From 171ea739c4f125ed20ce0f3134ed35dcbf3b6463 Mon Sep 17 00:00:00 2001 From: ybelMekk Date: Wed, 19 Oct 2022 00:30:48 +0200 Subject: [PATCH 01/15] add(intoto, commands, config): more accurate build time --- entrypoint.sh | 2 ++ pkg/commands/scan.go | 9 +++++++++ pkg/config/scan.go | 8 +++++--- pkg/intoto/provenance.go | 2 +- pkg/intoto/provenance_options.go | 2 +- 5 files changed, 18 insertions(+), 5 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index bdb6f9e..c9acf6f 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -2,6 +2,7 @@ setup() { echo "---------- Preparing pico-de-galo SLSA ----------" + buildStartedOn="$(date +%FT%TZ)" REPO_NAME="${INPUT_REPO_NAME##*/}" if [ -z "$REPO_NAME" ]; then @@ -67,6 +68,7 @@ scan() { --env-context "$ENVS" \ --subDir "$INPUT_REPO_SUB_DIR" \ --with-deps="$INPUT_DEPENDENCIES" \ + --build-started-on "$buildStartedOn" \ --remote-run } diff --git a/pkg/commands/scan.go b/pkg/commands/scan.go index ca30882..87c6fd7 100644 --- a/pkg/commands/scan.go +++ b/pkg/commands/scan.go @@ -16,6 +16,7 @@ import ( log "github.com/sirupsen/logrus" "github.com/spf13/cobra" "os" + "time" ) var ( @@ -27,6 +28,7 @@ var ( type ProvenanceConfig struct { WithDependencies bool + BuildStartedOn string } var scanCmd = &cobra.Command{ @@ -61,7 +63,13 @@ var scanCmd = &cobra.Command{ return err } + buildStartedOn, err := time.Parse(time.RFC3339, Config.BuildStartedOn) + if err != nil { + return fmt.Errorf("parsing build started on: %v", err) + } + scanConfiguration := &config.ScanConfiguration{ + BuildStartedOn: buildStartedOn, WorkDir: workDir, RepoName: PathFlags.Repo, Dependencies: deps, @@ -116,4 +124,5 @@ func init() { scanCmd.Flags().StringVar(&runnerContext, "runner-context", "", "context of runner") scanCmd.Flags().StringVar(&envContext, "env-context", "", "environmental variables of current context") scanCmd.Flags().BoolVar(&Config.WithDependencies, "with-deps", true, "specify if the cli should generate dependencies for a provenance") + scanCmd.Flags().StringVar(&Config.BuildStartedOn, "build-started-on", time.Now().UTC().Format(time.RFC3339), "the start time of the build") } diff --git a/pkg/config/scan.go b/pkg/config/scan.go index 8f36f8e..7f871e9 100644 --- a/pkg/config/scan.go +++ b/pkg/config/scan.go @@ -4,12 +4,14 @@ import ( "github.com/nais/salsa/pkg/build" "github.com/nais/salsa/pkg/vcs" "github.com/spf13/cobra" + "time" ) type ScanConfiguration struct { + BuildStartedOn time.Time + Cmd *cobra.Command + ContextEnvironment vcs.ContextEnvironment + Dependencies *build.ArtifactDependencies WorkDir string RepoName string - Dependencies *build.ArtifactDependencies - ContextEnvironment vcs.ContextEnvironment - Cmd *cobra.Command } diff --git a/pkg/intoto/provenance.go b/pkg/intoto/provenance.go index dbbc567..a367708 100644 --- a/pkg/intoto/provenance.go +++ b/pkg/intoto/provenance.go @@ -13,7 +13,7 @@ func GenerateSlsaPredicate(opts *ProvenanceOptions) *slsa.ProvenancePredicate { }, BuildType: opts.BuildType, BuildConfig: opts.BuildConfig, - Metadata: withMetadata(opts, time.Now().UTC()), + Metadata: withMetadata(opts, time.Now().UTC().Round(time.Second)), Materials: withMaterials(opts), } diff --git a/pkg/intoto/provenance_options.go b/pkg/intoto/provenance_options.go index da50b42..eeb6a65 100644 --- a/pkg/intoto/provenance_options.go +++ b/pkg/intoto/provenance_options.go @@ -29,7 +29,7 @@ type ProvenanceOptions struct { func CreateProvenanceOptions(scanCfg *config.ScanConfiguration) *ProvenanceOptions { opts := &ProvenanceOptions{ - BuildStartedOn: time.Now().UTC(), + BuildStartedOn: scanCfg.BuildStartedOn, BuilderId: DefaultBuildId, BuildType: AdHocBuildType, Dependencies: scanCfg.Dependencies, From cb5b37b13ee7fc84b7d72b9c29fe877184207695 Mon Sep 17 00:00:00 2001 From: ybelMekk Date: Wed, 19 Oct 2022 00:43:18 +0200 Subject: [PATCH 02/15] add(intoto, test): add buildStarted on --- pkg/intoto/provenance_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/intoto/provenance_test.go b/pkg/intoto/provenance_test.go index cddcb34..0ef5760 100644 --- a/pkg/intoto/provenance_test.go +++ b/pkg/intoto/provenance_test.go @@ -62,6 +62,7 @@ func TestGenerateSlsaPredicate(t *testing.T) { env := Environment() scanCfg := &config.ScanConfiguration{ + BuildStartedOn: time.Now().UTC().Round(time.Second), WorkDir: "", RepoName: "artifact", Dependencies: artDeps, From eaa986d747ad35ffbb2ee6d6e955e48f67a4f52f Mon Sep 17 00:00:00 2001 From: ybelMekk Date: Wed, 19 Oct 2022 23:27:40 +0200 Subject: [PATCH 03/15] fix(intoto): provenance tests --- pkg/intoto/provenance.go | 9 ++++----- pkg/intoto/provenance_options.go | 8 ++++++++ pkg/intoto/provenance_test.go | 13 +++++++++---- 3 files changed, 21 insertions(+), 9 deletions(-) diff --git a/pkg/intoto/provenance.go b/pkg/intoto/provenance.go index a367708..bdeff5c 100644 --- a/pkg/intoto/provenance.go +++ b/pkg/intoto/provenance.go @@ -1,8 +1,6 @@ package intoto import ( - "time" - slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2" ) @@ -13,7 +11,7 @@ func GenerateSlsaPredicate(opts *ProvenanceOptions) *slsa.ProvenancePredicate { }, BuildType: opts.BuildType, BuildConfig: opts.BuildConfig, - Metadata: withMetadata(opts, time.Now().UTC().Round(time.Second)), + Metadata: withMetadata(opts), Materials: withMaterials(opts), } @@ -25,11 +23,12 @@ func GenerateSlsaPredicate(opts *ProvenanceOptions) *slsa.ProvenancePredicate { return predicate } -func withMetadata(opts *ProvenanceOptions, buildFinished time.Time) *slsa.ProvenanceMetadata { +func withMetadata(opts *ProvenanceOptions) *slsa.ProvenanceMetadata { + finishedTime := opts.GetBuildFinishedOn() return &slsa.ProvenanceMetadata{ BuildInvocationID: opts.BuildInvocationId, BuildStartedOn: &opts.BuildStartedOn, - BuildFinishedOn: &buildFinished, + BuildFinishedOn: &finishedTime, Completeness: withCompleteness(opts), Reproducible: opts.Reproducible(), } diff --git a/pkg/intoto/provenance_options.go b/pkg/intoto/provenance_options.go index eeb6a65..b1690d2 100644 --- a/pkg/intoto/provenance_options.go +++ b/pkg/intoto/provenance_options.go @@ -20,6 +20,7 @@ type ProvenanceOptions struct { BuilderId string BuilderRepoDigest *slsa.ProvenanceMaterial BuildInvocationId string + BuildFinishedOn *time.Time BuildStartedOn time.Time BuildType string Dependencies *build.ArtifactDependencies @@ -124,3 +125,10 @@ func (in *ProvenanceOptions) Materials() bool { func (in *ProvenanceOptions) Reproducible() bool { return in.Environment() && in.Materials() && in.Parameters() } + +func (in *ProvenanceOptions) GetBuildFinishedOn() time.Time { + if in.BuildFinishedOn == nil { + return time.Now().UTC().Round(time.Second) + } + return *in.BuildFinishedOn +} diff --git a/pkg/intoto/provenance_test.go b/pkg/intoto/provenance_test.go index 0ef5760..f8be4e6 100644 --- a/pkg/intoto/provenance_test.go +++ b/pkg/intoto/provenance_test.go @@ -1,6 +1,7 @@ package intoto import ( + "fmt" "github.com/nais/salsa/pkg/build" "github.com/nais/salsa/pkg/config" "github.com/nais/salsa/pkg/vcs" @@ -62,7 +63,7 @@ func TestGenerateSlsaPredicate(t *testing.T) { env := Environment() scanCfg := &config.ScanConfiguration{ - BuildStartedOn: time.Now().UTC().Round(time.Second), + BuildStartedOn: time.Now().UTC().Round(time.Second).Add(-1 * time.Minute), WorkDir: "", RepoName: "artifact", Dependencies: artDeps, @@ -89,9 +90,13 @@ func TestGenerateSlsaPredicate(t *testing.T) { assert.Equal(t, test.builderId, slsaPredicate.Builder.ID) // metadata + fmt.Println(*slsaPredicate.Metadata.BuildStartedOn) + fmt.Println(slsaPredicate.Metadata.BuildStartedOn) + fmt.Println(*slsaPredicate.Metadata.BuildFinishedOn) + fmt.Println(slsaPredicate.Metadata.BuildFinishedOn) assert.Equal(t, test.buildInvocationId, slsaPredicate.Metadata.BuildInvocationID) - assert.Equal(t, test.buildTimerIsSet, time.Now().UTC().After(*slsaPredicate.Metadata.BuildStartedOn)) - assert.Equal(t, test.buildTimerFinishedIsSet, time.Now().UTC().After(*slsaPredicate.Metadata.BuildFinishedOn)) + assert.Equal(t, test.buildTimerIsSet, *slsaPredicate.Metadata.BuildStartedOn != time.Time{}) + assert.Equal(t, test.buildTimerFinishedIsSet, *slsaPredicate.Metadata.BuildFinishedOn != time.Time{}) assert.Equal(t, true, slsaPredicate.Metadata.Reproducible) // completeness @@ -127,7 +132,7 @@ func TestGenerateSlsaPredicate(t *testing.T) { // metadata assert.Equal(t, test.buildInvocationId, slsaPredicate.Metadata.BuildInvocationID) assert.Equal(t, test.buildTimerIsSet, time.Now().UTC().After(*slsaPredicate.Metadata.BuildStartedOn)) - assert.Equal(t, test.buildTimerFinishedIsSet, time.Now().UTC().After(*slsaPredicate.Metadata.BuildFinishedOn)) + assert.Equal(t, test.buildTimerFinishedIsSet, slsaPredicate.Metadata.BuildFinishedOn.After(*slsaPredicate.Metadata.BuildStartedOn)) assert.Equal(t, false, slsaPredicate.Metadata.Reproducible) // completeness From 3c6ff03db23b710c9e289551daf8b761ad488a80 Mon Sep 17 00:00:00 2001 From: ybelMekk Date: Thu, 20 Oct 2022 00:27:40 +0200 Subject: [PATCH 04/15] merge main From 0d52ae5372d1133213f6a3699794bd3a81ab1742 Mon Sep 17 00:00:00 2001 From: ybelMekk Date: Thu, 20 Oct 2022 23:52:14 +0200 Subject: [PATCH 05/15] update(action.yml, entrypoint): use github event for created_at --- .../service-account-salsa-integration.yml | 22 +++++++++---------- action.yml | 7 ++++++ entrypoint.sh | 3 +-- 3 files changed, 19 insertions(+), 13 deletions(-) diff --git a/.github/workflows/service-account-salsa-integration.yml b/.github/workflows/service-account-salsa-integration.yml index bf0d871..c6006ed 100644 --- a/.github/workflows/service-account-salsa-integration.yml +++ b/.github/workflows/service-account-salsa-integration.yml @@ -1,20 +1,20 @@ name: nais Salsa integration -on: - workflow_run: - workflows: [Salsa build & release] - types: [completed] - branches: [main] +on: [push] + # workflow_run: + # workflows: [Salsa build & release] + # types: [completed] + # branches: [main] env: IMAGE: ttl.sh/nais/salsa-integration-test:1h jobs: - on-failure: - runs-on: ubuntu-20.04 - if: ${{ github.event.workflow_run.conclusion == 'failure' }} - steps: - - run: echo 'The triggering workflow failed' && exit 1 + # on-failure: + # runs-on: ubuntu-20.04 + # if: ${{ github.event.workflow_run.conclusion == 'failure' }} + # steps: + # - run: echo 'The triggering workflow failed' && exit 1 on-success-generate-provenance: runs-on: ubuntu-20.04 - if: ${{ github.event.workflow_run.conclusion == 'success' }} + # if: ${{ github.event.workflow_run.conclusion == 'success' }} steps: - run: echo 'The triggering workflow passed' - name: Checkout Code diff --git a/action.yml b/action.yml index 1b78571..2eba76a 100644 --- a/action.yml +++ b/action.yml @@ -25,6 +25,12 @@ inputs: required: false default: ${{ github.repository }} + build_started_on: + description: |- + Timestamp of when the build started. Defaults to "github.event.workflow_run.created_at". + required: false + default: ${{ github.event.workflow_run.created_at }} + key: description: |- The key used to sign the attestation. Cloud Provider KMS key path. @@ -90,3 +96,4 @@ runs: - ${{ inputs.docker_user }} - ${{ inputs.docker_pwd }} - ${{ inputs.dependencies }} + - ${{ inputs.build_started_on }} diff --git a/entrypoint.sh b/entrypoint.sh index c336abd..487c9ef 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -2,7 +2,6 @@ setup() { echo "---------- Preparing pico-de-galo SLSA ----------" - buildStartedOn="$(date +%FT%TZ)" REPO_NAME="${INPUT_REPO_NAME##*/}" if [ -z "$REPO_NAME" ]; then @@ -72,7 +71,7 @@ scan() { --env-context "$ENVS" \ --subDir "$INPUT_REPO_SUB_DIR" \ --with-deps="$INPUT_DEPENDENCIES" \ - --build-started-on "$buildStartedOn" \ + --build-started-on "$INPUT_BUILD_STARTED_ON" \ --remote-run } From b842a5f304e15d72a4e0c2c6db924cb2ced3ade2 Mon Sep 17 00:00:00 2001 From: ybelMekk Date: Mon, 24 Oct 2022 15:55:08 +0200 Subject: [PATCH 06/15] add(buildStartedOn): use github commit timestamp --- action.yml | 6 ++-- pkg/commands/scan.go | 10 ++----- pkg/config/scan.go | 3 +- pkg/intoto/provenance_options.go | 43 +++++++++++++++++++++++---- pkg/intoto/provenance_options_test.go | 1 + pkg/intoto/provenance_test.go | 3 +- pkg/vcs/environment.go | 1 + pkg/vcs/event.go | 18 +++++++++++ pkg/vcs/github_ci.go | 19 ++++++++++++ 9 files changed, 86 insertions(+), 18 deletions(-) diff --git a/action.yml b/action.yml index 2eba76a..51b0003 100644 --- a/action.yml +++ b/action.yml @@ -27,9 +27,11 @@ inputs: build_started_on: description: |- - Timestamp of when the build started. Defaults to "github.event.workflow_run.created_at". + Timestamp of when the build started. Defaults to last commit before workflow run, + if provided as input, the timestamp is added to salsa cli flag --build-started-on. + format: YYYY-MM-DDTHH:MM:SSZ (RFC3339) required: false - default: ${{ github.event.workflow_run.created_at }} + default: "" key: description: |- diff --git a/pkg/commands/scan.go b/pkg/commands/scan.go index 87c6fd7..9cabe31 100644 --- a/pkg/commands/scan.go +++ b/pkg/commands/scan.go @@ -16,7 +16,6 @@ import ( log "github.com/sirupsen/logrus" "github.com/spf13/cobra" "os" - "time" ) var ( @@ -63,13 +62,8 @@ var scanCmd = &cobra.Command{ return err } - buildStartedOn, err := time.Parse(time.RFC3339, Config.BuildStartedOn) - if err != nil { - return fmt.Errorf("parsing build started on: %v", err) - } - scanConfiguration := &config.ScanConfiguration{ - BuildStartedOn: buildStartedOn, + BuildStartedOn: Config.BuildStartedOn, WorkDir: workDir, RepoName: PathFlags.Repo, Dependencies: deps, @@ -124,5 +118,5 @@ func init() { scanCmd.Flags().StringVar(&runnerContext, "runner-context", "", "context of runner") scanCmd.Flags().StringVar(&envContext, "env-context", "", "environmental variables of current context") scanCmd.Flags().BoolVar(&Config.WithDependencies, "with-deps", true, "specify if the cli should generate dependencies for a provenance") - scanCmd.Flags().StringVar(&Config.BuildStartedOn, "build-started-on", time.Now().UTC().Format(time.RFC3339), "the start time of the build") + scanCmd.Flags().StringVar(&Config.BuildStartedOn, "build-started-on", "", "the start time of the build") } diff --git a/pkg/config/scan.go b/pkg/config/scan.go index 7f871e9..fc3c287 100644 --- a/pkg/config/scan.go +++ b/pkg/config/scan.go @@ -4,11 +4,10 @@ import ( "github.com/nais/salsa/pkg/build" "github.com/nais/salsa/pkg/vcs" "github.com/spf13/cobra" - "time" ) type ScanConfiguration struct { - BuildStartedOn time.Time + BuildStartedOn string Cmd *cobra.Command ContextEnvironment vcs.ContextEnvironment Dependencies *build.ArtifactDependencies diff --git a/pkg/intoto/provenance_options.go b/pkg/intoto/provenance_options.go index b1690d2..17ecdec 100644 --- a/pkg/intoto/provenance_options.go +++ b/pkg/intoto/provenance_options.go @@ -4,6 +4,7 @@ import ( "github.com/nais/salsa/pkg/build" "github.com/nais/salsa/pkg/config" "github.com/nais/salsa/pkg/vcs" + log "github.com/sirupsen/logrus" "time" slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2" @@ -30,14 +31,17 @@ type ProvenanceOptions struct { func CreateProvenanceOptions(scanCfg *config.ScanConfiguration) *ProvenanceOptions { opts := &ProvenanceOptions{ - BuildStartedOn: scanCfg.BuildStartedOn, - BuilderId: DefaultBuildId, - BuildType: AdHocBuildType, - Dependencies: scanCfg.Dependencies, - Name: scanCfg.RepoName, + // BuildStartedOn: scanCfg.BuildStartedOn, + BuilderId: DefaultBuildId, + BuildType: AdHocBuildType, + Dependencies: scanCfg.Dependencies, + Name: scanCfg.RepoName, } context := scanCfg.ContextEnvironment + + opts.BuildStartedOn = buildStartedOn(context, scanCfg.BuildStartedOn) + if context != nil { opts.BuildType = context.BuildType() opts.BuildInvocationId = context.BuildInvocationId() @@ -132,3 +136,32 @@ func (in *ProvenanceOptions) GetBuildFinishedOn() time.Time { } return *in.BuildFinishedOn } + +func buildStartedOn(context vcs.ContextEnvironment, inputBuildTime string) time.Time { + if inputBuildTime != "" { + return buildStarted(inputBuildTime) + } + + if context == nil { + return time.Now().UTC().Round(time.Second) + } + + lastCommitTime := context.GetLastCommitTime() + if lastCommitTime == "" { + log.Info("failed to find last commit time, using