Add support for verifying dsse-intoto #3006
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow uses actions that are not certified by GitHub. | |
# They are provided by a third-party and are governed by | |
# separate terms of service, privacy policy, and support | |
# documentation. | |
# This workflow will build a Java project with Gradle and | |
# cache/restore any dependencies to improve the workflow execution time | |
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle | |
name: Test | |
on: | |
push: | |
branches: | |
- '*' | |
pull_request: | |
branches: | |
- main | |
workflow_call: # allow this workflow to be called by other workflows | |
concurrency: | |
# On master/release, we don't want any jobs cancelled | |
# On PR branches, we cancel the job if new commits are pushed | |
# More info: https://stackoverflow.com/a/70972844/1261287 | |
group: ${{ github.ref }}-ci | |
cancel-in-progress: ${{ github.ref != 'refs/heads/master' }} | |
jobs: | |
build: | |
strategy: | |
matrix: | |
java-version: [11, 17] | |
fail-fast: false | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Set up JDK ${{ matrix.java-version }} | |
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0 | |
with: | |
java-version: ${{ matrix.java-version }} | |
distribution: 'temurin' | |
- name: Setup Go environment | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
with: | |
go-version: '1.21.x' | |
# at some point this should just be replaced with something that can bring up a sigstore test env | |
- name: Install Fulcio | |
run: go install github.com/sigstore/fulcio@main | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4.1.0 | |
# if you need to skip staging due to flakiness use "-PskipStaging" | |
- name: Test sigstore-java | |
run: ./gradlew build | |
- name: Ensure sigstore-java self signing still works | |
run: ./gradlew sigstore-java:publishToMavenLocal -Prelease -PskipPgpSigning | |
- name: Test sigstore-java/sandbox | |
run: | | |
cd sandbox | |
./gradlew build |