From 89cd6c69f444bbcadfdc0171bb4a00927be75015 Mon Sep 17 00:00:00 2001 From: Renzo Rojas Silva Date: Mon, 20 May 2024 16:43:10 -0400 Subject: [PATCH] more linter errors --- pkg/artifacts/signable_test.go | 2 +- pkg/chains/formats/slsa/extract/extract.go | 3 +- .../formats/slsa/extract/extract_test.go | 9 +- .../formats/slsa/extract/v1beta1/extract.go | 2 + .../slsa/extract/v1beta1/extract_test.go | 8 +- .../build_definition/build_definition_test.go | 3 +- .../internal/material/v1beta1/material.go | 6 +- .../slsa/internal/metadata/metadata_test.go | 4 +- .../slsa/internal/provenance/provenance.go | 4 +- .../resolved_dependencies.go | 6 +- .../resolved_dependencies_test.go | 12 +- .../slsa/internal/results/results_test.go | 1 + .../formats/slsa/v1/internal/protos/protos.go | 4 +- pkg/chains/formats/slsa/v1/intotoite6_test.go | 396 ++++++------------ .../slsa/v1/pipelinerun/pipelinerun.go | 4 +- .../slsa/v1/pipelinerun/provenance_test.go | 3 +- pkg/chains/formats/slsa/v1/taskrun/taskrun.go | 4 +- .../internal/pipelinerun/pipelinerun.go | 4 +- .../internal/pipelinerun/pipelinerun_test.go | 15 +- .../v2alpha3/internal/taskrun/taskrun_test.go | 7 +- .../formats/slsa/v2alpha3/slsav2_test.go | 13 +- .../v2alpha4/internal/taskrun/taskrun_test.go | 8 +- pkg/chains/formats/slsa/v2alpha4/slsav2.go | 2 +- .../formats/slsa/v2alpha4/slsav2_test.go | 6 +- pkg/chains/objects/objects.go | 2 +- pkg/chains/storage/grafeas/grafeas_test.go | 30 +- pkg/chains/storage/oci/attestation.go | 1 + pkg/chains/storage/pubsub/pubsub_test.go | 5 +- pkg/chains/storage/tekton/tekton.go | 4 +- test/e2e_test.go | 1 + test/examples_test.go | 40 +- test/test_utils.go | 7 + 32 files changed, 268 insertions(+), 348 deletions(-) diff --git a/pkg/artifacts/signable_test.go b/pkg/artifacts/signable_test.go index 98c303c0ac..8863984561 100644 --- a/pkg/artifacts/signable_test.go +++ b/pkg/artifacts/signable_test.go @@ -46,7 +46,6 @@ const ( var ignore = []cmp.Option{cmpopts.IgnoreUnexported(name.Registry{}, name.Repository{}, name.Digest{})} func TestOCIArtifact_ExtractObjects(t *testing.T) { - tests := []struct { name string obj objects.TektonObject @@ -808,6 +807,7 @@ func TestExtractBuildArtifactsFromResults(t *testing.T) { } func createDigest(t *testing.T, dgst string) name.Digest { + t.Helper() result, err := name.NewDigest(dgst) if err != nil { t.Fatal(err) diff --git a/pkg/chains/formats/slsa/extract/extract.go b/pkg/chains/formats/slsa/extract/extract.go index bedd787a42..a47d558f7c 100644 --- a/pkg/chains/formats/slsa/extract/extract.go +++ b/pkg/chains/formats/slsa/extract/extract.go @@ -77,7 +77,8 @@ func subjectsFromPipelineRun(ctx context.Context, obj objects.TektonObject, slsa pSpec := pro.Status.PipelineSpec if pSpec != nil { - pipelineTasks := append(pSpec.Tasks, pSpec.Finally...) + pipelineTasks := pSpec.Tasks + pipelineTasks = append(pipelineTasks, pSpec.Finally...) for _, t := range pipelineTasks { tr := pro.GetTaskRunFromTask(t.Name) // Ignore Tasks that did not execute during the PipelineRun. diff --git a/pkg/chains/formats/slsa/extract/extract_test.go b/pkg/chains/formats/slsa/extract/extract_test.go index 3e94989a54..6467087466 100644 --- a/pkg/chains/formats/slsa/extract/extract_test.go +++ b/pkg/chains/formats/slsa/extract/extract_test.go @@ -120,7 +120,6 @@ func TestSubjectDigestsAndRetrieveAllArtifactURIs(t *testing.T) { t.Errorf("Wrong URIs extracted, diff=%s", diff) } } - }) } } @@ -209,7 +208,7 @@ func TestPipelineRunObserveModeForSubjects(t *testing.T) { { name: "deep inspection enabled: pipelinerun and taskrun have duplicated results", pro: createProWithTaskRunResults( - createProWithPipelineResults(map[string]string{artifactURL1: "sha256:" + artifactDigest1}).(*objects.PipelineRunObjectV1), + createProWithPipelineResults(map[string]string{artifactURL1: "sha256:" + artifactDigest1}), []artifact{ {uri: artifactURL1, digest: "sha256:" + artifactDigest1}, }), @@ -229,7 +228,7 @@ func TestPipelineRunObserveModeForSubjects(t *testing.T) { { name: "deep inspection enabled: pipelinerun and taskrun have different results", pro: createProWithTaskRunResults( - createProWithPipelineResults(map[string]string{artifactURL1: "sha256:" + artifactDigest1}).(*objects.PipelineRunObjectV1), + createProWithPipelineResults(map[string]string{artifactURL1: "sha256:" + artifactDigest1}), []artifact{ {uri: artifactURL2, digest: "sha256:" + artifactDigest2}, }), @@ -441,7 +440,7 @@ func TestSubjectsFromBuildArtifact(t *testing.T) { } } -func createTaskRunObjectWithResults(results map[string]string) objects.TektonObject { +func createTaskRunObjectWithResults(results map[string]string) *objects.TaskRunObjectV1 { trResults := []v1.TaskRunResult{} prefix := 0 for url, digest := range results { @@ -463,7 +462,7 @@ func createTaskRunObjectWithResults(results map[string]string) objects.TektonObj ) } -func createProWithPipelineResults(results map[string]string) objects.TektonObject { +func createProWithPipelineResults(results map[string]string) *objects.PipelineRunObjectV1 { prResults := []v1.PipelineRunResult{} prefix := 0 for url, digest := range results { diff --git a/pkg/chains/formats/slsa/extract/v1beta1/extract.go b/pkg/chains/formats/slsa/extract/v1beta1/extract.go index a4c777d4aa..043ec0deb1 100644 --- a/pkg/chains/formats/slsa/extract/v1beta1/extract.go +++ b/pkg/chains/formats/slsa/extract/v1beta1/extract.go @@ -55,6 +55,7 @@ func SubjectDigests(ctx context.Context, obj objects.TektonObject, slsaconfig *s return subjects } +// SubjectsFromPipelineRunV1Beta1 returns software artifacts produced from the PipelineRun object. func SubjectsFromPipelineRunV1Beta1(ctx context.Context, obj objects.TektonObject, slsaconfig *slsaconfig.SlsaConfig) []*intoto.ResourceDescriptor { prSubjects := SubjectsFromTektonObjectV1Beta1(ctx, obj) @@ -90,6 +91,7 @@ func SubjectsFromPipelineRunV1Beta1(ctx context.Context, obj objects.TektonObjec return result } +// SubjectsFromTektonObjectV1Beta1 returns software artifacts produced from the Tekton object. func SubjectsFromTektonObjectV1Beta1(ctx context.Context, obj objects.TektonObject) []*intoto.ResourceDescriptor { logger := logging.FromContext(ctx) var subjects []*intoto.ResourceDescriptor diff --git a/pkg/chains/formats/slsa/extract/v1beta1/extract_test.go b/pkg/chains/formats/slsa/extract/v1beta1/extract_test.go index 8f8e2b9743..9eb1a371b9 100644 --- a/pkg/chains/formats/slsa/extract/v1beta1/extract_test.go +++ b/pkg/chains/formats/slsa/extract/v1beta1/extract_test.go @@ -209,7 +209,7 @@ func TestPipelineRunObserveModeForSubjects(t *testing.T) { { name: "deep inspection enabled: pipelinerun and taskrun have duplicated results", pro: createProWithTaskRunResults( - createProWithPipelineResults(map[string]string{artifactURL1: "sha256:" + artifactDigest1}).(*objects.PipelineRunObjectV1Beta1), + createProWithPipelineResults(map[string]string{artifactURL1: "sha256:" + artifactDigest1}), []artifact{ {uri: artifactURL1, digest: "sha256:" + artifactDigest1}, }), @@ -229,7 +229,7 @@ func TestPipelineRunObserveModeForSubjects(t *testing.T) { { name: "deep inspection enabled: pipelinerun and taskrun have different results", pro: createProWithTaskRunResults( - createProWithPipelineResults(map[string]string{artifactURL1: "sha256:" + artifactDigest1}).