[attest] Fix spdx generation by passing through correct attestation

type. Previously our attestation type validation was converting the simple type to the full predicate URL (e.g. spdx -> https://spdx.dev/Document). This removes that tranformation so we're passing the right value to GenerateAttestation. Signed-off-by: Billy Lynch <billy@chainguard.dev>
sigstore · Oct 21, 2022 · 63a3ea8 · 63a3ea8
1 parent 6a3b4aa
commit 63a3ea8
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/cmd/gitsign-attest/main.go b/cmd/gitsign-attest/main.go
@@ -42,8 +42,9 @@ func main() {
 	flag.Parse()
 	ctx := context.Background()
 
-	at, err := options.ParsePredicateType(*attType)
-	if err != nil {
+	// Don't try to take the value - this will try to convert the short-form attestation type to it's
+	// full predicate URI.
+	if _, err := options.ParsePredicateType(*attType); err != nil {
 		log.Fatal(err)
 	}
 
@@ -85,6 +86,6 @@ func main() {
 
 	attestor := attest.NewAttestor(repo, sv, cosign.TLogUploadInTotoAttestation)
 
-	out, err := attestor.WriteFile(ctx, refName, sha, *path, at)
+	out, err := attestor.WriteFile(ctx, refName, sha, *path, *attType)
 	fmt.Println(out, err)
 }