fix: check for GITHUB_TOKEN instead of SIGSTORE_ID_TOKEN for github OIDC (#72)

the `SIGSTORE_ID_TOKEN` env var is not declared inside of github actions, however the block that does OIDC signing requires it, this changes it so that it matches for `GITHUB_TOKEN` in the second block instead of `SIGSTORE_ID_TOKEN`, (hopefully) using OIDC instead of pubkey auth
2024-02-18 18:45:34 -08:00 · 2024-02-18 18:45:34 -08:00 · 498deb6f37
commit 498deb6f37
parent 26abf21059
1 changed files with 4 additions and 1 deletions
--- a/src/commands/build.rs
+++ b/src/commands/build.rs
@ -593,6 +593,7 @@ fn sign_images(image_name: &str, tag: Option<&str>) -> Result<()> {
        env::var("CI_SERVER_PROTOCOL"),
        env::var("CI_SERVER_HOST"),
        env::var("SIGSTORE_ID_TOKEN"),
+        env::var("GITHUB_TOKEN"),
        env::var("GITHUB_EVENT_NAME"),
        env::var("GITHUB_REF_NAME"),
        env::var("GITHUB_WORKFLOW_REF"),
@ -609,6 +610,7 @@ fn sign_images(image_name: &str, tag: Option<&str>) -> Result<()> {
            _,
            _,
            _,
+            _,
        ) if ci_default_branch == ci_commit_ref => {
            trace!("CI_PROJECT_URL={ci_project_url}, CI_DEFAULT_BRANCH={ci_default_branch}, CI_COMMIT_REF_NAME={ci_commit_ref}, CI_SERVER_PROTOCOL={ci_server_protocol}, CI_SERVER_HOST={ci_server_host}");

@ -655,6 +657,7 @@ fn sign_images(image_name: &str, tag: Option<&str>) -> Result<()> {
            _,
            _,
            _,
+            _,
            Ok(_),
            Ok(github_event_name),
            Ok(github_ref_name),
@ -694,7 +697,7 @@ fn sign_images(image_name: &str, tag: Option<&str>) -> Result<()> {
                bail!("Failed to verify image!");
            }
        }
-        (_, _, _, _, _, _, Ok(github_event_name), Ok(github_ref_name), _, Ok(_))
+        (_, _, _, _, _, _, _, Ok(github_event_name), Ok(github_ref_name), _, Ok(_))
            if github_event_name != "pull_request"
                && (github_ref_name == "live" || github_ref_name == "main") =>
        {