(*objects.PipelineRunObjectV1Beta1), + createProWithPipelineResults(map[string]string{artifactURL1: "sha256:" + artifactDigest1}), []artifact{ {uri: artifactURL2, digest: "sha256:" + artifactDigest2}, }), @@ -272,7 +272,7 @@ func TestPipelineRunObserveModeForSubjects(t *testing.T) { } } -func createTaskRunObjectV1Beta1WithResults(results map[string]string) objects.TektonObject { +func createTaskRunObjectV1Beta1WithResults(results map[string]string) *objects.TaskRunObjectV1Beta1 { trResults := []v1beta1.TaskRunResult{} prefix := 0 for url, digest := range results { @@ -294,7 +294,7 @@ func createTaskRunObjectV1Beta1WithResults(results map[string]string) objects.Te ) } -func createProWithPipelineResults(results map[string]string) objects.TektonObject { +func createProWithPipelineResults(results map[string]string) *objects.PipelineRunObjectV1Beta1 { prResults := []v1beta1.PipelineRunResult{} prefix := 0 for url, digest := range results { diff --git a/pkg/chains/formats/slsa/internal/build_definition/build_definition_test.go b/pkg/chains/formats/slsa/internal/build_definition/build_definition_test.go index a1cd15062f..963d6c07b8 100644 --- a/pkg/chains/formats/slsa/internal/build_definition/build_definition_test.go +++ b/pkg/chains/formats/slsa/internal/build_definition/build_definition_test.go @@ -113,12 +113,13 @@ func TestUnsupportedBuildType(t *testing.T) { if err == nil { t.Error("getBuildDefinition(): expected error got nil") } - if diff := cmp.Diff(slsa.BuildDefinition{}, got, protocmp.Transform()); diff != "" { + if diff := cmp.Diff(&slsa.BuildDefinition{}, &got, protocmp.Transform()); diff != "" { t.Errorf("getBuildDefinition(): -want +got: %s", diff) } } func getProtoStruct(t *testing.T, data map[string]any) *structpb.Struct { + t.Helper() protoStruct, err := getStruct(data) if err != nil { t.Fatalf("error getting proto struct from data: %v", err) diff --git a/pkg/chains/formats/slsa/internal/material/v1beta1/material.go b/pkg/chains/formats/slsa/internal/material/v1beta1/material.go index ef49f2b73c..650bb1d6dd 100644 --- a/pkg/chains/formats/slsa/internal/material/v1beta1/material.go +++ b/pkg/chains/formats/slsa/internal/material/v1beta1/material.go @@ -74,7 +74,8 @@ func PipelineMaterials(ctx context.Context, pro *objects.PipelineRunObjectV1Beta } pSpec := pro.Status.PipelineSpec if pSpec != nil { - pipelineTasks := append(pSpec.Tasks, pSpec.Finally...) + pipelineTasks := pSpec.Tasks + pipelineTasks = append(pipelineTasks, pSpec.Finally...) for _, t := range pipelineTasks { tr := pro.GetTaskRunFromTask(t.Name) // Ignore Tasks that did not execute during the PipelineRun. @@ -269,7 +270,8 @@ func FromPipelineParamsAndResults(ctx context.Context, pro *objects.PipelineRunO // search type hinting param/results from each individual taskruns if slsaconfig.DeepInspectionEnabled { logger := logging.FromContext(ctx) - pipelineTasks := append(pSpec.Tasks, pSpec.Finally...) + pipelineTasks := pSpec.Tasks + pipelineTasks = append(pipelineTasks, pSpec.Finally...) for _, t := range pipelineTasks { tr := pro.GetTaskRunFromTask(t.Name) // Ignore Tasks that did not execute during the PipelineRun. diff --git a/pkg/chains/formats/slsa/internal/metadata/metadata_test.go b/pkg/chains/formats/slsa/internal/metadata/metadata_test.go index 5e8601e169..3f6cb3e7a9 100644 --- a/pkg/chains/formats/slsa/internal/metadata/metadata_test.go +++ b/pkg/chains/formats/slsa/internal/metadata/metadata_test.go @@ -27,7 +27,7 @@ import ( ) func TestMetadata(t *testing.T) { - tr := &v1.TaskRun{ //nolint:staticcheck + tr := &v1.TaskRun{ ObjectMeta: metav1.ObjectMeta{ Name: "my-taskrun", Namespace: "my-namespace", @@ -58,7 +58,7 @@ func TestMetadata(t *testing.T) { func TestMetadataInTimeZone(t *testing.T) { tz := time.FixedZone("Test Time", int((12 * time.Hour).Seconds())) - tr := &v1.TaskRun{ //nolint:staticcheck + tr := &v1.TaskRun{ ObjectMeta: metav1.ObjectMeta{ Name: "my-taskrun", Namespace: "my-namespace", diff --git a/pkg/chains/formats/slsa/internal/provenance/provenance.go b/pkg/chains/formats/slsa/internal/provenance/provenance.go index d0095fcdf9..45f3070d7c 100644 --- a/pkg/chains/formats/slsa/internal/provenance/provenance.go +++ b/pkg/chains/formats/slsa/internal/provenance/provenance.go @@ -51,12 +51,12 @@ func GetSLSA1Statement(obj objects.TektonObject, sub []*intoto.ResourceDescripto func getProtoStruct(predicate *slsa.Provenance) (*structpb.Struct, error) { protoStruct := &structpb.Struct{} - predicateJson, err := protojson.Marshal(predicate) + predicateJSON, err := protojson.Marshal(predicate) if err != nil { return nil, err } - err = protojson.Unmarshal(predicateJson, protoStruct) + err = protojson.Unmarshal(predicateJSON, protoStruct) if err != nil { return nil, err } diff --git a/pkg/chains/formats/slsa/internal/resolved_dependencies/resolved_dependencies.go b/pkg/chains/formats/slsa/internal/resolved_dependencies/resolved_dependencies.go index 43a398ab9e..c76a818196 100644 --- a/pkg/chains/formats/slsa/internal/resolved_dependencies/resolved_dependencies.go +++ b/pkg/chains/formats/slsa/internal/resolved_dependencies/resolved_dependencies.go @@ -50,7 +50,7 @@ const ( // used to toggle the fields in see AddTektonTaskDescriptor // and AddSLSATaskDescriptor -type addTaskDescriptorContent func(*objects.TaskRunObjectV1) (*intoto.ResourceDescriptor, error) //nolint:staticcheck +type addTaskDescriptorContent func(*objects.TaskRunObjectV1) (*intoto.ResourceDescriptor, error) // ResolveOptions represents the configuration to be use to resolve dependencies. type ResolveOptions struct { @@ -111,7 +111,7 @@ func RemoveDuplicateResolvedDependencies(resolvedDependencies []*intoto.Resource // AddTektonTaskDescriptor returns the more verbose resolved dependency content. this adds the name, uri, digest // and content if possible. -func AddTektonTaskDescriptor(tr *objects.TaskRunObjectV1) (*intoto.ResourceDescriptor, error) { //nolint:staticcheck +func AddTektonTaskDescriptor(tr *objects.TaskRunObjectV1) (*intoto.ResourceDescriptor, error) { rd := intoto.ResourceDescriptor{} storedTr, err := json.Marshal(tr) if err != nil { @@ -130,7 +130,7 @@ func AddTektonTaskDescriptor(tr *objects.TaskRunObjectV1) (*intoto.ResourceDescr // AddSLSATaskDescriptor resolves dependency content for the more generic slsa verifiers. just logs // the name, uri and digest. -func AddSLSATaskDescriptor(tr *objects.TaskRunObjectV1) (*intoto.ResourceDescriptor, error) { //nolint:staticcheck +func AddSLSATaskDescriptor(tr *objects.TaskRunObjectV1) (*intoto.ResourceDescriptor, error) { if tr.Status.Provenance != nil && tr.Status.Provenance.RefSource != nil { return &intoto.ResourceDescriptor{ Name: PipelineTaskConfigName, diff --git a/pkg/chains/formats/slsa/internal/resolved_dependencies/resolved_dependencies_test.go b/pkg/chains/formats/slsa/internal/resolved_dependencies/resolved_dependencies_test.go index 7d3f05b71a..e19f2eecfd 100644 --- a/pkg/chains/formats/slsa/internal/resolved_dependencies/resolved_dependencies_test.go +++ b/pkg/chains/formats/slsa/internal/resolved_dependencies/resolved_dependencies_test.go @@ -303,7 +303,7 @@ func tektonTaskRuns() map[string][]byte { func TestTaskRun(t *testing.T) { tests := []struct { name string - obj objects.TektonObject //nolint:staticcheck + obj objects.TektonObject resolveOpts ResolveOptions want []*intoto.ResourceDescriptor }{ @@ -375,7 +375,7 @@ func TestTaskRun(t *testing.T) { }, { name: "resolvedDependencies from remote task", - obj: objects.NewTaskRunObjectV1(&v1.TaskRun{ //nolint:staticcheck + obj: objects.NewTaskRunObjectV1(&v1.TaskRun{ Status: v1.TaskRunStatus{ TaskRunStatusFields: v1.TaskRunStatusFields{ Provenance: &v1.Provenance{ @@ -401,7 +401,7 @@ func TestTaskRun(t *testing.T) { }, { name: "git resolvedDependencies from taskrun params", - obj: objects.NewTaskRunObjectV1(&v1.TaskRun{ //nolint:staticcheck + obj: objects.NewTaskRunObjectV1(&v1.TaskRun{ Spec: v1.TaskRunSpec{ Params: []v1.Param{{ Name: "CHAINS-GIT_COMMIT", @@ -424,7 +424,7 @@ func TestTaskRun(t *testing.T) { }, { name: "resolvedDependencies from step images", - obj: objects.NewTaskRunObjectV1(&v1.TaskRun{ //nolint:staticcheck + obj: objects.NewTaskRunObjectV1(&v1.TaskRun{ Status: v1.TaskRunStatus{ TaskRunStatusFields: