It's kind of hard to test out conformance or to start developing it further, especially without a bunch of Python experience. I think we should make it easier to get from "git clone" to "first successful test suite run"
Some specific points of friction:
virtual env in Makefile is not mentioned in README
It's not clear that I need to install sigstore-python to test the test suite locally.
is there a reason for --entrypoint to require an absolute path?
figuring out the correct xfail incantation on CLI requires quite a bit of investigation
Potential quick fixes:
Mention make dev and source env/bin/activate in Development section of README
add sigstore into dev-requirements.txt: this would mean workflows/ci.yml ends up installing sigstore without needing it but maybe that's fine
Add an example call like this into the README:
GHA_SIGSTORE_CONFORMANCE_XFAIL="test_verify_with_trust_root test_verify_dsse_bundle_with_trust_root" \
pytest test --skip-signing --entrypoint=$PWD/sigstore-python-conformance
It's kind of hard to test out conformance or to start developing it further, especially without a bunch of Python experience. I think we should make it easier to get from "git clone" to "first successful test suite run"
Some specific points of friction:
--entrypoint
to require an absolute path?Potential quick fixes:
make dev
andsource env/bin/activate
in Development section of READMEAdd an example call like this into the README:
cc @javanlacerda