Add nightly conformance test workflow (#3979)

* Add nightly conformance test workflow Signed-off-by: Cody Soyland <[email protected]> * Fix reference to github rest client, add link to failing test in issue body Signed-off-by: Cody Soyland <[email protected]> * Add workflow_dispatch for manually running Signed-off-by: Cody Soyland <[email protected]> * Tag codeowners in failure issue Signed-off-by: Cody Soyland <[email protected]> --------- Signed-off-by: Cody Soyland <[email protected]>
sigstore · Dec 18, 2024 · fa805ab · fa805ab
1 parent 45eba90
commit fa805ab
Showing 1 changed file with 73 additions and 0 deletions.
diff --git a/.github/workflows/conformance-nightly.yml b/.github/workflows/conformance-nightly.yml
@@ -0,0 +1,73 @@
+# Copyright 2024 The Sigstore Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Conformance Tests Nightly
+
+on:
+  schedule:
+    - cron: '0 0 * * *' # 12:00 AM UTC
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  issues: write
+
+jobs:
+  conformance:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+      - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
+        with:
+          go-version-file: 'go.mod'
+          check-latest: true
+
+      - run: make cosign conformance
+
+      - uses: sigstore/sigstore-conformance@main
+        with:
+          entrypoint: ${{ github.workspace }}/conformance
+
+      - name: Create Issue on Failure
+        if: failure()
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const { owner, repo } = context.repo;
+            const runId = context.runId;
+            const issueTitle = 'Conformance Tests Failed';
+            const issueBody = `The nightly conformance tests have failed. Please check the logs for more details.\n\nWorkflow run: https://github.com/${owner}/${repo}/actions/runs/${runId}\n\ncc @sigstore/security-response-team @sigstore/cosign-codeowners`;
+            const issueLabel = 'bug';
+
+            const existingIssues = await github.rest.issues.listForRepo({
+              owner,
+              repo,
+              state: 'open',
+              labels: issueLabel,
+            });
+
+            const issueExists = existingIssues.data.some(issue => issue.title === issueTitle);
+
+            if (!issueExists) {
+              await github.rest.issues.create({
+                owner,
+                repo,
+                title: issueTitle,
+                body: issueBody,
+                labels: [issueLabel],
+              });
+            }