name: Validate Trusted Timestamps Actions Demo
run-name: ${{ gitea.actor }} is validating the trusted timestamps of all commits 🚀
on: [push]

variables:
  EXPECTED_TRUSTANCHORS_HASH: "70a1c7e2fc62a0b62e44063f0e730b20b0f209d15c84b310ad06ce616c352829"

jobs:
  Validate:
    runs-on: ubuntu-latest
    timeout-minutes: 2
    steps:
      - name: Install extra software
        run: |
          apt-get update
          apt-get install -y xxd
      - name: Check out repository code
        uses: actions/checkout@v4
        with:
           fetch-depth: 0
      - name: Setup timestamping authorities
        run: |
          git config --local timestamping.tsa0.url https://freetsa.org/tsr
          bash -c 'yes | ./hooks/trust.sh https://freetsa.org/tsr'
          git config --local timestamping.tsa1.url https://tsa.cesnet.cz:3162/tsa
          bash -c 'yes | ./hooks/trust.sh https://tsa.cesnet.cz:3162/tsa'
      - name: Check hashes of all trustanchors
        run: |
          ./hooks/validate_trustanchors_hash.sh .git/hoqoks/trustanchors ${{ EXPECTED_TRUSTANCHORS_HASH }}
      - name: Validate timestamps of all commits
        run: |
          ./hooks/validate.sh --minversion 0