default start time") + return time.Now().UTC().Round(time.Second) + } + + return buildStarted(lastCommitTime) + +} + +func buildStarted(buildTime string) time.Time { + started, err := time.Parse(time.RFC3339, buildTime) + if err != nil { + log.Warnf("Failed to parse build time: %v, using default start time", err) + return time.Now().UTC().Round(time.Second) + } + + return started +} diff --git a/pkg/intoto/provenance_options_test.go b/pkg/intoto/provenance_options_test.go index 3c054e7..c8b9bca 100644 --- a/pkg/intoto/provenance_options_test.go +++ b/pkg/intoto/provenance_options_test.go @@ -63,6 +63,7 @@ func TestCreateProvenanceOptions(t *testing.T) { assert.NoError(t, err) env := Environment() scanCfg := &config.ScanConfiguration{ + BuildStartedOn: time.Now().UTC().Round(time.Second).Add(-10 * time.Minute).Format(time.RFC3339), WorkDir: "", RepoName: "artifact", Dependencies: artDeps, diff --git a/pkg/intoto/provenance_test.go b/pkg/intoto/provenance_test.go index f8be4e6..105fe2c 100644 --- a/pkg/intoto/provenance_test.go +++ b/pkg/intoto/provenance_test.go @@ -63,7 +63,7 @@ func TestGenerateSlsaPredicate(t *testing.T) { env := Environment() scanCfg := &config.ScanConfiguration{ - BuildStartedOn: time.Now().UTC().Round(time.Second).Add(-1 * time.Minute), + BuildStartedOn: time.Now().UTC().Round(time.Second).Add(-10 * time.Minute).Format(time.RFC3339), WorkDir: "", RepoName: "artifact", Dependencies: artDeps, @@ -111,6 +111,7 @@ func TestGenerateSlsaPredicate(t *testing.T) { } else { scanCfg := &config.ScanConfiguration{ + BuildStartedOn: time.Now().UTC().Round(time.Second).Add(-10 * time.Minute).Format(time.RFC3339), WorkDir: "", RepoName: "artifact", Dependencies: artDeps, diff --git a/pkg/vcs/environment.go b/pkg/vcs/environment.go index 143ea75..da62f99 100644 --- a/pkg/vcs/environment.go +++ b/pkg/vcs/environment.go @@ -10,4 +10,5 @@ type ContextEnvironment interface { UserDefinedParameters() *Event RepoUri() string Sha() string + GetLastCommitTime() string } diff --git a/pkg/vcs/event.go b/pkg/vcs/event.go index d4bd297..f2702a0 100644 --- a/pkg/vcs/event.go +++ b/pkg/vcs/event.go @@ -5,3 +5,21 @@ import "encoding/json" type Event struct { Inputs json.RawMessage `json:"inputs"` } + +type Commits struct { + Commits []Commit `json:"commits"` +} + +type Commit struct { + Timestamp string `json:"timestamp"` + After string `json:"after"` +} + +func (in *Event) GetCommits() ([]Commit, error) { + var commits []Commit + err := json.Unmarshal(in.Inputs, &commits) + if err != nil { + return nil, err + } + return commits, nil +} diff --git a/pkg/vcs/github_ci.go b/pkg/vcs/github_ci.go index 9e15fab..454a844 100644 --- a/pkg/vcs/github_ci.go +++ b/pkg/vcs/github_ci.go @@ -117,3 +117,22 @@ func (in *GithubCIEnvironment) NonReproducibleMetadata() *Metadata { }, } } + +func (in *GithubCIEnvironment) GetLastCommitTime() string { + if in.Event == nil { + return "" + } + + commits, err := in.Event.GetCommits() + if err != nil || len(commits) == 0 { + return "" + } + + for _, commit := range commits { + if commit.After == in.Sha() { + return commit.Timestamp + } + } + + return "" +} From 1b662fa8fcd2f497329a8cecbfb8275d6e11f2e2 Mon Sep 17 00:00:00 2001 From: ybelMekk Date: Wed, 26 Oct 2022 00:02:27 +0200 Subject: [PATCH 07/15] fix(intoto): failing test --- pkg/intoto/provenance_options_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/intoto/provenance_options_test.go b/pkg/intoto/provenance_options_test.go index c8b9bca..761d14b 100644 --- a/pkg/intoto/provenance_options_test.go +++ b/pkg/intoto/provenance_options_test.go @@ -87,6 +87,7 @@ func TestCreateProvenanceOptions(t *testing.T) { } else { scanCfg := &config.ScanConfiguration{ + BuildStartedOn: time.Now().UTC().Round(time.Second).Add(-10 * time.Minute).Format(time.RFC3339), WorkDir: "", RepoName: "artifact", Dependencies: artDeps, From 482a81e182c978b73c7776bad9899103262934ee Mon Sep 17 00:00:00 2001 From: ybelMekk Date: Sat, 29 Oct 2022 22:11:11 +0200 Subject: [PATCH 08/15] add(events, intoto): tests --- pkg/intoto/provenance_options.go | 6 +-- pkg/intoto/provenance_options_test.go | 2 +- pkg/intoto/provenance_test.go | 2 +- pkg/vcs/environment.go | 4 +- pkg/vcs/event.go | 41 +++++++++++++----- pkg/vcs/event_test.go | 26 ++++++++++++ pkg/vcs/github_ci.go | 22 ++++------ pkg/vcs/testdata/event-commit.json | 61 +++++++++++++++++++++++++++ 8 files changed, 134 insertions(+), 30 deletions(-) create mode 100644 pkg/vcs/event_test.go create mode 100644 pkg/vcs/testdata/event-commit.json diff --git a/pkg/intoto/provenance_options.go b/pkg/intoto/provenance_options.go index 17ecdec..7a1314b 100644 --- a/pkg/intoto/provenance_options.go +++ b/pkg/intoto/provenance_options.go @@ -107,11 +107,11 @@ func (in *ProvenanceOptions) Parameters() bool { return false } - if in.Invocation.Parameters.(*vcs.Event) == nil { + if in.Invocation.Parameters.(*vcs.EventInput) == nil { return false } - return in.Invocation.Parameters.(*vcs.Event).Inputs != nil + return in.Invocation.Parameters.(*vcs.EventInput).Inputs != nil } func (in *ProvenanceOptions) Environment() bool { @@ -146,7 +146,7 @@ func buildStartedOn(context vcs.ContextEnvironment, inputBuildTime string) time. return time.Now().UTC().Round(time.Second) } - lastCommitTime := context.GetLastCommitTime() + lastCommitTime := context.GetHeadCommitTime() if lastCommitTime == "" { log.Info("failed to find last commit time, using default start time") return time.Now().UTC().Round(time.Second) diff --git a/pkg/intoto/provenance_options_test.go b/pkg/intoto/provenance_options_test.go index 761d14b..48c8316 100644 --- a/pkg/intoto/provenance_options_test.go +++ b/pkg/intoto/provenance_options_test.go @@ -150,7 +150,7 @@ func Environment() *vcs.GithubCIEnvironment { ServerUrl: "https://github.com", EventName: "workflow_dispatch", }, - Event: &vcs.Event{ + Event: &vcs.EventInput{ Inputs: []byte("some user inputs"), }, RunnerContext: &github.RunnerContext{ diff --git a/pkg/intoto/provenance_test.go b/pkg/intoto/provenance_test.go index 105fe2c..c8d960c 100644 --- a/pkg/intoto/provenance_test.go +++ b/pkg/intoto/provenance_test.go @@ -79,7 +79,7 @@ func TestGenerateSlsaPredicate(t *testing.T) { // VCS Context assert.Equal(t, test.buildType, slsaPredicate.BuildType) assert.NotEmpty(t, slsaPredicate.Invocation) - i, err := slsaPredicate.Invocation.Parameters.(*vcs.Event).Inputs.MarshalJSON() + i, err := slsaPredicate.Invocation.Parameters.(*vcs.EventInput).Inputs.MarshalJSON() assert.NoError(t, err) assert.Equal(t, "some user inputs", string(i)) e := slsaPredicate.Invocation.Environment.(*vcs.Metadata) diff --git a/pkg/vcs/environment.go b/pkg/vcs/environment.go index da62f99..85a480b 100644 --- a/pkg/vcs/environment.go +++ b/pkg/vcs/environment.go @@ -7,8 +7,8 @@ type ContextEnvironment interface { Context() string CurrentFilteredEnvironment() map[string]string NonReproducibleMetadata() *Metadata - UserDefinedParameters() *Event + UserDefinedParameters() *EventInput RepoUri() string Sha() string - GetLastCommitTime() string + GetHeadCommitTime() string } diff --git a/pkg/vcs/event.go b/pkg/vcs/event.go index f2702a0..3ed531c 100644 --- a/pkg/vcs/event.go +++ b/pkg/vcs/event.go @@ -1,25 +1,46 @@ package vcs -import "encoding/json" +import ( + "encoding/json" +) -type Event struct { +type EventInput struct { Inputs json.RawMessage `json:"inputs"` } -type Commits struct { - Commits []Commit `json:"commits"` +type Event struct { + Event eventMetadata `json:"event"` +} + +type eventMetadata struct { + HeadCommit headCommit `json:"head_commit"` } -type Commit struct { +type headCommit struct { + Id string `json:"id"` Timestamp string `json:"timestamp"` - After string `json:"after"` } -func (in *Event) GetCommits() ([]Commit, error) { - var commits []Commit - err := json.Unmarshal(in.Inputs, &commits) +func NewEvent(metadata []byte) *EventInput { + return &EventInput{ + Inputs: metadata, + } +} + +func (in *EventInput) ParseEvent() (*Event, error) { + var event Event + err := json.Unmarshal(in.Inputs, &event) if err != nil { return nil, err } - return commits, nil + + return &event, nil +} + +func (in *Event) GetHeadCommitId() string { + return in.Event.HeadCommit.Id +} + +func (in *Event) GetHeadCommitTimestamp() string { + return in.Event.HeadCommit.Timestamp } diff --git a/pkg/vcs/event_test.go b/pkg/vcs/event_test.go new file mode 100644 index 0000000..d4468c5 --- /dev/null +++ b/pkg/vcs/event_test.go @@ -0,0 +1,26 @@ +package vcs + +import ( + "github.com/stretchr/testify/assert" + "os" + "testing" + "time" +) + +func TestEvenCommit(t *testing.T) { + metadata := commitMetadata(t) + event := NewEvent(metadata) + parsedEvent, err := event.ParseEvent() + assert.NoError(t, err) + assert.NotNil(t, parsedEvent) + assert.Equal(t, "d4cd018b2fe54d8308b78f2bb88db94ac57173ea", parsedEvent.GetHeadCommitId()) + _, err = time.Parse(time.RFC3339, parsedEvent.GetHeadCommitTimestamp()) + assert.NoError(t, err) + assert.Equal(t, "2022-10-21T11:26:55+02:00", parsedEvent.GetHeadCommitTimestamp()) +} + +func commitMetadata(t *testing.T) []byte { + metadata, err := os.ReadFile("testdata/event-commit.json") + assert.NoError(t, err) + return metadata +} diff --git a/pkg/vcs/github_ci.go b/pkg/vcs/github_ci.go index 454a844..8038832 100644 --- a/pkg/vcs/github_ci.go +++ b/pkg/vcs/github_ci.go @@ -11,7 +11,7 @@ const ( type GithubCIEnvironment struct { BuildContext *github.Context - Event *Event + Event *EventInput RunnerContext *github.RunnerContext BuildEnvironment *github.CurrentBuildEnvironment Actions *github.Actions @@ -44,10 +44,8 @@ func CreateGithubCIEnvironment(githubContext []byte, runnerContext, envsContext func BuildEnvironment(context *github.Context, runner *github.RunnerContext, current *github.CurrentBuildEnvironment) ContextEnvironment { return &GithubCIEnvironment{ - BuildContext: context, - Event: &Event{ - Inputs: context.Event, - }, + BuildContext: context, + Event: NewEvent(context.Event), RunnerContext: runner, BuildEnvironment: current, Actions: github.BuildId(GithubActionsBuildIdVersion), @@ -81,7 +79,7 @@ func (in *GithubCIEnvironment) BuilderId() string { return in.RepoUri() + in.Actions.SelfHostedIdSuffix } -func (in *GithubCIEnvironment) UserDefinedParameters() *Event { +func (in *GithubCIEnvironment) UserDefinedParameters() *EventInput { // Only possible user-defined parameters // This is unset/null for all other events. if in.BuildContext.EventName != "workflow_dispatch" { @@ -118,20 +116,18 @@ func (in *GithubCIEnvironment) NonReproducibleMetadata() *Metadata { } } -func (in *GithubCIEnvironment) GetLastCommitTime() string { +func (in *GithubCIEnvironment) GetHeadCommitTime() string { if in.Event == nil { return "" } - commits, err := in.Event.GetCommits() - if err != nil || len(commits) == 0 { + metadata, err := in.Event.ParseEvent() + if err != nil { return "" } - for _, commit := range commits { - if commit.After == in.Sha() { - return commit.Timestamp - } + if metadata.GetHeadCommitId() == in.Sha() { + return metadata.GetHeadCommitTimestamp() } return "" diff --git a/pkg/vcs/testdata/event-commit.json b/pkg/vcs/testdata/event-commit.json new file mode 100644 index 0000000..f1fcd07 --- /dev/null +++ b/pkg/vcs/testdata/event-commit.json @@ -0,0 +1,61 @@ +{ + "event": { + "after": "d4cd018b2fe54d8308b78f2bb88db94ac57173ea", + "base_ref": null, + "before": "a88fd9ea948a6ea1278ebcfd4b238283a72e12b0", + "commits": [ + { + "author": { + "email": "john.doe@emal.com", + "name": "jDoe", + "username": "jDoe" + }, + "committer": { + "email": "john.doe@emal.com", + "name": "jDoe", + "username": "jDoe" + }, + "distinct": true, + "id": "d4cd018b2fe54d8308b78f2bb88db94ac57173ea", + "message": "master commit", + "timestamp": "2022-10-21T11:26:55+02:00", + "tree_id": "1eb5ac4d731daeb199755932a5a2e126e10c80cc", + "url": "https://github.com/navikt/gandalf/commit/d4cd018b2fe54d8308b78f2bb88db94ac57173ea" + } + ], + "compare": "https://github.com/navikt/gandalf/compare/a88fd9ea948a...d4cd018b2fe5", + "created": false, + "deleted": false, + "enterprise": { + "avatar_url": "https://avatars.githubusercontent.com/b/371?v=4", + "created_at": "2019-06-26T11:17:54Z", + "description": "", + "html_url": "https://github.com/enterprises/nav", + "id": 371, + "name": "NAV", + "node_id": "MDEwOkVudGVycHJpc2UzNzE=", + "slug": "nav", + "updated_at": "2022-08-25T17:53:40Z", + "website_url": "https://nav.no" + }, + "forced": false, + "head_commit": { + "author": { + "email": "john.doe@emal.com", + "name": "jDoe", + "username": "jDoe" + }, + "committer": { + "email": "john.doe@emal.com", + "name": "jDoe", + "username": "jDoe" + }, + "distinct": true, + "id": "d4cd018b2fe54d8308b78f2bb88db94ac57173ea", + "message": "master commit", + "timestamp": "2022-10-21T11:26:55+02:00", + "tree_id": "1eb5ac4d731daeb199755932a5a2e126e10c80cc", + "url": "https://github.com/navikt/gandalf/commit/d4cd018b2fe54d8308b78f2bb88db94ac57173ea" + } + } +} \ No newline at end of file From b3f241138ffb3ae305336240405dbd5ced36b3ef Mon Sep 17 00:00:00 2001 From: ybelMekk Date: Sun, 30 Oct 2022 00:17:58 +0200 Subject: [PATCH 09/15] fix(events, intoto): clean up code --- pkg/intoto/provenance.go | 4 ++-- pkg/intoto/provenance_options.go | 8 +++----- pkg/intoto/provenance_test.go | 5 ----- 3 files changed, 5 insertions(+), 12 deletions(-) diff --git a/pkg/intoto/provenance.go b/pkg/intoto/provenance.go index bdeff5c..97b6579 100644 --- a/pkg/intoto/provenance.go +++ b/pkg/intoto/provenance.go @@ -24,11 +24,11 @@ func GenerateSlsaPredicate(opts *ProvenanceOptions) *slsa.ProvenancePredicate { } func withMetadata(opts *ProvenanceOptions) *slsa.ProvenanceMetadata { - finishedTime := opts.GetBuildFinishedOn() + timeFinished := opts.GetBuildFinishedOn() return &slsa.ProvenanceMetadata{ BuildInvocationID: opts.BuildInvocationId, BuildStartedOn: &opts.BuildStartedOn, - BuildFinishedOn: &finishedTime, + BuildFinishedOn: &timeFinished, Completeness: withCompleteness(opts), Reproducible: opts.Reproducible(), } diff --git a/pkg/intoto/provenance_options.go b/pkg/intoto/provenance_options.go index 7a1314b..600b90f 100644 --- a/pkg/intoto/provenance_options.go +++ b/pkg/intoto/provenance_options.go @@ -31,7 +31,6 @@ type ProvenanceOptions struct { func CreateProvenanceOptions(scanCfg *config.ScanConfiguration) *ProvenanceOptions { opts := &ProvenanceOptions{ - // BuildStartedOn: scanCfg.BuildStartedOn, BuilderId: DefaultBuildId, BuildType: AdHocBuildType, Dependencies: scanCfg.Dependencies, @@ -39,7 +38,6 @@ func CreateProvenanceOptions(scanCfg *config.ScanConfiguration) *ProvenanceOptio } context := scanCfg.ContextEnvironment - opts.BuildStartedOn = buildStartedOn(context, scanCfg.BuildStartedOn) if context != nil { @@ -146,13 +144,13 @@ func buildStartedOn(context vcs.ContextEnvironment, inputBuildTime string) time. return time.Now().UTC().Round(time.Second) } - lastCommitTime := context.GetHeadCommitTime() - if lastCommitTime == "" { + headCommitTime := context.GetHeadCommitTime() + if headCommitTime == "" { log.Info("failed to find last commit time, using default start time") return time.Now().UTC().Round(time.Second) } - return buildStarted(lastCommitTime) + return buildStarted(headCommitTime) } diff --git a/pkg/intoto/provenance_test.go b/pkg/intoto/provenance_test.go index c8d960c..bcd6d06 100644 --- a/pkg/intoto/provenance_test.go +++ b/pkg/intoto/provenance_test.go @@ -1,7 +1,6 @@ package intoto import ( - "fmt" "github.com/nais/salsa/pkg/build" "github.com/nais/salsa/pkg/config" "github.com/nais/salsa/pkg/vcs" @@ -90,10 +89,6 @@ func TestGenerateSlsaPredicate(t *testing.T) { assert.Equal(t, test.builderId, slsaPredicate.Builder.ID) // metadata - fmt.Println(*slsaPredicate.Metadata.BuildStartedOn) - fmt.Println(slsaPredicate.Metadata.BuildStartedOn) - fmt.Println(*slsaPredicate.Metadata.BuildFinishedOn) - fmt.Println(slsaPredicate.Metadata.BuildFinishedOn) assert.Equal(t, test.buildInvocationId, slsaPredicate.Metadata.BuildInvocationID) assert.Equal(t, test.buildTimerIsSet, *slsaPredicate.Metadata.BuildStartedOn != time.Time{}) assert.Equal(t, test.buildTimerFinishedIsSet, *slsaPredicate.Metadata.BuildFinishedOn != time.Time{}) From 