From 529b570dae2336c1d413f4d95141ab1a73770458 Mon Sep 17 00:00:00 2001
From: saisatishkarra <saisatish.karra@konghq.com>
Date: Thu, 16 Nov 2023 08:19:12 -0600
Subject: [PATCH] fix typos

Signed-off-by: saisatishkarra <saisatish.karra@konghq.com>
---
 .../workflows/generator_container_slsa3.yml   | 33 ++++++++++---------
 internal/builders/container/README.md         |  6 ++--
 2 files changed, 21 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/generator_container_slsa3.yml b/.github/workflows/generator_container_slsa3.yml
index ff248d3afd..71406de894 100644
--- a/.github/workflows/generator_container_slsa3.yml
+++ b/.github/workflows/generator_container_slsa3.yml
@@ -28,18 +28,18 @@ defaults:
 on:
   workflow_call:
     secrets:
-      # Note: "This should only be used for high entropy values such as AWS Access Key.
-      # See https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container#workflow-inputs" for more information.
+      # Note: This should only be used for high entropy values such as AWS Access Key.
+      # See https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container#workflow-inputs for more information.
       registry-username:
         description: "Username to log into the container registry."
       registry-password:
         description: "Password to log in the container registry."
       image:
         description: "The OCI image name. This must not include a tag or digest."
-      # Note: "This should only be used for high entropy values such as AWS Access Key.
-      # See https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container#workflow-inputs" for more information.
+      # Note: This should only be used for high entropy values such as AWS Access Key.
+      # See https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container#workflow-inputs for more information.
       provenance-registry-username:
-        description: "Username when publishing to provenance registry instead of image registry."
+        description: "Username when publishing to provenance registry (option 'provenance-registry') instead of image registry."
       provenance-registry-password:
         description: "Password when publishing to provenance registry instead of image registry."
     inputs:
@@ -79,11 +79,11 @@ on:
         type: string
         default: ""
       provenance-registry-username:
-          description: "Username when publishing to provenance registry (option 'prove') instead of image registry."
+          description: "Username when publishing to provenance registry (option 'provenance-registry') instead of image registry."
           required: false
           type: string
       provenance-registry:
-        description: "If set, Provenance is pushed to this registry instead of image registry."
+        description: "If set, provenance is pushed to this registry instead of image registry."
         required: false
         type: string
     outputs:
@@ -223,7 +223,7 @@ jobs:
           UNTRUSTED_PROVENANCE_REGISTRY: "${{ inputs.provenance-registry  }}"
           UNTRUSTED_INPUT_PROVENANCE_USERNAME: "${{ inputs.provenance-registry-username }}"
           UNTRUSTED_SECRET_PROVENANCE_USERNAME: "${{ secrets.provenance-registry-username }}"
-          UNTRUSTED_PROVENANCE_PASSWORD: "${{ secrets.provenance-password }}"
+          UNTRUSTED_PROVENANCE_PASSWORD: "${{ secrets.provenance-registry-password }}"
           GCP_ACCESS_TOKEN: "${{ steps.auth.outputs.access_token }}"
         if: ${{ env.UNTRUSTED_PROVENANCE_REGISTRY != '' }}
         run: |
@@ -234,10 +234,10 @@ jobs:
           # character in it to see if it's a domain name.
           # See: https://stackoverflow.com/questions/37861791/how-are-docker-image-names-parsed#37867949
 
-          untrusted_provenance_registry="docker.io" 
+          untrusted_provenance_domain="docker.io"
           maybe_provenance_domain=$(echo "${UNTRUSTED_PROVENANCE_REGISTRY}" | cut -f1 -d "/" | { grep -E "\.|:" || true; })
           if [ "${maybe_provenance_domain}" != "" ]; then
-            untrusted_provenance_registry="${maybe_provenance_domain}"
+          untrusted_provenance_domain="${maybe_provenance_domain}"
           fi
 
           if [ "${GCP_ACCESS_TOKEN}" != "" ]; then
@@ -246,18 +246,18 @@ jobs:
           else
             username="${UNTRUSTED_SECRET_PROVENANCE_USERNAME:-${UNTRUSTED_INPUT_PROVENANCE_USERNAME}}"
             if [ "${username}" == "" ]; then
-                echo "provenance-registry username is required." >&2
+                echo "provenance-registry-username is required." >&2
                 exit 1
             fi
             password="${UNTRUSTED_PROVENANCE_PASSWORD}"
             if [ "${password}" == "" ]; then
-                echo "provenance-registry password is required." >&2
+                echo "provenance-registry-password is required." >&2
                 exit 1
             fi
           fi
           
