-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adapt ambient OIDC tests to support interactive flow for local testing #576
Conversation
Signed-off-by: Andrew Pan <a@tny.town>
Signed-off-by: Andrew Pan <a@tny.town>
Signed-off-by: Andrew Pan <a@tny.town>
Signed-off-by: Andrew Pan <a@tny.town>
Signed-off-by: Andrew Pan <a@tny.town>
Makefile
Outdated
.PHONY: test-oidc | ||
test-oidc: TEST_ENV += \ | ||
SIGSTORE_IDENTITY_TOKEN_production=$$($(MAKE) -s run ARGS="get-identity-token") \ | ||
SIGSTORE_IDENTITY_TOKEN_staging=$$($(MAKE) -s run ARGS="--staging get-identity-token") | ||
test-oidc: test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: Let's name this test-interactive
, to emphasize that it'll require user interaction.
print("Waiting for browser interaction...") | ||
print("Waiting for browser interaction...", file=sys.stderr) | ||
else: | ||
server.enable_oob() | ||
print( | ||
f"Go to the following link in a browser:\n\n\t{server.auth_endpoint}" | ||
f"Go to the following link in a browser:\n\n\t{server.auth_endpoint}", | ||
file=sys.stderr, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice!
Let's also document this new |
Signed-off-by: Andrew Pan <a@tny.town>
Signed-off-by: Andrew Pan <a@tny.town>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. get-identity-token
should also work automatically with ambient credentials, so it might be good to add another test job in CI that makes sure we don't accidentally regress the make test-interactive
target.
Signed-off-by: Andrew Pan <a@tny.town>
Signed-off-by: Andrew Pan <a@tny.town>
Summary
Introduces a new Makefile target
test-oidc
. This runs ambient OIDC tests with tokens fromsigstore get-identity-token
.Partially fixes #570.