="https://token.actions.githubusercontent.com"
+          
+          echo "========== gitsign verify =========="
+          gitsign verify \
+            --certificate-github-workflow-repository=${{ github.repository }} \
+            --certificate-github-workflow-sha=${{ github.sha }} \
+            --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
+            --certificate-identity="https://github.com/sigstore/gitsign/.github/workflows/e2e.yaml@refs/heads/main"
 
           # Extra debug info
           git cat-file commit HEAD | sed -n '/BEGIN/, /END/p' | sed 's/^ //g' | sed 's/gpgsig //g' | sed 's/SIGNED MESSAGE/PKCS7/g' | openssl pkcs7 -print -print_certs -text