diff --git a/run_release.py b/run_release.py index 74b43965..b68e24fe 100755 --- a/run_release.py +++ b/run_release.py @@ -363,14 +363,21 @@ def check_sigstore_client(db: ReleaseShelf) -> None: ) _, stdout, _ = client.exec_command("python3 -m sigstore --version") sigstore_version = stdout.read(1000).decode() - sigstore_vermatch = re.match("^sigstore ([0-9.]+)", sigstore_version) - if not sigstore_vermatch or tuple( - int(part) for part in sigstore_vermatch.group(1).split(".") - ) < (3, 5): - raise ReleaseException( - f"Sigstore version not detected or not valid. " - f"Expecting 3.5.x or later: {sigstore_version}" - ) + check_sigstore_version(sigstore_version) + + +def check_sigstore_version(version: str) -> None: + version_match = re.match("^sigstore ([0-9.]+)", version) + if version_match: + version_tuple = tuple(int(part) for part in version_match.group(1).split(".")) + if (3, 6, 2) <= version_tuple < (4, 0): + # good version + return + + raise ReleaseException( + f"Sigstore version not detected or not valid. " + f"Expecting >= 3.6.2 and < 4.0.0, got: {version}" + ) def check_buildbots(db: ReleaseShelf) -> None: diff --git a/tests/test_run_release.py b/tests/test_run_release.py index 4b73b7f2..ab5e485f 100644 --- a/tests/test_run_release.py +++ b/tests/test_run_release.py @@ -11,6 +11,27 @@ from release import ReleaseShelf, Tag +@pytest.mark.parametrize( + "version", + ["sigstore 3.6.2", "sigstore 3.6.6"], +) +def test_check_sigstore_version_success(version) -> None: + # Verify runs with no exceptions + run_release.check_sigstore_version(version) + + +@pytest.mark.parametrize( + "version", + ["sigstore 3.4.0", "sigstore 3.6.0", "sigstore 4.0.0", ""], +) +def test_check_sigstore_version_exception(version) -> None: + with pytest.raises( + run_release.ReleaseException, + match="Sigstore version not detected or not valid", + ): + run_release.check_sigstore_version(version) + + @pytest.mark.parametrize( ["url", "expected"], [