e1d1c5e26e
any time a change is proposed or incrporated int the archive (main branch) this check runs and 1. checks if all certificates of the Time-stamping authorities are as expected 2. all new and historic time-stamps are valid
33 lines
1.2 KiB
YAML
33 lines
1.2 KiB
YAML
name: Validate Trusted Timestamps Actions Demo
|
|
run-name: ${{ gitea.actor }} is validating the trusted timestamps of all commits 🚀
|
|
on: [push]
|
|
|
|
variables:
|
|
EXPECTED_TRUSTANCHORS_HASH: "70a1c7e2fc62a0b62e44063f0e730b20b0f209d15c84b310ad06ce616c352829"
|
|
|
|
jobs:
|
|
Validate:
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 2
|
|
steps:
|
|
- name: Install extra software
|
|
run: |
|
|
apt-get update
|
|
apt-get install -y xxd
|
|
- name: Check out repository code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
- name: Setup timestamping authorities
|
|
run: |
|
|
git config --local timestamping.tsa0.url https://freetsa.org/tsr
|
|
bash -c 'yes | ./hooks/trust.sh https://freetsa.org/tsr'
|
|
git config --local timestamping.tsa1.url https://tsa.cesnet.cz:3162/tsa
|
|
bash -c 'yes | ./hooks/trust.sh https://tsa.cesnet.cz:3162/tsa'
|
|
- name: Check hashes of all trustanchors
|
|
run: |
|
|
./hooks/validate_trustanchors_hash.sh .git/hoqoks/trustanchors ${{ EXPECTED_TRUSTANCHORS_HASH }}
|
|
- name: Validate timestamps of all commits
|
|
run: |
|
|
./hooks/validate.sh --minversion 0
|