diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index 07cb762..21add16 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -29,22 +29,13 @@ jobs: - name: install sigstore-python run: | - python3 -m venv sigstore-env - ./sigstore-env/bin/python -m pip install "sigstore >= 3.5.0, < 4.0" - - cat < ./sigstore-env/bin/conformance - #!/bin/sh - # allow sigstore-python-conformance wrapper to find "sigstore" binary from venv - PATH=$PWD/sigstore-env/bin/:$PATH - $PWD/sigstore-env/bin/python $PWD/sigstore-python-conformance "\$@" - EOF - - chmod +x ./sigstore-env/bin/conformance + python3 -m venv selftest-env + ./selftest-env/bin/python -m pip install --requirement selftest-requirements.txt - name: conformance test sigstore-python uses: ./ with: - entrypoint: ${{ github.workspace }}/sigstore-env/bin/conformance + entrypoint: ${{ github.workspace }}/sigstore-python-conformance skip-cpython-release-tests: ${{ matrix.skip-cpython-release-tests }} environment: ${{ matrix.sigstore-infra }} xfail: "test_verify_with_trust_root test_verify_dsse_bundle_with_trust_root" diff --git a/.gitignore b/.gitignore index 5b88b7f..c0cdad4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ env/ +selftest-env/ pip-wheel-metadata/ *.egg-info/ __pycache__/ diff --git a/Makefile b/Makefile index 2c80d83..a3815e9 100644 --- a/Makefile +++ b/Makefile @@ -13,11 +13,17 @@ env/bootstrap: dev-requirements.txt ./env/bin/python -m pip install --requirement dev-requirements.txt touch env/bootstrap +selftest-env/pyvenv.cfg: selftest-requirements.txt + python3 -m venv selftest-env + ./selftest-env/bin/python -m pip install --upgrade pip + ./selftest-env/bin/python -m pip install --requirement selftest-requirements.txt + + env/pyvenv.cfg: env/bootstrap requirements.txt ./env/bin/python -m pip install --requirement requirements.txt .PHONY: dev -dev: env/pyvenv.cfg +dev: env/pyvenv.cfg selftest-env/pyvenv.cfg .PHONY: lint lint: env/pyvenv.cfg $(ALL_PY_SRCS) diff --git a/dev-requirements.txt b/dev-requirements.txt index deef3b0..aa51d33 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -1,4 +1,3 @@ -sigstore ~= 3.6 ruff mypy types-requests diff --git a/selftest-requirements.txt b/selftest-requirements.txt new file mode 100644 index 0000000..8b3cac1 --- /dev/null +++ b/selftest-requirements.txt @@ -0,0 +1,2 @@ +# Requirements for the self test client sigstore-python-conformance +sigstore ~= 3.6.1 diff --git a/sigstore-python-conformance b/sigstore-python-conformance index eab5557..72efa3b 100755 --- a/sigstore-python-conformance +++ b/sigstore-python-conformance @@ -2,8 +2,11 @@ """ A wrapper to convert `sigstore-conformance` CLI protocol invocations to match `sigstore-python`. + +This wrapper expects to find sigstore-python binary installed in selftest-env/bin/sigstore """ + import os import sys @@ -17,6 +20,15 @@ ARG_REPLACEMENTS = { "--certificate-oidc-issuer": "--cert-oidc-issuer", } +script_dir = os.path.dirname(os.path.realpath(__file__)) +SIGSTORE_BINARY = os.path.join(script_dir, "selftest-env", "bin", "sigstore") + +if not os.path.exists(SIGSTORE_BINARY): + exit( + f"Error: sigstore binary not found in {SIGSTORE_BINARY}.\n" + "Has the environment been initialized with 'make dev'?" + ) + # Trim the script name. fixed_args = sys.argv[1:] @@ -44,4 +56,4 @@ else: # Replace incompatible flags. command.extend(ARG_REPLACEMENTS[arg] if arg in ARG_REPLACEMENTS else arg for arg in fixed_args) -os.execvp("sigstore", command) +os.execvp(SIGSTORE_BINARY, command) diff --git a/tools/requirements.txt b/tools/requirements.txt deleted file mode 100644 index bef9feb..0000000 --- a/tools/requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ --r ../requirements.txt - -sigstore~=3.6.1