diff --git a/pkg/cmd/attestation/verify/policy.go b/pkg/cmd/attestation/verify/policy.go index 41b9ea27e..1e1dcd4d8 100644 --- a/pkg/cmd/attestation/verify/policy.go +++ b/pkg/cmd/attestation/verify/policy.go @@ -56,7 +56,7 @@ func newEnforcementCriteria(opts *Options) (verification.EnforcementCriteria, er signedRepoRegex := expandToGitHubURLRegex(opts.Tenant, opts.SignerRepo) c.SANRegex = signedRepoRegex } else if opts.SignerWorkflow != "" { - validatedWorkflowRegex, err := validateSignerWorkflow(opts) + validatedWorkflowRegex, err := validateSignerWorkflow(opts.Hostname, opts.SignerWorkflow) if err != nil { return verification.EnforcementCriteria{}, err } @@ -140,23 +140,23 @@ func buildSigstoreVerifyPolicy(c verification.EnforcementCriteria, a artifact.Di return policy, nil } -func validateSignerWorkflow(opts *Options) (string, error) { +func validateSignerWorkflow(hostname, signerWorkflow string) (string, error) { // we expect a provided workflow argument be in the format [HOST/]///path/to/workflow.yml // if the provided workflow does not contain a host, set the host - match, err := regexp.MatchString(hostRegex, opts.SignerWorkflow) + match, err := regexp.MatchString(hostRegex, signerWorkflow) if err != nil { return "", err } if match { - return fmt.Sprintf("^https://%s", opts.SignerWorkflow), nil + return fmt.Sprintf("^https://%s", signerWorkflow), nil } // if the provided workflow did not match the expect format // we move onto creating a signer workflow using the provided host name - if opts.Hostname == "" { + if hostname == "" { return "", errors.New("unknown host") } - return fmt.Sprintf("^https://%s/%s", opts.Hostname, opts.SignerWorkflow), nil + return fmt.Sprintf("^https://%s/%s", hostname, signerWorkflow), nil } diff --git a/pkg/cmd/attestation/verify/policy_test.go b/pkg/cmd/attestation/verify/policy_test.go index 30724afef..d033ba4fa 100644 --- a/pkg/cmd/attestation/verify/policy_test.go +++ b/pkg/cmd/attestation/verify/policy_test.go @@ -4,7 +4,6 @@ import ( "testing" "github.com/cli/cli/v2/pkg/cmd/attestation/verification" - "github.com/cli/cli/v2/pkg/cmd/factory" "github.com/stretchr/testify/require" ) @@ -263,14 +262,8 @@ func TestValidateSignerWorkflow(t *testing.T) { } for _, tc := range testcases { - opts := &Options{ - Config: factory.New("test").Config, - SignerWorkflow: tc.providedSignerWorkflow, - } - // All host resolution is done verify.go:RunE - opts.Hostname = tc.host - workflowRegex, err := validateSignerWorkflow(opts) + workflowRegex, err := validateSignerWorkflow(tc.host, tc.providedSignerWorkflow) require.Equal(t, tc.expectedWorkflowRegex, workflowRegex) if tc.expectErr {