workflows: Add conformance testing workflow #298
Conversation
Signed-off-by: Alex Cameron <asc@tetsuo.sh>
tetsuo-cpp
force-pushed
the
alex/conformance
branch
from
23531ea
to
2b1be7b
Compare
Signed-off-by: Alex Cameron <asc@tetsuo.sh>
tetsuo-cpp
force-pushed
the
alex/conformance
branch
from
f1ed0e9
to
57a6b50
Compare
.github/sigstore-python-conformance
Outdated
| #!/usr/bin/env python3 | ||
|
|
||
| """ | ||
| A wrapper to convert `sigstore-conformance` CLI protocol invocations to match `sigstore-python`. |
There was a problem hiding this comment.
Not really sure where the right spot for this is.
It doesn't seem like it belongs in the actual package itself. But on the other hand, I want to access this wrapper from the sigstore-conformance tests so that when we iterate on the action, we have visibility when we're breaking basic things.
There was a problem hiding this comment.
IMO test/integration/sigstore-python-conformance would be a reasonable path -- that would reuse our existing test structure but shouldn't interfere with pytest.
If it does, we could move our current unit tests from test/ to test/unit/.
There was a problem hiding this comment.
Good idea. I think that's definitely cleaner.
.github/sigstore-python-conformance
Outdated
| #!/usr/bin/env python3 | ||
|
|
||
| """ | ||
| A wrapper to convert `sigstore-conformance` CLI protocol invocations to match `sigstore-python`. |
There was a problem hiding this comment.
Separate tiny nit: could we expand this comment to include a link to the sigstore-conformance repo?
Signed-off-by: Alex Cameron <asc@tetsuo.sh>
tetsuo-cpp
force-pushed
the
alex/conformance
branch
from
c94d51a
to
5637528
Compare
Signed-off-by: Alex Cameron <asc@tetsuo.sh>
Signed-off-by: Alex Cameron <asc@tetsuo.sh>
Signed-off-by: Alex Cameron <asc@tetsuo.sh>
.github/workflows/conformance.yml
Outdated
| - uses: actions/setup-python@7f80679172b057fc5e90d70d197929d454754a5a | ||
| - name: install sigstore-python | ||
| run: python -m pip install . | ||
| - uses: trailofbits/sigstore-conformance@v0.0.1 |
There was a problem hiding this comment.
nit: could use hash pinning like the other actions do -- dependabot* should still follow your latest release.
*) just realized dependabot does not seem to be set up for GH actions currently: will file an issue
Signed-off-by: Alex Cameron <asc@tetsuo.sh>
|
Github is currently censoring me: leaving a review doesn't do anything... So here it is as a comment: (Github ate my original review: apologies if this is a duplicate) Looks good to me. The brutally simple test scaffold seems like a good start: it may be too simplistic but this should be a good way to find out. Can you verify the effects of |
Closes #297