Test TUF DNS and TLS in actions

Author: stealthybox

.github/workflows/test.yaml

@@ -10,8 +10,16 @@ jobs:
   test-linux-amd64:
     runs-on: ubuntu-latest
     steps:
-      - name: Update CA certificates
-        run: sudo apt-get update && sudo apt-get install --reinstall -y ca-certificates
+      - name: Check TUF connectivity
+        run: |
+          echo google
+          nslookup tuf-repo-cdn.sigstore.dev 8.8.8.8
+          echo systemd-resolvd
+          nslookup tuf-repo-cdn.sigstore.dev 127.0.0.53
+          echo default
+          nslookup tuf-repo-cdn.sigstore.dev 127.0.0.53
+          echo TUF
+          curl -v --head https://tuf-repo-cdn.sigstore.dev/14.root.json
       - name: Test suite setup
         uses: fluxcd/gha-workflows/.github/actions/setup-kubernetes@v0.4.0
         with:

internal/controller/ocirepository_controller_test.go

@@ -2256,6 +2256,14 @@ func TestOCIRepository_reconcileSource_verifyOCISourceSignatureCosign(t *testing
 	}
 }
 
+func TestSigstoreTUFRepositoryTLSVerification(t *testing.T) {
+	resp, err := http.Get("https://tuf-repo-cdn.sigstore.dev/14.root.json")
+	if err != nil {
+		resp.Body.Close()
+		t.Fatalf("%v", err)
+	}
+}
+
 func TestOCIRepository_reconcileSource_verifyOCISourceSignature_keyless(t *testing.T) {
 	tests := []struct {
 		name             string