From #46: these outputs are now redundant against .sigstore, but are included by default for backwards compatibility.

As such, we should add a setting (maybe bundle-only: bool or similar?) that allows a user to disable them if they don't need them and don't want them cluttering up their releases.

This idea came from #3. If we run this Action as part of a release workflow, we should attach the signing artifacts to the associated release.

Description

I recently updated from 1.2.3 to 2.0.0 and noticed not all of the inputs are being signed.

• Workflow job: https://github.com/pywemo/pywemo/actions/runs/5799020094/job/15718199029
• Workflow file: https://github.com/pywemo/pywemo/blob/417e5490c64401f971b81fdd39223aebc83ce852/.github/workflows/publish.yml#L101

I'd have expected the pywemo-1.2.1.tar.gz and pywemo-1.2.1-py3-none-any.whl file from ./${DIST_ARTIFACT}/* to have been signed too. I've attached the signing-artifacts-sigstore.zip and the dist-ubuntu-latest-3.8.zip (./${DIST_ARTIFACT}/) build artifacts.

I wonder if something changed recently with environment variable expansion, or globbing, for the inputs? This workflow had been working with version 1.2.3.

Description

actions/upload-artifact@v3 does not seem to be compatible with actions/download-artifact@v4. https://github.com/actions/download-artifact?tab=readme-ov-file#breaking-changes

It would be helpful if there was a version of gh-action-sigstore-python that was (optionally?) compatible with actions/download-artifact@v4.

Self-test failure

A scheduled test of the workflow has failed.

This suggests one of three conditions:

• A backwards-incompatible change in a Sigstore component;
• A regression in gh-action-sigstore-python;
• A transient error.

The full CI failure can be found here:

https://github.com/sigstore/gh-action-sigstore-python/actions/runs/6574255424

This is currently false by default, but arguably it should be true: a user who uses this action in the context of a release: published event is probably expecting their signatures to be uploaded to the release, and shouldn't have to explicitly opt into it.

Description

Hello, right now the inputs input has to be provided by users. But there is scenarios where projects don't necessarily produce any artifact as part of their releases but they would still like they zip and tar file created by GitHub on every release to be signed.

I imagine that

- name: Sign artifacts
  uses: sigstore/gh-action-sigstore-python
  with:
    release-signing-artifacts: true

could potentially be allowed? Or is this outside the scope of this action and projects are expected to do something like

- name: Create source archive
  run: gh release download $RELEASE_TAG --dir release_artifacts
  env:
    RELEASE_TAG: ${{ github.ref_name }}

- name: Sign artifacts
  uses: sigstore/gh-action-sigstore-python
  with:
    inputs: ./*
  working-directory: release_artifacts

- name: Upload signed artifacts on the release
  run: gh release upload --clobber $RELEASE_TAG *
  env:
    RELEASE_TAG: ${{ github.ref_name }}
  working-directory: release_artifacts

instead?

Self-test failure

A scheduled test of the workflow has failed.

This suggests one of three conditions:

• A backwards-incompatible change in a Sigstore component;
• A regression in gh-action-sigstore-python;
• A transient error.

The full CI failure can be found here:

https://github.com/sigstore/gh-action-sigstore-python/actions/runs/6761126950

Follow-up from #49: these settings override the default output paths, which doesn't make a lot of sense for 99% of users and introduces complexity to the happy path.

We can probably just remove them entirely with the 2.0 release.

Description

I noticed that you recently added a dependabot config file.

I looked into it and I saw that you added the github actions package ecosystem to get updates in your .github/workflow/ files.

Did you know you can add the pip package ecosystem as well? That's what I did on my fork, and I received an update to the requests dependency in the requirements.txt file.

It seems to be an important update. Here is the link: Requests

I am ready to create a quick PR and merge the updates from my fork's main branch if you would like.

Errors like #18 indicate that we should probably be rendering these Markdown summaries from templates, rather than inlined here-docs.

Received this output from a run of the action (run linked here:

