In the Notation Verify action, users have to manually configure the trust policy and trust store in the workflow file and store the trustpolicy.json and public certificate in the GitHub repository or other shared place.
This is cumbersome for CI/CD users. I think we should be able to simplify the trust policy and trust store setup for notation verify action if these three enhancements are supported by Notation:
The ultimate experience would be execute notation verify actions only without additional trust policy and trust store configuration in separate steps.
In the Notation Verify action, users have to manually configure the trust policy and trust store in the workflow file and store the
trustpolicy.jsonand public certificate in the GitHub repository or other shared place.This is cumbersome for CI/CD users. I think we should be able to simplify the trust policy and trust store setup for
notation verifyaction if these three enhancements are supported by Notation:notation policy initcommand is necessary for user experiences notation#653The ultimate experience would be execute
notation verifyactions only without additional trust policy and trust store configuration in separate steps.