Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Refactor - Use interface for rekor and fulcio
Browse files Browse the repository at this point in the history
- Refactored the implementation to accept the interface instead of the
  concrete implementation within the function.

- With this change `GenerateProvenance` can be tested with mocks. At the
  moment there aren't any unit tests for `GenerateProvenance`.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
naveensrinivasan committed Jun 20, 2022
1 parent 61db574 commit 324f41e
Showing 2 changed files with 7 additions and 5 deletions.
6 changes: 5 additions & 1 deletion internal/builders/go/main.go
Original file line number Diff line number Diff line change
@@ -24,6 +24,8 @@ import (
"os"
"os/exec"

"github.com/slsa-framework/slsa-github-generator/signing/sigstore"

// Enable the github OIDC auth provider.
_ "github.com/sigstore/cosign/pkg/providers/github"

@@ -72,8 +74,10 @@ func runBuild(dry bool, configFile, evalEnvs string) error {
}

func runProvenanceGeneration(subject, digest, commands, envs, workingDir string) error {
r := sigstore.NewDefaultRekor()
s := sigstore.NewDefaultFulcio()
attBytes, err := pkg.GenerateProvenance(subject, digest,
commands, envs, workingDir)
commands, envs, workingDir, s, r)
if err != nil {
return err
}
6 changes: 2 additions & 4 deletions internal/builders/go/pkg/provenance.go
Original file line number Diff line number Diff line change
@@ -18,13 +18,13 @@ import (
"context"
"encoding/hex"
"fmt"
"github.com/slsa-framework/slsa-github-generator/signing"
"os"

intoto "github.com/in-toto/in-toto-golang/in_toto"
slsa02 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
"github.com/slsa-framework/slsa-github-generator/github"
"github.com/slsa-framework/slsa-github-generator/internal/utils"
"github.com/slsa-framework/slsa-github-generator/signing/sigstore"
"github.com/slsa-framework/slsa-github-generator/slsa"
)

@@ -63,7 +63,7 @@ func (b *goProvenanceBuild) BuildConfig(context.Context) (interface{}, error) {
// GenerateProvenance translates github context into a SLSA provenance
// attestation.
// Spec: https://slsa.dev/provenance/v0.2
func GenerateProvenance(name, digest, command, envs, workingDir string) ([]byte, error) {
func GenerateProvenance(name, digest, command, envs, workingDir string, s signing.Signer, r signing.TransparencyLog) ([]byte, error) {
gh, err := github.GetWorkflowContext()
if err != nil {
return nil, err
@@ -153,7 +153,6 @@ func GenerateProvenance(name, digest, command, envs, workingDir string) ([]byte,
}

// Sign the provenance.
s := sigstore.NewDefaultFulcio()
att, err := s.Sign(ctx, &intoto.Statement{
StatementHeader: p.StatementHeader,
Predicate: p.Predicate,
@@ -163,7 +162,6 @@ func GenerateProvenance(name, digest, command, envs, workingDir string) ([]byte,
}

// Upload the signed attestation to rekor.
r := sigstore.NewDefaultRekor()
if logEntry, err := r.Upload(ctx, att); err != nil {
fmt.Printf("Uploaded signed attestation to rekor with UUID %s.\n", logEntry.UUID())
return nil, err

0 comments on commit 324f41e

Please sign in to comment.