From 08c980568eb930680b2d1787c16d58474b542d4b Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Thu, 26 May 2022 15:05:18 +0000 Subject: [PATCH] updates --- .github/workflows/release.yml | 4 ++-- pkg/provenance.go | 26 +++++++++++++------------- pkg/provenance_test.go | 2 +- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d9f3d4f92..6738b2b40 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,11 +1,11 @@ -name: Verifier realeaser +name: Verifier releaser on: # For manual tests. workflow_dispatch: push: tags: - - "*" # triggers only if push new tag version, like `0.8.4` or else + - "*" # triggers only if push new tag version, like `0.8.4`. permissions: read-all diff --git a/pkg/provenance.go b/pkg/provenance.go index fd218eda4..82c34ff5e 100644 --- a/pkg/provenance.go +++ b/pkg/provenance.go @@ -58,18 +58,18 @@ var trustedReusableWorkflows = map[string]bool{ } var ( - ErrorInvalidDssePayload = errors.New("invalid DSSE envelope payload") - errorRekorSearch = errors.New("error searching rekor entries") - errorMismatchHash = errors.New("binary artifact hash does not match provenance subject") - ErrorMismatchBranch = errors.New("branch used to generate the binary does not match provenance") - ErrorMismatchRepository = errors.New("repository used to generate the binary does not match provenance") - ErrorMismatchTag = errors.New("tag used to generate the binary does not match provenance") - ErrorMismatchVersionedTag = errors.New("tag used to generate the binary does not match provenance") - ErrorInvalidSemver = errors.New("invalid semantic version") - errorInvalidVersion = errors.New("invalid version") - errorInvalidRef = errors.New("invalid ref") - errorMalformedWorkflowURI = errors.New("malformed URI for workflow") - errUntrustedReusableWorkflow = errors.New("untrusted reusable workflow") + ErrorInvalidDssePayload = errors.New("invalid DSSE envelope payload") + ErrorMismatchBranch = errors.New("branch used to generate the binary does not match provenance") + ErrorMismatchRepository = errors.New("repository used to generate the binary does not match provenance") + ErrorMismatchTag = errors.New("tag used to generate the binary does not match provenance") + ErrorMismatchVersionedTag = errors.New("tag used to generate the binary does not match provenance") + ErrorInvalidSemver = errors.New("invalid semantic version") + errorRekorSearch = errors.New("error searching rekor entries") + errorMismatchHash = errors.New("binary artifact hash does not match provenance subject") + errorInvalidVersion = errors.New("invalid version") + errorInvalidRef = errors.New("invalid ref") + errorMalformedWorkflowURI = errors.New("malformed URI for workflow") + errorUntrustedReusableWorkflow = errors.New("untrusted reusable workflow") ) func EnvelopeFromBytes(payload []byte) (env *dsselib.Envelope, err error) { @@ -394,7 +394,7 @@ func VerifyWorkflowIdentity(id *WorkflowIdentity, source string) error { // Trusted workflow verification by name. reusableWorkflowName := strings.Trim(workflowPath[0], "/") if _, ok := trustedReusableWorkflows[reusableWorkflowName]; !ok { - return fmt.Errorf("%w: %s", errUntrustedReusableWorkflow, reusableWorkflowName) + return fmt.Errorf("%w: %s", errorUntrustedReusableWorkflow, reusableWorkflowName) } // Verify the ref. diff --git a/pkg/provenance_test.go b/pkg/provenance_test.go index bc1050f6b..a05d68ae4 100644 --- a/pkg/provenance_test.go +++ b/pkg/provenance_test.go @@ -187,7 +187,7 @@ func Test_VerifyWorkflowIdentity(t *testing.T) { Issuer: "https://token.actions.githubusercontent.com", }, source: "asraa/slsa-on-github-test", - err: errUntrustedReusableWorkflow, + err: errorUntrustedReusableWorkflow, }, { name: "untrusted job workflow ref for general repos",