-
Notifications
You must be signed in to change notification settings - Fork 2
104 lines (92 loc) · 3.33 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
name: CI
on:
push:
branches:
- main
pull_request:
schedule:
- cron: "0 12 * * *"
jobs:
ruby-versions:
uses: ruby/actions/.github/workflows/ruby_versions.yml@master
with:
engine: cruby-truffleruby # TODO: change to all when jruby is supported
min_version: 3.0
test:
needs: ruby-versions
runs-on: ${{ matrix.os }}
name: Ruby ${{ matrix.ruby }} / ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
ruby: ${{ fromJson(needs.ruby-versions.outputs.versions) }}
os: [ubuntu-latest]
# os: [ ubuntu-latest, macos-latest, windows-latest ]
# include:
# - { os: windows-latest, ruby: ucrt }
# - { os: windows-latest, ruby: mingw }
# - { os: windows-latest, ruby: mswin }
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up Ruby
uses: ruby/setup-ruby@161cd54b698f1fb3ea539faab2e036d409550e3c # v1.187.0
with:
ruby-version: ${{ matrix.ruby }}
bundler-cache: true
- name: Run the tests
run: bin/rake test
- name: Run the conformance tests
uses: sigstore/sigstore-conformance@ee4de0e602873beed74cf9e49d5332529fe69bf6 # v0.0.11
with:
entrypoint: ${{ github.workspace }}/bin/conformance-entrypoint
xfail: test_verify_rejects_bad_tsa_timestamp
skip-signing: true
if: ${{ matrix.os }} == "ubuntu-latest"
- name: Run the conformance tests against staging
uses: sigstore/sigstore-conformance@ee4de0e602873beed74cf9e49d5332529fe69bf6 # v0.0.11
with:
entrypoint: ${{ github.workspace }}/bin/conformance-entrypoint
xfail: test_verify_rejects_bad_tsa_timestamp
environment: staging
skip-signing: true
if: ${{ matrix.os }} == "ubuntu-latest"
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
if: ${{ matrix.ruby }} == ${{ fromJson(needs.ruby-versions.outputs.latest) }} && ${{ matrix.os }} == "ubuntu-latest" && always()
with:
token: ${{ secrets.CODECOV_TOKEN }}
slug: sigstore/sigstore-ruby
all-tests-pass:
if: always()
needs:
- test
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- name: check test jobs
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2
with:
jobs: ${{ toJSON(needs) }}
lint:
runs-on: ubuntu-latest
name: Lint
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up Ruby
uses: ruby/setup-ruby@161cd54b698f1fb3ea539faab2e036d409550e3c # v1.187.0
with:
ruby-version: "3.3.1"
bundler-cache: true
- name: Run the linter
run: bin/rubocop