diff --git a/pkg/artifacts/signable_test.go b/pkg/artifacts/signable_test.go index 98c303c0ac..8863984561 100644 --- a/pkg/artifacts/signable_test.go +++ b/pkg/artifacts/signable_test.go @@ -46,7 +46,6 @@ const ( var ignore = []cmp.Option{cmpopts.IgnoreUnexported(name.Registry{}, name.Repository{}, name.Digest{})} func TestOCIArtifact_ExtractObjects(t *testing.T) { - tests := []struct { name string obj objects.TektonObject @@ -808,6 +807,7 @@ func TestExtractBuildArtifactsFromResults(t *testing.T) { } func createDigest(t *testing.T, dgst string) name.Digest { + t.Helper() result, err := name.NewDigest(dgst) if err != nil { t.Fatal(err) diff --git a/pkg/chains/formats/slsa/extract/v1beta1/extract.go b/pkg/chains/formats/slsa/extract/v1beta1/extract.go index a4c777d4aa..043ec0deb1 100644 --- a/pkg/chains/formats/slsa/extract/v1beta1/extract.go +++ b/pkg/chains/formats/slsa/extract/v1beta1/extract.go @@ -55,6 +55,7 @@ func SubjectDigests(ctx context.Context, obj objects.TektonObject, slsaconfig *s return subjects } +// SubjectsFromPipelineRunV1Beta1 returns software artifacts produced from the PipelineRun object. func SubjectsFromPipelineRunV1Beta1(ctx context.Context, obj objects.TektonObject, slsaconfig *slsaconfig.SlsaConfig) []*intoto.ResourceDescriptor { prSubjects := SubjectsFromTektonObjectV1Beta1(ctx, obj) @@ -90,6 +91,7 @@ func SubjectsFromPipelineRunV1Beta1(ctx context.Context, obj objects.TektonObjec return result } +// SubjectsFromTektonObjectV1Beta1 returns software artifacts produced from the Tekton object. func SubjectsFromTektonObjectV1Beta1(ctx context.Context, obj objects.TektonObject) []*intoto.ResourceDescriptor { logger := logging.FromContext(ctx) var subjects []*intoto.ResourceDescriptor diff --git a/pkg/chains/formats/slsa/internal/metadata/metadata_test.go b/pkg/chains/formats/slsa/internal/metadata/metadata_test.go index 5e8601e169..3f6cb3e7a9 100644 --- a/pkg/chains/formats/slsa/internal/metadata/metadata_test.go +++ b/pkg/chains/formats/slsa/internal/metadata/metadata_test.go @@ -27,7 +27,7 @@ import ( ) func TestMetadata(t *testing.T) { - tr := &v1.TaskRun{ //nolint:staticcheck + tr := &v1.TaskRun{ ObjectMeta: metav1.ObjectMeta{ Name: "my-taskrun", Namespace: "my-namespace", @@ -58,7 +58,7 @@ func TestMetadata(t *testing.T) { func TestMetadataInTimeZone(t *testing.T) { tz := time.FixedZone("Test Time", int((12 * time.Hour).Seconds())) - tr := &v1.TaskRun{ //nolint:staticcheck + tr := &v1.TaskRun{ ObjectMeta: metav1.ObjectMeta{ Name: "my-taskrun", Namespace: "my-namespace", diff --git a/pkg/chains/formats/slsa/internal/provenance/provenance.go b/pkg/chains/formats/slsa/internal/provenance/provenance.go index d0095fcdf9..45f3070d7c 100644 --- a/pkg/chains/formats/slsa/internal/provenance/provenance.go +++ b/pkg/chains/formats/slsa/internal/provenance/provenance.go @@ -51,12 +51,12 @@ func GetSLSA1Statement(obj objects.TektonObject, sub []*intoto.ResourceDescripto func getProtoStruct(predicate *slsa.Provenance) (*structpb.Struct, error) { protoStruct := &structpb.Struct{} - predicateJson, err := protojson.Marshal(predicate) + predicateJSON, err := protojson.Marshal(predicate) if err != nil { return nil, err } - err = protojson.Unmarshal(predicateJson, protoStruct) + err = protojson.Unmarshal(predicateJSON, protoStruct) if err != nil { return nil, err } diff --git a/pkg/chains/formats/slsa/internal/resolved_dependencies/resolved_dependencies.go b/pkg/chains/formats/slsa/internal/resolved_dependencies/resolved_dependencies.go index 43a398ab9e..c76a818196 100644 --- a/pkg/chains/formats/slsa/internal/resolved_dependencies/resolved_dependencies.go +++ b/pkg/chains/formats/slsa/internal/resolved_dependencies/resolved_dependencies.go @@ -50,7 +50,7 @@ const ( // used to toggle the fields in see AddTektonTaskDescriptor // and AddSLSATaskDescriptor -type addTaskDescriptorContent func(*objects.TaskRunObjectV1) (*intoto.ResourceDescriptor, error) //nolint:staticcheck +type addTaskDescriptorContent func(*objects.TaskRunObjectV1) (*intoto.ResourceDescriptor, error) // ResolveOptions represents the configuration to be use to resolve dependencies. type ResolveOptions struct { @@ -111,7 +111,7 @@ func RemoveDuplicateResolvedDependencies(resolvedDependencies []*intoto.Resource // AddTektonTaskDescriptor returns the more verbose resolved dependency content. this adds the name, uri, digest // and content if possible. -func AddTektonTaskDescriptor(tr *objects.TaskRunObjectV1) (*intoto.ResourceDescriptor, error) { //nolint:staticcheck +func AddTektonTaskDescriptor(tr *objects.TaskRunObjectV1) (*intoto.ResourceDescriptor, error) { rd := intoto.ResourceDescriptor{} storedTr, err := json.Marshal(tr) if err != nil { @@ -130,7 +130,7 @@ func AddTektonTaskDescriptor(tr *objects.TaskRunObjectV1) (*intoto.ResourceDescr // AddSLSATaskDescriptor resolves dependency content for the more generic slsa verifiers. just logs // the name, uri and digest. -func AddSLSATaskDescriptor(tr *objects.TaskRunObjectV1) (*intoto.ResourceDescriptor, error) { //nolint:staticcheck +func AddSLSATaskDescriptor(tr *objects.TaskRunObjectV1) (*intoto.ResourceDescriptor, error) { if tr.Status.Provenance != nil && tr.Status.Provenance.RefSource != nil { return &intoto.ResourceDescriptor{ Name: PipelineTaskConfigName, diff --git a/pkg/chains/formats/slsa/internal/resolved_dependencies/resolved_dependencies_test.go b/pkg/chains/formats/slsa/internal/resolved_dependencies/resolved_dependencies_test.go index 7d3f05b71a..e19f2eecfd 100644 --- a/pkg/chains/formats/slsa/internal/resolved_dependencies/resolved_dependencies_test.go +++ b/pkg/chains/formats/slsa/internal/resolved_dependencies/resolved_dependencies_test.go @@ -303,7 +303,7 @@ func tektonTaskRuns() map[string][]byte { func TestTaskRun(t *testing.T) { tests := []struct { name string - obj objects.TektonObject //nolint:staticcheck + obj objects.TektonObject resolveOpts ResolveOptions want []*intoto.ResourceDescriptor }{ @@ -375,7 +375,7 @@ func TestTaskRun(t *testing.T) { }, { name: "resolvedDependencies from remote task", - obj: objects.NewTaskRunObjectV1(&v1.TaskRun{ //nolint:staticcheck + obj: objects.NewTaskRunObjectV1(&v1.TaskRun{ Status: v1.TaskRunStatus{ TaskRunStatusFields: v1.TaskRunStatusFields{ Provenance: &v1.Provenance{ @@ -401,7 +401,7 @@ func TestTaskRun(t *testing.T) { }, { name: "git resolvedDependencies from taskrun params", - obj: objects.NewTaskRunObjectV1(&v1.TaskRun{ //nolint:staticcheck + obj: objects.NewTaskRunObjectV1(&v1.TaskRun{ Spec: v1.TaskRunSpec{ Params: []v1.Param{{ Name: "CHAINS-GIT_COMMIT", @@ -424,7 +424,7 @@ func TestTaskRun(t *testing.T) { }, { name: "resolvedDependencies from step images", - obj: objects.NewTaskRunObjectV1(&v1.TaskRun{ //nolint:staticcheck + obj: objects.NewTaskRunObjectV1(&v1.TaskRun{ Status: v1.TaskRunStatus{ TaskRunStatusFields: v1.TaskRunStatusFields{ Steps: []v1.StepState{{ @@ -457,7 +457,7 @@ func TestTaskRun(t *testing.T) { }, { name: "resolvedDependencies from step and sidecar images", - obj: objects.NewTaskRunObjectV1(&v1.TaskRun{ //nolint:staticcheck + obj: objects.NewTaskRunObjectV1(&v1.TaskRun{ Status: v1.TaskRunStatus{ TaskRunStatusFields: v1.TaskRunStatusFields{ Steps: []v1.StepState{{ @@ -507,7 +507,7 @@ func TestTaskRun(t *testing.T) { resolveOpts: ResolveOptions{ WithStepActionsResults: true, }, - obj: objects.NewTaskRunObjectV1(&v1.TaskRun{ //nolint:staticcheck + obj: objects.NewTaskRunObjectV1(&v1.TaskRun{ Status: v1.TaskRunStatus{ TaskRunStatusFields: v1.TaskRunStatusFields{ Steps: []v1.StepState{{ diff --git a/pkg/chains/formats/slsa/v1/internal/protos/protos.go b/pkg/chains/formats/slsa/v1/internal/protos/protos.go index e7ee4cbe51..14209b4307 100644 --- a/pkg/chains/formats/slsa/v1/internal/protos/protos.go +++ b/pkg/chains/formats/slsa/v1/internal/protos/protos.go @@ -10,13 +10,13 @@ import ( // GetPredicateStruct returns a protobuf struct from the given SLSAv0.2 predicate. func GetPredicateStruct(predicate *slsa.ProvenancePredicate) (*structpb.Struct, error) { - predicateJson, err := json.Marshal(predicate) + predicateJSON, err := json.Marshal(predicate) if err != nil { return nil, err } predicateStruct := &structpb.Struct{} - err = protojson.Unmarshal(predicateJson, predicateStruct) + err = protojson.Unmarshal(predicateJSON, predicateStruct) if err != nil { return nil, err } diff --git a/pkg/chains/formats/slsa/v1/intotoite6_test.go b/pkg/chains/formats/slsa/v1/intotoite6_test.go index ca0b93a194..504d7034cf 100644 --- a/pkg/chains/formats/slsa/v1/intotoite6_test.go +++ b/pkg/chains/formats/slsa/v1/intotoite6_test.go @@ -211,136 +211,8 @@ func TestPipelineRunCreatePayload(t *testing.T) { Builder: common.ProvenanceBuilder{ ID: "test_builder-1", }, - BuildType: "tekton.dev/v1beta1/PipelineRun", - BuildConfig: pipelinerun.BuildConfig{ - Tasks: []pipelinerun.TaskAttestation{ - { - Name: "git-clone", - After: nil, - Ref: v1beta1.TaskRef{ - Name: "git-clone", - Kind: "ClusterTask", - }, - StartedOn: e1BuildStart, - FinishedOn: e1BuildFinished, - Status: "Succeeded", - Steps: []attest.StepAttestation{ - { - EntryPoint: "git clone", - Arguments: []string(nil), - Environment: map[string]interface{}{ - "container": "step1", - "image": artifacts.OCIScheme + "gcr.io/test1/test1@sha256:d4b63d3e24d6eef04a6dc0795cf8a73470688803d97c52cffa3c8d4efd3397b6", - }, - Annotations: nil, - }, - }, - Invocation: slsa.ProvenanceInvocation{ - ConfigSource: slsa.ConfigSource{ - URI: "github.com/catalog", - Digest: common.DigestSet{"sha1": "x123"}, - EntryPoint: "git-clone.yaml", - }, - Parameters: map[string]v1beta1.ParamValue{ - "CHAINS-GIT_COMMIT": {Type: "string", StringVal: "sha:taskdefault"}, - "CHAINS-GIT_URL": {Type: "string", StringVal: "https://git.test.com"}, - "revision": {Type: "string", StringVal: ""}, - "url": {Type: "string", StringVal: "https://git.test.com"}, - }, - Environment: map[string]map[string]string{ - "labels": {"tekton.dev/pipelineTask": "git-clone"}, - }, - }, - Results: []v1beta1.TaskRunResult{ - { - Name: "some-uri_DIGEST", - Value: v1beta1.ParamValue{ - Type: v1beta1.ParamTypeString, - StringVal: "sha256:d4b63d3e24d6eef04a6dc0795cf8a73470688803d97c52cffa3c8d4efd3397b6", - }, - }, - { - Name: "some-uri", - Value: v1beta1.ParamValue{ - Type: v1beta1.ParamTypeString, - StringVal: "pkg:deb/debian/curl@7.50.3-1", - }, - }, - }, - }, - { - Name: "build", - After: []string{"git-clone"}, - Ref: v1beta1.TaskRef{ - Name: "build", - Kind: "ClusterTask", - }, - StartedOn: e1BuildStart, - FinishedOn: e1BuildFinished, - Status: "Succeeded", - Steps: []attest.StepAttestation{ - { - EntryPoint: "", - Arguments: []string(nil), - Environment: map[string]interface{}{ - "image": artifacts.OCIScheme + "gcr.io/test1/test1@sha256:d4b63d3e24d6eef04a6dc0795cf8a73470688803d97c52cffa3c8d4efd3397b6", - "container": "step1", - }, - Annotations: nil, - }, - { - EntryPoint: "", - Arguments: []string(nil), - Environment: map[string]interface{}{ - "image": artifacts.OCIScheme + "gcr.io/test2/test2@sha256:4d6dd704ef58cb214dd826519929e92a978a57cdee43693006139c0080fd6fac", - "container": "step2", - }, - Annotations: nil, - }, - { - EntryPoint: "", - Arguments: []string(nil), - Environment: map[string]interface{}{ - "image": artifacts.OCIScheme + "gcr.io/test3/test3@sha256:f1a8b8549c179f41e27ff3db0fe1a1793e4b109da46586501a8343637b1d0478", - "container": "step3", - }, - Annotations: nil, - }, - }, - Invocation: slsa.ProvenanceInvocation{ - ConfigSource: slsa.ConfigSource{ - URI: "github.com/test", - Digest: map[string]string{"sha1": "ab123"}, - EntryPoint: "build.yaml", - }, - Parameters: map[string]v1beta1.ParamValue{ - "CHAINS-GIT_COMMIT": {Type: "string", StringVal: "sha:taskrun"}, - "CHAINS-GIT_URL": {Type: "string", StringVal: "https://git.test.com"}, - "IMAGE": {Type: "string", StringVal: "test.io/test/image"}, - }, - Environment: map[string]map[string]string{ - "labels": {"tekton.dev/pipelineTask": "build"}, - }, - }, - Results: []v1beta1.TaskRunResult{ - { - Name: "IMAGE_DIGEST", - Value: v1beta1.ParamValue{ - Type: v1beta1.ParamTypeString, - StringVal: "sha256:827521c857fdcd4374f4da5442fbae2edb01e7fbae285c3ec15673d4c1daecb7", - }, - }, - { - Name: "IMAGE_URL", - Value: v1beta1.ParamValue{ - Type: v1beta1.ParamTypeString, - StringVal: "gcr.io/my/image", - }, - }, - }, - }, - }, - }, + BuildType: "tekton.dev/v1beta1/PipelineRun", + BuildConfig: getBuildPipelineRun(), } predicateStruct, err := protos.GetPredicateStruct(predicate) @@ -435,136 +307,8 @@ func TestPipelineRunCreatePayloadChildRefs(t *testing.T) { Builder: common.ProvenanceBuilder{ ID: "test_builder-1", }, - BuildType: "tekton.dev/v1beta1/PipelineRun", - BuildConfig: pipelinerun.BuildConfig{ - Tasks: []pipelinerun.TaskAttestation{ - { - Name: "git-clone", - After: nil, - Ref: v1beta1.TaskRef{ - Name: "git-clone", - Kind: "ClusterTask", - }, - StartedOn: e1BuildStart, - FinishedOn: e1BuildFinished, - Status: "Succeeded", - Steps: []attest.StepAttestation{ - { - EntryPoint: "git clone", - Arguments: []string(nil), - Environment: map[string]interface{}{ - "container": "step1", - "image": artifacts.OCIScheme + "gcr.io/test1/test1@sha256:d4b63d3e24d6eef04a6dc0795cf8a73470688803d97c52cffa3c8d4efd3397b6", - }, - Annotations: nil, - }, - }, - Invocation: slsa.ProvenanceInvocation{ - ConfigSource: slsa.ConfigSource{ - URI: "github.com/catalog", - Digest: common.DigestSet{"sha1": "x123"}, - EntryPoint: "git-clone.yaml", - }, - Parameters: map[string]v1beta1.ParamValue{ - "CHAINS-GIT_COMMIT": {Type: "string", StringVal: "sha:taskdefault"}, - "CHAINS-GIT_URL": {Type: "string", StringVal: "https://git.test.com"}, - "revision": {Type: "string", StringVal: ""}, - "url": {Type: "string", StringVal: "https://git.test.com"}, - }, - Environment: map[string]map[string]string{ - "labels": {"tekton.dev/pipelineTask": "git-clone"}, - }, - }, - Results: []v1beta1.TaskRunResult{ - { - Name: "some-uri_DIGEST", - Value: v1beta1.ParamValue{ - Type: v1beta1.ParamTypeString, - StringVal: "sha256:d4b63d3e24d6eef04a6dc0795cf8a73470688803d97c52cffa3c8d4efd3397b6", - }, - }, - { - Name: "some-uri", - Value: v1beta1.ParamValue{ - Type: v1beta1.ParamTypeString, - StringVal: "pkg:deb/debian/curl@7.50.3-1", - }, - }, - }, - }, - { - Name: "build", - After: []string{"git-clone"}, - Ref: v1beta1.TaskRef{ - Name: "build", - Kind: "ClusterTask", - }, - StartedOn: e1BuildStart, - FinishedOn: e1BuildFinished, - Status: "Succeeded", - Steps: []attest.StepAttestation{ - { - EntryPoint: "", - Arguments: []string(nil), - Environment: map[string]interface{}{ - "image": artifacts.OCIScheme + "gcr.io/test1/test1@sha256:d4b63d3e24d6eef04a6dc0795cf8a73470688803d97c52cffa3c8d4efd3397b6", - "container": "step1", - }, - Annotations: nil, - }, - { - EntryPoint: "", - Arguments: []string(nil), - Environment: map[string]interface{}{ - "image": artifacts.OCIScheme + "gcr.io/test2/test2@sha256:4d6dd704ef58cb214dd826519929e92a978a57cdee43693006139c0080fd6fac", - "container": "step2", - }, - Annotations: nil, - }, - { - EntryPoint: "", - Arguments: []string(nil), - Environment: map[string]interface{}{ - "image": artifacts.OCIScheme + "gcr.io/test3/test3@sha256:f1a8b8549c179f41e27ff3db0fe1a1793e4b109da46586501a8343637b1d0478", - "container": "step3", - }, - Annotations: nil, - }, - }, - Invocation: slsa.ProvenanceInvocation{ - ConfigSource: slsa.ConfigSource{ - URI: "github.com/test", - Digest: map[string]string{"sha1": "ab123"}, - EntryPoint: "build.yaml", - }, - Parameters: map[string]v1beta1.ParamValue{ - "CHAINS-GIT_COMMIT": {Type: "string", StringVal: "sha:taskrun"}, - "CHAINS-GIT_URL": {Type: "string", StringVal: "https://git.test.com"}, - "IMAGE": {Type: "string", StringVal: "test.io/test/image"}, - }, - Environment: map[string]map[string]string{ - "labels": {"tekton.dev/pipelineTask": "build"}, - }, - }, - Results: []v1beta1.TaskRunResult{ - { - Name: "IMAGE_DIGEST", - Value: v1beta1.ParamValue{ - Type: v1beta1.ParamTypeString, - StringVal: "sha256:827521c857fdcd4374f4da5442fbae2edb01e7fbae285c3ec15673d4c1daecb7", - }, - }, - { - Name: "IMAGE_URL", - Value: v1beta1.ParamValue{ - Type: v1beta1.ParamTypeString, - StringVal: "gcr.io/my/image", - }, - }, - }, - }, - }, - }, + BuildType: "tekton.dev/v1beta1/PipelineRun", + BuildConfig: getBuildPipelineRun(), } predicateStruct, err := protos.GetPredicateStruct(predicate) @@ -817,3 +561,135 @@ func TestCorrectPayloadType(t *testing.T) { t.Errorf("Invalid type returned: %s", i.Type()) } } + +func getBuildPipelineRun() pipelinerun.BuildConfig { + return pipelinerun.BuildConfig{ + Tasks: []pipelinerun.TaskAttestation{ + { + Name: "git-clone", + After: nil, + Ref: v1beta1.TaskRef{ + Name: "git-clone", + Kind: "ClusterTask", + }, + StartedOn: e1BuildStart, + FinishedOn: e1BuildFinished, + Status: "Succeeded", + Steps: []attest.StepAttestation{ + { + EntryPoint: "git clone", + Arguments: []string(nil), + Environment: map[string]interface{}{ + "container": "step1", + "image": artifacts.OCIScheme + "gcr.io/test1/test1@sha256:d4b63d3e24d6eef04a6dc0795cf8a73470688803d97c52cffa3c8d4efd3397b6", + }, + Annotations: nil, + }, + }, + Invocation: slsa.ProvenanceInvocation{ + ConfigSource: slsa.ConfigSource{ + URI: "github.com/catalog", + Digest: common.DigestSet{"sha1": "x123"}, + EntryPoint: "git-clone.yaml", + }, + Parameters: map[string]v1beta1.ParamValue{ + "CHAINS-GIT_COMMIT": {Type: "string", StringVal: "sha:taskdefault"}, + "CHAINS-GIT_URL": {Type: "string", StringVal: "https://git.test.com"}, + "revision": {Type: "string", StringVal: ""}, + "url": {Type: "string", StringVal: "https://git.test.com"}, + }, + Environment: map[string]map[string]string{ + "labels": {"tekton.dev/pipelineTask": "git-clone"}, + }, + }, + Results: []v1beta1.TaskRunResult{ + { + Name: "some-uri_DIGEST", + Value: v1beta1.ParamValue{ + Type: v1beta1.ParamTypeString, + StringVal: "sha256:d4b63d3e24d6eef04a6dc0795cf8a73470688803d97c52cffa3c8d4efd3397b6", + }, + }, + { + Name: "some-uri", + Value: v1beta1.ParamValue{ + Type: v1beta1.ParamTypeString, + StringVal: "pkg:deb/debian/curl@7.50.3-1", + }, + }, + }, + }, + { + Name: "build", + After: []string{"git-clone"}, + Ref: v1beta1.TaskRef{ + Name: "build", + Kind: "ClusterTask", + }, + StartedOn: e1BuildStart, + FinishedOn: e1BuildFinished, + Status: "Succeeded", + Steps: []attest.StepAttestation{ + { + EntryPoint: "", + Arguments: []string(nil), + Environment: map[string]interface{}{ + "image": artifacts.OCIScheme + "gcr.io/test1/test1@sha256:d4b63d3e24d6eef04a6dc0795cf8a73470688803d97c52cffa3c8d4efd3397b6", + "container": "step1", + }, + Annotations: nil, + }, + { + EntryPoint: "", + Arguments: []string(nil), + Environment: map[string]interface{}{ + "image": artifacts.OCIScheme + "gcr.io/test2/test2@sha256:4d6dd704ef58cb214dd826519929e92a978a57cdee43693006139c0080fd6fac", + "container": "step2", + }, + Annotations: nil, + }, + { + EntryPoint: "", + Arguments: []string(nil), + Environment: map[string]interface{}{ + "image": artifacts.OCIScheme + "gcr.io/test3/test3@sha256:f1a8b8549c179f41e27ff3db0fe1a1793e4b109da46586501a8343637b1d0478", + "container": "step3", + }, + Annotations: nil, + }, + }, + Invocation: slsa.ProvenanceInvocation{ + ConfigSource: slsa.ConfigSource{ + URI: "github.com/test", + Digest: map[string]string{"sha1": "ab123"}, + EntryPoint: "build.yaml", + }, + Parameters: map[string]v1beta1.ParamValue{ + "CHAINS-GIT_COMMIT": {Type: "string", StringVal: "sha:taskrun"}, + "CHAINS-GIT_URL": {Type: "string", StringVal: "https://git.test.com"}, + "IMAGE": {Type: "string", StringVal: "test.io/test/image"}, + }, + Environment: map[string]map[string]string{ + "labels": {"tekton.dev/pipelineTask": "build"}, + }, + }, + Results: []v1beta1.TaskRunResult{ + { + Name: "IMAGE_DIGEST", + Value: v1beta1.ParamValue{ + Type: v1beta1.ParamTypeString, + StringVal: "sha256:827521c857fdcd4374f4da5442fbae2edb01e7fbae285c3ec15673d4c1daecb7", + }, + }, + { + Name: "IMAGE_URL", + Value: v1beta1.ParamValue{ + Type: v1beta1.ParamTypeString, + StringVal: "gcr.io/my/image", + }, + }, + }, + }, + }, + } +} diff --git a/pkg/chains/formats/slsa/v2alpha3/internal/pipelinerun/pipelinerun.go b/pkg/chains/formats/slsa/v2alpha3/internal/pipelinerun/pipelinerun.go index fe8bd6a8b2..12f02567e5 100644 --- a/pkg/chains/formats/slsa/v2alpha3/internal/pipelinerun/pipelinerun.go +++ b/pkg/chains/formats/slsa/v2alpha3/internal/pipelinerun/pipelinerun.go @@ -62,12 +62,12 @@ func GenerateAttestation(ctx context.Context, pro *objects.PipelineRunObjectV1, } predicateStruct := &structpb.Struct{} - predicateJson, err := protojson.Marshal(predicate) + predicateJSON, err := protojson.Marshal(predicate) if err != nil { return nil, err } - err = protojson.Unmarshal(predicateJson, predicateStruct) + err = protojson.Unmarshal(predicateJSON, predicateStruct) if err != nil { return nil, err } diff --git a/pkg/chains/formats/slsa/v2alpha3/internal/pipelinerun/pipelinerun_test.go b/pkg/chains/formats/slsa/v2alpha3/internal/pipelinerun/pipelinerun_test.go index 3e62010ac3..a363b1b86a 100644 --- a/pkg/chains/formats/slsa/v2alpha3/internal/pipelinerun/pipelinerun_test.go +++ b/pkg/chains/formats/slsa/v2alpha3/internal/pipelinerun/pipelinerun_test.go @@ -42,7 +42,7 @@ import ( ) func TestMetadata(t *testing.T) { - pr := &v1.PipelineRun{ //nolint:staticcheck + pr := &v1.PipelineRun{ ObjectMeta: metav1.ObjectMeta{ Name: "my-taskrun", Namespace: "my-namespace", @@ -73,7 +73,7 @@ func TestMetadata(t *testing.T) { func TestMetadataInTimeZone(t *testing.T) { tz := time.FixedZone("Test Time", int((12 * time.Hour).Seconds())) - pr := &v1.PipelineRun{ //nolint:staticcheck + pr := &v1.PipelineRun{ ObjectMeta: metav1.ObjectMeta{ Name: "my-taskrun", Namespace: "my-namespace", @@ -104,7 +104,7 @@ func TestMetadataInTimeZone(t *testing.T) { func TestByProducts(t *testing.T) { resultValue := v1.ResultValue{Type: "string", StringVal: "result-value"} - pr := &v1.PipelineRun{ //nolint:staticcheck + pr := &v1.PipelineRun{ Status: v1.PipelineRunStatus{ PipelineRunStatusFields: v1.PipelineRunStatusFields{ Results: []v1.PipelineRunResult{ @@ -255,13 +255,13 @@ func TestGenerateAttestation(t *testing.T) { }, } - predicateJson, err := protojson.Marshal(&slsaPredicate) + predicateJSON, err := protojson.Marshal(&slsaPredicate) if err != nil { t.Fatalf("error getting SLSA predicate proto struct: %v", err) } predicateStruct := &structpb.Struct{} - err = protojson.Unmarshal(predicateJson, predicateStruct) + err = protojson.Unmarshal(predicateJSON, predicateStruct) if err != nil { t.Fatalf("error getting SLSA predicate proto struct: %v", err) } @@ -295,7 +295,7 @@ func TestGenerateAttestation(t *testing.T) { } } -func getResolvedDependencies(addTasks func(*objects.TaskRunObjectV1) (*intoto.ResourceDescriptor, error)) []*intoto.ResourceDescriptor { //nolint:staticcheck +func getResolvedDependencies(addTasks func(*objects.TaskRunObjectV1) (*intoto.ResourceDescriptor, error)) []*intoto.ResourceDescriptor { pr := createPro("../../../testdata/slsa-v2alpha3/pipelinerun1.json") rd, err := resolveddependencies.PipelineRun(context.Background(), pr, &slsaconfig.SlsaConfig{DeepInspectionEnabled: false}, addTasks) if err != nil { @@ -314,7 +314,7 @@ func TestGetBuildDefinition(t *testing.T) { } tests := []struct { name string - taskContent func(*objects.TaskRunObjectV1) (*intoto.ResourceDescriptor, error) //nolint:staticcheck + taskContent func(*objects.TaskRunObjectV1) (*intoto.ResourceDescriptor, error) config *slsaconfig.SlsaConfig want slsa.BuildDefinition }{ diff --git a/pkg/chains/formats/slsa/v2alpha3/internal/taskrun/taskrun_test.go b/pkg/chains/formats/slsa/v2alpha3/internal/taskrun/taskrun_test.go index e8bdce5608..b221a72409 100644 --- a/pkg/chains/formats/slsa/v2alpha3/internal/taskrun/taskrun_test.go +++ b/pkg/chains/formats/slsa/v2alpha3/internal/taskrun/taskrun_test.go @@ -41,7 +41,7 @@ import ( func TestByProducts(t *testing.T) { resultValue := v1.ResultValue{Type: "string", StringVal: "result-value"} - tr := &v1.TaskRun{ //nolint:staticcheck + tr := &v1.TaskRun{ Status: v1.TaskRunStatus{ TaskRunStatusFields: v1.TaskRunStatusFields{ Results: []v1.TaskRunResult{ @@ -155,13 +155,13 @@ func TestTaskRunGenerateAttestation(t *testing.T) { }, } - predicateJson, err := protojson.Marshal(&slsaPredicate) + predicateJSON, err := protojson.Marshal(&slsaPredicate) if err != nil { t.Fatalf("error getting SLSA predicate proto struct: %v", err) } predicateStruct := &structpb.Struct{} - err = protojson.Unmarshal(predicateJson, predicateStruct) + err = protojson.Unmarshal(predicateJSON, predicateStruct) if err != nil { t.Fatalf("error getting SLSA predicate proto struct: %v", err) } diff --git a/pkg/chains/formats/slsa/v2alpha3/slsav2_test.go b/pkg/chains/formats/slsa/v2alpha3/slsav2_test.go index f754e38ac5..c03913276d 100644 --- a/pkg/chains/formats/slsa/v2alpha3/slsav2_test.go +++ b/pkg/chains/formats/slsa/v2alpha3/slsav2_test.go @@ -555,13 +555,13 @@ func getStruct(t *testing.T, data map[string]any) *structpb.Struct { func getPredicateStruct(t *testing.T, slsaPredicate *slsa.Provenance) *structpb.Struct { t.Helper() - predicateJson, err := protojson.Marshal(slsaPredicate) + predicateJSON, err := protojson.Marshal(slsaPredicate) if err != nil { t.Fatalf("error getting SLSA predicate proto struct: %v", err) } predicateStruct := &structpb.Struct{} - err = protojson.Unmarshal(predicateJson, predicateStruct) + err = protojson.Unmarshal(predicateJSON, predicateStruct) if