-
Notifications
You must be signed in to change notification settings - Fork 0
62 lines (52 loc) · 1.49 KB
/
setup.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
name: setup
on:
pull_request:
permissions:
contents: read
env:
COSIGN_PASSWORD: 6EHvWD1BUk0yWdvm-GGNxA==
jobs:
verify:
runs-on: ubuntu-latest
concurrency:
# only allow one job per PR running
# older pending jobs will be cancelled not to waste CI minutes
# cannot use github.job here https://github.com/community/community/discussions/13496
group: ${{ github.workflow }}-setup-${{ github.ref }}
cancel-in-progress: true
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install cosign
uses: sigstore/cosign-installer@main
- name: Generate key
run: |
cosign \
generate-key-pair \
--output-key-prefix chalk
{
echo 'PUBLIC_KEY<<EOF'
cat chalk.pub
echo EOF
} >> "$GITHUB_ENV"
{
echo 'PRIVATE_KEY<<EOF'
cat chalk.key
echo EOF
} >> "$GITHUB_ENV"
- name: Setup Chalk
uses: ./
with:
password: ${{ env.COSIGN_PASSWORD }}
public_key: ${{ env.PUBLIC_KEY }}
private_key: ${{ env.PRIVATE_KEY }}
- name: Verify Setup
run: |
echo 'log_level: "trace"' | sudo tee /etc/chalk.conf
set -x
which chalk
which docker
strings $(which chalk) | tail -n 18 | head -n1 | jq
strings $(which docker) | tail -n 18 | head -n1 | jq
chalk version
docker version