Skip to content

Staging Instance Tests #4033

Staging Instance Tests

Staging Instance Tests #4033

Workflow file for this run

name: Staging Instance Tests
on:
push:
branches:
- main
schedule:
- cron: '0 */8 * * *'
jobs:
staging-tests:
runs-on: ubuntu-latest
permissions:
# Needed to access the workflow's OIDC identity.
id-token: write
# Needed to create an issue, on failure.
issues: write
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: "3.x"
cache: "pip"
cache-dependency-path: pyproject.toml
- name: staging tests
env:
SIGSTORE_LOGLEVEL: DEBUG
run: |
# This is similar to the "smoketest" that we run during the
# release workflow, except that we run against Sigstore's
# staging instances instead.
# We also don't bother to build distributions.
python -m venv staging-env
./staging-env/bin/python -m pip install .
# Our signing target is not important here, so we just sign
# the README in the repository.
./staging-env/bin/python -m sigstore --verbose --staging sign README.md
# Verification also requires a different Rekor instance, so we
# also test it.
./staging-env/bin/python -m sigstore --verbose --staging verify identity \
--cert-oidc-issuer https://token.actions.githubusercontent.com \
--cert-identity ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/.github/workflows/staging-tests.yml@${GITHUB_REF} \
README.md
- name: generate an issue if staging tests fail
if: failure()
run: |
cat <<- EOF > /tmp/staging-instance-issue.md
## Staging instance failure
A scheduled test against Sigstore's staging instance has failed.
This suggests one of three conditions:
* A backwards-incompatible change in a Sigstore component;
* A regression in \`sigstore-python\`;
* A transient error.
The full CI failure can be found here:
${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/$GITHUB_RUN_ID
EOF
- name: open an issue if the staging tests fail
if: failure()
uses: peter-evans/create-issue-from-file@e8ef132d6df98ed982188e460ebb3b5d4ef3a9cd # v5.0.1
with:
title: "[CI] Integration failure: staging instance"
# created in the previous step
content-filepath: /tmp/staging-instance-issue.md
labels: bug,component:cicd,component:tests
assignees: woodruffw,di,tetsuo-cpp