err != nil { t.Fatalf("error getting SLSA predicate proto struct: %v", err) } diff --git a/pkg/chains/formats/slsa/v2alpha4/internal/taskrun/taskrun_test.go b/pkg/chains/formats/slsa/v2alpha4/internal/taskrun/taskrun_test.go index a4be811515..9938287048 100644 --- a/pkg/chains/formats/slsa/v2alpha4/internal/taskrun/taskrun_test.go +++ b/pkg/chains/formats/slsa/v2alpha4/internal/taskrun/taskrun_test.go @@ -43,7 +43,7 @@ const jsonMediaType = "application/json" func TestByProducts(t *testing.T) { resultValue := v1.ResultValue{Type: "string", StringVal: "result-value"} - tr := &v1.TaskRun{ //nolint:staticcheck + tr := &v1.TaskRun{ Status: v1.TaskRunStatus{ TaskRunStatusFields: v1.TaskRunStatusFields{ Results: []v1.TaskRunResult{ @@ -199,13 +199,13 @@ func getStruct(t *testing.T, data map[string]any) *structpb.Struct { func getPredicateStruct(t *testing.T, slsaPredicate *slsa.Provenance) *structpb.Struct { t.Helper() - predicateJson, err := protojson.Marshal(slsaPredicate) + predicateJSON, err := protojson.Marshal(slsaPredicate) if err != nil { t.Fatalf("error getting SLSA predicate proto struct: %v", err) } predicateStruct := &structpb.Struct{} - err = protojson.Unmarshal(predicateJson, predicateStruct) + err = protojson.Unmarshal(predicateJSON, predicateStruct) if err != nil { t.Fatalf("error getting SLSA predicate proto struct: %v", err) } diff --git a/pkg/chains/formats/slsa/v2alpha4/slsav2_test.go b/pkg/chains/formats/slsa/v2alpha4/slsav2_test.go index 64c60dcc7f..3c82def5a9 100644 --- a/pkg/chains/formats/slsa/v2alpha4/slsav2_test.go +++ b/pkg/chains/formats/slsa/v2alpha4/slsav2_test.go @@ -414,13 +414,13 @@ func getStruct(t *testing.T, data map[string]any) *structpb.Struct { func getPredicateStruct(t *testing.T, slsaPredicate *slsa.Provenance) *structpb.Struct { t.Helper() - predicateJson, err := protojson.Marshal(slsaPredicate) + predicateJSON, err := protojson.Marshal(slsaPredicate) if err != nil { t.Fatalf("error getting SLSA predicate proto struct: %v", err) } predicateStruct := &structpb.Struct{} - err = protojson.Unmarshal(predicateJson, predicateStruct) + err = protojson.Unmarshal(predicateJSON, predicateStruct) if err != nil { t.Fatalf("error getting SLSA predicate proto struct: %v", err) } diff --git a/pkg/chains/objects/objects.go b/pkg/chains/objects/objects.go index f20bd93794..0b6169d2b8 100644 --- a/pkg/chains/objects/objects.go +++ b/pkg/chains/objects/objects.go @@ -310,7 +310,7 @@ func (pro *PipelineRunObjectV1) AppendTaskRun(tr *v1.TaskRun) { } // Append TaskRuns to this PipelineRun -func (pro *PipelineRunObjectV1) GetTaskRuns() []*v1.TaskRun { //nolint:staticcheck +func (pro *PipelineRunObjectV1) GetTaskRuns() []*v1.TaskRun { return pro.taskRuns } diff --git a/pkg/chains/storage/grafeas/grafeas_test.go b/pkg/chains/storage/grafeas/grafeas_test.go index d48204c814..253cd332ea 100644 --- a/pkg/chains/storage/grafeas/grafeas_test.go +++ b/pkg/chains/storage/grafeas/grafeas_test.go @@ -391,6 +391,7 @@ func TestGrafeasBackend_StoreAndRetrieve(t *testing.T) { // test attestation storage and retrieval func testStoreAndRetrieveHelper(ctx context.Context, t *testing.T, test testConfig, backend Backend) { + t.Helper() if err := backend.StorePayload(ctx, test.args.runObject, test.args.payload, test.args.signature, test.args.opts); (err != nil) != test.wantErr { t.Fatalf("Backend.StorePayload() failed. error:%v, wantErr:%v", err, test.wantErr) } @@ -448,6 +449,7 @@ func testStoreAndRetrieveHelper(ctx context.Context, t *testing.T, test testConf // ------------------ occurrences for taskruns and pipelineruns -------------- // BUILD Occurrence for the build taskrun that stores the slsa provenance func getTaskRunBuildOcc(t *testing.T, identifier string) *pb.Occurrence { + t.Helper() return &pb.Occurrence{ Name: identifier, ResourceUri: identifier, @@ -511,6 +513,7 @@ func getTaskRunAttestationOcc(t *testing.T, identifier string) *pb.Occurrence { } func getPipelineRunBuildOcc(t *testing.T, identifier string) *pb.Occurrence { + t.Helper() ciPipelineRunProvenance := intoto.Statement{ Subject: buildTaskRunProvenance.Subject, Predicate: getPredicateStruct(t, &ciPipelineRunPredicate), @@ -560,6 +563,7 @@ func getPipelineRunBuildOcc(t *testing.T, identifier string) *pb.Occurrence { } func getRawPayload(t *testing.T, in interface{}) []byte { + t.Helper() rawPayload, err := json.Marshal(in) if err != nil { t.Errorf("Unable to marshal the provenance: %v", in) @@ -747,13 +751,14 @@ func parseURIFilterString(filter string) []string { } func getPredicateStruct(t *testing.T, predicate *slsa.ProvenancePredicate) *structpb.Struct { - predicateJson, err := json.Marshal(predicate) + t.Helper() + predicateJSON, err := json.Marshal(predicate) if err != nil { t.Fatalf("error getting predicate struct: %v", err) } predicateStruct := &structpb.Struct{} - err = protojson.Unmarshal(predicateJson, predicateStruct) + err = protojson.Unmarshal(predicateJSON, predicateStruct) if err != nil { t.Fatalf("error getting predicate struct: %v", err) } diff --git a/pkg/chains/storage/oci/attestation.go b/pkg/chains/storage/oci/attestation.go index 9dbd6ea2a5..5856c6d0fe 100644 --- a/pkg/chains/storage/oci/attestation.go +++ b/pkg/chains/storage/oci/attestation.go @@ -52,6 +52,7 @@ func NewAttestationStorer(opts ...AttestationStorerOption) (*AttestationStorer, return s, nil } +// Store saves the given statement. func (s *AttestationStorer) Store(ctx context.Context, req *api.StoreRequest[name.Digest, *intoto.Statement]) (*api.StoreResponse, error) { logger := logging.FromContext(ctx) diff --git a/test/e2e_test.go b/test/e2e_test.go index d9b219b85f..4e1af98906 100644 --- a/test/e2e_test.go +++ b/test/e2e_test.go @@ -397,6 +397,7 @@ func TestFulcio(t *testing.T) { } func base64Decode(t *testing.T, s string) []byte { + t.Helper() b, err := base64.StdEncoding.DecodeString(s) if err != nil { b, err = base64.URLEncoding.DecodeString(s) diff --git a/test/examples_test.go b/test/examples_test.go index 05b841550b..9a9917562a 100644 --- a/test/examples_test.go +++ b/test/examples_test.go @@ -175,7 +175,7 @@ func runInTotoFormatterTests(ctx context.Context, t *testing.T, ns string, c *cl // TODO: Commenting this out for now. Causes race condition where tests write and revert the chains-config // and signing-secrets out of order // t.Parallel() - + t.Helper() for path, obj := range test.getExampleObjects(t, ns) { obj := obj t.Run(path, func(t *testing.T) { @@ -292,7 +292,8 @@ func (v *verifier) Public() crypto.PublicKey { return v.pub } -func expectedProvenanceSLSA1(t *testing.T, ctx context.Context, example string, obj objects.TektonObject, outputLocation string, ns string, c *clients) intoto.Statement { +func expectedProvenanceSLSA1(ctx context.Context, t *testing.T, example string, obj objects.TektonObject, outputLocation string, ns string, c *clients) intoto.Statement { + t.Helper() switch obj.(type) { case *objects.TaskRunObjectV1: f := expectedTaskRunProvenanceFormat(t, example, obj, outputLocation) @@ -306,7 +307,8 @@ func expectedProvenanceSLSA1(t *testing.T, ctx context.Context, example string, return intoto.Statement{} } -func expectedProvenance(t *testing.T, ctx context.Context, example string, obj objects.TektonObject, outputLocation string, ns string, c *clients) intoto.Statement { +func expectedProvenance(ctx context.Context, t *testing.T, example string, obj objects.TektonObject, outputLocation string, ns string, c *clients) intoto.Statement { + t.Helper() switch obj.(type) { case *objects.TaskRunObjectV1: f := expectedTaskRunProvenanceFormat(t, example, obj, outputLocation) @@ -338,6 +340,7 @@ type Format struct { } func expectedTaskRunProvenanceFormat(t *testing.T, example string, obj objects.TektonObject, outputLocation string) Format { + t.Helper() tr := obj.GetObject().(*v1.TaskRun) name := tr.Name @@ -373,7 +376,8 @@ func expectedTaskRunProvenanceFormat(t *testing.T, example string, obj objects.T } } -func expectedPipelineRunProvenanceFormat(t *testing.T, ctx context.Context, example string, obj objects.TektonObject, outputLocation string, ns string, c *clients) Format { +func expectedPipelineRunProvenanceFormat(ctx context.Context, t *testing.T, example string, obj objects.TektonObject, outputLocation string, ns string, c *clients) Format { + t.Helper() pr := obj.GetObject().(*v1.PipelineRun) buildStartTimes := []string{} @@ -421,16 +425,19 @@ func expectedPipelineRunProvenanceFormat(t *testing.T, ctx context.Context, exam } func expectedAttestationSLSA1(t *testing.T, example string, f Format, outputLocation string) intoto.Statement { + t.Helper() b := readExpectedAttestationBytes(t, example, f, outputLocation) return readExpectedAttestationSLSA1(t, b) } func expectedAttestation(t *testing.T, example string, f Format, outputLocation string) intoto.Statement { + t.Helper() b := readExpectedAttestationBytes(t, example, f, outputLocation) return readExpectedAttestation(t, b) } func readExpectedAttestationBytes(t *testing.T, example string, f Format, outputLocation string) *bytes.Buffer { + t.Helper() path := filepath.Join("testdata", outputLocation, strings.Replace(filepath.Base(example), ".yaml", ".json", 1)) t.Logf("Reading expected provenance from %s", path) contents, err := ioutil.ReadFile(path) @@ -451,6 +458,7 @@ func readExpectedAttestationBytes(t *testing.T, example string, f Format, output } func readExpectedAttestationSLSA1(t *testing.T, b *bytes.Buffer) intoto.Statement { + t.Helper() var expected intoto.Statement if err := json.Unmarshal(b.Bytes(), &expected); err != nil { t.Fatal(err) @@ -459,6 +467,7 @@ func readExpectedAttestationSLSA1(t *testing.T, b *bytes.Buffer) intoto.Statemen } func readExpectedAttestation(t *testing.T, b *bytes.Buffer) intoto.Statement { + t.Helper() var expected intoto.Statement if err := json.Unmarshal(b.Bytes(), &expected); err != nil { t.Fatal(err) @@ -467,6 +476,7 @@ func readExpectedAttestation(t *testing.T, b *bytes.Buffer) intoto.Statement { } func getTaskRunExamples(t *testing.T, ns string) map[string]objects.TektonObject { + t.Helper() examples := make(map[string]objects.TektonObject) for _, example := range