Move recipe.type one level up as buildType

Signed-off-by: Marco Franssen <marco.franssen@philips.com>
philips-labs · Nov 11, 2021 · 10c44b6 · 10c44b6
1 parent 9551b97
commit 10c44b6
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 10 deletions.
diff --git a/lib/github/github.go b/lib/github/github.go
@@ -10,8 +10,8 @@ const (
 	HostedIDSuffix = "/Attestations/GitHubHostedActions@v1"
 	// SelfHostedIDSuffix the GitHub self hosted attestation type
 	SelfHostedIDSuffix = "/Attestations/SelfHostedActions@v1"
-	// RecipeType the attestion type for a recipe
-	RecipeType = "https://github.com/Attestations/GitHubActionsWorkflow@v1"
+	// BuildType URI indicating what type of build was performed. It determines the meaning of invocation, buildConfig and materials.
+	BuildType = "https://github.com/Attestations/GitHubActionsWorkflow@v1"
 	// PayloadContentType used to define the Envelope content type
 	// See: https://github.com/in-toto/attestation#provenance-example
 	PayloadContentType = "application/vnd.in-toto+json"

diff --git a/lib/github/provenance.go b/lib/github/provenance.go
@@ -39,7 +39,7 @@ func (e *Environment) GenerateProvenanceStatement(ctx context.Context, artifactP
 		// NOTE: This is inexact as multiple workflows in a repo can have the same name.
 		// See https://github.com/github/feedback/discussions/4188
 		intoto.WithInvocation(
-			RecipeType,
+			BuildType,
 			e.Context.Workflow,
 			nil,
 			event.Inputs,

diff --git a/lib/github/provenance_test.go b/lib/github/provenance_test.go
@@ -271,6 +271,7 @@ func TestGenerateProvenance(t *testing.T) {
 	assert.Equal(intoto.StatementType, stmt.Type)
 
 	predicate := stmt.Predicate
+	assert.Equal(github.BuildType, predicate.BuildType)
 	assert.Equal(fmt.Sprintf("%s%s", repoURL, github.HostedIDSuffix), predicate.ID)
 	assert.Equal(materials, predicate.Materials)
 	assert.Equal(fmt.Sprintf("%s%s", repoURL, github.HostedIDSuffix), predicate.Builder.ID)
@@ -351,6 +352,7 @@ func TestGenerateProvenanceFromGitHubRelease(t *testing.T) {
 	assert.Equal(fmt.Sprintf("%s%s", repoURL, github.HostedIDSuffix), predicate.ID)
 	assert.Equal(materials, predicate.Materials)
 	assert.Equal(fmt.Sprintf("%s%s", repoURL, github.HostedIDSuffix), predicate.Builder.ID)
+	assert.Equal(github.BuildType, predicate.BuildType)
 
 	assertMetadata(assert, predicate.Metadata, ghContext, repoURL)
 	assertInvocation(assert, predicate.Invocation)
@@ -394,7 +396,6 @@ func TestGenerateProvenanceFromGitHubReleaseErrors(t *testing.T) {
 }
 
 func assertInvocation(assert *assert.Assertions, recipe intoto.Invocation) {
-	assert.Equal(github.RecipeType, recipe.Type)
 	assert.Equal(0, recipe.DefinedInMaterial)
 	assert.Equal("", recipe.EntryPoint)
 	assert.Nil(recipe.Environment)

diff --git a/lib/intoto/intoto.go b/lib/intoto/intoto.go
@@ -69,10 +69,10 @@ func WithMetadata(buildInvocationID string) StatementOption {
 }
 
 // WithInvocation sets the Predicate Invocation and Materials
-func WithInvocation(predicateType string, entryPoint string, environment json.RawMessage, arguments json.RawMessage, materials []Item) StatementOption {
+func WithInvocation(buildType, entryPoint string, environment json.RawMessage, arguments json.RawMessage, materials []Item) StatementOption {
 	return func(s *Statement) {
+		s.Predicate.BuildType = buildType
 		s.Predicate.Invocation = Invocation{
-			Type:       predicateType,
 			EntryPoint: entryPoint,
 			Arguments:  arguments,
 			// Subject to change and simplify https://github.com/slsa-framework/slsa/issues/178
@@ -109,6 +109,7 @@ type Subject struct {
 // A predicate has a required predicateType (TypeURI) identifying what the predicate means, plus an optional predicate (object) containing additional, type-dependent parameters.
 type Predicate struct {
 	Builder    `json:"builder"`
+	BuildType  string `json:"buildType"`
 	Metadata   `json:"metadata"`
 	Invocation `json:"invocation"`
 	Materials  []Item `json:"materials"`
@@ -135,7 +136,6 @@ type Metadata struct {
 
 // Invocation Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible).
 type Invocation struct {
-	Type              string          `json:"type"`
 	DefinedInMaterial int             `json:"definedInMaterial"`
 	EntryPoint        string          `json:"entryPoint"`
 	Arguments         json.RawMessage `json:"arguments"`

diff --git a/lib/intoto/intoto_test.go b/lib/intoto/intoto_test.go
@@ -13,7 +13,7 @@ func TestSLSAProvenanceStatement(t *testing.T) {
 	repoURI := "https://github.com/philips-labs/slsa-provenance-action"
 	builderID := repoURI + "/Attestations/GitHubHostedActions@v1"
 	buildInvocationID := repoURI + "/actions/runs/123498765"
-	recipeType := "https://github.com/Attestations/GitHubActionsWorkflow@v1"
+	buildType := "https://github.com/Attestations/GitHubActionsWorkflow@v1"
 
 	stmt := SLSAProvenanceStatement()
 	assert.Equal(SlsaPredicateType, stmt.PredicateType)
@@ -63,7 +63,7 @@ func TestSLSAProvenanceStatement(t *testing.T) {
 		WithSubject(make([]Subject, 1)),
 		WithBuilder(builderID),
 		WithInvocation(
-			recipeType,
+			buildType,
 			"CI workflow",
 			nil,
 			nil,
@@ -75,7 +75,7 @@ func TestSLSAProvenanceStatement(t *testing.T) {
 	assert.Equal(StatementType, stmt.Type)
 	assert.Len(stmt.Subject, 1)
 	assert.Equal(builderID, stmt.Predicate.Builder.ID)
-	assert.Equal(recipeType, i.Type)
+	assert.Equal(buildType, stmt.Predicate.BuildType)
 	assert.Equal("CI workflow", i.EntryPoint)
 	assert.Nil(i.Arguments)
 	assert.Equal(0, i.DefinedInMaterial)