chore: updating fakesecrets.env #456
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test Sign Workflow | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| branches: [main] | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| upload-test-gh-artifacts: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - name: Create Test Fixtures | |
| run: | | |
| .github/workflows/deploy-artifacts/create-test-fixtures.sh test-fixtures | |
| - name: Upload Artifacts | |
| uses: actions/upload-artifact@v5 | |
| with: | |
| name: test-fixtures | |
| path: test-fixtures | |
| test-sign-workflow: | |
| uses: ./.github/workflows/reusable_sign-artifacts.yaml | |
| needs: upload-test-gh-artifacts | |
| secrets: | |
| gpg-private-key: ${{ secrets.GPG_SECRET_KEY }} | |
| gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }} | |
| gpg-key-pass: ${{ secrets.GPG_PASS }} | |
| es-username: ${{ secrets.ES_USERNAME }} | |
| es-password: ${{ secrets.ES_PASSWORD }} | |
| credential_id: ${{ secrets.CREDENTIAL_ID }} | |
| es-totp_secret: ${{ secrets.ES_TOTP_SECRET }} | |
| with: | |
| gh-unsigned-artifacts: test-fixtures | |
| gh-workflows-ref: v2.0.2 | |
| verify-nuget-signatures: | |
| needs: test-sign-workflow | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - name: Setup .NET SDK | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: 8.x | |
| - name: Download Signed Artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ needs.test-sign-workflow.outputs.gh-artifact-name }} | |
| path: signed | |
| - name: Verify NuGet Signatures | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| export PATH="$HOME/.dotnet/tools:$PATH" | |
| shopt -s nullglob globstar | |
| mapfile -t pkgs < <(printf '%s\n' signed/**/*.nupkg) | |
| echo "Found ${#pkgs[@]} .nupkg files" | |
| if [ "${#pkgs[@]}" -lt 1 ]; then | |
| echo "No .nupkg files found under signed/" >&2 | |
| exit 1 | |
| fi | |
| for p in "${pkgs[@]}"; do | |
| echo "Verifying $p" | |
| dotnet nuget verify "$p" --all | |
| done | |
| run-tests: | |
| needs: test-sign-workflow | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - name: Download Test Fixtures | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: test-fixtures | |
| path: test-fixtures | |
| - name: Install dpkg-sig | |
| run: | | |
| sudo apt-get update && sudo apt-get install dpkg-sig dpkg-dev -y | |
| - name: Test Entrypoint | |
| run: | | |
| .github/workflows/sign-artifacts/test-entrypoint.sh test-fixtures |