Simplify trust policy and trust store setup for verification
FeynmanZhou opened this issue · comments
Feynman Zhou commented
In the Notation Verify action, users have to manually configure the trust policy and trust store in the workflow file and store the trustpolicy.json
and public certificate in the GitHub repository or other shared place.
This is cumbersome for CI/CD users. I think we should be able to simplify the trust policy and trust store setup for notation verify
action if these three enhancements are supported by Notation:
The ultimate experience would be execute notation verify
actions only without additional trust policy and trust store configuration in separate steps.