diff --git a/.github/workflows/test-action.yml b/.github/workflows/test-action.yml index 06890a5..0feccc5 100644 --- a/.github/workflows/test-action.yml +++ b/.github/workflows/test-action.yml @@ -1,6 +1,8 @@ name: test-cosign -on: [pull_request] +on: + - pull_request + - push jobs: test_cosign_action: @@ -160,20 +162,35 @@ jobs: run: cosign version - name: Check install dir! run: | - if [[ $(dirname `which cosign`) == "$HOME/.cosigntest" ]]; then - exit 0 - else - exit 1 - fi + [[ $(dirname "$(which cosign)") == "$HOME/.cosigntest" ]] shell: bash - name: Check root directory run: | - if [[ $(git diff --stat) != '' ]]; then - echo 'should be clean' - exit 1 - else - exit 0 - fi + [[ -z $(git diff --stat) ]] + shell: bash + + test_cosign_action_custom_dir_root: + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [macos-latest, ubuntu-latest, windows-latest] + permissions: {} + name: Install Custom Cosign and test presence in path with custom root dir + steps: + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b #v3 + - name: Install Cosign + uses: ./ + with: + install-dir: /usr/bin + - name: Check install! + run: cosign version + - name: Check install dir! + run: | + [[ $(dirname "$(which cosign)") == /usr/bin ]] + shell: bash + - name: Check root directory + run: | + [[ -z $(git diff --stat) ]] shell: bash # test_cosign_with_go_install: diff --git a/action.yml b/action.yml index 2ddc57c..717e852 100644 --- a/action.yml +++ b/action.yml @@ -171,15 +171,22 @@ runs: ;; esac + SUDO= + if command -v sudo >/dev/null; then + SUDO=sudo + fi + + set -x + expected_bootstrap_version_digest=${bootstrap_sha} log_info "Downloading bootstrap version '${bootstrap_version}' of cosign to verify version to be installed...\n https://storage.googleapis.com/cosign-releases/${bootstrap_version}/${bootstrap_filename}" - curl -sL https://storage.googleapis.com/cosign-releases/${bootstrap_version}/${bootstrap_filename} -o ${cosign_executable_name} + $SUDO curl -sL https://storage.googleapis.com/cosign-releases/${bootstrap_version}/${bootstrap_filename} -o ${cosign_executable_name} shaBootstrap=$(shaprog ${cosign_executable_name}); if [[ $shaBootstrap != ${expected_bootstrap_version_digest} ]]; then log_error "Unable to validate cosign version: '${{ inputs.cosign-release }}'" exit 1 fi - chmod +x ${cosign_executable_name} + $SUDO chmod +x ${cosign_executable_name} # If the bootstrap and specified `cosign` releases are the same, we're done. if [[ ${{ inputs.cosign-release }} == ${bootstrap_version} ]]; then @@ -206,13 +213,13 @@ runs: # v0.6.0's linux release has a dependency on `libpcsclite1` log_info "Installing libpcsclite1 package if necessary..." set +e - sudo dpkg -s libpcsclite1 + $SUDO dpkg -s libpcsclite1 if [ $? -eq 0 ]; then log_info "libpcsclite1 package is already installed" else log_info "libpcsclite1 package is not installed, installing it now." - sudo apt-get update -q -q - sudo apt-get install -yq libpcsclite1 + $SUDO apt-get update -q -q + $SUDO apt-get install -yq libpcsclite1 fi set -e fi @@ -234,9 +241,9 @@ runs: log_info "Using bootstrap cosign to verify signature of desired cosign version" ./cosign verify-blob --key $RELEASE_COSIGN_PUB_KEY --signature ${desired_cosign_filename}.sig cosign_${{ inputs.cosign-release }} - rm cosign - mv cosign_${{ inputs.cosign-release }} ${cosign_executable_name} - chmod +x ${cosign_executable_name} + $SUDO rm cosign + $SUDO mv cosign_${{ inputs.cosign-release }} ${cosign_executable_name} + $SUDO chmod +x ${cosign_executable_name} log_info "Installation complete!" fi - if: ${{ runner.os == 'Linux' || runner.os == 'macOS' }}