Skip to content

Commit

Permalink
Fix to prevent adding empty structs into materials. (tektoncd#678)
Browse files Browse the repository at this point in the history 
Signed-off-by: jagathprakash <31057312+jagathprakash@users.noreply.github.com>

Signed-off-by: jagathprakash <31057312+jagathprakash@users.noreply.github.com>
  • Loading branch information
@jagathprakash
jagathprakash authored Jan 17, 2023
1 parent 1b47418 commit 1b142b5
Show file tree
Hide file tree
Showing 3 changed files with 292 additions and 9 deletions.
12 changes: 7 additions & 5 deletions pkg/chains/formats/intotoite6/pipelinerun/pipelinerun.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -224,11 +224,13 @@ func materials(pro *objects.PipelineRunObject, logger *zap.SugaredLogger) []slsa
url = r.Value.StringVal
}
}
url = attest.SPDXGit(url, "")
mats = append(mats, slsa.ProvenanceMaterial{
URI: url,
Digest: map[string]string{"sha1": commit},
})
if len(commit) > 0 && len(url) > 0 {
url = attest.SPDXGit(url, "")
mats = append(mats, slsa.ProvenanceMaterial{
URI: url,
Digest: map[string]string{"sha1": commit},
})
}
return mats
}

Expand Down
25 changes: 21 additions & 4 deletions pkg/chains/formats/intotoite6/pipelinerun/provenance_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,16 +33,18 @@ import (

// Global pro is only read from, never modified
var pro *objects.PipelineRunObject
var proStructuredResults *objects.PipelineRunObject
var e1BuildStart = time.Unix(1617011400, 0)
var e1BuildFinished = time.Unix(1617011415, 0)

func init() {
pro = createPro()
pro = createPro("../testdata/pipelinerun1.json")
proStructuredResults = createPro("../testdata/pipelinerun_structured_results.json")
}

func createPro() *objects.PipelineRunObject {
func createPro(path string) *objects.PipelineRunObject {
var err error
pr, err := objectloader.PipelineRunFromFile("../testdata/pipelinerun1.json")
pr, err := objectloader.PipelineRunFromFile(path)
if err != nil {
panic(err)
}
Expand Down Expand Up @@ -397,7 +399,7 @@ func TestBuildConfigTaskOrder(t *testing.T) {
WhenExpressions: tt.whenExpressions,
RunAfter: tt.runAfter,
}
pro := createPro()
pro := createPro("../testdata/pipelinerun1.json")
pro.Status.PipelineSpec.Tasks[BUILD_TASK] = pt
got := buildConfig(pro, logtesting.TestLogger(t))
if diff := cmp.Diff(expected, got); diff != "" {
Expand Down Expand Up @@ -458,6 +460,21 @@ func TestMaterials(t *testing.T) {
}
}

func TestStructuredResultMaterials(t *testing.T) {
want := []slsa.ProvenanceMaterial{
{
URI: "abcd",
Digest: slsa.DigestSet{
"sha256": "827521c857fdcd4374f4da5442fbae2edb01e7fbae285c3ec15673d4c1daecb7",
},
},
}
got := materials(proStructuredResults, logtesting.TestLogger(t))
if diff := cmp.Diff(want, got); diff != "" {
t.Errorf("materials(): -want +got: %s", diff)
}
}

var ignore = []cmp.Option{cmpopts.IgnoreUnexported(name.Registry{}, name.Repository{}, name.Digest{})}