v1.TaskRunStatusFields{ Steps: []v1.StepState{{ @@ -457,7 +457,7 @@ func TestTaskRun(t *testing.T) { }, { name: "resolvedDependencies from step and sidecar images", - obj: objects.NewTaskRunObjectV1(&v1.TaskRun{ //nolint:staticcheck + obj: objects.NewTaskRunObjectV1(&v1.TaskRun{ Status: v1.TaskRunStatus{ TaskRunStatusFields: v1.TaskRunStatusFields{ Steps: []v1.StepState{{ @@ -507,7 +507,7 @@ func TestTaskRun(t *testing.T) { resolveOpts: ResolveOptions{ WithStepActionsResults: true, }, - obj: objects.NewTaskRunObjectV1(&v1.TaskRun{ //nolint:staticcheck + obj: objects.NewTaskRunObjectV1(&v1.TaskRun{ Status: v1.TaskRunStatus{ TaskRunStatusFields: v1.TaskRunStatusFields{ Steps: []v1.StepState{{ diff --git a/pkg/chains/formats/slsa/internal/results/results_test.go b/pkg/chains/formats/slsa/internal/results/results_test.go index 6ba3f720ac..fb3392bcd5 100644 --- a/pkg/chains/formats/slsa/internal/results/results_test.go +++ b/pkg/chains/formats/slsa/internal/results/results_test.go @@ -190,6 +190,7 @@ func TestGetResultsWithoutBuildArtifacts(t *testing.T) { } func toJSONString(t *testing.T, val v1.ParamValue) []byte { + t.Helper() res, err := json.Marshal(val) if err != nil { t.Fatalf("error converting to json string: %v", err) diff --git a/pkg/chains/formats/slsa/v1/internal/protos/protos.go b/pkg/chains/formats/slsa/v1/internal/protos/protos.go index e7ee4cbe51..14209b4307 100644 --- a/pkg/chains/formats/slsa/v1/internal/protos/protos.go +++ b/pkg/chains/formats/slsa/v1/internal/protos/protos.go @@ -10,13 +10,13 @@ import ( // GetPredicateStruct returns a protobuf struct from the given SLSAv0.2 predicate. func GetPredicateStruct(predicate *slsa.ProvenancePredicate) (*structpb.Struct, error) { - predicateJson, err := json.Marshal(predicate) + predicateJSON, err := json.Marshal(predicate) if err != nil { return nil, err } predicateStruct := &structpb.Struct{} - err = protojson.Unmarshal(predicateJson, predicateStruct) + err = protojson.Unmarshal(predicateJSON, predicateStruct) if err != nil { return nil, err } diff --git a/pkg/chains/formats/slsa/v1/intotoite6_test.go b/pkg/chains/formats/slsa/v1/intotoite6_test.go index ca0b93a194..504d7034cf 100644 --- a/pkg/chains/formats/slsa/v1/intotoite6_test.go +++ b/pkg/chains/formats/slsa/v1/intotoite6_test.go @@ -211,136 +211,8 @@ func TestPipelineRunCreatePayload(t *testing.T) { Builder: common.ProvenanceBuilder{ ID: "test_builder-1", }, - BuildType: "tekton.dev/v1beta1/PipelineRun", - BuildConfig: pipelinerun.BuildConfig{ - Tasks: []pipelinerun.TaskAttestation{ - { - Name: "git-clone", - After: nil, - Ref: v1beta1.TaskRef{ - Name: "git-clone", - Kind: "ClusterTask", - }, - StartedOn: e1BuildStart, - FinishedOn: e1BuildFinished, - Status: "Succeeded", - Steps: []attest.StepAttestation{ - { - EntryPoint: "git clone", - Arguments: []string(nil), - Environment: map[string]interface{}{ - "container": "step1", - "image": artifacts.OCIScheme + "gcr.io/test1/test1@sha256:d4b63d3e24d6eef04a6dc0795cf8a73470688803d97c52cffa3c8d4efd3397b6", - }, - Annotations: nil, - }, - }, - Invocation: slsa.ProvenanceInvocation{ - ConfigSource: slsa.ConfigSource{ - URI: "github.com/catalog", - Digest: common.DigestSet{"sha1": "x123"}, - EntryPoint: "git-clone.yaml", - }, - Parameters: map[string]v1beta1.ParamValue{ - "CHAINS-GIT_COMMIT": {Type: "string", StringVal: "sha:taskdefault"}, - "CHAINS-GIT_URL": {Type: "string", StringVal: "https://git.test.com"}, - "revision": {Type: "string", StringVal: ""}, - "url": {Type: "string", StringVal: "https://git.test.com"}, - }, - Environment: map[string]map[string]string{ - "labels": {"tekton.dev/pipelineTask": "git-clone"}, - }, - }, - Results: []v1beta1.TaskRunResult{ - { - Name: "some-uri_DIGEST", - Value: v1beta1.ParamValue{ - Type: v1beta1.ParamTypeString, - StringVal: "sha256:d4b63d3e24d6eef04a6dc0795cf8a73470688803d97c52cffa3c8d4efd3397b6", - }, - }, - { - Name: "some-uri", - Value: v1beta1.ParamValue{ - Type: v1beta1.ParamTypeString, - StringVal: "pkg:deb/debian/curl@7.50.3-1", - }, - }, - }, - }, - { - Name: "build", - After: []string{"git-clone"}, - Ref: v1beta1.TaskRef{ - Name: "build", - Kind: "ClusterTask", - }, - StartedOn: e1BuildStart, - FinishedOn: e1BuildFinished, - Status: "Succeeded", - Steps: []attest.StepAttestation{ - { - EntryPoint: "", - Arguments: []string(nil), - Environment: map[string]interface{}{ - "image": artifacts.OCIScheme + "gcr.io/test1/test1@sha256:d4b63d3e24d6eef04a6dc0795cf8a73470688803d97c52cffa3c8d4efd3397b6", - "container": "step1", - }, - Annotations: nil, - }, - { - EntryPoint: "", - Arguments: []string(nil), - Environment: map[string]interface{}{ - "image": artifacts.OCIScheme + "gcr.io/test2/test2@sha256:4d6dd704ef58cb214dd826519929e92a978a57cdee43693006139c0080fd6fac", - "container": "step2", - }, - Annotations: nil, - }, - { - EntryPoint: "", - Arguments: []string(nil), - Environment: map[string]interface{}{ - "image": artifacts.OCIScheme + "gcr.io/test3/test3@sha256:f1a8b8549c179f41e27ff3db0fe1a1793e4b109da46586501a8343637b1d0478", - "container": "step3", - }, - Annotations: nil, - }, - }, - Invocation: slsa.ProvenanceInvocation{ - ConfigSource: slsa.ConfigSource{ - URI: "github.com/test", - Digest: map[string]string{"sha1": "ab123"}, - EntryPoint: "build.yaml", - }, - Parameters: map[string]v1beta1.ParamValue{ - "CHAINS-GIT_COMMIT": {Type: "string", StringVal: "sha:taskrun"}, - "CHAINS-GIT_URL": {Type: "string", StringVal: "https://git.test.com"}, - "IMAGE": {Type: "string", StringVal: "test.io/test/image"}, - }, - Environment: map[string]map[string]string{ - "labels": {"tekton.dev/pipelineTask": "build"}, - }, - }, - Results: []v1beta1.TaskRunResult{ - { - Name: "IMAGE_DIGEST", - Value: v1beta1.ParamValue{ - Type: v1beta1.ParamTypeString, - StringVal: "sha256:827521c857fdcd4374f4da5442fbae2edb01e7fbae285c3ec15673d4c1daecb7", - }, - }, - { - Name: "IMAGE_URL", - Value: v1beta1.ParamValue{ - Type: v1beta1.ParamTypeString, - StringVal: "gcr.io/my/image", - }, - }, - }, - }, - }, - }, + BuildType: "tekton.dev/v1beta1/PipelineRun", + BuildConfig: getBuildPipelineRun(), } predicateStruct, err := protos.GetPredicateStruct(predicate) @@ -435,136 +307,8 @@ func TestPipelineRunCreatePayloadChildRefs(t *testing.T) { Builder: common.ProvenanceBuilder{ ID: "test_builder-1", }, - BuildType: "tekton.dev/v1beta1/PipelineRun", - BuildConfig: pipelinerun.BuildConfig{ - Tasks: []pipelinerun.TaskAttestation{ - { - Name: "git-clone", - After: nil, - Ref: v1beta1.TaskRef{ - Name: "git-clone", - Kind: "ClusterTask", - }, - StartedOn: e1BuildStart, - FinishedOn: e1BuildFinished, - Status: "Succeeded", - Steps: []attest.StepAttestation{ - { - EntryPoint: "git clone", - Arguments: []string(nil), - Environment: map[string]interface{}{ - "container": "step1", - "image": artifacts.OCIScheme + "gcr.io/test1/test1@sha256:d4b63d3e24d6eef04a6dc0795cf8a73470688803d97c52cffa3c8d4efd3397b6", - }, - Annotations: nil, - }, - }, - Invocation: slsa.ProvenanceInvocation{ - ConfigSource: slsa.ConfigSource{ - URI: "github.com/catalog", - Digest: common.DigestSet{"sha1": "x123"}, - EntryPoint: "git-clone.yaml", - }, - Parameters: map[string]v1beta1.ParamValue{ - "CHAINS-GIT_COMMIT": {Type: "string", StringVal: "sha:taskdefault"}, - "CHAINS-GIT_URL": {Type: "string", StringVal: "https://git.test.com"}, - "revision": {Type: "string", StringVal: ""}, - "url": {Type: "string", StringVal: "https://git.test.com"}, - }, - Environment: map[string]map[string]string{ - "labels": {"tekton.dev/pipelineTask": "git-clone"}, - }, - }, - Results: []v1beta1.TaskRunResult{ - { - Name: "some-uri_DIGEST", - Value: v1beta1.ParamValue{ - Type: v1beta1.ParamTypeString, - StringVal: "sha256:d4b63d3e24d6eef04a6dc0795cf8a73470688803d97c52cffa3c8d4efd3397b6", - }, - }, - { - Name: "some-uri", - Value: v1beta1.ParamValue{ - Type: v1beta1.ParamTypeString, - StringVal: "pkg:deb/debian/curl@7.50.3-1", - }, - }, - }, - }, - { - Name: "build", - After: []string{"git-clone"}, - Ref: v1beta1.TaskRef{ - Name: "build", - Kind: "ClusterTask", - }, - StartedOn: e1BuildStart, - FinishedOn: e1BuildFinished, - Status: "Succeeded", - Steps: []attest.StepAttestation{ - { - EntryPoint: "", - Arguments: []string(nil), - Environment: map[string]interface{}{ - "image": artifacts.OCIScheme + "gcr.io/test1/test1@sha256:d4b63d3e24d6eef04a6dc0795cf8a73470688803d97c52cffa3c8d4efd3397b6", - "container": "step1", - }, - Annotations: nil, - }, - { - EntryPoint: "", - Arguments: []string(nil), - Environment: map[string]interface{}{ - "image": artifacts.OCIScheme + "gcr.io/test2/test2@sha256:4d6dd704ef58cb214dd826519929e92a978a57cdee43693006139c0080fd6fac", - "container": "step2", - }, - Annotations: nil, - }, - { - EntryPoint: "", - Arguments: []string(nil), - Environment: map[string]interface{}{ - "image": artifacts.OCIScheme + "gcr.io/test3/test3@sha256:f1a8b8549c179f41e27ff3db0fe1a1793e4b109da46586501a8343637b1d0478", - "container": "step3", - }, - Annotations: nil, - }, - }, - Invocation: slsa.ProvenanceInvocation{ - ConfigSource: slsa.ConfigSource{ - URI: "github.com/test", - Digest: map[string]string{"sha1": "ab123"}, - EntryPoint: "build.yaml", - }, - Parameters: map[string]v1beta1.ParamValue{ - "CHAINS-GIT_COMMIT": {Type: "string", StringVal: "sha:taskrun"}, - "CHAINS-GIT_URL": {Type: "string", StringVal: "https://git.test.com"}, - "IMAGE": {Type: "string", StringVal: "test.io/test/image"}, - }, - Environment: map[string]map[string]string{ - "labels": {"tekton.dev/pipelineTask": "build"}, - }, - }, - Results: []v1beta1.TaskRunResult{ - { - Name: "IMAGE_DIGEST", - Value: v1beta1.ParamValue{ - Type: v1beta1.ParamTypeString, - StringVal: "sha256:827521c857fdcd4374f4da5442fbae2edb01e7fbae285c3ec15673d4c1daecb7", - }, - }, - { - Name: "IMAGE_URL", - Value: v1beta1.ParamValue{ - Type: v1beta1.ParamTypeString, - StringVal: "gcr.io/my/image", - }, - }, - }, - }, - }, - }, + BuildType: "tekton.dev/v1beta1/PipelineRun", + BuildConfig: getBuildPipelineRun(), } predicateStruct, err := protos.GetPredicateStruct(predicate) @@ -817,3 +561,135 @@ func TestCorrectPayloadType(t *testing.T) { t.Errorf("Invalid type returned: %s", i.Type()) } } + +func getBuildPipelineRun() pipelinerun.BuildConfig { + return pipelinerun.BuildConfig{ + Tasks: []pipelinerun.TaskAttestation{ + { + Name: "git-clone", + After: nil, + Ref: v1beta1.TaskRef{ + Name: "git-clone", + Kind: "ClusterTask", + }, + StartedOn: e1BuildStart, + FinishedOn: e1BuildFinished, + Status: "Succeeded", + Steps: []attest.StepAttestation{ + { + EntryPoint: "git clone", + Arguments: []string(nil), + Environment: map[string]interface{}{ + "container": "step1", + "image": artifacts.OCIScheme + "gcr.io/test1/test1@sha256:d4b63d3e24d6eef04a6dc0795cf8a73470688803d97c52cffa3c8d4efd3397b6", + }, + Annotations: nil, + }, + }, + Invocation: slsa.ProvenanceInvocation{ + ConfigSource: slsa.ConfigSource{ + URI: "github.com/catalog", + Digest: common.DigestSet{"sha1": "x123"}, + EntryPoint: "git-clone.yaml", + }, + Parameters: map[string]v1beta1.ParamValue{ + "CHAINS-GIT_COMMIT": {Type: "string", StringVal: "sha:taskdefault"}, + "CHAINS-GIT_URL": {Type: "string", StringVal: "https://git.test.com"}, + "revision": {Type: "string", StringVal: ""}, + "url": {Type: "string", StringVal: "https://git.test.com"}, + }, + Environment: map[string]map[string]string{ + "labels": {"tekton.dev/pipelineTask": "git-clone"}, + }, + }, + Results: []v1beta1.TaskRunResult{ + { + Name: "some-uri_DIGEST", + Value: v1beta1.ParamValue{ + Type: v1beta1.ParamTypeString, + StringVal: "sha256:d4b63d3e24d6eef04a6dc0795cf8a73470688803d97c52cffa3c8d4efd3397b6", + }, + }, + { + Name: "some-uri", + Value: v1beta1.ParamValue{ + Type: v1beta1.ParamTypeString, + StringVal: "pkg:deb/debian/curl@7.50.3-1", + }, + }, + }, + }, + { + Name: "build", + After: []string{"git-clone"}, + Ref: v1beta1.TaskRef{ + Name: "build", + Kind: "ClusterTask", + }, + StartedOn: e1BuildStart, + FinishedOn: e1BuildFinished, + Status: "Succeeded", + Steps: []attest.StepAttestation{ + { + EntryPoint: "", + Arguments: []string(nil), + Environment: map[string]interface{}{ + "image": artifacts.OCIScheme + "gcr.io/test1/test1@sha256:d4b63d3e24d6eef04a6dc0795cf8a73470688803d97c52cffa3c8d4efd3397b6", + "container": "step1", + }, + Annotations: nil, + }, + { + EntryPoint: "", + Arguments: []string(nil), + Environment: map[string]interface{}{ + "image": artifacts.OCIScheme + "gcr.io/test2/test2@sha256:4d6dd704ef58cb214dd826519929e92a978a57cdee43693006139c0080fd6fac", + "container": "step2", + }, + Annotations: nil, + }, + { + EntryPoint: "", + Arguments: []string(nil), + Environment: map[string]interface{}{ + "image": artifacts.OCIScheme + "gcr.io/test3/test3@sha256:f1a8b8549c179f41e27ff3db0fe1a1793e4b109da46586501a8343637b1d0478", + "container": "step3", + }, + Annotations: nil, + }, + }, + Invocation: slsa.ProvenanceInvocation{ + ConfigSource: slsa.ConfigSource{ + URI: "github.com/test", + Digest: map[string]string{"sha1": "ab123"}, + EntryPoint: "build.yaml", + }, + Parameters: map[string]v1beta1.ParamValue{ + "CHAINS-GIT_COMMIT": {Type: "string", StringVal: "sha:taskrun"}, + "CHAINS-GIT_URL": {Type: "string", StringVal: "https://git.test.com"}, + "IMAGE": {Type: "string", StringVal: "test.io/test/image"}, + }, + Environment: map[string]map[string]string{ + "labels": {"tekton.dev/pipelineTask": "build"}, + }, + }, + Results: []v1beta1.TaskRunResult{ + { + Name: "IMAGE_DIGEST", + Value: v1beta1.ParamValue{ + Type: v1beta1.ParamTypeString, + StringVal: "sha256:827521c857fdcd4374f4da5442fbae2edb01e7fbae285c3ec15673d4c1daecb7", + }, + }, + { + Name: "IMAGE_URL", + Value: v1beta1.ParamValue{ + Type: v1beta1.ParamTypeString, + StringVal: "gcr.io/my/image", + }, + }, + }, + }, + }, + } +} diff --git a/pkg/chains/formats/slsa/v1/pipelinerun/pipelinerun.go b/pkg/chains/formats/slsa/v1/pipelinerun/pipelinerun.go index 34afe9a824..cf258c398c 100644 --- a/pkg/chains/formats/slsa/v1/pipelinerun/pipelinerun.go +++ b/pkg/chains/formats/slsa/v1/pipelinerun/pipelinerun.go @@ -48,7 +48,7 @@ type TaskAttestation struct { Results []v1beta1.TaskRunResult `json:"results,omitempty"` } -const StatementInTotoV01 = "https://in-toto.io/Statement/v0.1" +const statementInTotoV01 = "https://in-toto.io/Statement/v0.1" func GenerateAttestation(ctx context.Context, pro *objects.PipelineRunObjectV1Beta1, slsaConfig *slsaconfig.SlsaConfig) (interface{}, error) { subjects := extract.SubjectDigests(ctx, pro, slsaConfig) @@ -75,7 +75,7 @@ func GenerateAttestation(ctx context.Context, pro *objects.PipelineRunObjectV1Be } att := &intoto.Statement{ - Type: StatementInTotoV01, + Type: statementInTotoV01, PredicateType: slsa.PredicateSLSAProvenance, Subject: subjects, Predicate: predicateStruct, diff --git a/pkg/chains/formats/slsa/v1/pipelinerun/provenance_test.go b/pkg/chains/formats/slsa/v1/pipelinerun/provenance_test.go index 16eb25bc8f..91ddb0bd41 100644 --- a/pkg/chains/formats/slsa/v1/pipelinerun/provenance_test.go +++ b/pkg/chains/formats/slsa/v1/pipelinerun/provenance_test.go @@ -484,7 +484,8 @@ func TestSubjectDigests(t *testing.T) { ctx := logtesting.TestContextWithLogger(t) gotSubjects := extract.SubjectDigests(ctx, pro, &slsaconfig.SlsaConfig{DeepInspectionEnabled: false}) - opts := append(ignore, compare.SubjectCompareOption(), protocmp.Transform()) + opts := ignore + opts = append(opts, compare.SubjectCompareOption(), protocmp.Transform()) if diff := cmp.Diff(gotSubjects, wantSubjects, opts...); diff != "" { t.Errorf("Differences in subjects: -want +got: %s", diff) } diff --git