File tree Expand file tree Collapse file tree 6 files changed +17
-12
lines changed Expand file tree Collapse file tree 6 files changed +17
-12
lines changed Original file line number Diff line number Diff line change @@ -46,12 +46,16 @@ jobs:
46
46
- name : test (offline)
47
47
if : matrix.conf.os == 'ubuntu-latest'
48
48
run : |
49
+ # Look at me. I am the captain now.
50
+ sudo sysctl -w kernel.unprivileged_userns_clone=1
51
+ sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
52
+
49
53
# We use `unshare` to "un-share" the default networking namespace,
50
54
# in effect running the tests as if the host is offline.
51
55
# This in turn effectively exercises the correctness of our
52
56
# "online-only" test markers, since any test that's online
53
57
# but not marked as such will fail.
54
- # We also explicitly exclude the intergration tests, since these are
58
+ # We also explicitly exclude the integration tests, since these are
55
59
# always online.
56
60
unshare --map-root-user --net make test T="test/unit" TEST_ARGS="--skip-online -vv --showlocals"
57
61
Original file line number Diff line number Diff line change 24
24
- name : install sigstore-python
25
25
run : python -m pip install .
26
26
27
- - uses : sigstore/sigstore-conformance@b0635d4101f11dbd18a50936568a1f7f55b17760 # v0.0.14
27
+ - uses : sigstore/sigstore-conformance@d658ea74a060aeabae78f8a379167f219dc38c38 # v0.0.16
28
28
with :
29
29
entrypoint : ${{ github.workspace }}/test/integration/sigstore-python-conformance
30
30
xfail : " test_verify_with_trust_root test_verify_dsse_bundle_with_trust_root" # see issue 821
Original file line number Diff line number Diff line change @@ -129,7 +129,7 @@ jobs:
129
129
git push -f origin "origin/main:${SIGSTORE_PIN_REQUIREMENTS_BRANCH}"
130
130
131
131
- name : Open pull request
132
- uses : peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
132
+ uses : peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
133
133
with :
134
134
title : |
135
135
Update pinned requirements for ${{ env.SIGSTORE_RELEASE_TAG }}
Original file line number Diff line number Diff line change @@ -74,14 +74,14 @@ jobs:
74
74
done
75
75
76
76
- name : Upload built packages
77
- uses : actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5 .0
77
+ uses : actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6 .0
78
78
with :
79
79
name : built-packages
80
80
path : ./dist/
81
81
if-no-files-found : warn
82
82
83
83
- name : Upload smoketest-artifacts
84
- uses : actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5 .0
84
+ uses : actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6 .0
85
85
with :
86
86
name : smoketest-artifacts
87
87
path : smoketest-artifacts/
@@ -130,7 +130,7 @@ jobs:
130
130
# Confusingly, this action also supports updating releases, not
131
131
# just creating them. This is what we want here, since we've manually
132
132
# created the release that triggered the action.
133
- uses : softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0
133
+ uses : softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1
134
134
with :
135
135
# smoketest-artifacts/ contains the signatures and certificates.
136
136
files : |
Original file line number Diff line number Diff line change @@ -44,14 +44,14 @@ jobs:
44
44
45
45
# Upload the results as artifacts (optional).
46
46
- name : " Upload artifact"
47
- uses : actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5 .0
47
+ uses : actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6 .0
48
48
with :
49
49
name : SARIF file
50
50
path : results.sarif
51
51
retention-days : 5
52
52
53
53
# Upload the results to GitHub's code scanning dashboard.
54
54
- name : " Upload to code-scanning"
55
- uses : github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
55
+ uses : github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
56
56
with :
57
57
sarif_file : results.sarif
Original file line number Diff line number Diff line change @@ -491,9 +491,9 @@ pyjwt==2.10.1 \
491
491
--hash =sha256:3cc5772eb20009233caf06e9d8a0577824723b44e6648ee0a2aedb6cf9381953 \
492
492
--hash =sha256:dcdd193e30abefd5debf142f9adfcdd2b58004e644f25406ffaebd50bd98dacb
493
493
# via sigstore
494
- pyopenssl == 24.3 .0 \
495
- --hash =sha256:49f7a019577d834746bc55c5fce6ecbcec0f2b4ec5ce1cf43a9a173b8138bb36 \
496
- --hash =sha256:e474f5a473cd7f92221cc04976e48f4d11502804657a08a989fb3be5514c904a
494
+ pyopenssl == 25.0 .0 \
495
+ --hash =sha256:424c247065e46e76a37411b9ab1782541c23bb658bf003772c3405fbaa128e90 \
496
+ --hash =sha256:cd2cef799efa3936bb08e8ccb9433a575722b9dd986023f1cabc4ae64e9dac16
497
497
# via sigstore
498
498
python-dateutil == 2.9.0.post0 \
499
499
--hash =sha256:37dd54208da7e1cd875388217d5e00ebd4179249f90fb72437e91a35459a0ad3 \
@@ -536,7 +536,7 @@ securesystemslib==1.2.0 \
536
536
sigstore == 3.6.1 \
537
537
--hash =sha256:b568b16322222e834940acabdc84fbb16c8780874c3c21c6c8dde928dae0f881 \
538
538
--hash =sha256:ee60fdc9236fd6709271ad53b44027461360c3fde155d2af15482e4c451ff865
539
- # via -r requirements.in
539
+ # via -r install/ requirements.in
540
540
sigstore-protobuf-specs == 0.3.2 \
541
541
--hash =sha256:50c99fa6747a3a9c5c562a43602cf76df0b199af28f0e9d4319b6775630425ea \
542
542
--hash =sha256:cae041b40502600b8a633f43c257695d0222a94efa1e5110a7ec7ada78c39d99
@@ -560,6 +560,7 @@ typing-extensions==4.12.2 \
560
560
# multidict
561
561
# pydantic
562
562
# pydantic-core
563
+ # pyopenssl
563
564
# rich
564
565
urllib3 == 2.2.3 \
565
566
--hash =sha256:ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac \
You can’t perform that action at this time.
0 commit comments