ci: notarize: Add --subject to statement creation (#44)

pdxjohnny · web-flow · commit 1a9922af9d65 · 2024-03-26T17:00:46.000-07:00
* ci: notarize: Add --subject to statement creation Related: #39 Signed-off-by: John Andersen <johnandersenpdx@gmail.com> * ci: notarize: on: pull request: Test against main PRs Related: #39 Signed-off-by: John Andersen <johnandersenpdx@gmail.com> * Revert "ci: notarize: on: pull request: Test against main PRs" Run actions/github-script@v6 Error: Error message: Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable at Function.<anonymous> (/home/runner/work/_actions/actions/github-script/v6/dist/index.js:585:23) at Generator.next (<anonymous>) at /home/runner/work/_actions/actions/github-script/v6/dist/index.js:522:71 at new Promise (<anonymous>) at __webpack_modules__.8041.__awaiter (/home/runner/work/_actions/actions/github-script/v6/dist/index.js:518:12) at Function.getIDToken (/home/runner/work/_actions/actions/github-script/v6/dist/index.js:571:16) at Object.<anonymous> (/home/runner/work/_actions/actions/github-script/v6/dist/index.js:421:46) at Generator.next (<anonymous>) at /home/runner/work/_actions/actions/github-script/v6/dist/index.js:133:71 at new Promise (<anonymous>) Error: Unhandled error: Error: Error message: Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable This reverts commit d4ea9ea. --------- Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
diff --git a/.github/workflows/notarize.yml b/.github/workflows/notarize.yml
@@ -15,6 +15,10 @@ on:
         description: 'Payload for claim'
         default: ''
         type: string
+      subject:
+        description: 'Subject for statement'
+        default: ''
+        type: string
   workflow_call:
     inputs:
       scitt-url:
@@ -23,6 +27,10 @@ on:
       payload:
         description: 'Payload for claim'
         type: string
+      subject:
+        description: 'Subject for statement'
+        default: ''
+        type: string
 
 jobs:
   notarize:
@@ -32,6 +40,7 @@ jobs:
     env:
       SCITT_URL: '${{ inputs.scitt-url || github.event.inputs.scitt-url }}'
       PAYLOAD: '${{ inputs.payload || github.event.inputs.payload }}'
+      SUBJECT: '${{ inputs.subject || github.event.inputs.subject }}'
     steps:
       - name: Set defaults if env vars not set (as happens with on.push trigger)
         run: |
@@ -41,6 +50,9 @@ jobs:
           if [[ "x${PAYLOAD}" = "x" ]]; then
             echo 'PAYLOAD={"key": "value"}' >> "${GITHUB_ENV}"
           fi
+          if [[ "x${SUBJECT}" = "x" ]]; then
+            echo 'SUBJECT=subject:value' >> "${GITHUB_ENV}"
+          fi
       - uses: actions/checkout@v4
       - name: Set up Python 3.8
         uses: actions/setup-python@v4
@@ -62,7 +74,7 @@ jobs:
             core.setOutput('token', await core.getIDToken(SCITT_URL));
       - name: Create claim
         run: |
-          scitt-emulator client create-claim --issuer did:web:example.org --content-type application/json --payload "${PAYLOAD}" --out claim.cose
+          scitt-emulator client create-claim --issuer did:web:example.org --subject "${SUBJECT}" --content-type application/json --payload "${PAYLOAD}" --out claim.cose
       - name: Submit claim
         env:
           OIDC_TOKEN: '${{ steps.github-oidc.outputs.token }}'
