feat: supporting Sign/Verify with multiple images (#62)

Signed-off-by: Patrick Zheng <[email protected]>
notaryproject · Jul 2, 2024 · 78caa37 · 78caa37
1 parent 917aaf6
commit 78caa37
Show file tree

Hide file tree

Showing 348 changed files with 42,999 additions and 46,481 deletions.
diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml
@@ -35,7 +35,8 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: 16.x
-          cache: npm
+      - name: Install TypeScript
+        run: npm install -g typescript
       - name: Show versions
         run: |
           echo node js version: $(node -v)

diff --git a/.github/workflows/e2e-test-sign.yml b/.github/workflows/e2e-test-sign.yml
@@ -33,15 +33,23 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
       - name: Build and push to local registry
-        id: prepare
+        id: image1
         uses: docker/build-push-action@v4
         with:
           context: ./tests/e2e
           push: true
-          tags: localhost:5000/e2e:latest
+          tags: localhost:5000/image1:latest
+      - name: Build and push to local registry
+        id: image2
+        uses: docker/build-push-action@v4
+        with:
+          context: ./tests/e2e
+          push: true
+          tags: localhost:5000/image2:latest
       - name: Retrieve digest
         run: |
-          echo "target_artifact_reference=localhost:5000/e2e@${{ steps.prepare.outputs.digest }}" >> "$GITHUB_ENV"
+          echo "target_artifact_reference=localhost:5000/image1@${{ steps.image1.outputs.digest }}" >> "$GITHUB_ENV"
+          echo "target_artifact_reference2=localhost:5000/image2@${{ steps.image2.outputs.digest }}" >> "$GITHUB_ENV"
       
       # Setting up Notation CLI on the runner
       - name: Setup Notation
@@ -64,6 +72,20 @@ jobs:
           signature_format: cose
           plugin_config: |-
             keyFile=${{ env.E2E_KEY }}
+      
+      - name: Sign multiple artifacts using notation plugin
+        uses: ./sign
+        with:
+          plugin_name: e2e-test-plugin
+          plugin_url: https://github.com/notaryproject/notation-action/raw/e2e-test-plugin/tests/plugin_binaries/notation-e2e-test-plugin_0.1.0_linux_amd64.tar.gz
+          plugin_checksum: be8d035024d3a96afb4118af32f2e201f126c7254b02f7bcffb3e3149d744fd2
+          key_id: ${{ env.E2E_CERT }}
+          target_artifact_reference: |-
+            ${{ env.target_artifact_reference }}
+            ${{ env.target_artifact_reference2 }}
+          signature_format: cose
+          plugin_config: |-
+            keyFile=${{ env.E2E_KEY }}
 
       - name: Sign artifact with multiple plugin_config
         uses: ./sign

diff --git a/.github/workflows/e2e-test-verify.yml b/.github/workflows/e2e-test-verify.yml
@@ -33,15 +33,23 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
       - name: Build and push to local registry
-        id: prepare
+        id: image1
         uses: docker/build-push-action@v4
         with:
           context: ./tests/e2e
           push: true
-          tags: localhost:5000/e2e:latest
+          tags: localhost:5000/image1:latest
+      - name: Build and push to local registry
+        id: image2
+        uses: docker/build-push-action@v4
+        with:
+          context: ./tests/e2e
+          push: true
+          tags: localhost:5000/image2:latest
       - name: Retrieve digest
         run: |
-          echo "target_artifact_reference=localhost:5000/e2e@${{ steps.prepare.outputs.digest }}" >> "$GITHUB_ENV"
+          echo "target_artifact_reference=localhost:5000/image1@${{ steps.image1.outputs.digest }}" >> "$GITHUB_ENV"
+          echo "target_artifact_reference2=localhost:5000/image2@${{ steps.image2.outputs.digest }}" >> "$GITHUB_ENV"
       
       # Setting up Notation CLI on the runner
       - name: Setup Notation
@@ -56,14 +64,16 @@ jobs:
           cp ${{ env.E2E_CERT }} ${GITHUB_WORKSPACE}/tests/e2e/truststore/x509/ca/e2e-test/e2e-test.crt
           
       # Sign artifact
-      - name: Sign artifact using notation plugin
+      - name: Sign multiple artifacts using notation plugin
         uses: ./sign
         with:
           plugin_name: e2e-test-plugin
           plugin_url: https://github.com/notaryproject/notation-action/raw/e2e-test-plugin/tests/plugin_binaries/notation-e2e-test-plugin_0.1.0_linux_amd64.tar.gz
           plugin_checksum: be8d035024d3a96afb4118af32f2e201f126c7254b02f7bcffb3e3149d744fd2
           key_id: ${{ env.E2E_CERT }}
-          target_artifact_reference: ${{ env.target_artifact_reference }}
+          target_artifact_reference: |-
+            ${{ env.target_artifact_reference }}
+            ${{ env.target_artifact_reference2 }}
           signature_format: cose
           plugin_config: |-
             keyFile=${{ env.E2E_KEY }}
@@ -83,6 +93,15 @@ jobs:
             trust_policy: ./tests/e2e/trustpolicy/trustpolicy.json
             trust_store: ./tests/e2e/truststore
 
+      - name: Verify multiple released artifacts
+        uses: ./verify
+        with:
+            target_artifact_reference: |-
+              ${{ env.target_artifact_reference }}
+              ${{ env.target_artifact_reference2 }}
+            trust_policy: ./tests/e2e/trustpolicy/trustpolicy.json
+            trust_store: ./tests/e2e/truststore
+
       - name: Verify released artifact missing target artifact reference
         continue-on-error: true
         id: missing-artifact-reference

diff --git a/dist/lib/checksum.js b/dist/lib/checksum.js
diff --git a/dist/lib/checksum.js.map b/dist/lib/checksum.js.map
diff --git a/dist/lib/install.js b/dist/lib/install.js
diff --git a/dist/lib/install.js.map b/dist/lib/install.js.map
diff --git a/dist/sign.js b/dist/sign.js