From c83c48777906de58e1547769dcd562e7c179d77f Mon Sep 17 00:00:00 2001
From: Billy Lynch <billy@chainguard.dev>
Date: Tue, 22 Oct 2024 10:54:24 -0400
Subject: [PATCH] e2e: reorder oidc token export

We've been seeing issues with the e2e token expiring before it has a
chance to be used. This might be because we're exporting it, then
building the binary.

Move the export as close to the test as possible to reduce the chance
that the token might expire.
---
 .github/workflows/e2e.yaml | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
index 326f521b..9ebcf351 100644
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -37,13 +37,6 @@ jobs:
           go-version: "1.23"
           check-latest: true
 
-      - name: Get test OIDC token
-        uses: sigstore-conformance/extremely-dangerous-public-oidc-beacon@main
-
-      - name: export OIDC token
-        run: |
-          echo "SIGSTORE_ID_TOKEN=$(cat ./oidc-token.txt)" >> $GITHUB_ENV
-
       - name: e2e unit tests
         run: |
           set -e
@@ -69,6 +62,14 @@ jobs:
 
           # Verify tool is on our path
           gitsign -h
+
+      # Fetch OIDC token as close to the test as possible to avoid it expiring.
+      - name: Get test OIDC token
+        uses: sigstore-conformance/extremely-dangerous-public-oidc-beacon@main
+      - name: export OIDC token
+        run: |
+          echo "SIGSTORE_ID_TOKEN=$(cat ./oidc-token.txt)" >> $GITHUB_ENV
+
       - name: Test Sign and Verify commit
         run: |
           set -e