Exit with error if no matching predicate type exists

Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
2025-02-11 09:07:51 +01:00 · 2025-02-11 09:07:51 +01:00 · bf3a40aef3
commit bf3a40aef3
parent 55579582e2
2 changed files with 13 additions and 1 deletions
--- a/pkg/cmd/attestation/verify/verify.go
+++ b/pkg/cmd/attestation/verify/verify.go
@ -236,7 +236,7 @@ func runVerify(opts *Options) error {
 	filteredAttestations := verification.FilterAttestations(ec.PredicateType, attestations)
 	if len(filteredAttestations) == 0 {
 		opts.Logger.Printf(opts.Logger.ColorScheme.Red("✗ No attestations found with predicate type: %s\n"), opts.PredicateType)
-		return err
+		return fmt.Errorf("no matching predicate found")
 	}
 	attestations = filteredAttestations

--- a/pkg/cmd/attestation/verify/verify_test.go
+++ b/pkg/cmd/attestation/verify/verify_test.go
@ -501,6 +501,18 @@ func TestRunVerify(t *testing.T) {
 		require.Nil(t, runVerify(&customOpts))
 	})

+	t.Run("with valid OCI artifact with UseBundleFromRegistry flag and unknown predicate type", func(t *testing.T) {
+		customOpts := publicGoodOpts
+		customOpts.ArtifactPath = "oci://ghcr.io/github/test"
+		customOpts.BundlePath = ""
+		customOpts.UseBundleFromRegistry = true
+		customOpts.PredicateType = "https://predicate.type"
+
+		err := runVerify(&customOpts)
+		require.Error(t, err)
+		require.ErrorContains(t, err, "no matching predicate found")
+	})
+
 	t.Run("with valid OCI artifact with UseBundleFromRegistry flag but no bundle return from registry", func(t *testing.T) {
 		customOpts := publicGoodOpts
 		customOpts.ArtifactPath = "oci://ghcr.io/github/test"