Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add integration tests for gh attestation verify shared workflow use case #9107

Merged
merged 8 commits into from
May 28, 2024
Merged

Add integration tests for gh attestation verify shared workflow use case #9107

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
0397786
add initial shared workflow use case tests and test data
malancas May 21, 2024
651c780
add more shared workflow tests
malancas May 22, 2024
fe7320c
cleanup tests
malancas May 22, 2024
204fecd
pr feedback, replace shared with reusable
malancas May 22, 2024
53359d5
Merge branch 'trunk' into attestation-verify-shared-workflow-tests
malancas May 22, 2024
a112593
use demo repository with reusable workflow tests
malancas May 24, 2024
f860c6a
Merge branch 'trunk' into attestation-verify-shared-workflow-tests
malancas May 24, 2024
ec85b50
Merge branch 'trunk' into attestation-verify-shared-workflow-tests
malancas May 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added pkg/cmd/attestation/test/data/reusable-workflow-artifact
View file
Open in desktop
Binary file not shown.
62 changes: 62 additions & 0 deletions pkg/cmd/attestation/test/data/reusable-workflow-attestation.sigstore.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
{
"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json",
"verificationMaterial": {
"tlogEntries": [
{
"logIndex": "96764485",
"logId": {
"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
},
"kindVersion": {
"kind": "dsse",
"version": "0.0.1"
},
"integratedTime": "1716578064",
"inclusionPromise": {
"signedEntryTimestamp": "MEUCIBnCAgBND2tf60dg5uvlw0EBbBRhFtMuP3YTRpIQj2hCAiEAmWSymilD/iY97X11tLGE/Jrs4/QZRttQl5D3IHYN8LA="
},
"inclusionProof": {
"logIndex": "92601054",
"rootHash": "WV7orTEdDpnb8KICQSRSexYSaLmAdRbXTg8+XqxWWKM=",
"treeSize": "92601055",
"hashes": [
"CB1xVx3PJNW+3zlLJ2FfIeZja6SZuS+CBsQCEl1mZig=",
"leemdxn7IXyI3q5qnApFVDe1ZvxriyA99ml3CUxZdMo=",
"BNjYNzNQTGe2feyWagoeovSY94wFKEvCwsDDSuzoFc8=",
"gYAfWQoQuzl03VxmY8Y3zYfncEwyL/PymMwBXa+7LZs=",
"CdX/d9Kws+qekjkNvppM9hV7QIjKwmJczmJluOKB1Eo=",
"PdM9YH9JZZGlnM6sSgQ4j241nCzAf4tHUdnVKxY2X30=",
