diff --git a/verifiers/internal/gha/builder_test.go b/verifiers/internal/gha/builder_test.go index 1cffc95d6..455c4bafc 100644 --- a/verifiers/internal/gha/builder_test.go +++ b/verifiers/internal/gha/builder_test.go @@ -21,6 +21,7 @@ var ( refs123 = "@refs/tags/v1.2.3" githubWorkflows = "/.github/workflows/" builderGoSlsa3 = githubWorkflows + "builder_go_slsa3.yml" + builderGoSlsa3GitUrl = httpsGithubCom + trustedBuilderRepository + builderGoSlsa3 delegatorGenericSlsa3 = githubWorkflows + "delegator_generic_slsa3.yml" generatorGenericSlsa3 = githubWorkflows + "generator_generic_slsa3.yml" ) @@ -102,7 +103,7 @@ func Test_VerifyBuilderIdentity(t *testing.T) { Issuer: "https://token.actions.githubusercontent.com", }, defaults: defaultArtifactTrustedReusableWorkflows, - builderID: httpsGithubCom + trustedBuilderRepository + builderGoSlsa3, + builderID: builderGoSlsa3GitUrl, }, { name: "valid generic delegator builder without tag", @@ -140,7 +141,7 @@ func Test_VerifyBuilderIdentity(t *testing.T) { Issuer: certOidcIssuer, }, defaults: defaultArtifactTrustedReusableWorkflows, - builderID: httpsGithubCom + trustedBuilderRepository + builderGoSlsa3, + builderID: builderGoSlsa3GitUrl, }, { name: "valid main ref for e2e test - match builderID", @@ -152,10 +153,10 @@ func Test_VerifyBuilderIdentity(t *testing.T) { Issuer: certOidcIssuer, }, buildOpts: &options.BuilderOpts{ - ExpectedID: asStringPointer(httpsGithubCom + trustedBuilderRepository + builderGoSlsa3), + ExpectedID: asStringPointer(builderGoSlsa3GitUrl), }, defaults: defaultArtifactTrustedReusableWorkflows, - builderID: httpsGithubCom + trustedBuilderRepository + builderGoSlsa3, + builderID: builderGoSlsa3GitUrl, }, { name: "valid main ref for e2e test - mismatch builderID", @@ -182,10 +183,10 @@ func Test_VerifyBuilderIdentity(t *testing.T) { Issuer: certOidcIssuer, }, buildOpts: &options.BuilderOpts{ - ExpectedID: asStringPointer(httpsGithubCom + trustedBuilderRepository + builderGoSlsa3), + ExpectedID: asStringPointer(builderGoSlsa3GitUrl), }, defaults: defaultArtifactTrustedReusableWorkflows, - builderID: httpsGithubCom + trustedBuilderRepository + builderGoSlsa3, + builderID: builderGoSlsa3GitUrl, }, { name: "valid workflow identity - mismatch builderID", @@ -213,7 +214,7 @@ func Test_VerifyBuilderIdentity(t *testing.T) { }, err: serrors.ErrorInvalidRef, defaults: defaultArtifactTrustedReusableWorkflows, - builderID: httpsGithubCom + trustedBuilderRepository + builderGoSlsa3, + builderID: builderGoSlsa3GitUrl, }, { name: "invalid workflow identity with build", @@ -249,7 +250,7 @@ func Test_VerifyBuilderIdentity(t *testing.T) { Issuer: certOidcIssuer, }, defaults: defaultArtifactTrustedReusableWorkflows, - builderID: httpsGithubCom + trustedBuilderRepository + builderGoSlsa3, + builderID: builderGoSlsa3GitUrl, }, { name: "valid workflow identity with fully qualified source - no default", @@ -261,9 +262,9 @@ func Test_VerifyBuilderIdentity(t *testing.T) { Issuer: certOidcIssuer, }, buildOpts: &options.BuilderOpts{ - ExpectedID: asStringPointer(httpsGithubCom + trustedBuilderRepository + builderGoSlsa3), + ExpectedID: asStringPointer(builderGoSlsa3GitUrl), }, - builderID: httpsGithubCom + trustedBuilderRepository + builderGoSlsa3, + builderID: builderGoSlsa3GitUrl, }, { name: "valid workflow identity with fully qualified source - match builderID", @@ -275,10 +276,10 @@ func Test_VerifyBuilderIdentity(t *testing.T) { Issuer: certOidcIssuer, }, buildOpts: &options.BuilderOpts{ - ExpectedID: asStringPointer(httpsGithubCom + trustedBuilderRepository + builderGoSlsa3), + ExpectedID: asStringPointer(builderGoSlsa3GitUrl), }, defaults: defaultArtifactTrustedReusableWorkflows, - builderID: httpsGithubCom + trustedBuilderRepository + builderGoSlsa3, + builderID: builderGoSlsa3GitUrl, }, { name: "valid workflow identity with fully qualified source - mismatch builderID",