❌ sigstore-python failed to sign package
❌ sigstore-python verification skipped due to failed signing
Traceback (most recent call last):
  File "/opt/hostedtoolcache/Python/3.10.6/x64/lib/python3.10/runpy.py", line 1[96](https://github.com/mbestavros/supply-chain-pipeline-demo/actions/runs/3063310998/jobs/4945242878#step:8:99), in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "/opt/hostedtoolcache/Python/3.10.6/x64/lib/python3.10/runpy.py", line 86, in _run_code
    exec(code, run_globals)
  File "/opt/hostedtoolcache/Python/3.10.6/x64/lib/python3.10/site-packages/sigstore/__main__.py", line 22, in <module>
    main()
  File "/opt/hostedtoolcache/Python/3.10.6/x64/lib/python3.10/site-packages/sigstore/_cli.py", line 257, in main
    _sign(args)
  File "/opt/hostedtoolcache/Python/3.10.6/x64/lib/python3.10/site-packages/sigstore/_cli.py", line 382, in _sign
    result = signer.sign(
  File "/opt/hostedtoolcache/Python/3.10.6/x64/lib/python3.10/site-packages/sigstore/_sign.py", line [101](https://github.com/mbestavros/supply-chain-pipeline-demo/actions/runs/3063310998/jobs/4945242878#step:8:104), in sign
    verify_sct(
  File "/opt/hostedtoolcache/Python/3.10.6/x64/lib/python3.10/site-packages/sigstore/_internal/sct.py", line 279, in verify_sct
    hash_algorithm, signature_algorithm, signature = _sct_properties(sct, raw_sct)
  File "/opt/hostedtoolcache/Python/3.10.6/x64/lib/python3.10/site-packages/sigstore/_internal/sct.py", line 82, in _sct_properties
    sct.hash_algorithm,  # type: ignore[attr-defined]
AttributeError: 'builtins.Sct' object has no attribute 'hash_algorithm'

Possibly a dependency error? I wasn't running into this issue before.

Description

In #63, our test suite caught an issue related to a breaking change in TUF. To catch these things earlier, we should run the selftest workflow on a schedule.

A common use case will be to sign a series of files based on a pattern. We'd ideally like to support inputs like:

- uses: trailofbits/[email protected]
  with:
    inputs: dist/*.tar.gz dist/*.whl

We'll likely need to interpret the * symbol in action.py to behave this way. Look into the glob and fnmatch modules to start with as these probably be helpful for implementing globbing.

This issue was automatically created by Allstar.

Security Policy Violation
Dismiss stale reviews not configured for branch main

This issue will auto resolve when the policy is in compliance.

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

I'm not sure it makes sense for us to expose this CLI flag as an action setting -- the user can simply choose not to use any artifacts/assets if they don't care about the default file outputs.

Thoughts @tetsuo-cpp?

Self-test failure

A scheduled test of the workflow has failed.

This suggests one of three conditions:

• A backwards-incompatible change in a Sigstore component;
• A regression in gh-action-sigstore-python;
• A transient error.

The full CI failure can be found here:

https://github.com/sigstore/gh-action-sigstore-python/actions/runs/7194878882

So far, this Action is purely about code signing via sigstore sign invocations. However, from the little that I've seen, users seem interested in verifying signatures immediately after publishing as a form of validation.

We should think about how we want to expose these outputs, beyond placing them on the filesystem. Some ideas:

• Create job outputs corresponding to each artifact.
  • Downsides: Job outputs aren't really intended for this, plus the naming with multiple inputs will be tricky.
• Create workflow artifacts corresponding to each artifact.
  • Downsides: None?
• Support attaching each artifact to the associated GitHub Release, if our action is run on a release workflow.
  • This should be configurable, not the default.

mypy should be one of our dev-requirements.txt dependencies and we should run it on make lint, to catch bugs like https://github.com/sigstore/gh-action-sigstore-python/actions/runs/4504383742/jobs/7928788433.

Self-test failure

A scheduled test of the workflow has failed.

This suggests one of three conditions:

• A backwards-incompatible change in a Sigstore component;
• A regression in gh-action-sigstore-python;
• A transient error.

The full CI failure can be found here:

https://github.com/sigstore/gh-action-sigstore-python/actions/runs/6159101665

It would be useful to cache TUF metadata and the downloaded artifacts:

• less downloading is better for everyone
• cached metadata is slightly more secure

In practice this would mean mean using https://github.com/actions/cache with the sigstore application data dir and cache dir (or at least the tuf relevant subdirs) as the cache paths. It would make sense to verify that the cache is getting used with some debug logging in the self test (I'm assuming the default logging doesn't show this).

I'm filing this now so I don't forget: I'll likely take a stab at this later myself if no-one has implemented by then

I just noticed this: we upload the signing outputs (cert, sig, bundle, etc.), but never the actual inputs that they're produced from (unless they're the default release assets).

For example, here are the uploaded assets from a release of abi3audit: we have verification materials for the wheel and sdist, but the wheel and sdist are not themselves attached.

As a fix, we should attach every input we sign for. This shouldn't be a serious size/duplication issue, since GitHub's object storage will do deduplication for us under the hood.