a/pkg/chains/formats/slsa/v1/taskrun/taskrun.go b/pkg/chains/formats/slsa/v1/taskrun/taskrun.go index 0c9ab44a5d..e1496bca93 100644 --- a/pkg/chains/formats/slsa/v1/taskrun/taskrun.go +++ b/pkg/chains/formats/slsa/v1/taskrun/taskrun.go @@ -28,7 +28,7 @@ import ( "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" ) -const StatementInTotoV01 = "https://in-toto.io/Statement/v0.1" +const statementInTotoV01 = "https://in-toto.io/Statement/v0.1" func GenerateAttestation(ctx context.Context, tro *objects.TaskRunObjectV1Beta1, slsaConfig *slsaconfig.SlsaConfig) (interface{}, error) { subjects := extract.SubjectDigests(ctx, tro, slsaConfig) @@ -55,7 +55,7 @@ func GenerateAttestation(ctx context.Context, tro *objects.TaskRunObjectV1Beta1, } return &intoto.Statement{ - Type: StatementInTotoV01, + Type: statementInTotoV01, PredicateType: slsa.PredicateSLSAProvenance, Subject: subjects, Predicate: predicateStruct, diff --git a/pkg/chains/formats/slsa/v2alpha3/internal/pipelinerun/pipelinerun.go b/pkg/chains/formats/slsa/v2alpha3/internal/pipelinerun/pipelinerun.go index fe8bd6a8b2..12f02567e5 100644 --- a/pkg/chains/formats/slsa/v2alpha3/internal/pipelinerun/pipelinerun.go +++ b/pkg/chains/formats/slsa/v2alpha3/internal/pipelinerun/pipelinerun.go @@ -62,12 +62,12 @@ func GenerateAttestation(ctx context.Context, pro *objects.PipelineRunObjectV1, } predicateStruct := &structpb.Struct{} - predicateJson, err := protojson.Marshal(predicate) + predicateJSON, err := protojson.Marshal(predicate) if err != nil { return nil, err } - err = protojson.Unmarshal(predicateJson, predicateStruct) + err = protojson.Unmarshal(predicateJSON, predicateStruct) if err != nil { return nil, err } diff --git a/pkg/chains/formats/slsa/v2alpha3/internal/pipelinerun/pipelinerun_test.go b/pkg/chains/formats/slsa/v2alpha3/internal/pipelinerun/pipelinerun_test.go index fdc0e5820b..a363b1b86a 100644 --- a/pkg/chains/formats/slsa/v2alpha3/internal/pipelinerun/pipelinerun_test.go +++ b/pkg/chains/formats/slsa/v2alpha3/internal/pipelinerun/pipelinerun_test.go @@ -42,7 +42,7 @@ import ( ) func TestMetadata(t *testing.T) { - pr := &v1.PipelineRun{ //nolint:staticcheck + pr := &v1.PipelineRun{ ObjectMeta: metav1.ObjectMeta{ Name: "my-taskrun", Namespace: "my-namespace", @@ -73,7 +73,7 @@ func TestMetadata(t *testing.T) { func TestMetadataInTimeZone(t *testing.T) { tz := time.FixedZone("Test Time", int((12 * time.Hour).Seconds())) - pr := &v1.PipelineRun{ //nolint:staticcheck + pr := &v1.PipelineRun{ ObjectMeta: metav1.ObjectMeta{ Name: "my-taskrun", Namespace: "my-namespace", @@ -104,7 +104,7 @@ func TestMetadataInTimeZone(t *testing.T) { func TestByProducts(t *testing.T) { resultValue := v1.ResultValue{Type: "string", StringVal: "result-value"} - pr := &v1.PipelineRun{ //nolint:staticcheck + pr := &v1.PipelineRun{ Status: v1.PipelineRunStatus{ PipelineRunStatusFields: v1.PipelineRunStatusFields{ Results: []v1.PipelineRunResult{ @@ -255,13 +255,13 @@ func TestGenerateAttestation(t *testing.T) { }, } - predicateJson, err := protojson.Marshal(&slsaPredicate) + predicateJSON, err := protojson.Marshal(&slsaPredicate) if err != nil { t.Fatalf("error getting SLSA predicate proto struct: %v", err) } predicateStruct := &structpb.Struct{} - err = protojson.Unmarshal(predicateJson, predicateStruct) + err = protojson.Unmarshal(predicateJSON, predicateStruct) if err != nil { t.Fatalf("error getting SLSA predicate proto struct: %v", err) } @@ -295,7 +295,7 @@ func TestGenerateAttestation(t *testing.T) { } } -func getResolvedDependencies(addTasks func(*objects.TaskRunObjectV1) (*intoto.ResourceDescriptor, error)) []*intoto.ResourceDescriptor { //nolint:staticcheck +func getResolvedDependencies(addTasks func(*objects.TaskRunObjectV1) (*intoto.ResourceDescriptor, error)) []*intoto.ResourceDescriptor { pr := createPro("../../../testdata/slsa-v2alpha3/pipelinerun1.json") rd, err := resolveddependencies.PipelineRun(context.Background(), pr, &slsaconfig.SlsaConfig{DeepInspectionEnabled: false}, addTasks) if err != nil { @@ -314,7 +314,7 @@ func TestGetBuildDefinition(t *testing.T) { } tests := []struct { name string - taskContent func(*objects.TaskRunObjectV1) (*intoto.ResourceDescriptor, error) //nolint:staticcheck + taskContent func(*objects.TaskRunObjectV1) (*intoto.ResourceDescriptor, error) config *slsaconfig.SlsaConfig want slsa.BuildDefinition }{ @@ -381,6 +381,7 @@ func TestUnsupportedBuildType(t *testing.T) { } func getProtoStruct(t *testing.T, data map[string]any) *structpb.Struct { + t.Helper() protoStruct, err := getStruct(data) if err != nil { t.Fatalf("error getting proto struct: %v", err) diff --git a/pkg/chains/formats/slsa/v2alpha3/internal/taskrun/taskrun_test.go b/pkg/chains/formats/slsa/v2alpha3/internal/taskrun/taskrun_test.go index 637e7c5740..b221a72409 100644 --- a/pkg/chains/formats/slsa/v2alpha3/internal/taskrun/taskrun_test.go +++ b/pkg/chains/formats/slsa/v2alpha3/internal/taskrun/taskrun_test.go @@ -41,7 +41,7 @@ import ( func TestByProducts(t *testing.T) { resultValue := v1.ResultValue{Type: "string", StringVal: "result-value"} - tr := &v1.TaskRun{ //nolint:staticcheck + tr := &v1.TaskRun{ Status: v1.TaskRunStatus{ TaskRunStatusFields: v1.TaskRunStatusFields{ Results: []v1.TaskRunResult{ @@ -155,13 +155,13 @@ func TestTaskRunGenerateAttestation(t *testing.T) { }, } - predicateJson, err := protojson.Marshal(&slsaPredicate) + predicateJSON, err := protojson.Marshal(&slsaPredicate) if err != nil { t.Fatalf("error getting SLSA predicate proto struct: %v", err) } predicateStruct := &structpb.Struct{} - err = protojson.Unmarshal(predicateJson, predicateStruct) + err = protojson.Unmarshal(predicateJSON, predicateStruct) if err != nil { t.Fatalf("error getting SLSA predicate proto struct: %v", err) } @@ -194,6 +194,7 @@ func TestTaskRunGenerateAttestation(t *testing.T) { } func getStruct(t *testing.T, data map[string]any) *structpb.Struct { + t.Helper() bytes, err := json.Marshal(data) if err != nil { t.Fatalf("error getting proto struct: %v", err) diff --git a/pkg/chains/formats/slsa/v2alpha3/slsav2_test.go b/pkg/chains/formats/slsa/v2alpha3/slsav2_test.go index 78650aa712..6d1de44767 100644 --- a/pkg/chains/formats/slsa/v2alpha3/slsav2_test.go +++ b/pkg/chains/formats/slsa/v2alpha3/slsav2_test.go @@ -80,13 +80,10 @@ func TestCreatePayloadError(t *testing.T) { } if err == nil { t.Errorf("Expected error") - } else { - if err.Error() != "intoto does not support type: not a task ref" { - t.Errorf("wrong error returned: '%s'", err.Error()) - } + } else if err.Error() != "intoto does not support type: not a task ref" { + t.Errorf("wrong error returned: '%s'", err.Error()) } }) - } func TestCorrectPayloadType(t *testing.T) { @@ -538,6 +535,7 @@ func TestPipelineRunCreatePayload1(t *testing.T) { } func getStruct(t *testing.T, data map[string]any) *structpb.Struct { + t.Helper() bytes, err := json.Marshal(data) if err != nil { t.Fatalf("error getting proto struct: %v", err) @@ -553,13 +551,14 @@ func getStruct(t *testing.T, data map[string]any) *structpb.Struct { } func getPredicateStruct(t *testing.T, slsaPredicate *slsa.Provenance) *structpb.Struct { - predicateJson, err := protojson.Marshal(slsaPredicate) + t.Helper() + predicateJSON, err := protojson.Marshal(slsaPredicate) if err != nil { t.Fatalf("error getting SLSA predicate proto struct: %v", err) } predicateStruct := &structpb.Struct{} - err = protojson.Unmarshal(predicateJson, predicateStruct) + err = protojson.Unmarshal(predicateJSON, predicateStruct) if err != nil { t.Fatalf("error getting SLSA predicate proto struct: %v", err) } diff --git a/pkg/chains/formats/slsa/v2alpha4/internal/taskrun/taskrun_test.go b/pkg/chains/formats/slsa/v2alpha4/internal/taskrun/taskrun_test.go index 42e4408ecd..9938287048 