From 9f3d00960c43aaee2b9be3bd106a57853043bac7 Mon Sep 17 00:00:00 2001
From: Meredith Lancaster <malancas@github.com>
Date: Thu, 31 Oct 2024 16:16:09 -0600
Subject: [PATCH] keep comment

Signed-off-by: Meredith Lancaster <malancas@github.com>
---
 pkg/cmd/attestation/verify/policy.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkg/cmd/attestation/verify/policy.go b/pkg/cmd/attestation/verify/policy.go
index 8ee34bc7a..bd614263d 100644
--- a/pkg/cmd/attestation/verify/policy.go
+++ b/pkg/cmd/attestation/verify/policy.go
@@ -45,6 +45,11 @@ func newEnforcementCriteria(opts *Options) (verification.EnforcementCriteria, er
 
 	if opts.DenySelfHostedRunner {
 		c.Extensions.RunnerEnvironment = GitHubRunner
+	} else {
+		// if Extensions.RunnerEnvironment value is set to the empty string
+		// through the second function argument,
+		// no certificate matching will happen on the RunnerEnvironment field
+		c.Extensions.RunnerEnvironment = ""
 	}
 
 	if opts.Repo != "" {