14b47d6e466fd1015deec54cc361d9677147bc58 Mon Sep 17 00:00:00 2001 From: ybelMekk Date: Sun, 30 Oct 2022 21:32:38 +0100 Subject: [PATCH 10/15] fix(events, intoto): refactor code clean up tests --- README.md | 1 + action.yml | 4 +- pkg/commands/scan.go | 2 +- pkg/intoto/provenance_options.go | 10 ++-- pkg/intoto/provenance_options_test.go | 16 +++--- pkg/intoto/provenance_test.go | 11 ++-- pkg/vcs/environment.go | 3 +- pkg/vcs/event.go | 27 +++------- pkg/vcs/event_test.go | 8 +-- pkg/vcs/{github => }/github.go | 8 +-- pkg/vcs/{github => }/github_build.go | 2 +- pkg/vcs/{github => }/github_build_test.go | 2 +- pkg/vcs/github_ci.go | 50 ++++++++++--------- pkg/vcs/github_ci_test.go | 18 +++++-- pkg/vcs/{github => }/github_runner.go | 2 +- pkg/vcs/{github => }/github_runner_test.go | 18 +++---- pkg/vcs/{github => }/github_test.go | 6 +-- ...ent-commit.json => event-head-commit.json} | 4 ++ 18 files changed, 104 insertions(+), 88 deletions(-) rename pkg/vcs/{github => }/github.go (93%) rename pkg/vcs/{github => }/github_build.go (99%) rename pkg/vcs/{github => }/github_build_test.go (99%) rename pkg/vcs/{github => }/github_runner.go (97%) rename pkg/vcs/{github => }/github_runner_test.go (79%) rename pkg/vcs/{github => }/github_test.go (87%) rename pkg/vcs/testdata/{event-commit.json => event-head-commit.json} (95%) diff --git a/README.md b/README.md index a96905a..b7427fd 100644 --- a/README.md +++ b/README.md @@ -355,6 +355,7 @@ The Following inputs can be used as `step.with` keys | `dependencies` | Bool | true | Set to false if action should not create materials for dependencies (e.g. if build tool is unsupported or repo uses internal/private dependencies) | False | | `github_token` | String | "" | Token to authenticate and read private packages, the token must have read:packages scope | False | | `token_key_pattern` | String | "" | If a token is provided but the the key pattern is different from the default key pattern "GITHUB_TOKEN" | False | +| `build_started_on` | String | "" | Specify a workflow build start time | False | | `repo_dir` | String | $GITHUB_WORKSPACE | **Internal value (do not set):** Root of directory to look for build files | False | | `github_context` | String | ${{ toJSON(github) }} | **Internal value (do not set):** the [github context](#github-context) object in json | False | | `runner_context` | String | ${{ toJSON(runner) }} | **Internal value (do not set):** the [runner context](#runner-context) object in json | False | diff --git a/action.yml b/action.yml index 8d34450..9841f12 100644 --- a/action.yml +++ b/action.yml @@ -27,9 +27,9 @@ inputs: build_started_on: description: |- - Timestamp of when the build started. Defaults to last commit before workflow run, + Timestamp of when the build started. Defaults to head commit of workflow, if provided as input, the timestamp is added to salsa cli flag --build-started-on. - format: YYYY-MM-DDTHH:MM:SSZ (RFC3339) + Time format: YYYY-MM-DDTHH:MM:SSZ (RFC3339) required: false default: "" diff --git a/pkg/commands/scan.go b/pkg/commands/scan.go index 9cabe31..74ea473 100644 --- a/pkg/commands/scan.go +++ b/pkg/commands/scan.go @@ -118,5 +118,5 @@ func init() { scanCmd.Flags().StringVar(&runnerContext, "runner-context", "", "context of runner") scanCmd.Flags().StringVar(&envContext, "env-context", "", "environmental variables of current context") scanCmd.Flags().BoolVar(&Config.WithDependencies, "with-deps", true, "specify if the cli should generate dependencies for a provenance") - scanCmd.Flags().StringVar(&Config.BuildStartedOn, "build-started-on", "", "the start time of the build") + scanCmd.Flags().StringVar(&Config.BuildStartedOn, "build-started-on", "", "the actual start time of the build") } diff --git a/pkg/intoto/provenance_options.go b/pkg/intoto/provenance_options.go index 600b90f..489bf27 100644 --- a/pkg/intoto/provenance_options.go +++ b/pkg/intoto/provenance_options.go @@ -105,11 +105,11 @@ func (in *ProvenanceOptions) Parameters() bool { return false } - if in.Invocation.Parameters.(*vcs.EventInput) == nil { + if in.Invocation.Parameters.(*vcs.Event) == nil { return false } - return in.Invocation.Parameters.(*vcs.EventInput).Inputs != nil + return in.Invocation.Parameters.(*vcs.Event).EventMetadata != nil } func (in *ProvenanceOptions) Environment() bool { @@ -144,9 +144,13 @@ func buildStartedOn(context vcs.ContextEnvironment, inputBuildTime string) time. return time.Now().UTC().Round(time.Second) } + if context.GetEventMetadata() == nil { + return time.Now().UTC().Round(time.Second) + } + headCommitTime := context.GetHeadCommitTime() if headCommitTime == "" { - log.Info("failed to find last commit time, using default start time") + log.Warn("failed to find last commit time, using default start time") return time.Now().UTC().Round(time.Second) } diff --git a/pkg/intoto/provenance_options_test.go b/pkg/intoto/provenance_options_test.go index 48c8316..610dbe5 100644 --- a/pkg/intoto/provenance_options_test.go +++ b/pkg/intoto/provenance_options_test.go @@ -5,7 +5,6 @@ import ( "github.com/nais/salsa/pkg/build" "github.com/nais/salsa/pkg/config" "github.com/nais/salsa/pkg/vcs" - "github.com/nais/salsa/pkg/vcs/github" "github.com/spf13/cobra" "os" "testing" @@ -142,7 +141,7 @@ func ExpectedArtDeps(deps map[string]build.Dependency) *build.ArtifactDependenci func Environment() *vcs.GithubCIEnvironment { return &vcs.GithubCIEnvironment{ - BuildContext: &github.Context{ + BuildContext: &vcs.GithubContext{ Repository: "nais/salsa", RunId: "1234", SHA: "4321", @@ -150,15 +149,20 @@ func Environment() *vcs.GithubCIEnvironment { ServerUrl: "https://github.com", EventName: "workflow_dispatch", }, - Event: &vcs.EventInput{ - Inputs: []byte("some user inputs"), + Event: &vcs.Event{ + EventMetadata: &vcs.EventMetadata{ + HeadCommit: &vcs.HeadCommit{ + Id: "yolo", + Timestamp: "bolo", + }, + }, }, - RunnerContext: &github.RunnerContext{ + RunnerContext: &vcs.RunnerContext{ OS: "Linux", Temp: "/home/runner/work/_temp", ToolCache: "/opt/hostedtoolcache", }, - Actions: github.BuildId("v1"), + Actions: vcs.BuildId("v1"), } } diff --git a/pkg/intoto/provenance_test.go b/pkg/intoto/provenance_test.go index bcd6d06..569bb42 100644 --- a/pkg/intoto/provenance_test.go +++ b/pkg/intoto/provenance_test.go @@ -70,17 +70,16 @@ func TestGenerateSlsaPredicate(t *testing.T) { Cmd: nil, } - opts := CreateProvenanceOptions(scanCfg) - slsaPredicate := GenerateSlsaPredicate(opts) err := os.Setenv("GITHUB_ACTIONS", "true") assert.NoError(t, err) + opts := CreateProvenanceOptions(scanCfg) + slsaPredicate := GenerateSlsaPredicate(opts) - // VCS Context + // VCS GithubContext assert.Equal(t, test.buildType, slsaPredicate.BuildType) assert.NotEmpty(t, slsaPredicate.Invocation) - i, err := slsaPredicate.Invocation.Parameters.(*vcs.EventInput).Inputs.MarshalJSON() - assert.NoError(t, err) - assert.Equal(t, "some user inputs", string(i)) + assert.Equal(t, "yolo", slsaPredicate.Invocation.Parameters.(*vcs.Event).GetHeadCommitId()) + assert.Equal(t, "bolo", slsaPredicate.Invocation.Parameters.(*vcs.Event).GetHeadCommitTimestamp()) e := slsaPredicate.Invocation.Environment.