Sign releases with ambient credentials via Github Actions (#60)

* Use ambient credential detection when not explicitly supplied

Signed-off-by: Alex Cameron <asc@tetsuo.sh>

* Use ambient credentials in Github Actions release signing

Signed-off-by: Alex Cameron <asc@tetsuo.sh>

* Specify audience

Signed-off-by: Alex Cameron <asc@tetsuo.sh>

* Fix ambient unit tests

Signed-off-by: Alex Cameron <asc@tetsuo.sh>

* Update sigstore/_cli.py

Co-authored-by: Dustin Ingram <di@users.noreply.github.com>

* sigstore, test: build audience parameter programmatically

Signed-off-by: William Woodruff <william@trailofbits.com>

Co-authored-by: William Woodruff <william@trailofbits.com>
Co-authored-by: Dustin Ingram <di@users.noreply.github.com>

.github/workflows/release.yml

@@ -30,16 +30,8 @@ jobs:
         # until things are stabilized further
         python -m pip install .
 
-        # retrieve the OIDC identity
-        identity_token=$( \
-          curl -H \
-            "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
-            "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=sigstore" \
-          | jq -r .value \
-        )
-
-        # sign all package distributions using the OIDC identity
-        python -m sigstore sign --identity-token=${identity_token} dist/*
+        # sign all package distributions using the ambient OIDC identity
+        python -m sigstore sign dist/*
 
     - name: publish
       uses: pypa/gh-action-pypi-publish@master

sigstore/_cli.py

@@ -17,6 +17,7 @@
 import click
 
 from sigstore import sign, verify
+from sigstore._internal.oidc.ambient import detect_credential
 from sigstore._internal.oidc.oauth import get_identity_token
 
 
@@ -37,6 +38,13 @@ def main():
     "files", metavar="FILE [FILE ...]", type=click.File("rb"), nargs=-1, required=True
 )
 def _sign(files, identity_token, ctfe_pem):
+    # The order of precedence is as follows:
+    #
+    # 1) Explicitly supplied identity token
+    # 2) Ambient credential detected in the environment
+    # 3) Interactive OAuth flow
+    if not identity_token:
+        identity_token = detect_credential()
     if not identity_token:
         identity_token = get_identity_token()
 

sigstore/_internal/oidc/ambient.py

@@ -79,7 +79,11 @@ def detect_github() -> Optional[str]:
             "GitHub: missing or insufficient OIDC token permissions?"
         )
 
-    resp = requests.get(req_url, headers={"Authorization": f"bearer {req_token}"})
+    resp = requests.get(
+        req_url,
+        params={"audience": "sigstore"},
+        headers={"Authorization": f"bearer {req_token}"},
+    )
     try:
         resp.raise_for_status()
     except requests.HTTPError as http_error:

test/internal/oidc/test_ambient.py

@@ -67,7 +67,11 @@ def test_detect_github_request_fails(monkeypatch):
     ):
         ambient.detect_github()
     assert requests.get.calls == [
-        pretend.call("fakeurl", headers={"Authorization": "bearer faketoken"})
+        pretend.call(
+            "fakeurl",
+            params={"audience": "sigstore"},
+            headers={"Authorization": "bearer faketoken"},
+        )
     ]
 
 
@@ -88,7 +92,11 @@ def test_detect_github_bad_payload(monkeypatch):
     ):
         ambient.detect_github()
     assert requests.get.calls == [
-        pretend.call("fakeurl", headers={"Authorization": "bearer faketoken"})
+        pretend.call(
+            "fakeurl",
+            params={"audience": "sigstore"},
+            headers={"Authorization": "bearer faketoken"},
+        )
     ]
     assert resp.json.calls == [pretend.call()]
 
@@ -107,6 +115,10 @@ def test_detect_github(monkeypatch):
 
     assert ambient.detect_github() == "fakejwt"
     assert requests.get.calls == [
-        pretend.call("fakeurl", headers={"Authorization": "bearer faketoken"})
+        pretend.call(
+            "fakeurl",
+            params={"audience": "sigstore"},
+            headers={"Authorization": "bearer faketoken"},
+        )
     ]
     assert resp.json.calls == [pretend.call()]