Description

The action has suddenly begun failing; it worked (in the same repo) three hours ago, but now I get:

ModuleNotFoundError: No module named 'sigstore_rekor_types'

Version

2.1.0

See debug log at:
https://github.com/mnot/httplint/actions/runs/7191098801/job/19585432188

We currently split the inputs passed by the user using str.split, which will be wrong for some inputs (e.g., if the user passes in a filename containing whitespaces). We should instead use shlex.split.

Self-test failure

A scheduled test of the workflow has failed.

This suggests one of three conditions:

• A backwards-incompatible change in a Sigstore component;
• A regression in gh-action-sigstore-python;
• A transient error.

The full CI failure can be found here:

https://github.com/sigstore/gh-action-sigstore-python/actions/runs/7167089363

We don't currently support these, but they'd be trivial to add. Just filing an issue so I don't forget.

Self-test failure

A scheduled test of the workflow has failed.

This suggests one of three conditions:

• A backwards-incompatible change in a Sigstore component;
• A regression in gh-action-sigstore-python;
• A transient error.

The full CI failure can be found here:

https://github.com/sigstore/gh-action-sigstore-python/actions/runs/6913759042

Just that: we should make the default true here with 2.0.

Self-test failure

A scheduled test of the workflow has failed.

This suggests one of three conditions:

• A backwards-incompatible change in a Sigstore component;
• A regression in gh-action-sigstore-python;
• A transient error.

The full CI failure can be found here:

https://github.com/sigstore/gh-action-sigstore-python/actions/runs/4850935530

Since we've removed this prefix from the CLI options in sigstore-python, we should remove them here too.

Self-test failure

A scheduled test of the workflow has failed.

This suggests one of three conditions:

• A backwards-incompatible change in a Sigstore component;
• A regression in gh-action-sigstore-python;
• A transient error.

The full CI failure can be found here:

https://github.com/sigstore/gh-action-sigstore-python/actions/runs/6840516757

Self-test failure

A scheduled test of the workflow has failed.

This suggests one of three conditions:

• A backwards-incompatible change in a Sigstore component;
• A regression in gh-action-sigstore-python;
• A transient error.

The full CI failure can be found here:

https://github.com/sigstore/gh-action-sigstore-python/actions/runs/6980463080

We should use https://github.com/sigstore-conformance/extremely-dangerous-public-oidc-beacon for our self-tests, to avoid GitHub's third-party PR restrictions.

Self-test failure

A scheduled test of the workflow has failed.

This suggests one of three conditions:

• A backwards-incompatible change in a Sigstore component;
• A regression in gh-action-sigstore-python;
• A transient error.

The full CI failure can be found here:

https://github.com/sigstore/gh-action-sigstore-python/actions/runs/7141053531

Right now we support a verify option during signing, but not a completely separate verification mode (i.e., where the inputs are verification materials, and all the action does is verify them).

I think this would be useful to have -- it'd help drive "low-effort" adoption of Sigstore signatures, and could be used to write "beacon"-style automated validators for various ecosystems (e.g., ensuring that every CPython release has a valid signature).

cc @tetsuo-cpp and @di for thoughts.

Description
README.md still indicates trailofbits instead of sigstore, which is confusing for users.

Version

0.0.9

Let's add more invocations of sigstore-python that exercise the different CLI options. At the moment, we just sign ./tests/artifact.txt in the prod and staging instances.

Description

I keep getting an error using the most barebones configuration, I will skip to the part when the runner finishes installing all dependencies and tries to run the sigstore action.

Run D:\a\_actions\sigstore\gh-action-sigstore-python\v1.2.3/action.py "./build/test.dist/test.exe"
D:\a\_temp\4cbeed94-1ea6-46c1-a605-345eda4ef060.sh: line 1: D:a_actionssigstoregh-action-sigstore-pythonv1.2.3/action.py: No such file or directory
Error: Process completed with exit code 127.

Note: Isn't this D:a_actionssigstoregh-action-sigstore-pythonv1.2.3/action.py path kind of broken? I feel like it's missing a backslash or two. Maybe this action is not suitable for a windows runner?

I tested on this workflow.

name: Python application

on:
  push:
    branches: [ "main" ]
  pull_request:
    branches: [ "main" ]

permissions:
  contents: read
  id-token: write

jobs:

  build:
    # Windows is currently the only platform Nuitka action supports apparently?
    runs-on: windows-latest

    steps:

      # Check-out repository
      - uses: actions/checkout@v3

      # Setup Python
      - uses: actions/setup-python@v4
        with:
          python-version: '3.10' 
          architecture: 'x64' 

      - name: Compile to executable
        uses: Nuitka/Nuitka-Action@main
        with:
          nuitka-version: main
          script-name: test.py
          standalone: true
          onefile: false


      - name: Sign
        uses: sigstore/[email protected]
        with:
          inputs: build/test.dist/test.exe 

      # Uploads artifact
      - name: Upload Artifact
        uses: actions/upload-artifact@v3
        with:
          name: Windows Build
          path: build/test.dist

Note: The input path seems to be correct, as removing the whole signing step uploads the artifact correctly.