getExamplePaths(t, taskRunExamplesPath) { examples[example] = taskRunFromExample(t, ns, example) @@ -475,6 +485,7 @@ func getTaskRunExamples(t *testing.T, ns string) map[string]objects.TektonObject } func getTaskRunWithTypeHintedResultsExamples(t *testing.T, ns string) map[string]objects.TektonObject { + t.Helper() path := "../examples/v2alpha4/task-with-object-type-hinting.yaml" trs := make(map[string]objects.TektonObject) trs[path] = taskRunFromExample(t, ns, path) @@ -482,6 +493,7 @@ func getTaskRunWithTypeHintedResultsExamples(t *testing.T, ns string) map[string } func getPipelineRunExamples(t *testing.T, ns string) map[string]objects.TektonObject { + t.Helper() examples := make(map[string]objects.TektonObject) for _, example := range getExamplePaths(t, pipelineRunExamplesPath) { examples[example] = pipelineRunFromExample(t, ns, example) @@ -490,6 +502,7 @@ func getPipelineRunExamples(t *testing.T, ns string) map[string]objects.TektonOb } func getExamplePaths(t *testing.T, dir string) []string { + t.Helper() var examplePaths []string err := filepath.Walk(dir, func(path string, info os.FileInfo, err error) error { if err != nil { @@ -512,6 +525,7 @@ func getExamplePaths(t *testing.T, dir string) []string { } func taskRunFromExample(t *testing.T, ns, example string) objects.TektonObject { + t.Helper() contents, err := ioutil.ReadFile(example) if err != nil { t.Fatal(err) @@ -525,6 +539,7 @@ func taskRunFromExample(t *testing.T, ns, example string) objects.TektonObject { } func pipelineRunFromExample(t *testing.T, ns, example string) objects.TektonObject { + t.Helper() contents, err := ioutil.ReadFile(example) if err != nil { t.Fatal(err) @@ -553,24 +568,25 @@ func ignoreEnvironmentAnnotationsAndLabels(key string, value any) bool { } func comparePredicates[T any](t *testing.T, expPredicateStruct, gotPredicateStruct *structpb.Struct, opts []cmp.Option) { - expJson, err := expPredicateStruct.MarshalJSON() + t.Helper() + expJSON, err := expPredicateStruct.MarshalJSON() if err != nil { t.Fatalf("error getting predicate json: %v", err) } - gotJson, err := gotPredicateStruct.MarshalJSON() + gotJSON, err := gotPredicateStruct.MarshalJSON() if err != nil { t.Fatalf("error getting predicate json: %v", err) } var expectedPredicate T - json.Unmarshal(expJson, &expectedPredicate) + json.Unmarshal(expJSON, &expectedPredicate) if err != nil { t.Fatalf("error getting predicate original struct: %v", err) } var gotPredicate T - json.Unmarshal(gotJson, &gotPredicate) + json.Unmarshal(gotJSON, &gotPredicate) if err != nil { t.Fatalf("error getting predicate original struct: %v", err) } diff --git a/test/test_utils.go b/test/test_utils.go index a798bf278f..e46ca3cd35 100644 --- a/test/test_utils.go +++ b/test/test_utils.go @@ -130,6 +130,7 @@ var simpleTaskRun = v1.TaskRun{ func makeBucket(t *testing.T, client *storage.Client) (string, func()) { // Make a bucket + t.Helper() rand.Seed(time.Now().UnixNano()) testBucketName := fmt.Sprintf("tekton-chains-e2e-%d", rand.Intn(1000)) @@ -161,6 +162,7 @@ func makeBucket(t *testing.T, client *storage.Client) (string, func()) { } func readObj(t *testing.T, bucket, name string, client *storage.Client) io.Reader { + t.Helper() ctx := context.Background() reader, err := client.Bucket(bucket).Object(name).NewReader(ctx) if err != nil { @@ -170,6 +172,7 @@ func readObj(t *testing.T, bucket, name string, client *storage.Client) io.Reade } func setConfigMap(ctx context.Context, t *testing.T, c *clients, data map[string]string) func() { + t.Helper() // Change the config to be GCS storage with this bucket. // Note(rgreinho): This comment does not look right... clean := updateConfigMap(ctx, t, c, data, namespace, "chains-config") @@ -183,6 +186,7 @@ func setConfigMap(ctx context.Context, t *testing.T, c *clients, data map[string } func setupPipelinesFeatureFlags(ctx context.Context, t *testing.T, c *clients, data map[string]string) func() { + t.Helper() pipelinesNs := "tekton-pipelines" clean := updateConfigMap(ctx, t, c, data, pipelinesNs, "feature-flags") @@ -196,6 +200,7 @@ func setupPipelinesFeatureFlags(ctx context.Context, t *testing.T, c *clients, d } func updateConfigMap(ctx context.Context, t *testing.T, c *clients, data map[string]string, ns, configMapName string) func() { + t.Helper() cm, err := c.KubeClient.CoreV1().ConfigMaps(ns).Get(ctx, configMapName, metav1.GetOptions{}) if err != nil { t.Fatal(err) @@ -233,6 +238,7 @@ func updateConfigMap(ctx context.Context, t *testing.T, c *clients, data map[str } func printDebugging(t *testing.T, obj objects.TektonObject) { + t.Helper() kind := obj.GetObjectKind().GroupVersionKind().Kind t.Logf("============================== %s logs ==============================", obj.GetGVK()) @@ -249,6 +255,7 @@ func printDebugging(t *testing.T, obj objects.TektonObject) { } func verifySignature(ctx context.Context, t *testing.T, c *clients, obj objects.TektonObject) { + t.Helper() // Retrieve the configuration. chainsConfig, err := c.KubeClient.CoreV1().ConfigMaps(namespace).Get(ctx, "chains-config", metav1.GetOptions{}) if err != nil {