In https://github.com/enterprise-contract/ec-cli/pull/1577, we updated the TUF recordings used in the acceptance tests to use the staging deployment of Sigstore. This made it easier to manually refresh the data (required every 6 months). However, this means the image being tested is associated with my identity.
Let's create a GitHub Workflow that can execute the script to re-generate the test image and the TUF recordings, make it run periodically (monthly?), and submit a PR so all we have to do is merge it.
In https://github.com/enterprise-contract/ec-cli/pull/1577, we updated the TUF recordings used in the acceptance tests to use the staging deployment of Sigstore. This made it easier to manually refresh the data (required every 6 months). However, this means the image being tested is associated with my identity.
Let's create a GitHub Workflow that can execute the script to re-generate the test image and the TUF recordings, make it run periodically (monthly?), and submit a PR so all we have to do is merge it.
See this comment for additional context.
Acceptance Criteria