chore(ci): support go install from main

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com> Co-authored-by: Necatican Yıldırım <necaticanyildirim@gmail.com>
sigstore · Jan 9, 2022 · a204079 · a204079
1 parent 12d5f6d
commit a204079
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 0 deletions.
diff --git a/.github/workflows/test-action.yml b/.github/workflows/test-action.yml
@@ -241,3 +241,29 @@ jobs:
             exit 0
           fi
 
+  test_cosign_with_go_install:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: none
+      checks: none
+      contents: none
+      deployments: none
+      issues: none
+      packages: none
+      pull-requests: none
+      repository-projects: none
+      security-events: none
+      statuses: none
+    name: Try to install cosign with go
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions/setup-go@v2
+      with:
+        go-version: '1.17.x'
+    - name: Install Cosign
+      uses: ./
+      with:
+        cosign-release: 'main'
+    - name: Check install!
+      run: cosign version
+
diff --git a/README.md b/README.md
@@ -56,6 +56,32 @@ jobs:
         run: cosign version
 ```
 
+If you want to install cosign from its main version by using 'go install' under the hood, you can set 'cosign-release' as 'main'. Once you did that, cosign will be installed via 'go install' which means that please ensure that go is installed.
+
+Example of installing cosign via go install:
+
+```yaml
+jobs:
+  test_cosign_action:
+    runs-on: ubuntu-latest
+
+    permissions:
+      actions: none
+
+    name: Install Cosign via go install
+    steps:
+      - name: Install go
+        uses: actions/setup-go@v2
+        with:
+          go-version: '1.17.x'
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@main
+        with:
+          cosign-release: main
+      - name: Check install!
+        run: cosign version
+```
+
 This action does not need any GitHub permission to run, however, if your workflow needs to update, create or perform any
 action against your repository, then you should change the scope of the permission appropriately.
 

diff --git a/action.yml b/action.yml
@@ -33,6 +33,12 @@ runs:
           alias log_error="echo \"ERROR:\""
         fi
         set -e
+        
+        if [[ ${{ inputs.cosign-release }} == "main" ]]; then
+          log_info "installing cosign via 'go install' from its main version"
+          go install github.com/sigstore/cosign/cmd/cosign@main
+          exit 0
+        fi
 
         bootstrap_version='v1.4.1'    
         bootstrap_linux_amd64_sha='08ba779a4e6ff827079abed1a6d1f0a0d9e48aea21f520ddeb42ff912f59d268'