100644 --- a/pkg/chains/formats/slsa/v2alpha4/internal/taskrun/taskrun_test.go +++ b/pkg/chains/formats/slsa/v2alpha4/internal/taskrun/taskrun_test.go @@ -43,7 +43,7 @@ const jsonMediaType = "application/json" func TestByProducts(t *testing.T) { resultValue := v1.ResultValue{Type: "string", StringVal: "result-value"} - tr := &v1.TaskRun{ //nolint:staticcheck + tr := &v1.TaskRun{ Status: v1.TaskRunStatus{ TaskRunStatusFields: v1.TaskRunStatusFields{ Results: []v1.TaskRunResult{ @@ -182,6 +182,7 @@ func TestTaskRunGenerateAttestation(t *testing.T) { } func getStruct(t *testing.T, data map[string]any) *structpb.Struct { + t.Helper() bytes, err := json.Marshal(data) if err != nil { t.Fatalf("error getting proto struct: %v", err) @@ -197,13 +198,14 @@ func getStruct(t *testing.T, data map[string]any) *structpb.Struct { } func getPredicateStruct(t *testing.T, slsaPredicate *slsa.Provenance) *structpb.Struct { - predicateJson, err := protojson.Marshal(slsaPredicate) + t.Helper() + predicateJSON, err := protojson.Marshal(slsaPredicate) if err != nil { t.Fatalf("error getting SLSA predicate proto struct: %v", err) } predicateStruct := &structpb.Struct{} - err = protojson.Unmarshal(predicateJson, predicateStruct) + err = protojson.Unmarshal(predicateJSON, predicateStruct) if err != nil { t.Fatalf("error getting SLSA predicate proto struct: %v", err) } diff --git a/pkg/chains/formats/slsa/v2alpha4/slsav2.go b/pkg/chains/formats/slsa/v2alpha4/slsav2.go index 6080df5119..3db3fbeeff 100644 --- a/pkg/chains/formats/slsa/v2alpha4/slsav2.go +++ b/pkg/chains/formats/slsa/v2alpha4/slsav2.go @@ -42,7 +42,7 @@ type Slsa struct { } // NewFormatter returns a new v2alpha4 payloader. -func NewFormatter(cfg config.Config) (formats.Payloader, error) { +func NewFormatter(cfg config.Config) (formats.Payloader, error) { //nolint:ireturn return &Slsa{ slsaConfig: &slsaconfig.SlsaConfig{ BuilderID: cfg.Builder.ID, diff --git a/pkg/chains/formats/slsa/v2alpha4/slsav2_test.go b/pkg/chains/formats/slsa/v2alpha4/slsav2_test.go index 9bc4d60da1..3c82def5a9 100644 --- a/pkg/chains/formats/slsa/v2alpha4/slsav2_test.go +++ b/pkg/chains/formats/slsa/v2alpha4/slsav2_test.go @@ -397,6 +397,7 @@ func TestMultipleSubjects(t *testing.T) { } func getStruct(t *testing.T, data map[string]any) *structpb.Struct { + t.Helper() bytes, err := json.Marshal(data) if err != nil { t.Fatalf("error getting proto struct: %v", err) @@ -412,13 +413,14 @@ func getStruct(t *testing.T, data map[string]any) *structpb.Struct { } func getPredicateStruct(t *testing.T, slsaPredicate *slsa.Provenance) *structpb.Struct { - predicateJson, err := protojson.Marshal(slsaPredicate) + t.Helper() + predicateJSON, err := protojson.Marshal(slsaPredicate) if err != nil { t.Fatalf("error getting SLSA predicate proto struct: %v", err) } predicateStruct := &structpb.Struct{} - err = protojson.Unmarshal(predicateJson, predicateStruct) + err = protojson.Unmarshal(predicateJSON, predicateStruct) if err != nil { t.Fatalf("error getting SLSA predicate proto struct: %v", err) } diff --git a/pkg/chains/objects/objects.go b/pkg/chains/objects/objects.go index f20bd93794..0b6169d2b8 100644 --- a/pkg/chains/objects/objects.go +++ b/pkg/chains/objects/objects.go @@ -310,7 +310,7 @@ func (pro *PipelineRunObjectV1) AppendTaskRun(tr *v1.TaskRun) { } // Append TaskRuns to this PipelineRun -func (pro *PipelineRunObjectV1) GetTaskRuns() []*v1.TaskRun { //nolint:staticcheck +func (pro *PipelineRunObjectV1) GetTaskRuns() []*v1.TaskRun { return pro.taskRuns } diff --git a/pkg/chains/storage/grafeas/grafeas_test.go b/pkg/chains/storage/grafeas/grafeas_test.go index ad2184c1ef..57809aee31 100644 --- a/pkg/chains/storage/grafeas/grafeas_test.go +++ b/pkg/chains/storage/grafeas/grafeas_test.go @@ -268,7 +268,7 @@ func TestGrafeasBackend_StoreAndRetrieve(t *testing.T) { runObject: &objects.TaskRunObjectV1Beta1{ TaskRun: cloneTaskRun, }, - payload: getRawPayload(t, cloneTaskRunProvenance), + payload: getRawPayload(t, &cloneTaskRunProvenance), signature: "clone taskrun signatures", opts: config.StorageOpts{PayloadFormat: formats.PayloadTypeSlsav1}, }, @@ -281,7 +281,7 @@ func TestGrafeasBackend_StoreAndRetrieve(t *testing.T) { runObject: &objects.TaskRunObjectV1Beta1{ TaskRun: buildTaskRun, }, - payload: getRawPayload(t, buildTaskRunProvenance), + payload: getRawPayload(t, &buildTaskRunProvenance), signature: "build taskrun signature", opts: config.StorageOpts{PayloadFormat: formats.PayloadTypeSlsav1}, }, @@ -302,12 +302,12 @@ func TestGrafeasBackend_StoreAndRetrieve(t *testing.T) { wantErr: false, }, { - name: "intoto for the ci pipeline, no error, 2 occurences should be created for the pipelinerun for the 2 artifact generated.", + name: "intoto for the ci pipeline, no error, 2 occurrences should be created for the pipelinerun for the 2 artifact generated.", args: args{ runObject: &objects.PipelineRunObjectV1Beta1{ PipelineRun: ciPipeline, }, - payload: getRawPayload(t, ciPipelineRunProvenance), + payload: getRawPayload(t, &ciPipelineRunProvenance), signature: "ci pipelinerun signature", opts: config.StorageOpts{PayloadFormat: formats.PayloadTypeSlsav1}, }, @@ -337,10 +337,9 @@ func TestGrafeasBackend_StoreAndRetrieve(t *testing.T) { } defer conn.Close() - // collect all the occurences expected to be created in the server + // collect all the occurrences expected to be created in the server allOccurrencesInServer := []*pb.Occurrence{} for _, test := range tests { - // run the test t.Run(test.name, func(t *testing.T) { ctx := logging.WithLogger(ctx, logtesting.TestLogger(t)) @@ -391,6 +390,7 @@ func TestGrafeasBackend_StoreAndRetrieve(t *testing.T) { // test attestation storage and retrieval func testStoreAndRetrieveHelper(ctx context.Context, t *testing.T, test testConfig, backend Backend) { + t.Helper() if err := backend.StorePayload(ctx, test.args.runObject, test.args.payload, test.args.signature, test.args.opts); (err != nil) != test.wantErr { t.Fatalf("Backend.StorePayload() failed. error:%v, wantErr:%v", err, test.wantErr) } @@ -448,6 +448,7 @@ func testStoreAndRetrieveHelper(ctx context.Context, t *testing.T, test testConf // ------------------ occurrences for taskruns and pipelineruns -------------- // BUILD Occurrence for the build taskrun that stores the slsa provenance func getTaskRunBuildOcc(t *testing.T, identifier string) *pb.Occurrence { + t.Helper() return &pb.Occurrence{ Name: identifier, ResourceUri: identifier, @@ -476,7 +477,7 @@ func getTaskRunBuildOcc(t *testing.T, identifier string) *pb.Occurrence { }, }, Envelope: &pb.Envelope{ - Payload: getRawPayload(t, buildTaskRunProvenance), + Payload: getRawPayload(t, &buildTaskRunProvenance), PayloadType: "application/vnd.in-toto+json", Signatures: []*pb.EnvelopeSignature{ {Sig: []byte("build taskrun signature")}, @@ -487,6 +488,7 @@ func getTaskRunBuildOcc(t *testing.T, identifier string) *pb.Occurrence { // ATTESTATION Occurrence for the build taskrun that stores the image attestation func getTaskRunAttestationOcc(t *testing.T, identifier string) *pb.Occurrence { + t.Helper() return &pb.Occurrence{ Name: identifier, ResourceUri: identifier, @@ -510,6 +512,7 @@ func getTaskRunAttestationOcc(t *testing.T, identifier string) *pb.Occurrence { } func getPipelineRunBuildOcc(t *testing.T, identifier string) *pb.Occurrence { + t.Helper() ciPipelineRunProvenance := intoto.Statement{ Subject: buildTaskRunProvenance.Subject, Predicate: getPredicateStruct(t, &ciPipelineRunPredicate), @@ -549,7 +552,7 @@ func getPipelineRunBuildOcc(t *testing.T, identifier string) *pb.Occurrence { }, }, Envelope: &pb.Envelope{ - Payload: getRawPayload(t, ciPipelineRunProvenance), + Payload: getRawPayload(t, &ciPipelineRunProvenance), PayloadType: "application/vnd.in-toto+json", Signatures: []*pb.EnvelopeSignature{ {Sig: []byte("ci pipelinerun signature")}, @@ -559,6 +562,7 @@ func getPipelineRunBuildOcc(t *testing.T, identifier string) *pb.Occurrence { } func getRawPayload(t *testing.T, in interface{}) []byte { + t.Helper() rawPayload, err := json.Marshal(in) if err != nil { t.Errorf("Unable to marshal the provenance: %v", in) @@ -568,7 +572,7 @@ func getRawPayload(t *testing.T, in interface{}) []byte { // set up the connection between grafeas server and client // and return the client object to the caller -func setupConnection() (*grpc.ClientConn, pb.GrafeasClient, error) { +func setupConnection() (*grpc.ClientConn, pb.GrafeasClient, error) { //nolint:ireturn serv := grpc.NewServer() pb.RegisterGrafeasServer(serv, &mockGrafeasServer{}) @@ -622,7 +626,7 @@ func (s *mockGrafeasServer) CreateOccurrence(ctx context.Context, req *pb.Create occ := req.GetOccurrence() noteName := req.GetOccurrence().NoteName resourceUri := req.GetOccurrence().ResourceUri - occ.Name = resourceUri // mock how the occurrence ID (name) is outputed. + occ.Name = resourceUri // mock how the occurrence ID (name) is outputted. if note, ok := s.entries[noteName]; ok { if _, ok := note.occurrences[resourceUri]; ok { @@ -709,7 +713,6 @@ func (s *mockGrafeasServer) getOccurrencesByFilter(filter string, occurrences [] // mock how uri filter works uris := parseURIFilterString(filter) - // result result result := []*pb.Occurrence{} for _, occ := range occurrences { @@ -746,13 +749,14 @@ func parseURIFilterString(filter string) []string { } func getPredicateStruct(t *testing.T, predicate *slsa.ProvenancePredicate) *structpb.Struct { - predicateJson, err := json.Marshal(predicate) + t.Helper() + predicateJSON, err := json.Marshal(predicate) if err != nil { t.Fatalf("error getting predicate struct: %v", err) } predicateStruct := &structpb.Struct{} - err = protojson.Unmarshal(predicateJson, predicateStruct) + err = protojson.Unmarshal(predicateJSON, predicateStruct) if err != nil { t.Fatalf("error getting predicate struct: %v", err) } diff --git a/pkg/chains/storage/oci/attestation.go b/pkg/chains/storage/oci/attestation.go index 9dbd6ea2a5..5856c6d0fe 100644 --- a/pkg/chains/storage/oci/attestation.go +++ b/pkg/chains/storage/oci/attestation.go @@ -52,6 +52,7 @@ func NewAttestationStorer(opts ...AttestationStorerOption) (*AttestationStorer, return s, nil } +// Store saves the given statement. func (s *AttestationStorer) Store(ctx context.Context, req *api.StoreRequest[name.Digest, *intoto.Statement]) (*api.StoreResponse, error) { logger := logging.FromContext(ctx) diff --git a/pkg/chains/storage/pubsub/pubsub_test.go b/pkg/chains/storage/pubsub/pubsub_test.go index 31ecb8b090..9b4eab8741 100644 --- a/pkg/chains/storage/pubsub/pubsub_test.go +++ b/pkg/chains/storage/pubsub/pubsub_test.go @@ -32,7 +32,10 @@ import ( func TestBackend_StorePayload(t *testing.T) { // pretty much anything that has no Subject - sampleIntotoStatementBytes, _ := json.Marshal(intoto.Statement{}) + sampleIntotoStatementBytes, err := json.Marshal(intoto.Statement{}) + if err != nil { + t.Fatalf("error getting statement: %v", err) + } logger := logtesting.TestLogger(t) type fields struct { diff --git a/pkg/chains/storage/tekton/tekton.go b/pkg/chains/storage/tekton/tekton.go index fcb5da97e1..f3a7b9c46d 100644 --- a/pkg/chains/storage/tekton/tekton.go +++ b/pkg/chains/storage/tekton/tekton.go @@ -89,7 +89,7 @@ func (b *Backend) retrieveAnnotationValue(ctx context.Context, obj objects.Tekto var annotationValue string annotations, err := obj.GetLatestAnnotations(ctx, b.pipelineclientset) if err != nil { - return "", fmt.Errorf("error retrieving the annotation value for the key %q: %s", annotationKey, err) + return "", fmt.Errorf("error retrieving the annotation value for the key %q: %w", annotationKey, err) } val, ok := annotations[annotationKey] @@ -99,7 +99,7 @@ func (b *Backend) retrieveAnnotationValue(ctx context.Context, obj objects.Tekto if decode { decodedAnnotation, err := base64.StdEncoding.DecodeString(val) if err != nil { - return "", fmt.Errorf("error decoding the annotation value for the key %q: %s", annotationKey, err) + return "", fmt.Errorf("error decoding the annotation value for the key %q: %w", annotationKey, err) } annotationValue = string(decodedAnnotation) } else { diff --git a/test/e2e_test.go b/test/e2e_test.go index d9b219b85f..4e1af98906 100644 --- a/test/e2e_test.go +++ b/test/e2e_test.go @@ -397,6 +397,7 @@ func TestFulcio(t *testing.T) { } func base64Decode(t *testing.T, s string) []byte { + t.Helper() b, err := base64.StdEncoding.DecodeString(s) if err != nil { b, err = base64.URLEncoding.DecodeString(s) diff --git a/test/examples_test.go b/test/examples_test.go index 05b841550b..334c07cad9 100644 --- a/test/examples_test.go +++ b/test/examples_test.go @@ -175,7 +175,7 @@ func runInTotoFormatterTests(ctx context.Context, t *testing.T, ns string, c *cl // TODO: Commenting this out for now. Causes race condition where tests write and revert the chains-config // and signing-secrets out of order // t.Parallel() - + t.Helper() for path, obj := range test.getExampleObjects(t, ns) { obj := obj t.Run(path, func(t *testing.T) { @@ -199,7 +199,7 @@ func runInTotoFormatterTests(ctx context.Context, t *testing.T, ns string, c *cl if err := json.Unmarshal(payload, &gotProvenance); err != nil { t.Fatal(err) } - expected := expectedProvenanceSLSA1(t, ctx, path, completed, test.outputLocation, ns, c) + expected := expectedProvenanceSLSA1(ctx, t, path, completed, test.outputLocation, ns, c) expPredicateStruct := expected.Predicate expected.Predicate = nil @@ -225,7 +225,7 @@ func runInTotoFormatterTests(ctx context.Context, t *testing.T, ns string, c *cl if err := json.Unmarshal(payload, &gotProvenance); err != nil { t.Fatal(err) } - expected := expectedProvenance(t, ctx, path, completed, test.outputLocation, ns, c) + expected := expectedProvenance(ctx, t, path, completed, test.outputLocation, ns, c) expPredicateStruct := expected.Predicate expected.Predicate = nil @@ -292,13 +292,14 @@ func (v *verifier) Public() crypto.PublicKey { return v.pub } -func expectedProvenanceSLSA1(t *testing.T, ctx context.Context, example string, obj objects.TektonObject, outputLocation string, ns string, c *clients) intoto.Statement { +func expectedProvenanceSLSA1(ctx context.Context, t *testing.T, example string, obj objects.TektonObject, outputLocation string, ns string, c *clients) intoto.Statement { + t.Helper() switch obj.(type) { case *objects.TaskRunObjectV1: f := expectedTaskRunProvenanceFormat(t, example, obj, outputLocation) return expectedAttestationSLSA1(t, example, f, outputLocation) case *objects.PipelineRunObjectV1: - f := expectedPipelineRunProvenanceFormat(t, ctx, example, obj, outputLocation, ns, c) + f := expectedPipelineRunProvenanceFormat(ctx, t, obj, ns, c) return expectedAttestationSLSA1(t, example, f, outputLocation) default: t.Error("Unexpected type trying to get provenance") @@ -306,13 +307,14 @@ func expectedProvenanceSLSA1(t *testing.T, ctx context.Context, example string, return intoto.Statement{} } -func expectedProvenance(t *testing.T, ctx context.Context, example string, obj objects.TektonObject, outputLocation string, ns string, c *clients) intoto.Statement { +func expectedProvenance(ctx context.Context, t *testing.T, example string, obj objects.TektonObject, outputLocation string, ns string, c *clients) intoto.Statement { + t.Helper() switch obj.