Skip to content

bump

bump #137

Workflow file for this run

name: CI
on: [push]
jobs:
coverage:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: npm ci
- run: npm run coverage
scitt-azure:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Export Public Key
id: akv_export
uses: ./
with:
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
azure-kid: ${{ secrets.AZURE_KEY_ID }}
transmute: |
scitt export-remote-public-key \
--output ./tests/fixtures/public.akv.key.cbor \
--kms azure
- name: Issue Statement
id: akv_sign
uses: ./
with:
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
azure-kid: ${{ secrets.AZURE_KEY_ID }}
transmute: |
scitt issue-statement \
./tests/fixtures/message.json \
--alg ES256 \
--iss https://software.vendor.example \
--sub https://software.vendor.example/product/123 \
--content-type application/spdx+json \
--location https://software.vendor.example/storage/456 \
--output ./tests/fixtures/message.json.akv.cbor \
--kms azure
- name: Issue Receipt
id: akv_receipt
uses: ./
with:
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
azure-kid: ${{ secrets.AZURE_KEY_ID }}
transmute: |
scitt issue-receipt \
./tests/fixtures/message.json.akv.cbor \
--log ./tests/fixtures/trans.json \
--output ./tests/fixtures/message.akv.receipt.cbor \
--kms azure
- name: Verify Receipt
id: akv_receipt_verify
uses: ./
with:
transmute: |
scitt verify-receipt-hash \
./tests/fixtures/public.akv.key.cbor \
./tests/fixtures/message.akv.receipt.cbor \
3073d614f853aaec9a1146872c7bab75495ee678c8864ed3562f8787555c1e22
- name: Verify Statement
id: akv_statement_verify
uses: ./
with:
transmute: |
scitt verify-statement-hash \
./tests/fixtures/public.akv.key.cbor \
./tests/fixtures/message.json.akv.cbor \
3073d614f853aaec9a1146872c7bab75495ee678c8864ed3562f8787555c1e22
scitt-gcp:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Export Public Key
id: gcp_kms_export
uses: ./
with:
gcp-sa-email: ${{ secrets.GOOGLE_SA_EMAIL }}
gcp-sa-private-key: ${{ secrets.GOOGLE_SA_PRIVATE_KEY }}
gcp-kms-key-name: ${{ secrets.GOOGLE_KMS_KEY_NAME }}
transmute: |
scitt export-remote-public-key \
--output ./tests/fixtures/public.gcp.key.cbor \
--kms gcp
- name: Issue Statement
id: gcp_kms_issue_statement
uses: ./
with:
gcp-sa-email: ${{ secrets.GOOGLE_SA_EMAIL }}
gcp-sa-private-key: ${{ secrets.GOOGLE_SA_PRIVATE_KEY }}
gcp-kms-key-name: ${{ secrets.GOOGLE_KMS_KEY_NAME }}
transmute: |
scitt issue-statement \
./tests/fixtures/message.json \
--alg ES256 \
--iss https://software.vendor.example \
--sub https://software.vendor.example/product/123 \
--content-type application/spdx+json \
--location https://software.vendor.example/storage/456 \
--output ./tests/fixtures/message.json.gcp.cbor \
--kms gcp
- name: Issue Receipt
id: gcp_kms_issue_receipt
uses: ./
with:
gcp-sa-email: ${{ secrets.GOOGLE_SA_EMAIL }}
gcp-sa-private-key: ${{ secrets.GOOGLE_SA_PRIVATE_KEY }}
gcp-kms-key-name: ${{ secrets.GOOGLE_KMS_KEY_NAME }}
transmute: |
scitt issue-receipt \
./tests/fixtures/message.json.gcp.cbor \
--log ./tests/fixtures/trans.json \
--output ./tests/fixtures/message.gcp.receipt.cbor \
--kms gcp
- name: Verify Receipt
id: gcp_verify_receipt
uses: ./
with:
transmute: |
scitt verify-receipt-hash \
./tests/fixtures/public.gcp.key.cbor \
./tests/fixtures/message.gcp.receipt.cbor \
3073d614f853aaec9a1146872c7bab75495ee678c8864ed3562f8787555c1e22
- name: Verify Statement
id: gcp_verify_statement
uses: ./
with:
transmute: |
scitt verify-statement-hash \
./tests/fixtures/public.gcp.key.cbor \
./tests/fixtures/message.json.gcp.cbor \
3073d614f853aaec9a1146872c7bab75495ee678c8864ed3562f8787555c1e22
# graph:
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v4
# - name: Push Graph Fragment
# id: push_single_graph
# uses: ./
# with:
# neo4j-uri: ${{ secrets.NEO4J_URI }}
# neo4j-user: ${{ secrets.NEO4J_USERNAME }}
# neo4j-password: ${{ secrets.NEO4J_PASSWORD }}
# transmute: |
# graph assist ./tests/fixtures/issuer-claims.json --verbose --credential-type application/vc --graph-type application/gql --push
# - name: Push Presentations
# id: push_multiple_graphs
# uses: ./
# with:
# neo4j-uri: ${{ secrets.NEO4J_URI }}
# neo4j-user: ${{ secrets.NEO4J_USERNAME }}
# neo4j-password: ${{ secrets.NEO4J_PASSWORD }}
# transmute-client-id: ${{ secrets.CLIENT_ID }}
# transmute-client-secret: ${{ secrets.CLIENT_SECRET }}
# transmute-api: ${{ secrets.API_BASE_URL }}
# transmute: |
# graph assist --graph-type application/gql --push
jose:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Private Key
id: generate_private_key
uses: ./
with:
transmute: |
jose keygen --alg ES256 --verbose --output ./tests/fixtures/private.sig.jwk.json
- name: Attempt to Log Private Key
run: echo "${{ steps.generate_private_key.outputs.json }}"
- name: Public Key
id: extract_public_key
uses: ./
with:
transmute: |
jose keypub ./tests/fixtures/private.sig.jwk.json --output ./tests/fixtures/public.sig.jwk.json
- name: Log Public Key
run: cat ./tests/fixtures/public.sig.jwk.json
- name: Sign Message
id: sign_message
uses: ./
with:
transmute: |
jose sign ./tests/fixtures/private.sig.jwk.json ./tests/fixtures/message.json --detached --compact --output ./tests/fixtures/message.signature.detached.compact.jws
- name: Attempt to Log Signature
run: echo "${{ steps.sign_message.outputs.jws }}"
- name: Verify Message
id: verify_message
uses: ./
with:
transmute: |
jose verify ./tests/fixtures/public.sig.jwk.json ./tests/fixtures/message.signature.detached.compact.jws ./tests/fixtures/message.json --detached --compact
- name: Log Message Verification
run: echo "${{ steps.verify_message.outputs.json }}"
- name: Encrypt Message
id: encrypt_message
uses: ./
with:
transmute: |
jose encrypt ./tests/fixtures/public.enc.jwk.json ./tests/fixtures/message.json --enc A128GCM --compact --output ./tests/fixtures/message.ciphertext.compact.jwe
- name: Log Ciphertext
run: echo "${{ steps.encrypt_message.outputs.jwe }}"
- name: Decrypt Message
id: decrypt_message
uses: ./
with:
transmute: |
jose decrypt ./tests/fixtures/private.enc.jwk.json ./tests/fixtures/message.ciphertext.compact.jwe --compact
- name: Log Message Decryption
run: echo "${{ steps.decrypt_message.outputs.json }}"
cose:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Private Key
id: generate_private_key
uses: ./
with:
transmute: |
cose keygen --alg ES256 --verbose --output ./tests/fixtures/private.sig.key.cbor
- name: Attempt to Log Private Key
run: echo "${{ steps.generate_private_key.outputs.cbor }}"
- name: Public Key
id: extract_public_key
uses: ./
with:
transmute: |
cose keypub ./tests/fixtures/private.sig.key.cbor --output ./tests/fixtures/public.sig.key.cbor
- name: Log Public Key
run: echo "${{ steps.extract_public_key.outputs.cbor }}"
- name: Sign Message
id: sign_message
uses: ./
with:
transmute: |
cose sign ./tests/fixtures/private.sig.key.cbor ./tests/fixtures/message.json --detached --output ./tests/fixtures/message.signature.detached.cbor
- name: Verify Message
id: verify_message
uses: ./
with:
transmute: |
cose verify ./tests/fixtures/public.sig.key.cbor ./tests/fixtures/message.signature.detached.cbor ./tests/fixtures/message.json --detached
- name: Log Message Verification
run: echo "${{ steps.verify_message.outputs.cbor }}"
scitt:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Issue Statement
id: issue_statement
uses: ./
with:
transmute: |
scitt issue-statement ./tests/fixtures/private.sig.key.cbor ./tests/fixtures/message.json --output ./tests/fixtures/message.hash-envelope.cbor
- name: Verify Statement Hash
id: verify_message
uses: ./
with:
transmute: |
scitt verify-statement-hash ./tests/fixtures/public.sig.key.cbor ./tests/fixtures/message.hash-envelope.cbor 3073d614f853aaec9a1146872c7bab75495ee678c8864ed3562f8787555c1e22
- name: Log Statement Verification
run: echo "${{ steps.verify_message.outputs.cbor }}"
- name: Issue Receipt
id: issue_receipt
uses: ./
with:
transmute: |
scitt issue-receipt ./tests/fixtures/private.notary.key.cbor ./tests/fixtures/message.hash-envelope.cbor --log ./tests/fixtures/trans.json
- name: Verify Receipt Hash
id: verify_receipt
uses: ./
with:
transmute: |
scitt verify-receipt-hash ./tests/fixtures/public.notary.key.cbor ./tests/fixtures/message.hash-envelope-with-receipt.cbor 3073d614f853aaec9a1146872c7bab75495ee678c8864ed3562f8787555c1e22