Bump slsa-framework/slsa-verifier from 2.2.0 to 2.6.0 #1141
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Basic e2e test | |
on: | |
pull_request: | |
branches: ['main'] | |
jobs: | |
e2e: | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: | |
- ubuntu-latest | |
- windows-latest | |
name: e2e ${{ matrix.platform }} | |
runs-on: ${{ matrix.platform }} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: 1.19 | |
check-latest: true | |
- name: crane append to an image, set the entrypoint, run it locally, roundtrip it | |
shell: bash | |
run: | | |
set -euxo pipefail | |
# Setup local registry | |
go run ./cmd/registry & | |
base=alpine | |
platform=linux/amd64 | |
if [[ "${{ matrix.platform }}" == "windows-latest" ]]; then | |
base=mcr.microsoft.com/windows/nanoserver:ltsc2022 | |
platform=windows/amd64 | |
fi | |
CGO_ENABLED=0 go build -o app/crane ./cmd/crane | |
tar cvf crane.tar app | |
# This prevents Bash for Windows from mangling path names. | |
# It shouldn't be necessary in general unless you're using Bash for | |
# Windows. | |
export MSYS_NO_PATHCONV=1 | |
img=$(./app/crane mutate \ | |
--entrypoint=/app/crane,version \ | |
$(./app/crane append \ | |
--platform ${platform} \ | |
--base ${base} \ | |
--new_tag localhost:1338/append-test \ | |
--new_layer crane.tar)) | |
# Run the image with and without args. | |
docker run $img | |
docker run $img --help | |
# Make sure we can roundtrip it through pull/push | |
layout=$(mktemp -d) | |
dst=localhost:1338/roundtrip-test | |
./app/crane pull --format=oci $img $layout | |
./app/crane push --image-refs=foo.images $layout $dst | |
diff <(./app/crane manifest $img) <(./app/crane manifest $(cat foo.images)) | |
# Make sure we can roundtrip an index (distroless). | |
distroless=$(mktemp -d) | |
remote="gcr.io/distroless/static" | |
local="localhost:1338/distroless:static" | |
./app/crane pull --format=oci $remote $distroless | |
./app/crane push $distroless $local | |
diff <(./app/crane manifest $remote) <(./app/crane manifest $local) | |
# And that it works for a single platform (pulling from what we just pushed). | |
distroless=$(mktemp -d) | |
remote="$local" | |
local="localhost:1338/distroless/platform:static" | |
./app/crane pull --platform=linux/arm64 --format=oci $remote $distroless | |
./app/crane push $distroless $local | |
diff <(./app/crane manifest --platform linux/arm64 $remote) <(./app/crane manifest $local) | |
- name: crane pull image, and export it from stdin to filesystem tar to stdout | |
shell: bash | |
run: | | |
set -euxo pipefail | |
./app/crane pull ubuntu ubuntu.tar | |
./app/crane export - - < ubuntu.tar > filesystem.tar | |
ls -la *.tar | |