Skip to content

Commit

Permalink
use provenance-repository input for slsa-verifier
Browse files Browse the repository at this point in the history
Signed-off-by: saisatishkarra <saisatish.karra@konghq.com>
  • Loading branch information
saisatishkarra committed Jan 23, 2024
1 parent 07fde6b commit 9c3dc26
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 7 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ jobs:
digest: ${{ needs.build.outputs.digest }}
registry-username: ${{ github.actor }}
provenance-registry-username: ${{ needs.provenance-metadata.outputs.username }}
provenance-registry: ${{ needs.provenance-metadata.outputs.image }}
provenance-repository: ${{ needs.provenance-metadata.outputs.image }}
compile-generator: true
secrets:
registry-password: ${{ secrets.GITHUB_TOKEN }} # Github token for contaner image
Expand Down Expand Up @@ -166,7 +166,7 @@ jobs:
go-version: "1.20"
- env:
CONTAINER: "${{ env.container }}"
PROVENANCE: "${{ env.provenance_file }}"
PROVENANCE_REPOSITORY: ${{ needs.provenance-metadata.outputs.image }}
run: ./.github/workflows/scripts/e2e.container.default.verify.sh

if-succeeded:
Expand Down
6 changes: 6 additions & 0 deletions .github/workflows/scripts/e2e-verify.common.sh
Original file line number Diff line number Diff line change
Expand Up @@ -321,6 +321,7 @@ verify_provenance_authenticity() {
CONTAINER=${CONTAINER:-}
GITHUB_REF_NAME=${GITHUB_REF_NAME:-}
PROVENANCE=${PROVENANCE:-}
PROVENANCE_REPOSITORY=${PROVENANCE_REPOSITORY:-}

local verifier="$1"
local tag="$2"
Expand Down Expand Up @@ -381,6 +382,10 @@ verify_provenance_authenticity() {
provenanceArg=()
if [[ "$build_type" == "nodejs" ]]; then
read -ra provenanceArg <<<"--attestations-path ${ATTESTATIONS}"
elif [[ "$build_type" == "container" ]]; then
if [[ -n "$PROVENANCE_REPOSITORY" ]]; then
read -ra provenanceArg <<<"$($argr "provenance-repository") ${PROVENANCE_REPOSITORY}"
fi
elif [[ "$build_type" != "container" ]]; then
read -ra provenanceArg <<<"$($argr "provenance") ${PROVENANCE}"
fi
Expand Down Expand Up @@ -798,6 +803,7 @@ _new_verifier_args() {
case $arg in
artifact-path) echo '' ;;
provenance) echo '--provenance-path' ;;
provenance-repository) echo '--provenance-repository' ;;
source) echo '--source-uri' ;;
tag) echo '--source-tag' ;;
versioned-tag) echo '--source-versioned-tag' ;;
Expand Down
6 changes: 1 addition & 5 deletions .github/workflows/scripts/e2e.container.default.verify.sh
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ GITHUB_REF=${GITHUB_REF:-}
GITHUB_REF_NAME=${GITHUB_REF_NAME:-}
GITHUB_REF_TYPE=${GITHUB_REF_TYPE:-}
PROVENANCE=${PROVENANCE:-}
PROVENANCE_REPOSITORY=${PROVENANCE_REPOSITORY:-}
CONTAINER=${CONTAINER:-}
RUNNER_DEBUG=${RUNNER_DEBUG:-}
if [[ -n "${RUNNER_DEBUG}" ]]; then
Expand Down Expand Up @@ -41,11 +42,6 @@ echo "DEBUG: file is ${this_file}"

export SLSA_VERIFIER_TESTING="true"

# Make sure the value is exported to slsa-verifier.
if [[ -n "${COSIGN_REPOSITORY}" ]]; then
export COSIGN_REPOSITORY="${COSIGN_REPOSITORY}"
fi

# Verify provenance authenticity.
e2e_run_verifier_all_releases "HEAD"

Expand Down

0 comments on commit 9c3dc26

Please sign in to comment.