use .cosing directory to perform all installation

Signed-off-by: Carlos Panato <ctadeu@gmail.com>
sigstore · Sep 9, 2021 · 43df878 · 43df878
1 parent 49363e8
commit 43df878
Showing 1 changed file with 12 additions and 6 deletions.
diff --git a/action.yml b/action.yml
@@ -15,6 +15,11 @@ runs:
   steps:
     # We verify the version against a SHA **in the published action itself**, not in the GCS bucket.
     - run: |
+        trap "popd" EXIT
+
+        mkdir -p $HOME/.cosign
+        pushd $HOME/.cosign
+
         bootstrap_version='v1.1.0'
         expected_bootstrap_version_digest='c0b66f6948361f7f2c8c569d82d9471f36dd8354cf43f6bba6e578b31944127b'
         curl -L https://storage.googleapis.com/cosign-releases/${bootstrap_version}/cosign-linux-amd64 -o cosign
@@ -60,19 +65,20 @@ runs:
           else
             curl -LO https://github.com/sigstore/cosign/releases/download/${{ inputs.cosign-release }}/cosign-linux-amd64.sig
           fi
+
           if [[ ${{ inputs.cosign-release }} < 'v0.6.0' ]]; then
-            curl -L https://raw.githubusercontent.com/sigstore/cosign/${{ inputs.cosign-release }}/.github/workflows/cosign.pub -o release-cosign.pub
+            RELEASE_COSIGN_PUB_KEY=https://raw.githubusercontent.com/sigstore/cosign/${{ inputs.cosign-release }}/.github/workflows/cosign.pub
           else
-            curl -LO https://raw.githubusercontent.com/sigstore/cosign/${{ inputs.cosign-release }}/release/release-cosign.pub
+            RELEASE_COSIGN_PUB_KEY=https://raw.githubusercontent.com/sigstore/cosign/${{ inputs.cosign-release }}/release/release-cosign.pub
           fi
-          ./cosign verify-blob -key release-cosign.pub -signature cosign-linux-amd64.sig cosign_${{ inputs.cosign-release }}
+
+          ./cosign verify-blob -key $RELEASE_COSIGN_PUB_KEY -signature cosign-linux-amd64.sig cosign_${{ inputs.cosign-release }}
           if [[ $? != 0 ]]; then exit 1; fi
+
           rm cosign
           mv cosign_${{ inputs.cosign-release }} cosign
           chmod +x cosign
         fi
       shell: bash
-    - run: mkdir -p $HOME/.cosign && mv cosign $HOME/.cosign/ && echo "$HOME/.cosign" >> $GITHUB_PATH
-      shell: bash
-    - run: rm -f *.pub
+    - run:  echo "$HOME/.cosign" >> $GITHUB_PATH
       shell: bash