add gcp #133
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: [push] | |
jobs: | |
coverage: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- run: npm ci | |
- run: npm run coverage | |
scitt-azure: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Export Public Key | |
id: akv_export | |
uses: ./ | |
with: | |
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} | |
azure-kid: ${{ secrets.AZURE_KEY_ID }} | |
transmute: | | |
scitt export-remote-public-key \ | |
--output ./tests/fixtures/public.akv.key.cbor \ | |
--kms azure | |
- name: Issue Statement | |
id: akv_sign | |
uses: ./ | |
with: | |
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} | |
azure-kid: ${{ secrets.AZURE_KEY_ID }} | |
transmute: | | |
scitt issue-statement \ | |
./tests/fixtures/message.json \ | |
--alg ES256 \ | |
--iss https://software.vendor.example \ | |
--sub https://software.vendor.example/product/123 \ | |
--content-type application/spdx+json \ | |
--location https://software.vendor.example/storage/456 \ | |
--output ./tests/fixtures/message.json.akv.cbor \ | |
--kms azure | |
- name: Issue Receipt | |
id: akv_receipt | |
uses: ./ | |
with: | |
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} | |
azure-kid: ${{ secrets.AZURE_KEY_ID }} | |
transmute: | | |
scitt issue-receipt \ | |
./tests/fixtures/message.json.akv.cbor \ | |
--log ./tests/fixtures/trans.json \ | |
--output ./tests/fixtures/message.akv.receipt.cbor \ | |
--kms azure | |
- name: Verify Receipt | |
id: akv_receipt_verify | |
uses: ./ | |
with: | |
transmute: | | |
scitt verify-receipt-hash \ | |
./tests/fixtures/public.akv.key.cbor \ | |
./tests/fixtures/message.akv.receipt.cbor \ | |
3073d614f853aaec9a1146872c7bab75495ee678c8864ed3562f8787555c1e22 | |
- name: Verify Statement | |
id: akv_statement_verify | |
uses: ./ | |
with: | |
transmute: | | |
scitt verify-statement-hash \ | |
./tests/fixtures/public.akv.key.cbor \ | |
./tests/fixtures/message.json.akv.cbor \ | |
3073d614f853aaec9a1146872c7bab75495ee678c8864ed3562f8787555c1e22 | |
scitt-gcp: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Export Public Key | |
id: gcp_kms_export | |
uses: ./ | |
with: | |
gcp-sa-email: ${{ secrets.GOOGLE_SA_EMAIL }} | |
gcp-sa-private-key: ${{ secrets.GOOGLE_SA_PRIVATE_KEY }} | |
gcp-kms-key-name: ${{ secrets.GOOGLE_KMS_KEY_NAME }} | |
transmute: | | |
scitt export-remote-public-key \ | |
--output ./tests/fixtures/public.gcp.key.cbor \ | |
--kms gcp | |
- name: Issue Statement | |
id: gcp_kms_issue_statement | |
uses: ./ | |
with: | |
gcp-sa-email: ${{ secrets.GOOGLE_SA_EMAIL }} | |
gcp-sa-private-key: ${{ secrets.GOOGLE_SA_PRIVATE_KEY }} | |
gcp-kms-key-name: ${{ secrets.GOOGLE_KMS_KEY_NAME }} | |
transmute: | | |
scitt issue-statement \ | |
./tests/fixtures/message.json \ | |
--alg ES256 \ | |
--iss https://software.vendor.example \ | |
--sub https://software.vendor.example/product/123 \ | |
--content-type application/spdx+json \ | |
--location https://software.vendor.example/storage/456 \ | |
--output ./tests/fixtures/message.json.gcp.cbor \ | |
--kms gcp | |
- name: Issue Receipt | |
id: gcp_kms_issue_receipt | |
uses: ./ | |
with: | |
gcp-sa-email: ${{ secrets.GOOGLE_SA_EMAIL }} | |
gcp-sa-private-key: ${{ secrets.GOOGLE_SA_PRIVATE_KEY }} | |
gcp-kms-key-name: ${{ secrets.GOOGLE_KMS_KEY_NAME }} | |
transmute: | | |
scitt issue-receipt \ | |
./tests/fixtures/message.json.gcp.cbor \ | |
--log ./tests/fixtures/trans.json \ | |
--output ./tests/fixtures/message.gcp.receipt.cbor \ | |
--kms gcp | |
- name: Verify Receipt | |
id: gcp_verify_receipt | |
uses: ./ | |
with: | |
transmute: | | |
scitt verify-receipt-hash \ | |
./tests/fixtures/public.gcp.key.cbor \ | |
./tests/fixtures/message.gcp.receipt.cbor \ | |
3073d614f853aaec9a1146872c7bab75495ee678c8864ed3562f8787555c1e22 | |
- name: Verify Statement | |
id: gcp_verify_statement | |
uses: ./ | |
with: | |
transmute: | | |
scitt verify-statement-hash \ | |
./tests/fixtures/public.gcp.key.cbor \ | |
./tests/fixtures/message.json.gcp.cbor \ | |
3073d614f853aaec9a1146872c7bab75495ee678c8864ed3562f8787555c1e22 | |
graph: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Push Graph Fragment | |
id: push_single_graph | |
uses: ./ | |
with: | |
neo4j-uri: ${{ secrets.NEO4J_URI }} | |
neo4j-user: ${{ secrets.NEO4J_USERNAME }} | |
neo4j-password: ${{ secrets.NEO4J_PASSWORD }} | |
transmute: | | |
graph assist ./tests/fixtures/issuer-claims.json --verbose --credential-type application/vc --graph-type application/gql --push | |
- name: Push Presentations | |
id: push_multiple_graphs | |
uses: ./ | |
with: | |
