Testing timestamp-authority from HEAD

[haydentherapper]

We test the timestamp authority CLI from HEAD (See

scaffolding/.github/workflows/test-release.yaml

Lines 136 to 162 in 4899361

	- name: Checkout TSA for testing.
	uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
	with:
	repository: sigstore/timestamp-authority
	path: ./src/github.com/sigstore/timestamp-authority
	- name: Build timestamp-cli
	working-directory: ./src/github.com/sigstore/timestamp-authority
	run: |
	go build -o ./timestamp-cli ./cmd/timestamp-cli
	- name: Exercise TSA
	working-directory: ./src/github.com/sigstore/timestamp-authority
	run: |
	curl ${{ env.TSA_URL }}/api/v1/timestamp/certchain > ts_chain.pem
	echo "myblob" > myblob
	if ! ./timestamp-cli --timestamp_server ${{ env.TSA_URL }} timestamp --hash sha256 --artifact myblob --out response.tsr ; then
	echo "failed to timestamp artifact"
	exit -1
	fi
	if ! ./timestamp-cli verify --timestamp response.tsr --artifact "myblob" --certificate-chain ts_chain.pem ; then
	echo "failed to verify timestamp"
	exit -1
	fi
	if ! ./timestamp-cli inspect --timestamp response.tsr --format json ; then
	echo "failed to inspect the timestamp"
	exit -1
	fi

, and

scaffolding/.github/workflows/test-action-tuf.yaml

Lines 87 to 112 in 4899361

	- name: Checkout TSA for testing.
	uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
	with:
	repository: sigstore/timestamp-authority
	path: ./src/github.com/sigstore/timestamp-authority
	- name: Build timestamp-cli
	working-directory: ./src/github.com/sigstore/timestamp-authority
	run: |
	go build -o ./timestamp-cli ./cmd/timestamp-cli
	- name: Exercise TSA
	working-directory: ./src/github.com/sigstore/timestamp-authority
	run: |
	curl ${{ env.TSA_URL }}/api/v1/timestamp/certchain > ts_chain.pem
	echo "myblob" > myblob
	if ! ./timestamp-cli --timestamp_server ${{ env.TSA_URL }} timestamp --hash sha256 --artifact myblob --out response.tsr ; then
	echo "failed to timestamp artifact"
	exit -1
	fi
	if ! ./timestamp-cli verify --timestamp response.tsr --artifact "myblob" --certificate-chain ts_chain.pem ; then
	echo "failed to verify timestamp"
	exit -1
	fi
	if ! ./timestamp-cli inspect --timestamp response.tsr --format json ; then
	echo "failed to inspect the timestamp"
	exit -1
	fi

and

scaffolding/.github/workflows/fulcio-rekor-kind.yaml

Lines 198 to 223 in 4899361

	- name: Checkout TSA for testing.
	uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
	with:
	repository: sigstore/timestamp-authority
	path: ./src/github.com/sigstore/timestamp-authority
	- name: Build timestamp-cli
	working-directory: ./src/github.com/sigstore/timestamp-authority
	run: |
	go build -o ./timestamp-cli ./cmd/timestamp-cli
	- name: Exercise TSA
	working-directory: ./src/github.com/sigstore/timestamp-authority
	run: |
	curl ${{ env.TSA_URL }}/api/v1/timestamp/certchain > ts_chain.pem
	echo "myblob" > myblob
	if ! ./timestamp-cli --timestamp_server ${{ env.TSA_URL }} timestamp --hash sha256 --artifact myblob --out response.tsr ; then
	echo "failed to timestamp artifact"
	exit -1
	fi
	if ! ./timestamp-cli verify --timestamp response.tsr --artifact "myblob" --certificate-chain ts_chain.pem ; then
	echo "failed to verify timestamp"
	exit -1
	fi
	if ! ./timestamp-cli inspect --timestamp response.tsr --format json ; then
	echo "failed to inspect the timestamp"
	exit -1
	fi

). If we make any breaking changes at HEAD, this breaks tests. As noted in sigstore/timestamp-authority#177, when we changed cert-chain to certificate-chain, this caused CI to break. I recommend checking out the latest released version and having dependabot handle updating to the latest release.

cc @vaikas @bobcallaway