sigstore-python-conformance: Update wrapper (#85)

* sigstore-python-conformance: Update wrapper Signed-off-by: Alex Cameron <asc@tetsuo.sh> * conformance: 2.0.0rc1 Signed-off-by: William Woodruff <william@trailofbits.com> --------- Signed-off-by: Alex Cameron <asc@tetsuo.sh> Signed-off-by: William Woodruff <william@trailofbits.com> Co-authored-by: William Woodruff <william@trailofbits.com>
sigstore · Jun 26, 2023 · ea3a712 · ea3a712
1 parent fc98610
commit ea3a712
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 3 deletions.
diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml
@@ -11,11 +11,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
+
       - uses: actions/setup-python@v4
         with:
           python-version: "3.11"
+
       - name: install sigstore-python
-        run: pip install sigstore
+        # TODO: Remove this version pin once the 2.x series is released.
+        run: pip install sigstore==2.0.0rc1
+
       - name: conformance test sigstore-python
         uses: ./
         id: sigstore-conformance

diff --git a/sigstore-python-conformance b/sigstore-python-conformance
@@ -30,7 +30,14 @@ fixed_args = [
     ARG_REPLACEMENTS[arg] if arg in ARG_REPLACEMENTS else arg for arg in fixed_args
 ]
 
-# Prepend the `sigstore-python` executable name.
-fixed_args = ["sigstore"] + fixed_args
+# Fix-up the subcommand: the conformance suite uses `verify`, but
+# `sigstore` requires `verify identity` for identity based verifications.
+subcommand, *fixed_args = fixed_args
+if subcommand == "sign":
+    fixed_args = ["sigstore", "sign", *fixed_args]
+elif subcommand == "verify":
+    fixed_args = ["sigstore", "verify", "identity", *fixed_args]
+else:
+    raise ValueError(f"unsupported subcommand: {subcommand}")
 
 subprocess.run(fixed_args, text=True, check=True)