neo4j-uri: ${{ secrets.NEO4J_URI }} | |
neo4j-user: ${{ secrets.NEO4J_USERNAME }} | |
neo4j-password: ${{ secrets.NEO4J_PASSWORD }} | |
transmute-client-id: ${{ secrets.CLIENT_ID }} | |
transmute-client-secret: ${{ secrets.CLIENT_SECRET }} | |
transmute-api: ${{ secrets.API_BASE_URL }} | |
transmute: | | |
graph assist --graph-type application/gql --push | |
jose: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Private Key | |
id: generate_private_key | |
uses: ./ | |
with: | |
transmute: | | |
jose keygen --alg ES256 --verbose --output ./tests/fixtures/private.sig.jwk.json | |
- name: Attempt to Log Private Key | |
run: echo "${{ steps.generate_private_key.outputs.json }}" | |
- name: Public Key | |
id: extract_public_key | |
uses: ./ | |
with: | |
transmute: | | |
jose keypub ./tests/fixtures/private.sig.jwk.json --output ./tests/fixtures/public.sig.jwk.json | |
- name: Log Public Key | |
run: cat ./tests/fixtures/public.sig.jwk.json | |
- name: Sign Message | |
id: sign_message | |
uses: ./ | |
with: | |
transmute: | | |
jose sign ./tests/fixtures/private.sig.jwk.json ./tests/fixtures/message.json --detached --compact --output ./tests/fixtures/message.signature.detached.compact.jws | |
- name: Attempt to Log Signature | |
run: echo "${{ steps.sign_message.outputs.jws }}" | |
- name: Verify Message | |
id: verify_message | |
uses: ./ | |
with: | |
transmute: | | |
jose verify ./tests/fixtures/public.sig.jwk.json ./tests/fixtures/message.signature.detached.compact.jws ./tests/fixtures/message.json --detached --compact | |
- name: Log Message Verification | |
run: echo "${{ steps.verify_message.outputs.json }}" | |
- name: Encrypt Message | |
id: encrypt_message | |
uses: ./ | |
with: | |
transmute: | | |
jose encrypt ./tests/fixtures/public.enc.jwk.json ./tests/fixtures/message.json --enc A128GCM --compact --output ./tests/fixtures/message.ciphertext.compact.jwe | |
- name: Log Ciphertext | |
run: echo "${{ steps.encrypt_message.outputs.jwe }}" | |
- name: Decrypt Message | |
id: decrypt_message | |
uses: ./ | |
with: | |
transmute: | | |
jose decrypt ./tests/fixtures/private.enc.jwk.json ./tests/fixtures/message.ciphertext.compact.jwe --compact | |
- name: Log Message Decryption | |
run: echo "${{ steps.decrypt_message.outputs.json }}" | |
cose: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Private Key | |
id: generate_private_key | |
uses: ./ | |
with: | |
transmute: | | |
cose keygen --alg ES256 --verbose --output ./tests/fixtures/private.sig.key.cbor | |
- name: Attempt to Log Private Key | |
run: echo "${{ steps.generate_private_key.outputs.cbor }}" | |
- name: Public Key | |
id: extract_public_key | |
uses: ./ | |
with: | |
transmute: | | |
cose keypub ./tests/fixtures/private.sig.key.cbor --output ./tests/fixtures/public.sig.key.cbor | |
- name: Log Public Key | |
run: echo "${{ steps.extract_public_key.outputs.cbor }}" | |
- name: Sign Message | |
id: sign_message | |
uses: ./ | |
with: | |
transmute: | | |
cose sign ./tests/fixtures/private.sig.key.cbor ./tests/fixtures/message.json --detached --output ./tests/fixtures/message.signature.detached.cbor | |
- name: Verify Message | |
id: verify_message | |
uses: ./ | |
with: | |
transmute: | | |
cose verify ./tests/fixtures/public.sig.key.cbor ./tests/fixtures/message.signature.detached.cbor ./tests/fixtures/message.json --detached | |
- name: Log Message Verification | |
run: echo "${{ steps.verify_message.outputs.cbor }}" | |
scitt: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Issue Statement | |
id: issue_statement | |
uses: ./ | |
with: | |
transmute: | | |
scitt issue-statement ./tests/fixtures/private.sig.key.cbor ./tests/fixtures/message.json --output ./tests/fixtures/message.hash-envelope.cbor | |
- name: Verify Statement Hash | |
id: verify_message | |
uses: ./ | |
with: | |
transmute: | | |
scitt verify-statement-hash ./tests/fixtures/public.sig.key.cbor ./tests/fixtures/message.hash-envelope.cbor 3073d614f853aaec9a1146872c7bab75495ee678c8864ed3562f8787555c1e22 | |
- name: Log Statement Verification | |
run: echo "${{ steps.verify_message.outputs.cbor }}" | |
- name: Issue Receipt | |
id: issue_receipt | |
uses: ./ | |
with: | |
transmute: | | |
scitt issue-receipt ./tests/fixtures/private.notary.key.cbor ./tests/fixtures/message.hash-envelope.cbor --log ./tests/fixtures/trans.json | |
- name: Verify Receipt Hash | |
id: verify_receipt | |
uses: ./ | |
with: | |
transmute: | | |
scitt verify-receipt-hash ./tests/fixtures/public.notary.key.cbor ./tests/fixtures/message.hash-envelope-with-receipt.cbor 3073d614f853aaec9a1146872c7bab75495ee678c8864ed3562f8787555c1e22 |