Use cosign @ HEAD for Github OIDC sign blob test (#1678)

Signed-off-by: Priya Wadhwa <[email protected]>
sigstore · Mar 29, 2022 · ba50ee0 · ba50ee0
1 parent e596625
commit ba50ee0
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/.github/workflows/github-oidc.yaml b/.github/workflows/github-oidc.yaml
@@ -53,4 +53,5 @@ jobs:
       - name: Build and sign a blob
         run: |
           set -e
+          make cosign
           make sign-blob-experimental
diff --git a/test/sign_blob_test.sh b/test/sign_blob_test.sh
@@ -22,16 +22,18 @@
 set -ex
 
 export COSIGN_EXPERIMENTAL=1
+COSIGN_CLI=./cosign
 
 echo "Creating a unique blob"
 BLOB=verify-experimental-blob
 date > $BLOB
+cat $BLOB
 
 echo "Sign the blob with cosign first and upload to rekor"
-SIG=$(cosign sign-blob $BLOB)
+SIG=$($COSIGN_CLI sign-blob $BLOB)
 
 echo "Verifying ..."
-cosign verify-blob -signature $SIG $BLOB
+$COSIGN_CLI verify-blob -signature $SIG $BLOB
 
 # Now, sign the blob with a self-signed certificate and upload to rekor
 SIG_FILE=verify-experimental-signature
@@ -76,4 +78,4 @@ curl -X POST https://rekor.sigstore.dev/api/v1/log/entries -H 'Content-Type: app
 
 # Verifying should still work
 echo "Verifying ..."
-cosign verify-blob --signature $SIG $BLOB
+$COSIGN_CLI verify-blob --signature $SIG $BLOB