(*vcs.Metadata) assert.NoError(t, err) assert.Equal(t, expectedMetadata(), e) diff --git a/pkg/vcs/environment.go b/pkg/vcs/environment.go index 85a480b..04b694e 100644 --- a/pkg/vcs/environment.go +++ b/pkg/vcs/environment.go @@ -7,8 +7,9 @@ type ContextEnvironment interface { Context() string CurrentFilteredEnvironment() map[string]string NonReproducibleMetadata() *Metadata - UserDefinedParameters() *EventInput + UserDefinedParameters() *Event RepoUri() string Sha() string GetHeadCommitTime() string + GetEventMetadata() *Event } diff --git a/pkg/vcs/event.go b/pkg/vcs/event.go index 3ed531c..61ba96f 100644 --- a/pkg/vcs/event.go +++ b/pkg/vcs/event.go @@ -4,43 +4,32 @@ import ( "encoding/json" ) -type EventInput struct { - Inputs json.RawMessage `json:"inputs"` -} - type Event struct { - Event eventMetadata `json:"event"` + EventMetadata *EventMetadata `json:"event"` } -type eventMetadata struct { - HeadCommit headCommit `json:"head_commit"` +type EventMetadata struct { + HeadCommit *HeadCommit `json:"head_commit"` } -type headCommit struct { +type HeadCommit struct { Id string `json:"id"` Timestamp string `json:"timestamp"` } -func NewEvent(metadata []byte) *EventInput { - return &EventInput{ - Inputs: metadata, - } -} - -func (in *EventInput) ParseEvent() (*Event, error) { +func ParseEvent(inputs []byte) (*Event, error) { var event Event - err := json.Unmarshal(in.Inputs, &event) + err := json.Unmarshal(inputs, &event.EventMetadata) if err != nil { return nil, err } - return &event, nil } func (in *Event) GetHeadCommitId() string { - return in.Event.HeadCommit.Id + return in.EventMetadata.HeadCommit.Id } func (in *Event) GetHeadCommitTimestamp() string { - return in.Event.HeadCommit.Timestamp + return in.EventMetadata.HeadCommit.Timestamp } diff --git a/pkg/vcs/event_test.go b/pkg/vcs/event_test.go index d4468c5..8347ee5 100644 --- a/pkg/vcs/event_test.go +++ b/pkg/vcs/event_test.go @@ -7,10 +7,10 @@ import ( "time" ) -func TestEvenCommit(t *testing.T) { +func TestEvenHeadCommit(t *testing.T) { metadata := commitMetadata(t) - event := NewEvent(metadata) - parsedEvent, err := event.ParseEvent() + context, err := ParseContext(metadata) + parsedEvent, err := ParseEvent(context.Event) assert.NoError(t, err) assert.NotNil(t, parsedEvent) assert.Equal(t, "d4cd018b2fe54d8308b78f2bb88db94ac57173ea", parsedEvent.GetHeadCommitId()) @@ -20,7 +20,7 @@ func TestEvenCommit(t *testing.T) { } func commitMetadata(t *testing.T) []byte { - metadata, err := os.ReadFile("testdata/event-commit.json") + metadata, err := os.ReadFile("testdata/event-head-commit.json") assert.NoError(t, err) return metadata } diff --git a/pkg/vcs/github/github.go b/pkg/vcs/github.go similarity index 93% rename from pkg/vcs/github/github.go rename to pkg/vcs/github.go index 907b425..d459115 100644 --- a/pkg/vcs/github/github.go +++ b/pkg/vcs/github.go @@ -1,11 +1,11 @@ -package github +package vcs import ( "encoding/json" "fmt" ) -type Context struct { +type GithubContext struct { Action string `json:"action"` Actor string `json:"actor"` Event json.RawMessage `json:"event"` @@ -24,8 +24,8 @@ type Context struct { Workspace string `json:"workspace"` } -func ParseContext(github []byte) (*Context, error) { - context := Context{} +func ParseContext(github []byte) (*GithubContext, error) { + context := GithubContext{} if len(github) == 0 { return nil, nil } diff --git a/pkg/vcs/github/github_build.go b/pkg/vcs/github_build.go similarity index 99% rename from pkg/vcs/github/github_build.go rename to pkg/vcs/github_build.go index fde1d16..8145a8a 100644 --- a/pkg/vcs/github/github_build.go +++ b/pkg/vcs/github_build.go @@ -1,4 +1,4 @@ -package github +package vcs import ( "encoding/base64" diff --git a/pkg/vcs/github/github_build_test.go b/pkg/vcs/github_build_test.go similarity index 99% rename from pkg/vcs/github/github_build_test.go rename to pkg/vcs/github_build_test.go index 534f575..46a7e64 100644 --- a/pkg/vcs/github/github_build_test.go +++ b/pkg/vcs/github_build_test.go @@ -1,4 +1,4 @@ -package github +package vcs import ( "encoding/base64" diff --git a/pkg/vcs/github_ci.go b/pkg/vcs/github_ci.go index 8038832..f01ea85 100644 --- a/pkg/vcs/github_ci.go +++ b/pkg/vcs/github_ci.go @@ -2,7 +2,6 @@ package vcs import ( "fmt" - "github.com/nais/salsa/pkg/vcs/github" ) const ( @@ -10,45 +9,50 @@ const ( ) type GithubCIEnvironment struct { - BuildContext *github.Context - Event *EventInput - RunnerContext *github.RunnerContext - BuildEnvironment *github.CurrentBuildEnvironment - Actions *github.Actions + BuildContext *GithubContext + Event *Event + RunnerContext *RunnerContext + BuildEnvironment *CurrentBuildEnvironment + Actions *Actions } func CreateGithubCIEnvironment(githubContext []byte, runnerContext, envsContext *string) (ContextEnvironment, error) { - context, err := github.ParseContext(githubContext) + context, err := ParseContext(githubContext) if err != nil { return nil, fmt.Errorf("parsing context: %w", err) } - runner, err := github.ParseRunner(runnerContext) + runner, err := ParseRunner(runnerContext) if err != nil { return nil, fmt.Errorf("parsing runner: %w", err) } + event, err := ParseEvent(context.Event) + if err != nil { + return nil, fmt.Errorf("parsing event: %w", err) + } + // Not required to build a CI environment - current := &github.CurrentBuildEnvironment{} + current := &CurrentBuildEnvironment{} if envsContext == nil || len(*envsContext) == 0 { - return BuildEnvironment(context, runner, current), nil + return BuildEnvironment(context, runner, current, event), nil } - current, err = github.ParseBuild(envsContext) + current, err = ParseBuild(envsContext) if err != nil { return nil, fmt.Errorf("parsing envs: %w", err) } - return BuildEnvironment(context, runner, current), nil + return BuildEnvironment(context, runner, current, event), nil } -func BuildEnvironment(context *github.Context, runner *github.RunnerContext, current *github.CurrentBuildEnvironment) ContextEnvironment { +func BuildEnvironment(context *GithubContext, runner *RunnerContext, current *CurrentBuildEnvironment, event *Event) ContextEnvironment { return &GithubCIEnvironment{ BuildContext: context, - Event: NewEvent(context.Event), + Event: event, RunnerContext: runner, BuildEnvironment: current, - Actions: github.BuildId(GithubActionsBuildIdVersion), + Actions: BuildId(GithubActionsBuildIdVersion), } } @@ -79,13 +83,14 @@ func (in *GithubCIEnvironment) BuilderId() string { return in.RepoUri() + in.Actions.SelfHostedIdSuffix } -func (in *GithubCIEnvironment) UserDefinedParameters() *EventInput { +func (in *GithubCIEnvironment) UserDefinedParameters() *Event { // Only possible user-defined parameters // This is unset/null for all other events. if in.BuildContext.EventName != "workflow_dispatch" { return nil } + // should be filtered to fit the information needed return in.Event } @@ -121,14 +126,13 @@ func (in *GithubCIEnvironment) GetHeadCommitTime() string { return "" } - metadata, err := in.Event.ParseEvent() - if err != nil { - return "" - } - - if metadata.GetHeadCommitId() == in.Sha() { - return metadata.GetHeadCommitTimestamp() + if in.Event.GetHeadCommitId() == in.Sha() { + return in.Event.GetHeadCommitTimestamp() } return "" } + +func (in *GithubCIEnvironment) GetEventMetadata() *Event { + return in.Event +} diff --git a/pkg/vcs/github_ci_test.go b/pkg/vcs/github_ci_test.go index 7b66a87..7e0d1b4 100644 --- a/pkg/vcs/github_ci_test.go +++ b/pkg/vcs/github_ci_test.go @@ -43,18 +43,28 @@ func TestCreateCIEnvironment(t *testing.T) { } assert.Equal(t, current, ci.CurrentFilteredEnvironment()) - result, err := ci.UserDefinedParameters().Inputs.MarshalJSON() - assert.NoError(t, err) + result := ci.UserDefinedParameters() assert.NotNil(t, result) assert.NotEmpty(t, "%s", result) assert.Equal(t, "Salsa CI", ci.Context()) } +func TestGetHeadCommitTime(t *testing.T) { + err := os.Setenv("GITHUB_ACTIONS", "true") + assert.NoError(t, err) + context := githubContext(t) + runner := runnerContext() + env := envC() + ci, err := CreateGithubCIEnvironment(context, &runner, &env) + assert.NoError(t, err) + assert.Equal(t, "2022-02-14T09:38:16+01:00", ci.GetHeadCommitTime()) +} + func githubContext(t *testing.T) []byte { - githubContext, err := os.ReadFile("testdata/github-context.json") + context, err := os.ReadFile("testdata/github-context.json") assert.NoError(t, err) - return githubContext + return context } func runnerContext() string { diff --git a/pkg/vcs/github/github_runner.go b/pkg/vcs/github_runner.go similarity index 97% rename from pkg/vcs/github/github_runner.go rename to pkg/vcs/github_runner.go index 0004a04..3be3738 100644 --- a/pkg/vcs/github/github_runner.go +++ b/pkg/vcs/github_runner.go @@ -1,4 +1,4 @@ -package github +package vcs import ( "encoding/base64" diff --git a/pkg/vcs/github/github_runner_test.go b/pkg/vcs/github_runner_test.go similarity index 79% rename from pkg/vcs/github/github_runner_test.go rename to pkg/vcs/github_runner_test.go index 06682e3..7d3d17a 100644 --- a/pkg/vcs/github/github_runner_test.go +++ b/pkg/vcs/github_runner_test.go @@ -1,4 +1,4 @@ -package github +package vcs import ( "encoding/base64" @@ -31,11 +31,11 @@ func TestParseRunnerFailContext(t *testing.T) { assert.EqualError(t, err, "unmarshal runner context json: invalid character 'Ê' looking for beginning of value") } -var RunnerTestContext = `{ - "os": "Linux", - "arch": "X64", - "name": "Hosted Agent", - "tool_cache": "/opt/hostedtoolcache", - "temp": "/home/runner/work/_temp", - "workspace": "/home/runner/work/nais-salsa-action" - }` +//var RunnerTestContext = `{ +// "os": "Linux", +// "arch": "X64", +// "name": "Hosted Agent", +// "tool_cache": "/opt/hostedtoolcache", +// "temp": "/home/runner/work/_temp", +// "workspace": "/home/runner/work/nais-salsa-action" +// }` diff --git a/pkg/vcs/github/github_test.go b/pkg/vcs/github_test.go similarity index 87% rename from pkg/vcs/github/github_test.go rename to pkg/vcs/github_test.go index 8b26371..f7c972f 100644 --- a/pkg/vcs/github/github_test.go +++ b/pkg/vcs/github_test.go @@ -1,4 +1,4 @@ -package github +package vcs import ( "github.com/stretchr/testify/assert" @@ -7,9 +7,9 @@ import ( ) func TestParseGithubContext(t *testing.T) { - githubContext, err := os.ReadFile("../testdata/github-context.json") + ctx, err := os.ReadFile("testdata/github-context.json") assert.NoError(t, err) - context, err := ParseContext(githubContext) + context, err := ParseContext(ctx) assert.NoError(t, err) assert.Equal(t, "90dc9f2bc4007d1099a941ba3d408d2c896fe8dd", context.SHA) diff --git a/pkg/vcs/testdata/event-commit.json b/pkg/vcs/testdata/event-head-commit.json similarity index 95% rename from pkg/vcs/testdata/event-commit.json rename to pkg/vcs/testdata/event-head-commit.json index f1fcd07..28bff02 100644 --- a/pkg/vcs/testdata/event-commit.json +++ b/pkg/vcs/testdata/event-head-commit.json @@ -1,4 +1,8 @@ { + "actor": "jdoe", + "workflow": "Salsa CI", + "head_ref": "", + "base_ref": "", "event": { "after": "d4cd018b2fe54d8308b78f2bb88db94ac57173ea", "base_ref": null, From 45d3ec3f1322a8d267a22328d0fb754b1699aa32 Mon Sep 17 00:00:00 2001 From: ybelMekk Date: Sun, 30 Oct 2022 22:32:56 +0100 Subject: [PATCH 11/15] clean(events, intoto): remove unused code --- pkg/vcs/github_runner_test.go | 9 --------- 1 file changed, 9 deletions(-) diff --git a/pkg/vcs/github_runner_test.go b/pkg/vcs/github_runner_test.go index 7d3d17a..93749a5 100644 --- a/pkg/vcs/github_runner_test.go +++ b/pkg/vcs/github_runner_test.go @@ -30,12 +30,3 @@ func TestParseRunnerFailContext(t *testing.T) { assert.Nil(t, context) assert.EqualError(t, err, "unmarshal runner context json: invalid character 'Ê' looking for beginning of value") } - -//var RunnerTestContext = `{ -// "os": "Linux", -// "arch": "X64", -// "name": "Hosted Agent", -// "tool_cache": "/opt/hostedtoolcache", -// "temp": "/home/runner/work/_temp", -// "workspace": "/home/runner/work/nais-salsa-action" -// }` From b71bec403b6652a50d8f43ad035eca2fb8324f5a Mon Sep 17 00:00:00 2001 From: ybelMekk Date: Sun, 30 Oct 2022 23:23:02 +0100 Subject: [PATCH 12/15] fix(events, intoto): simplify test --- pkg/commands/scan.go | 2 +- pkg/intoto/provenance_options.go | 10 +++------- pkg/intoto/provenance_options_test.go | 6 +++--- pkg/intoto/provenance_test.go | 2 +- pkg/vcs/environment.go | 3 +-- pkg/vcs/github_ci.go | 14 +------------- pkg/vcs/github_ci_test.go | 2 +- 7 files changed, 11 insertions(+), 28 deletions(-) diff --git a/pkg/commands/scan.go b/pkg/commands/scan.go index 74ea473..be6b57b 100644 --- a/pkg/commands/scan.go +++ b/pkg/commands/scan.go @@ -118,5 +118,5 @@ func init() { scanCmd.Flags().StringVar(&runnerContext, "runner-context", "", "context of runner") scanCmd.Flags().StringVar(&envContext, "env-context", "", "environmental variables of current context") scanCmd.Flags().BoolVar(&Config.WithDependencies, "with-deps", true, "specify if the cli should generate dependencies for a provenance") - scanCmd.Flags().StringVar(&Config.BuildStartedOn, "build-started-on", "", "the actual start time of the build") + scanCmd.Flags().StringVar(&Config.BuildStartedOn, "build-started-on", "", "set start time for the build") } diff --git a/pkg/intoto/provenance_options.go b/pkg/intoto/provenance_options.go index 489bf27..8500a7a 100644 --- a/pkg/intoto/provenance_options.go +++ b/pkg/intoto/provenance_options.go @@ -144,17 +144,13 @@ func buildStartedOn(context vcs.ContextEnvironment, inputBuildTime string) time. return time.Now().UTC().Round(time.Second) } - if context.GetEventMetadata() == nil { - return time.Now().UTC().Round(time.Second) - } + event := context.GetEvent() - headCommitTime := context.GetHeadCommitTime() - if headCommitTime == "" { - log.Warn("failed to find last commit time, using default start time") + if event == nil { return time.Now().UTC().Round(time.Second) } - return buildStarted(headCommitTime) + return buildStarted(event.GetHeadCommitTimestamp()) } diff --git a/pkg/intoto/provenance_options_test.go b/pkg/intoto/provenance_options_test.go index 610dbe5..099bf38 100644 --- a/pkg/intoto/provenance_options_test.go +++ b/pkg/intoto/provenance_options_test.go @@ -62,7 +62,7 @@ func TestCreateProvenanceOptions(t *testing.T) { assert.NoError(t, err) env := Environment() scanCfg := &config.ScanConfiguration{ - BuildStartedOn: time.Now().UTC().Round(time.Second).Add(-10 * time.Minute).Format(time.RFC3339), + BuildStartedOn: "", WorkDir: "", RepoName: "artifact", Dependencies: artDeps, @@ -73,7 +73,7 @@ func TestCreateProvenanceOptions(t *testing.T) { assert.Equal(t, "artifact", provenanceArtifact.Name) assert.Equal(t, test.buildType, provenanceArtifact.BuildType) assert.Equal(t, deps, provenanceArtifact.Dependencies.RuntimeDeps) - assert.Equal(t, test.buildTimerIsSet, time.Now().UTC().After(provenanceArtifact.BuildStartedOn)) + assert.Equal(t, "2022-02-14T09:38:16+01:00", provenanceArtifact.BuildStartedOn.Format(time.RFC3339)) assert.Equal(t, test.buildInvocationId, provenanceArtifact.BuildInvocationId) assert.Equal(t, test.buildConfig, provenanceArtifact.BuildConfig) assert.NotEmpty(t, provenanceArtifact.Invocation) @@ -153,7 +153,7 @@ func Environment() *vcs.GithubCIEnvironment { EventMetadata: &vcs.EventMetadata{ HeadCommit: &vcs.HeadCommit{ Id: "yolo", - Timestamp: "bolo", + Timestamp: "2022-02-14T09:38:16+01:00", }, }, }, diff --git a/pkg/intoto/provenance_test.go b/pkg/intoto/provenance_test.go index 569bb42..e818373 100644 --- a/pkg/intoto/provenance_test.go +++ b/pkg/intoto/provenance_test.go @@ -79,7 +79,7 @@ func TestGenerateSlsaPredicate(t *testing.T) { assert.Equal(t, test.buildType, slsaPredicate.BuildType) assert.NotEmpty(t, slsaPredicate.Invocation) assert.Equal(t, "yolo", slsaPredicate.Invocation.Parameters.(*vcs.Event).GetHeadCommitId()) - assert.Equal(t, "bolo", slsaPredicate.Invocation.Parameters.(*vcs.Event).GetHeadCommitTimestamp()) + assert.Equal(t, "2022-02-14T09:38:16+01:00", slsaPredicate.Invocation.Parameters.(*vcs.Event).GetHeadCommitTimestamp()) e := slsaPredicate.Invocation.Environment.