update test fixtures to include buildConfigURI

Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-01-08 11:16:23 -07:00 · 2025-01-08 11:16:23 -07:00 · 1c16e12a66
commit 1c16e12a66
parent 1e91828cdf
3 changed files with 7 additions and 5 deletions
--- a/pkg/cmd/attestation/verification/mock_verifier.go
+++ b/pkg/cmd/attestation/verification/mock_verifier.go
@ -67,7 +67,7 @@ func (v *FailSigstoreVerifier) Verify([]*api.Attestation, verify.PolicyBuilder)
 	return nil, fmt.Errorf("failed to verify attestations")
 }

-func BuildMockResult(b *bundle.Bundle, buildSignerURI, sourceRepoOwnerURI, sourceRepoURI, issuer string) AttestationProcessingResult {
+func BuildMockResult(b *bundle.Bundle, buildConfigURI, buildSignerURI, sourceRepoOwnerURI, sourceRepoURI, issuer string) AttestationProcessingResult {
 	statement := &in_toto.Statement{}
 	statement.PredicateType = SLSAPredicateV1

@ -80,10 +80,11 @@ func BuildMockResult(b *bundle.Bundle, buildSignerURI, sourceRepoOwnerURI, sourc
 			Signature: &verify.SignatureVerificationResult{
 				Certificate: &certificate.Summary{
 					Extensions: certificate.Extensions{
+						BuildConfigURI:           buildConfigURI,
 						BuildSignerURI:           buildSignerURI,
+						Issuer:                   issuer,
 						SourceRepositoryOwnerURI: sourceRepoOwnerURI,
 						SourceRepositoryURI:      sourceRepoURI,
-						Issuer:                   issuer,
 					},
 				},
 			},
@ -93,9 +94,10 @@ func BuildMockResult(b *bundle.Bundle, buildSignerURI, sourceRepoOwnerURI, sourc

 func BuildSigstoreJsMockResult(t *testing.T) AttestationProcessingResult {
 	bundle := data.SigstoreBundle(t)
+	buildConfigURI := "https://github.com/sigstore/sigstore-js/.github/workflows/build.yml@refs/heads/main"
 	buildSignerURI := "https://github.com/github/example/.github/workflows/release.yml@refs/heads/main"
 	sourceRepoOwnerURI := "https://github.com/sigstore"
 	sourceRepoURI := "https://github.com/sigstore/sigstore-js"
 	issuer := "https://token.actions.githubusercontent.com"
-	return BuildMockResult(bundle, buildSignerURI, sourceRepoOwnerURI, sourceRepoURI, issuer)
+	return BuildMockResult(bundle, buildConfigURI, buildSignerURI, sourceRepoOwnerURI, sourceRepoURI, issuer)
 }
--- a/pkg/cmd/attestation/verify/attestation_integration_test.go
+++ b/pkg/cmd/attestation/verify/attestation_integration_test.go
@ -83,7 +83,7 @@ func TestVerifyAttestations(t *testing.T) {
 		attestations := []*api.Attestation{sgjAttestation[0], reusableWorkflowAttestations[0], sgjAttestation[1]}
 		require.Len(t, attestations, 3)

-		rwfResult := verification.BuildMockResult(reusableWorkflowAttestations[0].Bundle, "", "https://github.com/malancas", "", verification.GitHubOIDCIssuer)
+		rwfResult := verification.BuildMockResult(reusableWorkflowAttestations[0].Bundle, "", "", "https://github.com/malancas", "", verification.GitHubOIDCIssuer)
 		sgjResult := verification.BuildSigstoreJsMockResult(t)
 		mockResults := []*verification.AttestationProcessingResult{&sgjResult, &rwfResult, &sgjResult}
 		mockSgVerifier := verification.NewMockSigstoreVerifierWithMockResults(t, mockResults)
--- a/pkg/cmd/attestation/verify/verify_test.go
+++ b/pkg/cmd/attestation/verify/verify_test.go
@ -415,7 +415,7 @@ func TestRunVerify(t *testing.T) {
 		opts.BundlePath = ""
 		opts.Owner = "sigstore"

-		require.Nil(t, runVerify(&opts))
+		require.NoError(t, runVerify(&opts))
 	})

 	t.Run("with owner which not matches SourceRepositoryOwnerURI", func(t *testing.T) {