Don't require a GitHub token - Githubissues

sigstore / sigstore-conformance

Conformance testing for Sigstore clients

https://sigstore.dev

7 stars 10 forks source link

Don't require a GitHub token #134

Closed jku closed 5 months ago

jku commented 6 months ago

The new extremely-dangerous-public-oidc-beacon current-token branch allows us to fetch the JWT without a GitHub token. This makes local testing easy, which makes developing the suite easier.

Changes:

git clone the beacon repo to get the token
Do this in a loop until token is valid (95% of the time the first try succeeds)
Cache the token so we only do this once in a test run
Remove all mention of github token in arguments, comments and docs

Some additional notes:

retry times are tweaked from the values upstream (and special values are set for the interactive case)
The caching could be smarter (could return cached value only if it's valid) but maybe this simple thing works?

Release Note

--github-token is no longer required to run signing tests

jku commented 6 months ago

This makes the test run significantly faster as well.

That is just a result of the caching which we could have done with the previous approach as well so it's kind of unrelated.