Merge branch 'trunk' into remove-project-automation

2025-01-30 12:58:34 -05:00 · 2025-01-30 12:58:34 -05:00 · fca527af0e
commit fca527af0e
parent fdc1a5a13a 9ef8406cf5
2 changed files with 22 additions and 13 deletions
--- a/pkg/cmd/attestation/api/client.go
+++ b/pkg/cmd/attestation/api/client.go
@ -176,23 +176,25 @@ func (c *LiveClient) fetchBundleFromAttestations(attestations []*Attestation) ([
 				return fmt.Errorf("attestation has no bundle or bundle URL")
 			}

-			// for now, we fallback to the bundle field if the bundle URL is empty
-			if a.BundleURL == "" {
-				c.logger.VerbosePrintf("Bundle URL is empty. Falling back to bundle field\n\n")
+			// If the bundle field is nil, try to fetch the bundle with the provided URL
+			if a.Bundle == nil {
+				c.logger.VerbosePrintf("Bundle field is empty. Trying to fetch with bundle URL\n\n")
+				b, err := c.GetBundle(a.BundleURL)
+				if err != nil {
+					return fmt.Errorf("failed to fetch bundle with URL: %w", err)
+				}
 				fetched[i] = &Attestation{
-					Bundle: a.Bundle,
+					Bundle: b,
 				}
 				return nil
 			}

-			// otherwise fetch the bundle with the provided URL
-			b, err := c.GetBundle(a.BundleURL)
-			if err != nil {
-				return fmt.Errorf("failed to fetch bundle with URL: %w", err)
-			}
+			// otherwise fall back to the bundle field
+			c.logger.VerbosePrintf("Fetching bundle from Bundle field\n\n")
 			fetched[i] = &Attestation{
-				Bundle: b,
+				Bundle: a.Bundle,
 			}
+
 			return nil
 		})
 	}
--- a/pkg/cmd/attestation/api/client_test.go
+++ b/pkg/cmd/attestation/api/client_test.go
@ -180,7 +180,7 @@ func TestGetByDigest_Error(t *testing.T) {
 	require.Nil(t, attestations)
 }

-func TestFetchBundleFromAttestations(t *testing.T) {
+func TestFetchBundleFromAttestations_BundleURL(t *testing.T) {
 	httpClient := &mockHttpClient{}
 	client := LiveClient{
 		httpClient: httpClient,
@ -188,12 +188,15 @@ func TestFetchBundleFromAttestations(t *testing.T) {
 	}

 	att1 := makeTestAttestation()
+	att1.Bundle = nil
 	att2 := makeTestAttestation()
+	att2.Bundle = nil
+	// zero out the bundle field so it tries fetching by URL
 	attestations := []*Attestation{&att1, &att2}
 	fetched, err := client.fetchBundleFromAttestations(attestations)
 	require.NoError(t, err)
 	require.Len(t, fetched, 2)
-	require.Equal(t, "application/vnd.dev.sigstore.bundle.v0.3+json", fetched[0].Bundle.GetMediaType())
+	require.NotNil(t, "application/vnd.dev.sigstore.bundle.v0.3+json", fetched[0].Bundle.GetMediaType())
 	httpClient.AssertNumberOfCalls(t, "OnGetSuccess", 2)
 }

@ -211,7 +214,7 @@ func TestFetchBundleFromAttestations_InvalidAttestation(t *testing.T) {
 	require.Nil(t, fetched, 2)
 }

-func TestFetchBundleFromAttestations_Fail(t *testing.T) {
+func TestFetchBundleFromAttestations_Fail_BundleURL(t *testing.T) {
 	httpClient := &failAfterOneCallHttpClient{}

 	c := &LiveClient{
@ -220,7 +223,10 @@ func TestFetchBundleFromAttestations_Fail(t *testing.T) {
 	}

 	att1 := makeTestAttestation()
+	att1.Bundle = nil
 	att2 := makeTestAttestation()
+	att2.Bundle = nil
+	// zero out the bundle field so it tries fetching by URL
 	attestations := []*Attestation{&att1, &att2}
 	fetched, err := c.fetchBundleFromAttestations(attestations)
 	require.Error(t, err)
@ -237,6 +243,7 @@ func TestFetchBundleFromAttestations_FetchByURLFail(t *testing.T) {
 	}

 	a := makeTestAttestation()
+	a.Bundle = nil
 	attestations := []*Attestation{&a}
 	bundle, err := c.fetchBundleFromAttestations(attestations)
 	require.Error(t, err)