(*vcs.Metadata) assert.NoError(t, err) assert.Equal(t, expectedMetadata(), e) diff --git a/pkg/vcs/environment.go b/pkg/vcs/environment.go index 04b694e..d735faa 100644 --- a/pkg/vcs/environment.go +++ b/pkg/vcs/environment.go @@ -10,6 +10,5 @@ type ContextEnvironment interface { UserDefinedParameters() *Event RepoUri() string Sha() string - GetHeadCommitTime() string - GetEventMetadata() *Event + GetEvent() *Event } diff --git a/pkg/vcs/github_ci.go b/pkg/vcs/github_ci.go index f01ea85..cd6d2ab 100644 --- a/pkg/vcs/github_ci.go +++ b/pkg/vcs/github_ci.go @@ -121,18 +121,6 @@ func (in *GithubCIEnvironment) NonReproducibleMetadata() *Metadata { } } -func (in *GithubCIEnvironment) GetHeadCommitTime() string { - if in.Event == nil { - return "" - } - - if in.Event.GetHeadCommitId() == in.Sha() { - return in.Event.GetHeadCommitTimestamp() - } - - return "" -} - -func (in *GithubCIEnvironment) GetEventMetadata() *Event { +func (in *GithubCIEnvironment) GetEvent() *Event { return in.Event } diff --git a/pkg/vcs/github_ci_test.go b/pkg/vcs/github_ci_test.go index 7e0d1b4..75ffc55 100644 --- a/pkg/vcs/github_ci_test.go +++ b/pkg/vcs/github_ci_test.go @@ -58,7 +58,7 @@ func TestGetHeadCommitTime(t *testing.T) { env := envC() ci, err := CreateGithubCIEnvironment(context, &runner, &env) assert.NoError(t, err) - assert.Equal(t, "2022-02-14T09:38:16+01:00", ci.GetHeadCommitTime()) + assert.Equal(t, "2022-02-14T09:38:16+01:00", ci.GetEvent().GetHeadCommitTimestamp()) } func githubContext(t *testing.T) []byte { From 238306be93d065c7d6a5889f0bb90b6d966d4147 Mon Sep 17 00:00:00 2001 From: ybelMekk Date: Sun, 30 Oct 2022 23:45:00 +0100 Subject: [PATCH 13/15] fix(events, intoto): revert workflow fix lint problems --- .../service-account-salsa-integration.yml | 20 +++++++++--------- pkg/build/jvm/gradle.go | 4 ++-- pkg/build/jvm/gradle_test.go | 6 +++--- pkg/build/jvm/mvn.go | 3 +-- .../.gradle/7.5.1/checksums/checksums.lock | Bin 17 -> 17 bytes pkg/commands/find.go | 5 ++--- pkg/vcs/event_test.go | 1 + 7 files changed, 19 insertions(+), 20 deletions(-) diff --git a/.github/workflows/service-account-salsa-integration.yml b/.github/workflows/service-account-salsa-integration.yml index 08baab8..50c5f92 100644 --- a/.github/workflows/service-account-salsa-integration.yml +++ b/.github/workflows/service-account-salsa-integration.yml @@ -1,17 +1,17 @@ name: nais Salsa integration -on: [push] - # workflow_run: - # workflows: [Salsa build & release] - # types: [completed] - # branches: [main] +on: + workflow_run: + workflows: [ Salsa build & release ] + types: [ completed ] + branches: [ main ] env: IMAGE: ttl.sh/nais/salsa-integration-test:1h jobs: - # on-failure: - # runs-on: ubuntu-20.04 - # if: ${{ github.event.workflow_run.conclusion == 'failure' }} - # steps: - # - run: echo 'The triggering workflow failed' && exit 1 + on-failure: + runs-on: ubuntu-20.04 + if: ${{ github.event.workflow_run.conclusion == 'failure' }} + steps: + - run: echo 'The triggering workflow failed' && exit 1 on-success-generate-provenance: runs-on: ubuntu-20.04 # if: ${{ github.event.workflow_run.conclusion == 'success' }} diff --git a/pkg/build/jvm/gradle.go b/pkg/build/jvm/gradle.go index 0494091..fe55b80 100644 --- a/pkg/build/jvm/gradle.go +++ b/pkg/build/jvm/gradle.go @@ -4,7 +4,7 @@ import ( "encoding/xml" "errors" "fmt" - "io/ioutil" + "os" "regexp" "strings" @@ -43,7 +43,7 @@ func (g Gradle) ResolveDeps(workDir string) (*build.ArtifactDependencies, error) return nil, fmt.Errorf("exec: %v\n", err) } - xmlData, err := ioutil.ReadFile(workDir + "/gradle/verification-metadata.xml") + xmlData, err := os.ReadFile(workDir + "/gradle/verification-metadata.xml") if err != nil { return nil, fmt.Errorf("readfile: %v\n", err) } diff --git a/pkg/build/jvm/gradle_test.go b/pkg/build/jvm/gradle_test.go index 8917ee9..808f65e 100644 --- a/pkg/build/jvm/gradle_test.go +++ b/pkg/build/jvm/gradle_test.go @@ -3,15 +3,15 @@ package jvm import ( "github.com/nais/salsa/pkg/build" "github.com/nais/salsa/pkg/build/test" - "io/ioutil" + "os" "testing" "github.com/stretchr/testify/assert" ) func TestGradleDeps(t *testing.T) { - gradleOutput, _ := ioutil.ReadFile("testdata/gradle_output.txt") - checksumXml, _ := ioutil.ReadFile("testdata/verification-metadata.xml") + gradleOutput, _ := os.ReadFile("testdata/gradle_output.txt") + checksumXml, _ := os.ReadFile("testdata/verification-metadata.xml") got, err := GradleDeps(string(gradleOutput), checksumXml) assert.NoError(t, err) want := map[string]build.Dependency{} diff --git a/pkg/build/jvm/mvn.go b/pkg/build/jvm/mvn.go index 68ea9eb..15496fc 100644 --- a/pkg/build/jvm/mvn.go +++ b/pkg/build/jvm/mvn.go @@ -3,7 +3,6 @@ package jvm import ( "crypto/sha256" "fmt" - "io/ioutil" "os" "path/filepath" "strings" @@ -86,7 +85,7 @@ func MavenCompileAndRuntimeTimeDeps(rootPath string) (map[string]build.Dependenc } func buildChecksum(file string) (build.CheckSum, error) { - content, err := ioutil.ReadFile(file) + content, err := os.ReadFile(file) if err != nil { return build.CheckSum{}, err } diff --git a/pkg/build/jvm/testdata/jvm/gradle/.gradle/7.5.1/checksums/checksums.lock b/pkg/build/jvm/testdata/jvm/gradle/.gradle/7.5.1/checksums/checksums.lock index aaf046367b586889320e80f0189bbe1fad2d02ce..402456c43dc9e0c898621c60cf27bb6a955659e6 100644 GIT binary patch literal 17 VcmZP$m}jz>Z|Z~p3}C<<3;;631fc)` literal 17 VcmZP$m}jz>Z|Z~p3}C<<2mms|1fKu^ diff --git a/pkg/commands/find.go b/pkg/commands/find.go index 144590d..91ff02f 100644 --- a/pkg/commands/find.go +++ b/pkg/commands/find.go @@ -5,7 +5,6 @@ import ( "fmt" "github.com/nais/salsa/pkg/dsse" "github.com/nais/salsa/pkg/intoto" - "io/ioutil" "os" "path/filepath" "strings" @@ -29,13 +28,13 @@ var findCmd = &cobra.Command{ } path := PathFlags.RepoDir - dirs, err := ioutil.ReadDir(path) + dirs, err := os.ReadDir(path) if err != nil { return fmt.Errorf("could not read dir %w", err) } for _, dir := range dirs { - files, err := ioutil.ReadDir(fmt.Sprintf("./%s/%s", path, dir.Name())) + files, err := os.ReadDir(fmt.Sprintf("./%s/%s", path, dir.Name())) if err != nil { return fmt.Errorf("could not read dir %w", err) } diff --git a/pkg/vcs/event_test.go b/pkg/vcs/event_test.go index 8347ee5..07b3cec 100644 --- a/pkg/vcs/event_test.go +++ b/pkg/vcs/event_test.go @@ -10,6 +10,7 @@ import ( func TestEvenHeadCommit(t *testing.T) { metadata := commitMetadata(t) context, err := ParseContext(metadata) + assert.NoError(t, err) parsedEvent, err := ParseEvent(context.Event) assert.NoError(t, err) assert.NotNil(t, parsedEvent) From 207595176ea13b9c642a7216af6ed323882861ed Mon Sep 17 00:00:00 2001 From: ybelMekk Date: Tue, 1 Nov 2022 11:09:08 +0100 Subject: [PATCH 14/15] fix(workflow): revert --- .github/workflows/service-account-salsa-integration.yml | 2 +- pkg/vcs/testdata/event-head-commit.json | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/service-account-salsa-integration.yml b/.github/workflows/service-account-salsa-integration.yml index 50c5f92..63581d5 100644 --- a/.github/workflows/service-account-salsa-integration.yml +++ b/.github/workflows/service-account-salsa-integration.yml @@ -14,7 +14,7 @@ jobs: - run: echo 'The triggering workflow failed' && exit 1 on-success-generate-provenance: runs-on: ubuntu-20.04 - # if: ${{ github.event.workflow_run.conclusion == 'success' }} + if: ${{ github.event.workflow_run.conclusion == 'success' }} steps: - run: echo 'The triggering workflow passed' - name: Checkout Code diff --git a/pkg/vcs/testdata/event-head-commit.json b/pkg/vcs/testdata/event-head-commit.json index 28bff02..599d2bc 100644 --- a/pkg/vcs/testdata/event-head-commit.json +++ b/pkg/vcs/testdata/event-head-commit.json @@ -24,7 +24,7 @@ "message": "master commit", "timestamp": "2022-10-21T11:26:55+02:00", "tree_id": "1eb5ac4d731daeb199755932a5a2e126e10c80cc", - "url": "https://github.com/navikt/gandalf/commit/d4cd018b2fe54d8308b78f2bb88db94ac57173ea" + "url": "https://github.com/navikt" } ], "compare": "https://github.com/navikt/gandalf/compare/a88fd9ea948a...d4cd018b2fe5", @@ -59,7 +59,7 @@ "message": "master commit", "timestamp": "2022-10-21T11:26:55+02:00", "tree_id": "1eb5ac4d731daeb199755932a5a2e126e10c80cc", - "url": "https://github.com/navikt/gandalf/commit/d4cd018b2fe54d8308b78f2bb88db94ac57173ea" + "url": "https://github.com/navikt" } } } \ No newline at end of file From b5b479fd365f99e4e91c3c149288bf62a2e9c3f2 Mon Sep 17 00:00:00 2001 From: ybelMekk Date: Fri, 4 Nov 2022 08:31:25 +0100 Subject: [PATCH 15/15] bump(workflow): action version --- .github/workflows/main.yml | 2 +- action.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 04a5fde..d5d83aa 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -10,7 +10,7 @@ on: - 'Makefile' env: - VERSION: v0.3 + VERSION: v0.4 IMAGE_NAME: ghcr.io/${{ github.repository }} COSIGN_VERSION: v1.13.1 SYFT_VERSION: v0.44.1 diff --git a/action.yml b/action.yml index 9841f12..4ed9de1 100644 --- a/action.yml +++ b/action.yml @@ -97,7 +97,7 @@ inputs: runs: using: 'docker' - image: 'docker://ghcr.io/nais/salsa:v0.3' + image: 'docker://ghcr.io/nais/salsa:v0.4' args: - ${{ inputs.repo_dir }} - ${{ inputs.repo_name }}