"w1bdD4n0CWmWRMvbt7/8QhI/0ssitiB4Qmeqwbv7Qr0=",
"S0w2zc7ITyKJF8zP4N6Smews+cUnI/VSUDI3GWnvzKU=",
"cGxCXxLX5YX3M/3uGLofaY5t2NN03RonodHiEtVlZ3U=",
"o6CV1vxHmEXX1iLR5/z1R7XDl8m/IVrKD8CrdxzMfWw=",
"3fqMF47gbRivMozMOuE+dTj9UudYsqX4JcAhydLaReg=",
"Tg/ftnzNsPhNUlXIBEhRDG1F7eTihz/Ur47mvsRbz7g=",
"nPoKmHvc25emt5VYLI6G6uXL9un4iz3AWRbp0O/EjoE=",
"cX3Agx+hP66t1ZLbX/yHbfjU46/3m/VAmWyG/fhxAVc=",
"sjohk/3DQIfXTgf/5XpwtdF7yNbrf8YykOMHr1CyBYQ=",
"98enzMaC+x5oCMvIZQA5z8vu2apDMCFvE/935NfuPw8="
],
"checkpoint": {
"envelope": "rekor.sigstore.dev - 2605736670972794746\n92601055\nWV7orTEdDpnb8KICQSRSexYSaLmAdRbXTg8+XqxWWKM=\n\n— rekor.sigstore.dev wNI9ajBEAiBCgSIjeltjI7SNI4GdxgiZj+WQML61UMuVCiYMENL7UgIgZtS/hrR/3eEzhJAxFMuP1hymkxaOMT4UAYgiMLuje1I=\n"
}
},
"canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiZHNzZSIsInNwZWMiOnsiZW52ZWxvcGVIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiOWVhZGU5MWI0YjE4ZWIyNzg0M2E1MGQzMWY5MjQ1MzZlMjRmYzFkNDg2MDU0OGRhN2JiMDkzNGM3ZTJiM2Q1NiJ9LCJwYXlsb2FkSGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6IjNjMzZjNGE5OGZjNTU4MTg3YWM2MTc1ZWZkN2E3NmUwZjc2NDIwOWZkY2VjMGRhMzFhNDc5Y2E0MjY3MmM0ZmEifSwic2lnbmF0dXJlcyI6W3sic2lnbmF0dXJlIjoiTUVZQ0lRRHJTN3VRMTlOa1dGUERGMjc2ejFhY25zeStad3BSY1NYZTkyYVNjbUJVaUFJaEFNdXBVM1djSmRJVnVkWHBXTm9zU1FILzZLRncwMVc2MWh1WHZEbC9xYklFIiwidmVyaWZpZXIiOiJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VoUlJFTkRRbk5oWjBGM1NVSkJaMGxWVUdreGNHNVNjRFYyTDB3eFdtbFhSVEZ0T1dnMWJVSkdhVU00ZDBObldVbExiMXBKZW1vd1JVRjNUWGNLVG5wRlZrMUNUVWRCTVZWRlEyaE5UV015Ykc1ak0xSjJZMjFWZFZwSFZqSk5ValIzU0VGWlJGWlJVVVJGZUZaNllWZGtlbVJIT1hsYVV6RndZbTVTYkFwamJURnNXa2RzYUdSSFZYZElhR05PVFdwUmQwNVVTVEJOVkd0NFRrUkpNRmRvWTA1TmFsRjNUbFJKTUUxVWEzbE9SRWt3VjJwQlFVMUdhM2RGZDFsSUNrdHZXa2w2YWpCRFFWRlpTVXR2V2tsNmFqQkVRVkZqUkZGblFVVXZWMFptTTBOTWFtUktVV3N2Y1c5RGJHNHZTMlpUTVVscmVVdGhRbEJTU0hZM2FrNEtTR05TT0ZOV1RIcElNMU55U2poUGFETnVOMGRVV0ZkeGJrNTBUMkZuWlhkcWFqQm9iVmgxTUZkSFZEQXlSRVZ6YW1GUFEwSmxWWGRuWjFob1RVRTBSd3BCTVZWa1JIZEZRaTkzVVVWQmQwbElaMFJCVkVKblRsWklVMVZGUkVSQlMwSm5aM0pDWjBWR1FsRmpSRUY2UVdSQ1owNVdTRkUwUlVablVWVlVNell5Q2pVNU4waDVXR1YwTXpoSmRtMXZRVTVZZFZnd2FtOUZkMGgzV1VSV1VqQnFRa0puZDBadlFWVXpPVkJ3ZWpGWmEwVmFZalZ4VG1wd1MwWlhhWGhwTkZrS1drUTRkMmRaT0VkQk1WVmtSVkZGUWk5M1UwSm9SRU5DWjFsYUwyRklVakJqU0UwMlRIazVibUZZVW05a1YwbDFXVEk1ZEV3eVpIQmtSMmd4V1drNWFBcGpibEp3V20xR2FtUkRNV2hrU0ZKc1l6TlNhR1JIYkhaaWJrMTBaREk1ZVdFeVduTmlNMlI2VEhrMWJtRllVbTlrVjBsMlpESTVlV0V5V25OaU0yUjZDa3d5UmpCa1IxWjZaRU0xTldKWGVFRk5SR3hwVGtSck1WbDZUbTFOVkVwcVRucG5ORTFYU1hwWk1rMTRUbnBKZDA5WFJYcE5hbU16VDFSSmQwNXFWbW9LVFZkRmVGcEVRVFZDWjI5eVFtZEZSVUZaVHk5TlFVVkNRa04wYjJSSVVuZGplbTkyVEROU2RtRXlWblZNYlVacVpFZHNkbUp1VFhWYU1td3dZVWhXYVFwa1dFNXNZMjFPZG1KdVVteGlibEYxV1RJNWRFMUNPRWREYVhOSFFWRlJRbWMzT0hkQlVVbEZSVmhrZG1OdGRHMWlSemt6V0RKU2NHTXpRbWhrUjA1dkNrMUVXVWREYVhOSFFWRlJRbWMzT0hkQlVVMUZTMFJyTVZsdFJtMU5hbU42VDBSc2JFOUVUbXhPYlVVeFdYcFJORnBxVVhsYVZFVTFUVWRSTUU5SFVUTUtXVmRLYWxwWFJYaFBWMVYzVEdkWlMwdDNXVUpDUVVkRWRucEJRa0pCVVdkUmJsWndZa2RSWjB4NVFrSmtTRkpzWXpOUloweDVRbGRhV0Vwd1dtNXJad3BMUms1dldWaEtiRnBEYTNkSloxbExTM2RaUWtKQlIwUjJla0ZDUWxGUlZXSlhSbk5aVnpWcVdWaE5kbGxZVWpCYVdFNHdURmRTYkdKWE9IZElVVmxMQ2t0M1dVSkNRVWRFZG5wQlFrSm5VVkJqYlZadFkzazViMXBYUm10amVUbDBXVmRzZFUxRWMwZERhWE5IUVZGUlFtYzNPSGRCVVdkRlRGRjNjbUZJVWpBS1kwaE5Oa3g1T1RCaU1uUnNZbWsxYUZrelVuQmlNalY2VEcxa2NHUkhhREZaYmxaNldsaEthbUl5TlRCYVZ6VXdURzFPZG1KVVEwSnJRVmxMUzNkWlFncENRVWRFZG5wQlFrTlJVMEpuVVhndllVaFNNR05JVFRaTWVUbHVZVmhTYjJSWFNYVlpNamwwVERKa2NHUkhhREZaYVRsb1kyNVNjRnB0Um1wa1F6Rm9DbVJJVW14ak0xSm9aRWRzZG1KdVRYUmtNamw1WVRKYWMySXpaSHBNZVRWdVlWaFNiMlJYU1haa01qbDVZVEphYzJJelpIcE1Na1l3WkVkV2VtUkROVFVLWWxkNFFVMUViR2xPUkdzeFdYcE9iVTFVU21wT2VtYzBUVmRKZWxreVRYaE9la2wzVDFkRmVrMXFZek5QVkVsM1RtcFdhazFYUlhoYVJFRTBRbWR2Y2dwQ1owVkZRVmxQTDAxQlJVdENRMjlOUzBSQk5WbHFVVFZPVjAxNldtcEZlVmw2WXpSUFJFWnBUVEpPYWsxVVkzbE5SR3hvVFhwSk0wNTZhM2xOUkZreENsbDZSbWhOVjFGM1NGRlpTMHQzV1VKQ1FVZEVkbnBCUWtOM1VWQkVRVEZ1WVZoU2IyUlhTWFJoUnpsNlpFZFdhMDFFWTBkRGFYTkhRVkZSUW1jM09IY0tRVkYzUlV0UmQyNWhTRkl3WTBoTk5reDVPVzVoV0ZKdlpGZEpkVmt5T1hSTU1qRm9Za2RHZFZreVJucE1Na1l3WkVkV2VtUkRNV3RhVnpGMlRVUm5Sd3BEYVhOSFFWRlJRbWMzT0hkQlVUQkZTMmQzYjA5VVZtbFpWMWw1VG5wTk5FOVhWVFJOTWxVeVdWUldhazVFYUcxT1JFcHNUVlJyZDFwRVVUUmFSR1JvQ2xsdFRteFpWRVUxV2xSQlprSm5iM0pDWjBWRlFWbFBMMDFCUlU5Q1FrVk5SRE5LYkZwdVRYWmhSMVpvV2toTmRtSlhSbkJpYWtGYVFtZHZja0puUlVVS1FWbFBMMDFCUlZCQ1FYTk5RMVJuZDA1RVFUTk5SR042VGxSQmNrSm5iM0pDWjBWRlFWbFBMMDFCUlZGQ1FqQk5SekpvTUdSSVFucFBhVGgyV2pKc01BcGhTRlpwVEcxT2RtSlRPWFJaVjNob1ltMU9hR042UVZsQ1oyOXlRbWRGUlVGWlR5OU5RVVZTUWtGdlRVTkVSVEpOYWxFMFRWUlZlazFIVVVkRGFYTkhDa0ZSVVVKbk56aDNRVkpKUlZabmVGVmhTRkl3WTBoTk5reDVPVzVoV0ZKdlpGZEpkVmt5T1hSTU1qRm9Za2RHZFZreVJucE1Na1l3WkVkV2VtUkRNV3NLV2xjeGRreDVOVzVoV0ZKdlpGZEpkbVF5T1hsaE1scHpZak5rZWt3elRtOVpXRXBzV2tNMU5XSlhlRUZqYlZadFkzazViMXBYUm10amVUbDBXVmRzZFFwTlJHZEhRMmx6UjBGUlVVSm5OemgzUVZKTlJVdG5kMjlQVkZacFdWZFplVTU2VFRSUFYxVTBUVEpWTWxsVVZtcE9SR2h0VGtSS2JFMVVhM2RhUkZFMENscEVaR2haYlU1c1dWUkZOVnBVUVdoQ1oyOXlRbWRGUlVGWlR5OU5RVVZWUWtKTlRVVllaSFpqYlhSdFlrYzVNMWd5VW5Cak0wSm9aRWRPYjAxR2IwY0tRMmx6UjBGUlVVSm5OemgzUVZKVlJWUkJlRXRoU0ZJd1kwaE5Oa3g1T1c1aFdGSnZaRmRKZFZreU9YUk1NakZvWWtkR2RWa3lSbnBNTWtZd1pFZFdlZ3BrUXpGcldsY3hka3d5Um1wa1IyeDJZbTVOZG1OdVZuVmplVGcxVFdwSk5FOUVWVFJQVkZWNlRESkdNR1JIVm5SalNGSjZUSHBGZDBabldVdExkMWxDQ2tKQlIwUjJla0ZDUm1kUlNVUkJXbmRrVjBwellWZE5kMmRaYjBkRGFYTkhRVkZSUWpGdWEwTkNRVWxGWmtGU05rRklaMEZrWjBSa1VGUkNjWGh6WTFJS1RXMU5Xa2hvZVZwYWVtTkRiMnR3WlhWT05EaHlaaXRJYVc1TFFVeDViblZxWjBGQlFWa3JjMEp3Wlc5QlFVRkZRWGRDU0UxRlZVTkpRMk5XWlZNM1VncE9OWE5zTjNSbVJFZHFSMG96Y0hWd2RITmtZbnBIYW00MVJrUjJZbGRKYkZRdk5XdEJhVVZCYmxRd01EUnFTMkV5ZFVwT01HczRjRU5JUjJjNWRYb3hDbE4wTldGemN6QnJkVXRCWVZob2NIVmtabXQzUTJkWlNVdHZXa2w2YWpCRlFYZE5SR0ZCUVhkYVVVbDRRVXhzVnpSNlVXRTBWRGRUU205VFVTOTZSM2NLYlhaNmVtaHBXSGhSY21sSlJrbHpZMmRGYm1sMVoyNDJhVEJ4TDNFd1ZWRnZVMlIwZFZKM1pWaHdXbG94VVVsM1dIbDJVelZ2TkZVd1EwRldWU3RCUkFveVIwMWpWbGR4UXpFNFRYQk1jazFRTmpkUVUxZEdjVmhEZFU0MFRtNDFaMVpRVGxnd00zZHlVMHgyVFZkeldWQUtMUzB0TFMxRlRrUWdRMFZTVkVsR1NVTkJWRVV0TFMwdExRbz0ifV19fQ=="
}
],
"timestampVerificationData": {
},
"certificate": {
"rawBytes": "MIIHQDCCBsagAwIBAgIUPi1pnRp5v/L1ZiWE1m9h5mBFiC8wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQwNTI0MTkxNDI0WhcNMjQwNTI0MTkyNDI0WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/WFf3CLjdJQk/qoCln/KfS1IkyKaBPRHv7jNHcR8SVLzH3SrJ8Oh3n7GTXWqnNtOagewjj0hmXu0WGT02DEsjaOCBeUwggXhMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUT362597HyXet38IvmoANXuX0joEwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wgY8GA1UdEQEB/wSBhDCBgYZ/aHR0cHM6Ly9naXRodWIuY29tL2dpdGh1Yi9hcnRpZmFjdC1hdHRlc3RhdGlvbnMtd29ya2Zsb3dzLy5naXRodWIvd29ya2Zsb3dzL2F0dGVzdC55bWxAMDliNDk1YzNmMTJjNzg4MWIzY2MxNzIwOWEzMjc3OTIwNjVjMWExZDA5BgorBgEEAYO/MAEBBCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tMB8GCisGAQQBg78wAQIEEXdvcmtmbG93X2Rpc3BhdGNoMDYGCisGAQQBg78wAQMEKDk1YmFmMjczODllODNlNmE1YzQ4ZjQyZTE5MGQ0OGQ3YWJjZWExOWUwLgYKKwYBBAGDvzABBAQgQnVpbGQgLyBBdHRlc3QgLyBWZXJpZnkgKFNoYXJlZCkwIgYKKwYBBAGDvzABBQQUbWFsYW5jYXMvYXR0ZXN0LWRlbW8wHQYKKwYBBAGDvzABBgQPcmVmcy9oZWFkcy9tYWluMDsGCisGAQQBg78wAQgELQwraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTCBkAYKKwYBBAGDvzABCQSBgQx/aHR0cHM6Ly9naXRodWIuY29tL2dpdGh1Yi9hcnRpZmFjdC1hdHRlc3RhdGlvbnMtd29ya2Zsb3dzLy5naXRodWIvd29ya2Zsb3dzL2F0dGVzdC55bWxAMDliNDk1YzNmMTJjNzg4MWIzY2MxNzIwOWEzMjc3OTIwNjVjMWExZDA4BgorBgEEAYO/MAEKBCoMKDA5YjQ5NWMzZjEyYzc4ODFiM2NjMTcyMDlhMzI3NzkyMDY1YzFhMWQwHQYKKwYBBAGDvzABCwQPDA1naXRodWItaG9zdGVkMDcGCisGAQQBg78wAQwEKQwnaHR0cHM6Ly9naXRodWIuY29tL21hbGFuY2FzL2F0dGVzdC1kZW1vMDgGCisGAQQBg78wAQ0EKgwoOTViYWYyNzM4OWU4M2U2YTVjNDhmNDJlMTkwZDQ4ZDdhYmNlYTE5ZTAfBgorBgEEAYO/MAEOBBEMD3JlZnMvaGVhZHMvbWFpbjAZBgorBgEEAYO/MAEPBAsMCTgwNDA3MDczNTArBgorBgEEAYO/MAEQBB0MG2h0dHBzOi8vZ2l0aHViLmNvbS9tYWxhbmNhczAYBgorBgEEAYO/MAERBAoMCDE2MjQ4MTUzMGQGCisGAQQBg78wARIEVgxUaHR0cHM6Ly9naXRodWIuY29tL21hbGFuY2FzL2F0dGVzdC1kZW1vLy5naXRodWIvd29ya2Zsb3dzL3NoYXJlZC55bWxAcmVmcy9oZWFkcy9tYWluMDgGCisGAQQBg78wARMEKgwoOTViYWYyNzM4OWU4M2U2YTVjNDhmNDJlMTkwZDQ4ZDdhYmNlYTE5ZTAhBgorBgEEAYO/MAEUBBMMEXdvcmtmbG93X2Rpc3BhdGNoMFoGCisGAQQBg78wARUETAxKaHR0cHM6Ly9naXRodWIuY29tL21hbGFuY2FzL2F0dGVzdC1kZW1vL2FjdGlvbnMvcnVucy85MjI4ODU4OTUzL2F0dGVtcHRzLzEwFgYKKwYBBAGDvzABFgQIDAZwdWJsaWMwgYoGCisGAQQB1nkCBAIEfAR6AHgAdgDdPTBqxscRMmMZHhyZZzcCokpeuN48rf+HinKALynujgAAAY+sBpeoAAAEAwBHMEUCICcVeS7RN5sl7tfDGjGJ3puptsdbzGjn5FDvbWIlT/5kAiEAnT004jKa2uJN0k8pCHGg9uz1St5ass0kuKAaXhpudfkwCgYIKoZIzj0EAwMDaAAwZQIxALlW4zQa4T7SJoSQ/zGwmvzzhiXxQriIFIscgEniugn6i0q/q0UQoSdtuRweXpZZ1QIwXyvS5o4U0CAVU+AD2GMcVWqC18MpLrMP67PSWFqXCuN4Nn5gVPNX03wrSLvMWsYP"
}
},
"dsseEnvelope": {
"payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCJzdWJqZWN0IjpbeyJuYW1lIjoiZ2l0aHViX3Byb3ZlbmFuY2VfZGVtby0wLjAuMC1weTMtbm9uZS1hbnkud2hsIiwiZGlnZXN0Ijp7InNoYTI1NiI6IjQ5YTNhYTYwNzVlMGY0OWY4Mjg0M2U3NGI1YmFhNjE0YWQyYTU4OGU2Njc1NjEyYmYxMDhhMGEwMDhjNWFjMjUifX1dLCJwcmVkaWNhdGVUeXBlIjoiaHR0cHM6Ly9zbHNhLmRldi9wcm92ZW5hbmNlL3YxIiwicHJlZGljYXRlIjp7ImJ1aWxkRGVmaW5pdGlvbiI6eyJidWlsZFR5cGUiOiJodHRwczovL3Nsc2EtZnJhbWV3b3JrLmdpdGh1Yi5pby9naXRodWItYWN0aW9ucy1idWlsZHR5cGVzL3dvcmtmbG93L3YxIiwiZXh0ZXJuYWxQYXJhbWV0ZXJzIjp7IndvcmtmbG93Ijp7InJlZiI6InJlZnMvaGVhZHMvbWFpbiIsInJlcG9zaXRvcnkiOiJodHRwczovL2dpdGh1Yi5jb20vbWFsYW5jYXMvYXR0ZXN0LWRlbW8iLCJwYXRoIjoiLmdpdGh1Yi93b3JrZmxvd3Mvc2hhcmVkLnltbCJ9fSwiaW50ZXJuYWxQYXJhbWV0ZXJzIjp7ImdpdGh1YiI6eyJldmVudF9uYW1lIjoid29ya2Zsb3dfZGlzcGF0Y2giLCJyZXBvc2l0b3J5X2lkIjoiODA0MDcwNzM1IiwicmVwb3NpdG9yeV9vd25lcl9pZCI6IjE2MjQ4MTUzIn19LCJyZXNvbHZlZERlcGVuZGVuY2llcyI6W3sidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9tYWxhbmNhcy9hdHRlc3QtZGVtb0ByZWZzL2hlYWRzL21haW4iLCJkaWdlc3QiOnsiZ2l0Q29tbWl0IjoiOTViYWYyNzM4OWU4M2U2YTVjNDhmNDJlMTkwZDQ4ZDdhYmNlYTE5ZSJ9fV19LCJydW5EZXRhaWxzIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2dpdGh1Yi5jb20vYWN0aW9ucy9ydW5uZXIvZ2l0aHViLWhvc3RlZCJ9LCJtZXRhZGF0YSI6eyJpbnZvY2F0aW9uSWQiOiJodHRwczovL2dpdGh1Yi5jb20vbWFsYW5jYXMvYXR0ZXN0LWRlbW8vYWN0aW9ucy9ydW5zLzkyMjg4NTg5NTMvYXR0ZW1wdHMvMSJ9fX19",
"payloadType": "application/vnd.in-toto+json",
"signatures": [
{
"sig": "MEYCIQDrS7uQ19NkWFPDF276z1acnsy+ZwpRcSXe92aScmBUiAIhAMupU3WcJdIVudXpWNosSQH/6KFw01W61huXvDl/qbIE"
}
]
}
}
68 changes: 68 additions & 0 deletions pkg/cmd/attestation/verify/verify_integration_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"github.com/cli/cli/v2/pkg/cmd/attestation/api"
"github.com/cli/cli/v2/pkg/cmd/attestation/artifact/oci"
"github.com/cli/cli/v2/pkg/cmd/attestation/io"
"github.com/cli/cli/v2/pkg/cmd/attestation/test"
"github.com/cli/cli/v2/pkg/cmd/attestation/verification"
"github.com/cli/cli/v2/pkg/cmd/factory"
"github.com/stretchr/testify/require"
Expand Down Expand Up @@ -80,3 +81,70 @@ func TestVerifyIntegration(t *testing.T) {
require.ErrorContains(t, err, "verifying with issuer \"sigstore.dev\": failed to verify certificate identity: no matching certificate identity found")
})
}

