From 9247cf35631e3219a770a287bd0981aacfc1ebcb Mon Sep 17 00:00:00 2001
From: Andrew Pan <3821575+tnytown@users.noreply.github.com>
Date: Sun, 23 Apr 2023 13:27:32 -0600
Subject: [PATCH] action, selftest: deprecate `bundle-only: false` (#65)
* action, selftest: deprecate `bundle-only: false``
Signed-off-by: Andrew Pan
* action, release: remove `bundle-only`
Signed-off-by: Andrew Pan
---------
Signed-off-by: Andrew Pan
---
.github/workflows/release.yml | 1 -
.github/workflows/selftest.yml | 6 ------
README.md | 23 -----------------------
action.py | 5 -----
action.yml | 8 --------
5 files changed, 43 deletions(-)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d57ce9f..3183fc3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -24,4 +24,3 @@ jobs:
with:
inputs: action.yml action.py
release-signing-artifacts: true
- bundle-only: true
diff --git a/.github/workflows/selftest.yml b/.github/workflows/selftest.yml
index 573a69e..6bcede1 100644
--- a/.github/workflows/selftest.yml
+++ b/.github/workflows/selftest.yml
@@ -23,8 +23,6 @@ jobs:
inputs: ./test/artifact.txt
- name: Check outputs
run: |
- [[ -f ./test/artifact.txt.sig ]] || exit 1
- [[ -f ./test/artifact.txt.crt ]] || exit 1
[[ -f ./test/artifact.txt.sigstore ]] || exit 1
selftest-xfail-invalid-inputs:
@@ -67,8 +65,6 @@ jobs:
staging: true
- name: Check outputs
run: |
- [[ -f ./test/artifact.txt.sig ]] || exit 1
- [[ -f ./test/artifact.txt.crt ]] || exit 1
[[ -f ./test/artifact.txt.sigstore ]] || exit 1
selftest-glob:
@@ -102,8 +98,6 @@ jobs:
- name: Verify presence of uploaded files
run: |
[[ -f ./artifact.txt ]] || exit 1
- [[ -f ./artifact.txt.sig ]] || exit 1
- [[ -f ./artifact.txt.crt ]] || exit 1
[[ -f ./artifact.txt.sigstore ]] || exit 1
working-directory: ./test/uploaded
diff --git a/README.md b/README.md
index 986ec30..f6b9bfc 100644
--- a/README.md
+++ b/README.md
@@ -388,29 +388,6 @@ permissions:
release-signing-artifacts: true
```
-### `bundle-only`
-
-**Default**: `false`
-
-The `bundle-only` setting controls whether or not `sigstore-python` uploads `.crt`
-or `.sig` artifacts.
-
-This setting affects the behavior of the `upload-signing-artifacts` and `release-signing-artifacts`
-settings. If neither of those settings are specified, this setting has no effect.
-
-By default, `.crt` and `.sig` artifacts are uploaded. If enabled, only the `.sigstore`
-signing artifact is uploaded.
-
-Example:
-
-```yaml
-- uses: sigstore/gh-action-sigstore-python@v1.2.3
- with:
- inputs: file.txt
- upload-signing-artifacts: true
- bundle-only: true
-```
-
### Internal options
⚠️ Internal options ⚠️
diff --git a/action.py b/action.py
index a791b02..3999362 100755
--- a/action.py
+++ b/action.py
@@ -190,7 +190,6 @@ def _fatal_help(msg):
if artifact is not None:
inputs.append(artifact)
-bundle_only = os.getenv("GHA_SIGSTORE_PYTHON_BUNDLE_ONLY") == "true"
for input_ in inputs:
# Forbid things that look like flags. This isn't a security boundary; just
# a way to prevent (less motivated) users from breaking the action on themselves.
@@ -206,10 +205,6 @@ def _fatal_help(msg):
# Also upload artifact being signed for.
signing_artifact_paths.append(str(file_))
- if not bundle_only and "--certificate" not in sigstore_sign_args:
- signing_artifact_paths.append(f"{file_}.crt")
- if not bundle_only and "--signature" not in sigstore_sign_args:
- signing_artifact_paths.append(f"{file_}.sig")
if "--bundle" not in sigstore_sign_args:
signing_artifact_paths.append(f"{file_}.sigstore")
diff --git a/action.yml b/action.yml
index af447ee..e3af429 100644
--- a/action.yml
+++ b/action.yml
@@ -90,13 +90,6 @@ inputs:
description: "attach all signing artifacts as release assets"
required: false
default: false
- bundle-only:
- description: |
- upload only the Sigstore bundle
-
- has no effect if `upload-signing-artifacts` or `release-signing-artifacts` is not enabled
- required: false
- default: false
internal-be-careful-debug:
description: "run with debug logs (default false)"
required: false
@@ -131,7 +124,6 @@ runs:
GHA_SIGSTORE_PYTHON_VERIFY_CERT_IDENTITY: "${{ inputs.verify-cert-identity }}"
GHA_SIGSTORE_PYTHON_VERIFY_OIDC_ISSUER: "${{ inputs.verify-oidc-issuer }}"
GHA_SIGSTORE_PYTHON_RELEASE_SIGNING_ARTIFACTS: "${{ inputs.release-signing-artifacts }}"
- GHA_SIGSTORE_PYTHON_BUNDLE_ONLY: "${{ inputs.bundle-only }}"
GHA_SIGSTORE_PYTHON_INTERNAL_BE_CAREFUL_DEBUG: "${{ inputs.internal-be-careful-debug }}"
shell: bash