sigstore · mihaimaruseac · Aug 14, 2024 · Aug 12, 2024 · Aug 13, 2024 · Aug 13, 2024
@@ -1,3 +1,17 @@
+# Copyright 2024 The Sigstore Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 name: "CodeQL"
 
 on:

@@ -1,10 +1,10 @@
-# Copyright Google LLC
+# Copyright 2024 The Sigstore Authors
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#     http://www.apache.org/licenses/LICENSE-2.0
+#      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,

@@ -1,3 +1,17 @@
+# Copyright 2024 The Sigstore Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 name: Lint
 
 on:
@@ -16,8 +30,9 @@ jobs:
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Detect empty lines at end of file and trailing whitespace
         run: |
-          set -euxo pipefail  # No -x here!
+          set -euxo pipefail
           failed=0
+
           # First, check for empty files at end
           for file in $(for f in $(git ls-files --eol | grep 'i/[cr]*lf' | awk '{print $4}'); do egrep -l "^$" $file; done); do
             line=$(wc -l "$file" | cut -d ' ' -f1)
@@ -54,36 +69,18 @@ jobs:
     steps:
       - name: Check out source repository
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - name: Set up Python environment
-        uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
-        with:
-          python-version: "3.11"
-      - name: run pytype
-        run: |
-          python -m venv venv
-          .github/workflows/scripts/venv_activate.sh
-          pip install -r model_signing/install/requirements_Linux.txt
-          pip install -r model_signing/install/requirements_test_Linux.txt
-          pip install -r model_signing/install/requirements_dev_Linux.txt
-          # TODO: https://github.com/sigstore/model-transparency/issues/231 - Support all repo
-          pytype --keep-going model_signing/{conftest.py,hashing,manifest,serialization,signature,signing}
+      - name: Set up Hatch
+        uses: pypa/hatch@a3c83ab3d481fbc2dc91dd0088628817488dd1d5
+      - name: Run type check
+        run: hatch run type:check
 
   ruff-lint:
     runs-on: ubuntu-latest
     name: Python lint
     steps:
       - name: Check out source repository
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - name: Set up Python environment
-        uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
-        with:
-          python-version: "3.11"
-      - name: run ruff
-        run: |
-          python -m venv venv
-          .github/workflows/scripts/venv_activate.sh
-          pip install -r model_signing/install/requirements_Linux.txt
-          pip install -r model_signing/install/requirements_test_Linux.txt
-          pip install -r model_signing/install/requirements_dev_Linux.txt
-          # TODO: https://github.com/sigstore/model-transparency/issues/231 - Support all repo
-          ruff check model_signing/{conftest.py,hashing,manifest,serialization,signature,signing}
+      - name: Set up Hatch
+        uses: pypa/hatch@a3c83ab3d481fbc2dc91dd0088628817488dd1d5
+      - name: Run python linting
+        run: hatch fmt --check
@@ -1,3 +1,17 @@
+# Copyright 2024 The Sigstore Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 # This workflow uses actions that are not certified by GitHub. They are provided
 # by a third-party and are governed by separate terms of service, privacy
 # policy, and support documentation.

@@ -1,3 +1,17 @@
+# Copyright 2024 The Sigstore Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 #!/bin/bash
 
 # shellcheck source=/dev/null

@@ -1,3 +1,17 @@
+# Copyright 2024 The Sigstore Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 name: SLSA for ML models example
 on:
   workflow_dispatch:

@@ -1,3 +1,17 @@
+# Copyright 2024 The Sigstore Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 name: Run unit tests
 on:
   pull_request:
@@ -15,40 +29,16 @@ defaults:
 
 jobs:
   model-signing-unit-tests:
-    name: Run unit tests for signing
+    name: Signing with Python ${{ matrix.python-version }} on ${{ startsWith(matrix.os, 'macos-') && 'macOS' || startsWith(matrix.os, 'windows-') && 'Windows' || 'Linux' }}
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false # Don't cancel other jobs if one fails
       matrix:
         os: [ubuntu-latest, macos-latest, windows-latest]
-        include:
-          - os: macos-latest
-            os_family: Darwin
-          - os: ubuntu-latest
-            os_family: Linux
-          - os: windows-latest
-            os_family: Windows
+        python-version: ['3.11', '3.12']
     steps:
     - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-    - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
-      with:
-        python-version: 3.11
-        cache: pip
-        cache-dependency-path: |
-          model_signing/install/requirements_${{ matrix.os_family }}.txt
-          model_signing/install/requirements_test_${{ matrix.os_family }}.txt
-    - name: Install dependencies
-      run: |
-        set -exuo pipefail
-        python -m venv venv
-        .github/workflows/scripts/venv_activate.sh
-        python -m pip install --require-hashes -r model_signing/install/requirements_${{ matrix.os_family }}.txt
-        python -m pip install --require-hashes -r model_signing/install/requirements_test_${{ matrix.os_family }}.txt
-    - name: Run unit tests
-      run: |
-        set -euo pipefail
-        .github/workflows/scripts/venv_activate.sh
-        # NOTE: option --full-trace may be useful for troubleshooting.
-        # TODO(#68): Remove the need to create this folder.
-        mkdir testdata
-        pytest -v .
+    - name: Set up Hatch
+      uses: pypa/hatch@a3c83ab3d481fbc2dc91dd0088628817488dd1d5
+    - name: Run unit tests (with coverage report at the end)
+      run: hatch test -c -py ${{ matrix.python-version }}