(type) { case *objects.TaskRunObjectV1: f := expectedTaskRunProvenanceFormat(t, example, obj, outputLocation) return expectedAttestation(t, example, f, outputLocation) case *objects.PipelineRunObjectV1: - f := expectedPipelineRunProvenanceFormat(t, ctx, example, obj, outputLocation, ns, c) + f := expectedPipelineRunProvenanceFormat(ctx, t, obj, ns, c) return expectedAttestation(t, example, f, outputLocation) default: t.Error("Unexpected type trying to get provenance") @@ -338,6 +340,7 @@ type Format struct { } func expectedTaskRunProvenanceFormat(t *testing.T, example string, obj objects.TektonObject, outputLocation string) Format { + t.Helper() tr := obj.GetObject().(*v1.TaskRun) name := tr.Name @@ -373,7 +376,8 @@ func expectedTaskRunProvenanceFormat(t *testing.T, example string, obj objects.T } } -func expectedPipelineRunProvenanceFormat(t *testing.T, ctx context.Context, example string, obj objects.TektonObject, outputLocation string, ns string, c *clients) Format { +func expectedPipelineRunProvenanceFormat(ctx context.Context, t *testing.T, obj objects.TektonObject, ns string, c *clients) Format { + t.Helper() pr := obj.GetObject().(*v1.PipelineRun) buildStartTimes := []string{} @@ -421,16 +425,19 @@ func expectedPipelineRunProvenanceFormat(t *testing.T, ctx context.Context, exam } func expectedAttestationSLSA1(t *testing.T, example string, f Format, outputLocation string) intoto.Statement { + t.Helper() b := readExpectedAttestationBytes(t, example, f, outputLocation) return readExpectedAttestationSLSA1(t, b) } func expectedAttestation(t *testing.T, example string, f Format, outputLocation string) intoto.Statement { + t.Helper() b := readExpectedAttestationBytes(t, example, f, outputLocation) return readExpectedAttestation(t, b) } func readExpectedAttestationBytes(t *testing.T, example string, f Format, outputLocation string) *bytes.Buffer { + t.Helper() path := filepath.Join("testdata", outputLocation, strings.Replace(filepath.Base(example), ".yaml", ".json", 1)) t.Logf("Reading expected provenance from %s", path) contents, err := ioutil.ReadFile(path) @@ -451,6 +458,7 @@ func readExpectedAttestationBytes(t *testing.T, example string, f Format, output } func readExpectedAttestationSLSA1(t *testing.T, b *bytes.Buffer) intoto.Statement { + t.Helper() var expected intoto.Statement if err := json.Unmarshal(b.Bytes(), &expected); err != nil { t.Fatal(err) @@ -459,6 +467,7 @@ func readExpectedAttestationSLSA1(t *testing.T, b *bytes.Buffer) intoto.Statemen } func readExpectedAttestation(t *testing.T, b *bytes.Buffer) intoto.Statement { + t.Helper() var expected intoto.Statement if err := json.Unmarshal(b.Bytes(), &expected); err != nil { t.Fatal(err) @@ -467,6 +476,7 @@ func readExpectedAttestation(t *testing.T, b *bytes.Buffer) intoto.Statement { } func getTaskRunExamples(t *testing.T, ns string) map[string]objects.TektonObject { + t.Helper() examples := make(map[string]objects.TektonObject) for _, example := range getExamplePaths(t, taskRunExamplesPath) { examples[example] = taskRunFromExample(t, ns, example) @@ -475,6 +485,7 @@ func getTaskRunExamples(t *testing.T, ns string) map[string]objects.TektonObject } func getTaskRunWithTypeHintedResultsExamples(t *testing.T, ns string) map[string]objects.TektonObject { + t.Helper() path := "../examples/v2alpha4/task-with-object-type-hinting.yaml" trs := make(map[string]objects.TektonObject) trs[path] = taskRunFromExample(t, ns, path) @@ -482,6 +493,7 @@ func getTaskRunWithTypeHintedResultsExamples(t *testing.T, ns string) map[string } func getPipelineRunExamples(t *testing.T, ns string) map[string]objects.TektonObject { + t.Helper() examples := make(map[string]objects.TektonObject) for _, example := range getExamplePaths(t, pipelineRunExamplesPath) { examples[example] = pipelineRunFromExample(t, ns, example) @@ -490,6 +502,7 @@ func getPipelineRunExamples(t *testing.T, ns string) map[string]objects.TektonOb } func getExamplePaths(t *testing.T, dir string) []string { + t.Helper() var examplePaths []string err := filepath.Walk(dir, func(path string, info os.FileInfo, err error) error { if err != nil { @@ -512,6 +525,7 @@ func getExamplePaths(t *testing.T, dir string) []string { } func taskRunFromExample(t *testing.T, ns, example string) objects.TektonObject { + t.Helper() contents, err := ioutil.ReadFile(example) if err != nil { t.Fatal(err) @@ -525,6 +539,7 @@ func taskRunFromExample(t *testing.T, ns, example string) objects.TektonObject { } func pipelineRunFromExample(t *testing.T, ns, example string) objects.TektonObject { + t.Helper() contents, err := ioutil.ReadFile(example) if err != nil { t.Fatal(err) @@ -553,24 +568,25 @@ func ignoreEnvironmentAnnotationsAndLabels(key string, value any) bool { } func comparePredicates[T any](t *testing.T, expPredicateStruct, gotPredicateStruct *structpb.Struct, opts []cmp.Option) { - expJson, err := expPredicateStruct.MarshalJSON() + t.Helper() + expJSON, err := expPredicateStruct.MarshalJSON() if err != nil { t.Fatalf("error getting predicate json: %v", err) } - gotJson, err := gotPredicateStruct.MarshalJSON() + gotJSON, err := gotPredicateStruct.MarshalJSON() if err != nil { t.Fatalf("error getting predicate json: %v", err) } var expectedPredicate T - json.Unmarshal(expJson, &expectedPredicate) + json.Unmarshal(expJSON, &expectedPredicate) if err != nil { t.Fatalf("error getting predicate original struct: %v", err) } var gotPredicate T - json.Unmarshal(gotJson, &gotPredicate) + json.Unmarshal(gotJSON, &gotPredicate) if err != nil { t.Fatalf("error getting predicate original struct: %v", err) } diff --git a/test/test_utils.go b/test/test_utils.go index a798bf278f..e46ca3cd35 100644 --- a/test/test_utils.go +++ b/test/test_utils.go @@ -130,6 +130,7 @@ var simpleTaskRun = v1.TaskRun{ func makeBucket(t *testing.T, client *storage.Client) (string, func()) { // Make a bucket + t.Helper() rand.Seed(time.Now().UnixNano()) testBucketName := fmt.Sprintf("tekton-chains-e2e-%d", rand.Intn(1000)) @@ -161,6 +162,7 @@ func makeBucket(t *testing.T, client *storage.Client) (string, func()) { } func readObj(t *testing.T, bucket, name string, client *storage.Client) io.Reader { + t.Helper() ctx := context.Background() reader, err := client.Bucket(bucket).Object(name).NewReader(ctx) if err != nil { @@ -170,6 +172,7 @@ func readObj(t *testing.T, bucket, name string, client *storage.Client) io.Reade } func setConfigMap(ctx context.Context, t *testing.T, c *clients, data map[string]string) func() { + t.Helper() // Change the config to be GCS storage with this bucket. // Note(rgreinho): This comment does not look right... clean := updateConfigMap(ctx, t, c, data, namespace, "chains-config") @@ -183,6 +186,7 @@ func setConfigMap(ctx context.Context, t *testing.T, c *clients, data map[string } func setupPipelinesFeatureFlags(ctx context.Context, t *testing.T, c *clients, data map[string]string) func() { + t.Helper() pipelinesNs := "tekton-pipelines" clean := updateConfigMap(ctx, t, c, data, pipelinesNs, "feature-flags") @@ -196,6 +200,7 @@ func setupPipelinesFeatureFlags(ctx context.Context, t *testing.T, c *clients, d } func updateConfigMap(ctx context.Context, t *testing.T, c *clients, data map[string]string, ns, configMapName string) func() { + t.Helper() cm, err := c.KubeClient.CoreV1().ConfigMaps(ns).Get(ctx, configMapName, metav1.GetOptions{}) if err != nil { t.Fatal(err) @@ -233,6 +238,7 @@ func updateConfigMap(ctx context.Context, t *testing.T, c *clients, data map[str } func printDebugging(t *testing.T, obj objects.TektonObject) { + t.Helper() kind := obj.GetObjectKind().GroupVersionKind().Kind t.Logf("============================== %s logs ==============================", obj.GetGVK()) @@ -249,6 +255,7 @@ func printDebugging(t *testing.T, obj objects.TektonObject) { } func verifySignature(ctx context.Context, t *testing.T, c *clients, obj objects.TektonObject) { + t.Helper() // Retrieve the configuration. chainsConfig, err := c.KubeClient.CoreV1().ConfigMaps(namespace).Get(ctx, "chains-config", metav1.GetOptions{}) if err != nil {