use standard GitHub Actions debugging

I don't see the need for wheel reinvention.

https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging

Signed-off-by: Jan Chren ~rindeal <[email protected]>

Author: Jan Chren ~rindeal

.github/workflows/selftest.yml

@@ -34,7 +34,6 @@ jobs:
         id: sigstore-python
         with:
           inputs: ./test/artifact.txt
-          internal-be-careful-debug: true
       - name: Check outputs
         shell: bash
         run: |
@@ -56,7 +55,6 @@ jobs:
         id: sigstore-python
         with:
           inputs: ./test/artifact.txt
-          internal-be-careful-debug: true
       - name: Check outputs
         shell: bash
         run: |
@@ -85,7 +83,6 @@ jobs:
             ./test/artifact.txt
             ./test/white\ space.txt
             ./test/"more white space.txt"
-          internal-be-careful-debug: true
       - name: Check outputs
         shell: bash
         run: |
@@ -111,7 +108,6 @@ jobs:
         id: sigstore-python
         with:
           inputs: ${{ matrix.input }}
-          internal-be-careful-debug: true
       - name: Check failure
         env:
           XFAIL: ${{ steps.sigstore-python.outcome == 'failure' }}
@@ -132,7 +128,6 @@ jobs:
         with:
           inputs: ./test/artifact.txt
           staging: true
-          internal-be-careful-debug: true
       - name: Check outputs
         run: |
           [[ -f ./test/artifact.txt.sigstore.json ]] || exit 1
@@ -148,7 +143,6 @@ jobs:
         with:
           inputs: ./test/*.txt
           staging: true
-          internal-be-careful-debug: true
       - name: Check outputs
         run: |
           [[ -f ./test/artifact.txt.sigstore.json ]] || exit 1
@@ -171,7 +165,6 @@ jobs:
           # the user should have to pre-expand it for us.
           inputs: ./${TEST_DIR}/*.txt
           staging: true
-          internal-be-careful-debug: true
       - name: Check failure
         env:
           XFAIL: ${{ steps.sigstore-python.outcome == 'failure' }}
@@ -192,7 +185,6 @@ jobs:
         with:
           inputs: ./test/artifact*.txt ./test/another*.txt ./test/subdir/*.txt
           staging: true
-          internal-be-careful-debug: true
       - name: Check outputs
         run: |
           [[ -f ./test/artifact.txt.sigstore.json ]] || exit 1
@@ -216,7 +208,6 @@ jobs:
           inputs: ./test/artifact.txt
           staging: true
           upload-signing-artifacts: true
-          internal-be-careful-debug: true
       - uses: actions/download-artifact@v4
         with:
           name: "signing-artifacts-${{ github.job }}"
@@ -241,7 +232,6 @@ jobs:
           verify-cert-identity: https://github.com/sigstore/gh-action-sigstore-python/.github/workflows/selftest.yml@${{ github.ref }}
           verify-oidc-issuer: https://token.actions.githubusercontent.com
           staging: true
-          internal-be-careful-debug: true
 
   selftest-xfail-verify-missing-options:
     runs-on: ubuntu-latest
@@ -278,7 +268,6 @@ jobs:
           verify-oidc-issuer: ${{ matrix.config.verify-oidc-issuer }}
           verify-cert-identity: ${{ matrix.config.verify-cert-identity }}
           staging: true
-          internal-be-careful-debug: true
 
       - name: Check failure
         env:
@@ -312,7 +301,6 @@ jobs:
           inputs: ./test/artifact.txt
           identity-token: ${{ steps.get-oidc-token.outputs.identity-token }}
           staging: true
-          internal-be-careful-debug: true
 
   all-selftests-pass:
     if: always()

README.md

@@ -277,35 +277,6 @@ permissions:
 - uses: sigstore/[email protected]
 ```
 
-### Internal options
-<details>
-  <summary>⚠️ Internal options ⚠️</summary>
-
-  Everything below is considered "internal," which means that it
-  isn't part of the stable public settings and may be removed or changed at
-  any points. **You probably do not need these settings.**
-
-  All internal options are prefixed with `internal-be-careful-`.
-
-  #### `internal-be-careful-debug`
-
-  **Default**: `false`
-
-  The `internal-be-careful-debug` setting enables additional debug logs,
-  both within `sigstore-python` itself and the action's harness code. You can
-  use it to debug troublesome configurations.
-
-  Example:
-
-  ```yaml
-  - uses: sigstore/[email protected]
-    with:
-      inputs: file.txt
-      internal-be-careful-debug: true
-  ```
-
-</details>
-
 ## Licensing
 
 `gh-action-sigstore-python` is licensed under the Apache 2.0 License.

action.py

@@ -37,7 +37,7 @@
 _SUMMARY = Path(_summary_path).open("a")
 
 _RENDER_SUMMARY = os.getenv("GHA_SIGSTORE_PYTHON_SUMMARY", "true") == "true"
-_DEBUG = os.getenv("GHA_SIGSTORE_PYTHON_INTERNAL_BE_CAREFUL_DEBUG", "false") != "false"
+_DEBUG = os.getenv("ACTIONS_STEP_DEBUG", "false") == "true"
 
 _RELEASE_SIGNING_ARTIFACTS = (
     os.getenv("GHA_SIGSTORE_PYTHON_RELEASE_SIGNING_ARTIFACTS", "true") == "true"

action.yml

@@ -62,10 +62,6 @@ inputs:
     description: "attach all signing artifacts as release assets"
     required: false
     default: "true"
-  internal-be-careful-debug:
-    description: "run with debug logs (default false)"
-    required: false
-    default: "false"
 
 runs:
   using: "composite"
@@ -75,8 +71,6 @@ runs:
       run: |
         # NOTE: Sourced, not executed as a script.
         source "${GITHUB_ACTION_PATH}/setup/setup.bash"
-      env:
-        GHA_SIGSTORE_PYTHON_INTERNAL_BE_CAREFUL_DEBUG: "${{ inputs.internal-be-careful-debug }}"
       shell: bash
 
     - name: Run sigstore-python
@@ -97,7 +91,6 @@ runs:
         GHA_SIGSTORE_PYTHON_VERIFY_CERT_IDENTITY: "${{ inputs.verify-cert-identity }}"
         GHA_SIGSTORE_PYTHON_VERIFY_OIDC_ISSUER: "${{ inputs.verify-oidc-issuer }}"
         GHA_SIGSTORE_PYTHON_RELEASE_SIGNING_ARTIFACTS: "${{ inputs.release-signing-artifacts }}"
-        GHA_SIGSTORE_PYTHON_INTERNAL_BE_CAREFUL_DEBUG: "${{ inputs.internal-be-careful-debug }}"
         GHA_SIGSTORE_PYTHON_INPUTS: "${{ inputs.inputs }}"
       shell: bash
 

setup/setup.bash

@@ -22,8 +22,8 @@ die() {
 }
 
 debug() {
-  if [[ "${GHA_SIGSTORE_PYTHON_INTERNAL_BE_CAREFUL_DEBUG}" = "true" ]]; then
-    echo -e "\033[93mDEBUG: ${1}\033[0m"
+  if [[ "${ACTIONS_STEP_DEBUG}" == "true" ]]; then
+    echo "::debug::${*}"
   fi
 }