e2e: reorder oidc token export

We've been seeing issues with the e2e token expiring before it has a chance to be used. This might be because we're exporting it, then building the binary. Move the export as close to the test as possible to reduce the chance that the token might expire. Signed-off-by: Billy Lynch <[email protected]>
sigstore · Oct 22, 2024 · ac54afc · ac54afc
1 parent 8e08985
commit ac54afc
Showing 1 changed file with 8 additions and 7 deletions.
diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
@@ -37,13 +37,6 @@ jobs:
           go-version: "1.23"
           check-latest: true
 
-      - name: Get test OIDC token
-        uses: sigstore-conformance/extremely-dangerous-public-oidc-beacon@main
-
-      - name: export OIDC token
-        run: |
-          echo "SIGSTORE_ID_TOKEN=$(cat ./oidc-token.txt)" >> $GITHUB_ENV
-
       - name: e2e unit tests
         run: |
           set -e
@@ -69,6 +62,14 @@ jobs:
 
           # Verify tool is on our path
           gitsign -h
+
+      # Fetch OIDC token as close to the test as possible to avoid it expiring.
+      - name: Get test OIDC token
+        uses: sigstore-conformance/extremely-dangerous-public-oidc-beacon@main
+      - name: export OIDC token
+        run: |
+          echo "SIGSTORE_ID_TOKEN=$(cat ./oidc-token.txt)" >> $GITHUB_ENV
+
       - name: Test Sign and Verify commit
         run: |
           set -e