-          echo "login to provenance registry: ${untrusted_provenance_registry}"
-          cosign login "${untrusted_provenance_registry}" -u "${username}" -p "${password}"
+          echo "login to provenance registry: ${untrusted_provenance_domain}"
+          cosign login "${untrusted_provenance_domain}" -u "${username}" -p "${password}"
 
       - name: Create and sign provenance
         id: sign-prov
@@ -275,8 +275,11 @@ jobs:
           predicate_name="predicate.json"
           "$GITHUB_WORKSPACE/$BUILDER_BINARY" generate --predicate="$predicate_name"
 
+          if [[ ! -z "${UNTRUSTED_PROVENANCE_REGISTRY}" ]]; then
+            export COSIGN_REPOSITORY="${UNTRUSTED_PROVENANCE_REGISTRY}"
+          fi
+
           COSIGN_EXPERIMENTAL=1 \
-          COSIGN_REPOSITORY="${UNTRUSTED_PROVENANCE_REGISTRY}" \
           cosign attest --predicate="$predicate_name" \
             --type slsaprovenance \
             --yes \
diff --git a/internal/builders/container/README.md b/internal/builders/container/README.md
index f6d88f27ec..11ea6ecf7f 100644
--- a/internal/builders/container/README.md
+++ b/internal/builders/container/README.md
@@ -214,8 +214,8 @@ Inputs:
 | `continue-on-error`              | Set to true to ignore errors. This option is useful if you won't want a failure to fail your entire workflow.<br>Default: `false`                                                                                                                                                       |
 | `gcp-workload-identity-provider` | The full identifier of the Workload Identity Provider, including the project number, pool name, and provider name. If provided, this must be the full identifier which includes all parts:<br>`projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider` |
 | `gcp-service-account`            | Email address or unique identifier of the Google Cloud service account for which to generate credentials. For example:<br>`my-service-account@my-project.iam.gserviceaccount.com`                                                                                                       |
-| `provenance-registry-username`   | Username when publishing to provenance registry (option 'prove') instead of image registry. Either `provenance-registry-username` input or `provenance-registry-username` secret is required.                                                                                                                                                                                                                 |
-| `provenance-registry`            | If set, Provenance is pushed to this registry instead of image registry.                                                                                          |
+| `provenance-registry-username`   | Username when publishing to provenance registry (option 'provenance-registry') instead of image registry. Either `provenance-registry-username` input or `provenance-registry-username` secret is required.                                                                                                                                                                                                                 |
+| `provenance-registry`            | If set, provenance is pushed to this registry instead of image registry.                                                                                          |
 
 Secrets:
 
@@ -224,7 +224,7 @@ Secrets:
 | `image`                        | The OCI image name. This must not include a tag or digest. Either `image` input or `image` secret is **required**. Secret `image` value takes precedence on `image` input value. Should be used in scenarios when the image name contains secret values, and therefore can't be provided directly. Use case - an undisclosed private registry use.                                                                                                                                             |
 | `registry-username`            | Username to log in the container registry. Either `registry-username` input or `registry-username` secret is required. This should only be used for high entropy values such as AWS Access Key as described [here](https://github.com/docker/login-action#aws-elastic-container-registry-ecr). Normal username values could match other input values and cause them to be ignored by GitHub Actions and causing your build to fail. In those cases, use the `registry-username` input instead. |
 | `registry-password`            | **(Required)** Password to log in the container registry.                                                                                                                                                                                                                                                                                                                                                                                                                                      |
-| `provenance-registry-username` | Username when publishing to provenance registry (option 'prove') instead of image registry. Either `provenance-registry-username` input or `provenance-registry-username` secret is required. This should only be used for high entropy values such as AWS Access Key as described [here](https://github.com/docker/login-action#aws-elastic-container-registry-ecr). Normal username values could match other input values and cause them to be ignored by GitHub Actions and causing your build to fail. In those cases, use the registry-username input instead.                                                                                                                                                                                            |
+| `provenance-registry-username` | Username when publishing to provenance registry (option 'provenance-registry') instead of image registry. Either `provenance-registry-username` input or `provenance-registry-username` secret is required. This should only be used for high entropy values such as AWS Access Key as described [here](https://github.com/docker/login-action#aws-elastic-container-registry-ecr). Normal username values could match other input values and cause them to be ignored by GitHub Actions and causing your build to fail. In those cases, use the registry-username input instead.                                                                                                                                                                                            |
 | `provenance-registry-password` | Password when publishing to provenance registry instead of image registry.                                               |
 
 ### Workflow Outputs