action: remove old output settings (#146)

* action: remove old output settings

Signed-off-by: William Woodruff <william@trailofbits.com>

* selftest: remove old test ref

Signed-off-by: William Woodruff <william@trailofbits.com>

---------

Signed-off-by: William Woodruff <william@trailofbits.com>

.github/workflows/selftest.yml

@@ -256,27 +256,6 @@ jobs:
           [[ -f ./artifact.txt.sigstore.json ]] || exit 1
         working-directory: ./test/uploaded
 
-  selftest-custom-paths:
-    runs-on: ubuntu-latest
-    if: (github.event_name != 'pull_request') || !github.event.pull_request.head.repo.fork
-    steps:
-      - uses: actions/checkout@v4
-      - name: Sign artifact and publish signature
-        uses: ./
-        id: sigstore-python
-        with:
-          inputs: ./test/artifact.txt
-          signature: ./test/custom_signature.sig
-          certificate: ./test/custom_certificate.crt
-          bundle: ./test/custom_bundle.sigstore
-          staging: true
-          internal-be-careful-debug: true
-      - name: Check outputs
-        run: |
-          [[ -f ./test/custom_signature.sig ]] || exit 1
-          [[ -f ./test/custom_certificate.crt ]] || exit 1
-          [[ -f ./test/custom_bundle.sigstore ]] || exit 1
-
   selftest-verify:
     runs-on: ubuntu-latest
     if: (github.event_name != 'pull_request') || !github.event.pull_request.head.repo.fork
@@ -376,7 +355,6 @@ jobs:
       - selftest-glob
       - selftest-glob-multiple
       - selftest-upload-artifacts
-      - selftest-custom-paths
       - selftest-verify
       - selftest-xfail-verify-missing-options
       - selftest-identity-token

README.md

@@ -128,81 +128,6 @@ Example:
     oidc-client-secret: alternative-sigstore-secret
 ```
 
-### `signature`
-
-**Default**: Empty (signature files will get named as `{input}.sig`)
-
-The `signature` setting controls the name of the output signature file. This setting does not work
-when signing multiple input files.
-
-Example:
-
-```yaml
-- uses: sigstore/gh-action-sigstore-python@v2.1.1
-  with:
-    inputs: file.txt
-    signature: custom-signature-filename.sig
-```
-
-However, this example is invalid:
-
-```yaml
-- uses: sigstore/gh-action-sigstore-python@v2.1.1
-  with:
-    inputs: file0.txt file1.txt file2.txt
-    signature: custom-signature-filename.sig
-```
-
-### `certificate`
-
-**Default**: Empty (certificate files will get named as `{input}.crt`)
-
-The `certificate` setting controls the name of the output certificate file. This setting does not
-work when signing multiple input files.
-
-Example:
-
-```yaml
-- uses: sigstore/gh-action-sigstore-python@v2.1.1
-  with:
-    inputs: file.txt
-    certificate: custom-certificate-filename.crt
-```
-
-However, this example is invalid:
-
-```yaml
-- uses: sigstore/gh-action-sigstore-python@v2.1.1
-  with:
-    inputs: file0.txt file1.txt file2.txt
-    certificate: custom-certificate-filename.crt
-```
-
-### `bundle`
-
-**Default**: Empty (bundle files will get named as `{input}.sigstore`)
-
-The `bundle` setting controls the name of the output Sigstore bundle. This setting does not work
-when signing multiple input files.
-
-Example:
-
-```yaml
-- uses: sigstore/gh-action-sigstore-python@v2.1.1
-  with:
-    inputs: file.txt
-    bundle: custom-bundle.sigstore
-```
-
-However, this example is invalid:
-
-```yaml
-- uses: sigstore/gh-action-sigstore-python@v2.1.1
-  with:
-    inputs: file0.txt file1.txt file2.txt
-    certificate: custom-bundle.sigstore
-```
-
 ### `staging`
 
 **Default**: `false`

action.py

@@ -146,24 +146,6 @@ def _fatal_help(msg):
 if client_secret:
     sigstore_sign_args.extend(["--oidc-client-secret", client_secret])
 
-signature = os.getenv("GHA_SIGSTORE_PYTHON_SIGNATURE")
-if signature:
-    sigstore_sign_args.extend(["--signature", signature])
-    sigstore_verify_args.extend(["--signature", signature])
-    signing_artifact_paths.append(signature)
-
-certificate = os.getenv("GHA_SIGSTORE_PYTHON_CERTIFICATE")
-if certificate:
-    sigstore_sign_args.extend(["--certificate", certificate])
-    sigstore_verify_args.extend(["--certificate", certificate])
-    signing_artifact_paths.append(certificate)
-
-bundle = os.getenv("GHA_SIGSTORE_PYTHON_BUNDLE")
-if bundle:
-    sigstore_sign_args.extend(["--bundle", bundle])
-    sigstore_verify_args.extend(["--bundle", bundle])
-    signing_artifact_paths.append(bundle)
-
 if os.getenv("GHA_SIGSTORE_PYTHON_STAGING", "false") != "false":
     sigstore_global_args.append("--staging")
 

action.yml

@@ -32,18 +32,6 @@ inputs:
     description: "the custom OpenID Connect client secret to use during OAuth2"
     required: false
     default: ""
-  signature:
-    description: "write a single signature to the given file; does not work with multiple input files"
-    required: false
-    default: ""
-  certificate:
-    description: "write a single certificate to the given file; does not work with multiple input files"
-    required: false
-    default: ""
-  bundle:
-    description: "write a single Sigstore bundle to the given file; does not work with multiple input files"
-    required: false
-    default: ""
   staging:
     description: "use sigstore's staging instances, instead of the default production instances"
     required: false
@@ -102,9 +90,6 @@ runs:
         PYTHONUTF8: "1"
         VENV_PYTHON_PATH: "${{ steps.setup.outputs.venv-python-path }}"
         GHA_SIGSTORE_PYTHON_IDENTITY_TOKEN: "${{ inputs.identity-token }}"
-        GHA_SIGSTORE_PYTHON_SIGNATURE: "${{ inputs.signature }}"
-        GHA_SIGSTORE_PYTHON_CERTIFICATE: "${{ inputs.certificate }}"
-        GHA_SIGSTORE_PYTHON_BUNDLE: "${{ inputs.bundle }}"
         GHA_SIGSTORE_PYTHON_OIDC_CLIENT_ID: "${{ inputs.oidc-client-id }}"
         GHA_SIGSTORE_PYTHON_OIDC_CLIENT_SECRET: "${{ inputs.oidc-client-secret }}"
         GHA_SIGSTORE_PYTHON_STAGING: "${{ inputs.staging }}"