Test OIDC tweak #11

Workflow file for this run

	# Copyright 2025 The Sigstore Authors.
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	name: CI Tests

	on:
	push:
	branches: [ main ]
	pull_request:
	branches: [ main ]
	workflow_dispatch:

	permissions:
	contents: read

	jobs:
	build:
	name: Build CLI
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	persist-credentials: false
	- name: Extract version of Go to use
	run: echo "GOVERSION=$(awk -F'[:@]' '/FROM golang/{print $2; exit}' Dockerfile)" >> $GITHUB_ENV
	- uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
	with:
	go-version: ${{ env.GOVERSION }}
	- name: Build
	run: make -C $GITHUB_WORKSPACE all
	- name: Ensure no files were modified as a result of the build
	run: git update-index --refresh && git diff-index --quiet HEAD -- \|\| git diff --exit-code

	container-build:
	name: Build container
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	persist-credentials: false
	- name: Extract version of Go to use
	run: echo "GOVERSION=$(awk -F'[:@]' '/FROM golang/{print $2; exit}' Dockerfile)" >> $GITHUB_ENV
	- uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
	with:
	go-version: ${{ env.GOVERSION }}

	- uses: ko-build/setup-ko@d982fec422852203cfb2053a8ec6ad302280d04d # v0.8

	- name: container
	run: \|
	make ko-local
	docker run --rm $(cat rekorImagerefs) version

	unit-tests:
	name: Run unit tests
	permissions:
	contents: read
	id-token: write # to authenticate with codecov
	runs-on: ubuntu-latest

	env:
	OS: ubuntu-latest

	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	persist-credentials: false
	- uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
	with:
	go-version-file: './go.mod'
	check-latest: true
	- name: Run Go tests
	run: go test -covermode atomic -coverprofile coverage.txt $(go list ./... \| grep -v third_party/)
	- name: Workaround buggy Codecov OIDC auth
	run: \|
	# only set CODECOV_TOKEN if OIDC token is available
	[ -z $ACTIONS_ID_TOKEN_REQUEST_TOKEN ] && exit 0

	TOKEN_RESPONSE=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=https://codecov.io")
	CODECOV_TOKEN=$(echo $TOKEN_RESPONSE \| jq -r .value)
	echo "CODECOV_TOKEN=$CODECOV_TOKEN" >> "$GITHUB_ENV"
	- name: Upload Coverage Report
	uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0
	with:
	env_vars: OS
	fail_ci_if_error: true
	# When github.com/codecov/codecov-action/issues/1791 is fixed,
	# remove workaround step above and uncomment:
	# use_oidc: true
	- name: Run Go tests w/ `-race`
	if: ${{ runner.os == 'Linux' }}
	run: go test -race $(go list ./... \| grep -v third_party/)

	e2e-tests:
	name: Run E2E tests
	permissions:
	contents: read
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	persist-credentials: false
	- name: Run docker compose
	run: docker compose -f compose.yml up -d --build

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Test OIDC tweak #11

Workflow file

Test OIDC tweak #11

Jobs

Run details

Workflow file for this run