func TestVerifyIntegrationReusableWorkflow(t *testing.T) {
artifactPath := test.NormalizeRelativePath("../test/data/reusable-workflow-artifact")
bundlePath := test.NormalizeRelativePath("../test/data/reusable-workflow-attestation.sigstore.json")

logger := io.NewTestHandler()

sigstoreConfig := verification.SigstoreConfig{
Logger: logger,
}

cmdFactory := factory.New("test")

hc, err := cmdFactory.HttpClient()
if err != nil {
t.Fatal(err)
}

baseOpts := Options{
APIClient: api.NewLiveClient(hc, logger),
ArtifactPath: artifactPath,
BundlePath: bundlePath,
DigestAlgorithm: "sha256",
Logger: logger,
OCIClient: oci.NewLiveClient(),
OIDCIssuer: GitHubOIDCIssuer,
SigstoreVerifier: verification.NewLiveSigstoreVerifier(sigstoreConfig),
}

t.Run("with owner and valid reusable workflow SAN", func(t *testing.T) {
opts := baseOpts
opts.Owner = "malancas"
opts.SAN = "https://github.com/github/artifact-attestations-workflows/.github/workflows/attest.yml@09b495c3f12c7881b3cc17209a327792065c1a1d"

err := runVerify(&opts)
require.NoError(t, err)
})

t.Run("with owner and valid reusable workflow SAN regex", func(t *testing.T) {
opts := baseOpts
opts.Owner = "malancas"
opts.SANRegex = "^https://github.com/github/artifact-attestations-workflows/"

err := runVerify(&opts)
require.NoError(t, err)
})

t.Run("with repo and valid reusable workflow SAN", func(t *testing.T) {
opts := baseOpts
opts.Owner = "malancas"
opts.Repo = "malancas/attest-demo"
opts.SAN = "https://github.com/github/artifact-attestations-workflows/.github/workflows/attest.yml@09b495c3f12c7881b3cc17209a327792065c1a1d"

err := runVerify(&opts)
require.NoError(t, err)
})

t.Run("with repo and valid reusable workflow SAN regex", func(t *testing.T) {
opts := baseOpts
opts.Owner = "malancas"
opts.Repo = "malancas/attest-demo"
opts.SANRegex = "^https://github.com/github/artifact-attestations-workflows/"

err := runVerify(&opts)
require.NoError(t, err)
})
}
Loading