start building a separate policy struct
Signed-off-by: Meredith Lancaster <malancas@github.com>
This commit is contained in:
Meredith Lancaster
parent
14d339d9ba
commit
704de0cf37
1 changed files with 27 additions and 0 deletions
|
|
@ -8,6 +8,7 @@ import (
|
|||
"github.com/sigstore/sigstore-go/pkg/fulcio/certificate"
|
||||
"github.com/sigstore/sigstore-go/pkg/verify"
|
||||
|
||||
"github.com/cli/cli/v2/pkg/cmd/attestation/api"
|
||||
"github.com/cli/cli/v2/pkg/cmd/attestation/artifact"
|
||||
"github.com/cli/cli/v2/pkg/cmd/attestation/verification"
|
||||
)
|
||||
|
|
@ -18,6 +19,32 @@ const (
|
|||
hostRegex = `^[a-zA-Z0-9-]+\.[a-zA-Z0-9-]+.*$`
|
||||
)
|
||||
|
||||
type ExpectedExtensions struct {
|
||||
RunnerEnvironment string
|
||||
SAN string
|
||||
buildSourceRepo string
|
||||
SignerWorkflow string
|
||||
}
|
||||
|
||||
type Policy struct {
|
||||
ExpectedExtensions ExpectedExtensions
|
||||
ExpectedPredicateType string
|
||||
ExpectedSigstoreInstance string
|
||||
}
|
||||
|
||||
func buildPolicy(opts *Options, a artifact.DigestedArtifact) Policy {
|
||||
return Policy{}
|
||||
}
|
||||
|
||||
func (p *Policy) Verify(a []*api.Attestation) (bool, string) {
|
||||
filtered := verification.FilterAttestations(p.ExpectedPredicateType, a)
|
||||
if len(filtered) == 0 {
|
||||
return false, fmt.Sprintf("✗ No attestations found with predicate type: %s\n", p.ExpectedPredicateType)
|
||||
}
|
||||
|
||||
return true, ""
|
||||
}
|
||||
|
||||
func expandToGitHubURL(tenant, ownerOrRepo string) string {
|
||||
if tenant == "" {
|
||||
return fmt.Sprintf("(?i)^https://github.com/%s/", ownerOrRepo)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue