Create initial action for sigstore-python (#1)

* Create initial action for `sigstore-python`

* Remove stray outputs tag

* Fix README example

* Remove unused import

* Explicitly pin `cryptography` in requirements file

* Give workflow permission to use OIDC token

* Add remaining `sigstore-python` flags

* Document remaining settings in README

* Add staging self-test

* Trigger CI again

* Verify signatures in selftest

* Fix invocation

* Turn on debug logging

* Add debug setting to `action.yml`

* Fix boolean defaults

* Revert "Turn on debug logging"

This reverts commit 3f00a86.

* Give more human friendly names to the sign and verify steps

Author: tetsuo-cpp

.github/workflows/ci.yml

@@ -0,0 +1,18 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-python@v4
+        with:
+          python-version: "3.7"
+      - name: lint
+        run: make lint

.github/workflows/selftest.yml

@@ -0,0 +1,39 @@
+name: Self-test
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  id-token: write
+
+jobs:
+  selftest:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Sign artifact and publish signature
+        uses: ./
+        id: sigstore-python
+        with:
+          inputs: ./test/artifact.txt
+      - name: Verify artifact signature
+        run: |
+          sigstore verify --certificate ./test/artifact.txt.crt --signature ./test/artifact.txt.sig ./test/artifact.txt
+
+  selftest-staging:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Sign artifact and publish signature
+        uses: ./
+        id: sigstore-python
+        with:
+          inputs: ./test/artifact.txt
+          staging: true
+      - name: Verify artifact signature
+        run: |
+          sigstore verify --certificate ./test/artifact.txt.crt --signature ./test/artifact.txt.sig --staging ./test/artifact.txt

LICENSE

@@ -1,3 +1,4 @@
+
                                  Apache License
                            Version 2.0, January 2004
                         http://www.apache.org/licenses/
@@ -174,28 +175,3 @@
       of your accepting any such warranty or additional liability.
 
    END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.

Makefile

@@ -0,0 +1,17 @@
+.PHONY: all
+all:
+	@echo "Run my targets individually!"
+
+env/pyvenv.cfg: dev-requirements.txt
+	python3 -m venv env
+	./env/bin/python -m pip install --upgrade pip
+	./env/bin/python -m pip install --requirement dev-requirements.txt
+
+.PHONY: dev
+dev: env/pyvenv.cfg
+
+.PHONY: lint
+lint: env/pyvenv.cfg action.py
+	./env/bin/python -m black action.py
+	./env/bin/python -m isort action.py
+	./env/bin/python -m flake8 --max-line-length 100 action.py