-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstep-0.28.2-r4.yaml
62 lines (55 loc) · 1.67 KB
/
step-0.28.2-r4.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
package:
name: step-0.28.2-r4
version: 0.28.2
epoch: 4
description: A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
copyright:
- license: Apache-2.0
pipeline:
- uses: git-checkout
with:
repository: https://github.com/smallstep/cli
tag: v${{package.version}}
expected-commit: 6fb3e24fe731b0ce5b82478cabf778d01d135ea7
- uses: go/bump
with:
deps: golang.org/x/crypto@v0.31.0 golang.org/x/net@v0.33.0
- uses: go/build
with:
packages: ./cmd/step
output: step
ldflags: -X main.Version=${{package.version}}
update:
enabled: true
github:
identifier: smallstep/cli
strip-prefix: v
test:
pipeline:
- name: Verify step-cli installation
runs: |
step --version
step --help
- name: Test JSON Web Keys (JWKs)
runs: |
# create JWKs
step crypto jwk create pub.json key.json --no-password --insecure
[ -f pub.json ]
[ -f key.json ]
# add the public key to a keyset
cat pub.json | step crypto jwk keyset add keys.json
- name: Test JSON Web Tokens (JWTs)
runs: |
echo "Creating and signing a JWT that expires in 2 minutes"
JWT=$(step crypto jwt sign \
--key key.json \
--iss "issuer@example.com" \
--aud "audience@example.com" \
--sub "subject@example.com" \
--exp $(( $(date +%s) + 120 )))
echo "Verifying the JWT"
echo "$JWT" | step crypto jwt verify --jwks keys.json --iss "issuer@example.com" --aud "audience@example.com"
- name: Cleanup
runs: |
rm -f pub.json key.json keys.json
unset JWT