22 lines
761 B
Bash
Executable file
22 lines
761 B
Bash
Executable file
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
# Get the root directory of the repository
|
|
rootDir="$(git rev-parse --show-toplevel)"
|
|
|
|
ghBuildPath="$rootDir/bin/gh"
|
|
|
|
artifactPath="$rootDir/pkg/cmd/attestation/test/data/sigstore-js-2.1.0.tgz"
|
|
bundlePath="$rootDir/pkg/cmd/attestation/test/data/sigstore-js-2.1.0_with_2_bundles.jsonl"
|
|
|
|
# Download a custom trusted root for verification
|
|
if ! $ghBuildPath attestation trusted-root > trusted_root.jsonl; then
|
|
# cleanup test data
|
|
echo "Failed to download trusted root"
|
|
exit 1
|
|
fi
|
|
|
|
if ! $ghBuildPath attestation verify "$artifactPath" -b "$bundlePath" --digest-alg=sha512 --owner=sigstore --custom-trusted-root trusted_root.jsonl; then
|
|
echo "Failed to verify package with a Sigstore v0.2.0 bundle"
|
|
exit 1
|
|
fi
|