-
Notifications
You must be signed in to change notification settings - Fork 2
45 lines (40 loc) · 1.39 KB
/
docker-registry-v2-tests.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
name: Docker registry v2 tests
# Run on every push, and allow it to be run manually.
on:
workflow_dispatch:
push:
branches: ['main', 'v*']
pull_request:
env:
REGISTRY: localhost:5000
jobs:
docker-registry-v2-tests:
# Skip if running in a fork that might not have secrets configured.
if: ${{ github.repository == 'venafi/sigscan' }}
name: Run tests
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/[email protected]
- uses: actions/[email protected]
with:
go-version: '1.22'
check-latest: true
- name: Install Cosign
uses: sigstore/cosign-installer@main
- name: docker registry v2
run: |
docker run -d -p 5000:5000 --name registry registry:2
docker pull alpine:latest
docker image tag alpine:latest ${{ env.REGISTRY }}/alpine:signed
docker image push ${{ env.REGISTRY }}/alpine:signed
- name: Sign with cosign
run: |
COSIGN_PASSWORD=1234 cosign sign --tlog-upload=false --allow-http-registry --allow-insecure-registry --key test/identities/signer1.key --certificate test/identities/signer1.crt ${{ env.REGISTRY }}/alpine:signed
- name: build sigscan and check
shell: bash
run: |
set -e
make sigscan
./sigscan repo ${{ env.REGISTRY }} --output json --insecure | jq