diff --git a/action.yml b/action.yml index c955d64..d765d61 100644 --- a/action.yml +++ b/action.yml @@ -83,6 +83,7 @@ runs: using: "composite" steps: - name: Set up sigstore-python + id: setup run: | # NOTE: Sourced, not executed as a script. source "${GITHUB_ACTION_PATH}/setup/setup.bash" @@ -93,12 +94,13 @@ runs: - name: Run sigstore-python id: sigstore-python run: | - "${GITHUB_ACTION_PATH}/.action-env/bin/python" \ + "${VENV_PYTHON_PATH}" \ "${GITHUB_ACTION_PATH}/action.py" \ "${GHA_SIGSTORE_PYTHON_INPUTS}" env: # The year is 2023, and nonsense like this is still necessary on Windows. PYTHONUTF8: "1" + VENV_PYTHON_PATH: "${{ steps.setup.outputs.venv-python-path }}" GHA_SIGSTORE_PYTHON_IDENTITY_TOKEN: "${{ inputs.identity-token }}" GHA_SIGSTORE_PYTHON_SIGNATURE: "${{ inputs.signature }}" GHA_SIGSTORE_PYTHON_CERTIFICATE: "${{ inputs.certificate }}" diff --git a/setup/setup.bash b/setup/setup.bash index 19bd07b..a7a6310 100644 --- a/setup/setup.bash +++ b/setup/setup.bash @@ -50,6 +50,18 @@ min_vers=$(cut -d '.' -f2 <<< "${vers}") # therefore be subject to PEP 668. We use a virtual environment unconditionally # to prevent that kind of confusion. python -m venv "${GITHUB_ACTION_PATH}/.action-env" -"${GITHUB_ACTION_PATH}/.action-env/bin/python" -m pip install --requirement "${GITHUB_ACTION_PATH}/requirements.txt" -debug "sigstore-python: $("${GITHUB_ACTION_PATH}/.action-env/bin/python" -m sigstore --version)" +# Annoying: Windows venvs use a different structure, for unknown reasons. +if [[ -d "${GITHUB_ACTION_PATH}/.action-env/bin" ]]; then + VENV_PYTHON_PATH="${GITHUB_ACTION_PATH}/.action-env/bin/python" +else + VENV_PYTHON_PATH="${GITHUB_ACTION_PATH}/.action-env/Scripts/python" +fi + +"${VENV_PYTHON_PATH}" -m pip install --requirement "${GITHUB_ACTION_PATH}/requirements.txt" + +debug "sigstore-python: $("${VENV_PYTHON_PATH}" -m sigstore --version)" + +# Finally, propagate VENV_PYTHON_PATH so we can actually kick-start +# the extension from it. +echo "venv-python-path=${VENV_PYTHON_PATH}" >> "${GITHUB_OUTPUT}"