Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add install with go support, fix flags #48

Merged
merged 1 commit into from Jan 18, 2022
+62 −1
Merged

feat: add install with go support, fix flags #48

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
26 changes: 26 additions & 0 deletions .github/workflows/test-action.yml
View file
Open in desktop
Expand Up @@ -245,3 +245,29 @@ jobs:
exit 0
fi
shell: bash

test_cosign_with_go_install:
runs-on: ubuntu-latest
permissions:
actions: none
checks: none
contents: none
deployments: none
issues: none
packages: none
pull-requests: none
repository-projects: none
security-events: none
statuses: none
name: Try to install cosign with go
steps:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: '1.17.x'
- name: Install Cosign
uses: ./
with:
cosign-release: 'main'
- name: Check install!
run: cosign version
26 changes: 26 additions & 0 deletions README.md
View file
Open in desktop
Expand Up @@ -56,6 +56,32 @@ jobs:
run: cosign version
```

If you want to install cosign from its main version by using 'go install' under the hood, you can set 'cosign-release' as 'main'. Once you did that, cosign will be installed via 'go install' which means that please ensure that go is installed.

Example of installing cosign via go install:

```yaml
jobs:
test_cosign_action:
runs-on: ubuntu-latest

permissions:
actions: none

name: Install Cosign via go install
steps:
- name: Install go
uses: actions/setup-go@v2
with:
go-version: '1.17.x'
- name: Install Cosign
uses: sigstore/cosign-installer@main
with:
cosign-release: main
- name: Check install!
run: cosign version
```

This action does not need any GitHub permission to run, however, if your workflow needs to update, create or perform any
action against your repository, then you should change the scope of the permission appropriately.

Expand Down
11 changes: 10 additions & 1 deletion action.yml
View file
Open in desktop
Expand Up @@ -32,6 +32,16 @@ runs:
alias log_error="echo \"ERROR:\""
fi
set -e
mkdir -p ${{ inputs.install-dir }}
if [[ ${{ inputs.cosign-release }} == "main" ]]; then
log_info "installing cosign via 'go install' from its main version"
GOBIN=$(go env GOPATH)/bin
go install github.com/sigstore/cosign/cmd/cosign@main
developer-guy marked this conversation as resolved.
Show resolved Hide resolved
ln -s $GOBIN/cosign ${{ inputs.install-dir}}/cosign
exit 0
fi
shaprog() {
case ${{ runner.os }} in
Expand Down Expand Up @@ -61,7 +71,6 @@ runs:
trap "popd >/dev/null" EXIT
mkdir -p ${{ inputs.install-dir }}
pushd ${{ inputs.install-dir }} > /dev/null
case ${{ runner.os }} in
Expand Down