added e2e test for pkcs11 token signing

Signed-off-by: Vivek Kumar Sahu <[email protected]>

add license

Signed-off-by: Vivek Kumar Sahu <[email protected]>

small fix

Signed-off-by: Vivek Kumar Sahu <[email protected]>

update shebang portable with cross platform

Signed-off-by: Vivek Kumar Sahu <[email protected]>

enable exit on error and xtrace mode

Signed-off-by: Vivek Kumar Sahu <[email protected]>

cleanup container

Signed-off-by: Vivek Kumar Sahu <[email protected]>

pkcs11 test with upcoming changes

Signed-off-by: Vivek Kumar Sahu <[email protected]>

run pkcs11 e2e test in a separate workflow

Signed-off-by: Vivek Kumar Sahu <[email protected]>

add pkcs11 test in separate workflow

Signed-off-by: Vivek Kumar Sahu <[email protected]>

Author: viveksahu26

.github/workflows/e2e-tests.yml

@@ -31,6 +31,9 @@ on:
   pull_request:
   workflow_dispatch:
 
+env:
+  GO_VERSION: '1.21'
+
 jobs:
   e2e-secrets:
     strategy:
@@ -73,3 +76,17 @@ jobs:
       - name: Run e2e_signblob_tsa_mtls.sh
         shell: bash
         run: make && PATH="$PWD:$PATH" ./test/e2e_signblob_tsa_mtls.sh
+
+  e2e-test-pkcs11:
+    name: Run pkcs11 e2e tests
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          check-latest: true
+
+      - name: Run pkcs11 end-to-end tests
+        run: ./test/e2e_test_pkcs11.sh

test/e2e_test_pkcs11.sh

@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# Copyright 2024 The Sigstore Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -ex
+
+# Test pkcs11 token signing
+CONTAINER_ID=$(docker run -dit --name softhsm -v $(pwd):/root/cosign -p 2345:2345 vegardit/softhsm2-pkcs11-proxy@sha256:557a65d2a14e3986f2389d36ddce75609cbd8fb7ee6cf08a78adcc8236c2a80e)
+
+docker exec -i $CONTAINER_ID /bin/bash << 'EOF'
+
+apk update
+
+# add make pcsc-lite-libs go command
+apk add make build-base go
+
+cd /root/cosign
+
+softhsm2-util --init-token --free --label "My Token" --pin 1234 --so-pin 1234
+go test -v -cover -coverprofile=./cover.out -tags=softhsm,pkcs11key -coverpkg github.com/sigstore/cosign/v2/pkg/cosign/pkcs11key test/pkcs11_test.go
+
+EOF
+
+cleanup_pkcs11() {
+    docker rm -f $CONTAINER_ID
+}
+
+trap cleanup_pkcs11 EXIT