Version

[email protected]
windows-latest

Our self-tests currently test on whatever default version of Python 3 is installed in the runner; we should use the setup-python action in a matrix to ensure that all supported version (3.7+) work as expected.

Self-test failure

A scheduled test of the workflow has failed.

This suggests one of three conditions:

• A backwards-incompatible change in a Sigstore component;
• A regression in gh-action-sigstore-python;
• A transient error.

The full CI failure can be found here:

https://github.com/sigstore/gh-action-sigstore-python/actions/runs/6603623413

Self-test failure

A scheduled test of the workflow has failed.

This suggests one of three conditions:

• A backwards-incompatible change in a Sigstore component;
• A regression in gh-action-sigstore-python;
• A transient error.

The full CI failure can be found here:

https://github.com/sigstore/gh-action-sigstore-python/actions/runs/7685533153

Description
If you enable release-signing-artifacts in push tags triggered flow if fails with:

Traceback (most recent call last):
  File "/home/runner/work/_actions/sigstore/gh-action-sigstore-python/v2.1.1/action.py", line 194, in <module>
    artifact = _download_ref_asset(filetype)
  File "/home/runner/work/_actions/sigstore/gh-action-sigstore-python/v2.1.1/action.py", line 74, in _download_ref_asset
    r.raise_for_status()
  File "/opt/hostedtoolcache/Python/3.10.13/x64/lib/python3.10/site-packages/requests/models.py", line 1021, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 404 Client Error: Not Found for url: https://github.com/....

From the docs I couldn't find any indication that this should only be used with a different trigger criteria.

Version

v2.1.1

Description

Hi, I'm currently experimenting with sigstore releases on a branch named ci/release-workflow in one of my repos. I got the following error on my first test run:

Traceback (most recent call last):
  File "/home/runner/work/_actions/sigstore/gh-action-sigstore-python/v1.2.3/action.py", line 189, in <module>
    artifact = _download_ref_asset(filetype)
  File "/home/runner/work/_actions/sigstore/gh-action-sigstore-python/v1.2.3/action.py", line 70, in _download_ref_asset
    with artifact.open("wb") as io:
  File "/usr/lib/python3.10/pathlib.py", line 1119, in open
    return self._accessor.open(self, mode, buffering, encoding, errors,
FileNotFoundError: [Errno 2] No such file or directory: '/tmp/ci/release-workflow.zip'

Looking at the code, this line seems to be the culprit:

GITHUB_REF_NAME is ci/release-workflow in my case, so the path is rendered as /tmp/ci/release-workflow.zip, which results in a file not found error because the /tmp/ci directory doesn't exist.

Suggest either of the following:

• Sanitise the refname to remove/replace characters that can't appear in file names
• Create all parent directories prior to writing the file

Version

v1.2.3 of this GitHub action :)

Self-test failure

A scheduled test of the workflow has failed.

This suggests one of three conditions:

• A backwards-incompatible change in a Sigstore component;
• A regression in gh-action-sigstore-python;
• A transient error.

The full CI failure can be found here:

https://github.com/sigstore/gh-action-sigstore-python/actions/runs/7127856603

Just another reminder issue for myself. There's no reason for the self-tests to run using the production Sigstore PGI.

Self-test failure

A scheduled test of the workflow has failed.

This suggests one of three conditions:

• A backwards-incompatible change in a Sigstore component;
• A regression in gh-action-sigstore-python;
• A transient error.

The full CI failure can be found here:

https://github.com/sigstore/gh-action-sigstore-python/actions/runs/6890403569

Self-test failure

A scheduled test of the workflow has failed.

This suggests one of three conditions:

• A backwards-incompatible change in a Sigstore component;
• A regression in gh-action-sigstore-python;
• A transient error.

The full CI failure can be found here:

https://github.com/sigstore/gh-action-sigstore-python/actions/runs/6876970094

By default, GitHub Actions produces {tag}.tar.gz and {tag}.zip assets for each release.

These artifacts are generated on the fly, meaning that they can (and have) changed their contents (and thus digests) over time. This recently caused some significant breakage due to incorrect assumptions around that: https://github.blog/changelog/2023-01-30-git-archive-checksums-may-change/

Given that they can change, the correct thing for us to do here is probably to download the asset as it appears, sign for it, and then re-upload it to the release as a new asset: this will freeze it, meaning that the signature will remain correct.