func TestSubjectDigests(t *testing.T) {
Expand Down
264 changes: 264 additions & 0 deletions pkg/chains/formats/intotoite6/testdata/pipelinerun_structured_results.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,264 @@
{
"spec": {
"params": [
{
"name": "IMAGE",
"value": "test.io/test/image"
}
],
"pipelineRef": {
"name": "test-pipeline"
},
"serviceAccountName": "pipeline"
},
"status": {
"startTime": "2021-03-29T09:50:00Z",
"completionTime": "2021-03-29T09:50:15Z",
"conditions": [
{
"lastTransitionTime": "2021-03-29T09:50:15Z",
"message": "Tasks Completed: 2 (Failed: 0, Cancelled 0), Skipped: 0",
"reason": "Succeeded",
"status": "True",
"type": "Succeeded"
}
],
"pipelineResults": [
{
"name": "image-ARTIFACT_INPUTS",
"value": {
"uri": "abcd",
"digest": "sha256:827521c857fdcd4374f4da5442fbae2edb01e7fbae285c3ec15673d4c1daecb7"
}
},
{
"name": "image-ARTIFACT_OUTPUTS",
"value": {
"uri": "hello_world",
"sha256": "827521c857fdcd4374f4da5442fbae2edb01e7fbae285c3ec15673d4c1daecb7"
}
}
],
"pipelineSpec": {
"params": [
{
"description": "Image path on registry",
"name": "IMAGE",
"type": "string"
}
],
"tasks": [
{
"name": "git-clone",
"params": [
{
"name": "url",
"value": "https://git.test.com"
},
{
"name": "revision",
"value": ""
}
],
"taskRef": {
"kind": "ClusterTask",
"name": "git-clone"
}
},
{
"name": "build",
"params": [
{
"name": "CHAINS-GIT_COMMIT",
"value": "$(tasks.git-clone.results.commit)"
},
{
"name": "CHAINS-GIT_URL",
"value": "$(tasks.git-clone.results.url)"
}
],
"taskRef": {
"kind": "ClusterTask",
"name": "build"
}
}
]
},
"taskRuns": {
"git-clone": {
"pipelineTaskName": "git-clone",
"status": {
"completionTime": "2021-03-29T09:50:15Z",
"conditions": [
{
"lastTransitionTime": "2021-03-29T09:50:15Z",
"message": "All Steps have completed executing",
"reason": "Succeeded",
"status": "True",
"type": "Succeeded"
}
],
"podName": "git-clone-pod",
"startTime": "2021-03-29T09:50:00Z",
"steps": [
{
"container": "step-clone",
"imageID": "test.io/test/clone-image",
"name": "clone",
"terminated": {
"exitCode": 0,
"finishedAt": "2021-03-29T09:50:15Z",
"reason": "Completed",
"startedAt": "2022-05-31T19:13:27Z"
}
}
],
"taskResults": [
{
"name": "commit",
"value": "abcd"
},
{
"name": "url",
"value": "https://git.test.com"
}
],
"taskSpec": {
"params": [
{
"description": "Repository URL to clone from.",
"name": "url",
"type": "string"
},
{
"default": "",
"description": "Revision to checkout. (branch, tag, sha, ref, etc...)",
"name": "revision",
"type": "string"
}
],
"results": [
{
"description": "The precise commit SHA that was fetched by this Task.",
"name": "commit"
},
{
"description": "The precise URL that was fetched by this Task.",
"name": "url"
}
],
"steps": [
{
"env": [
{
"name": "HOME",
"value": "$(params.userHome)"
},
{
"name": "PARAM_URL",
"value": "$(params.url)"
}
],
"image": "$(params.gitInitImage)",
"name": "clone",
"resources": {},
"script": "git clone"
}
]
}
}
},
"taskrun-build": {
"pipelineTaskName": "build",
"status": {
"completionTime": "2021-03-29T09:50:15Z",
"conditions": [
{
"lastTransitionTime": "2021-03-29T09:50:15Z",
"message": "All Steps have completed executing",
"reason": "Succeeded",
"status": "True",
"type": "Succeeded"
}
],
"podName": "build-pod",
"startTime": "2021-03-29T09:50:00Z",
"steps": [
{
"container": "step-build",
"imageID": "test.io/test/build-image",
"name": "build",
"terminated": {
"exitCode": 0,
"finishedAt": "2022-05-31T19:17:30Z",
"reason": "Completed",
"startedAt": "2021-03-29T09:50:00Z"
}
}
],
"taskResults": [
{
"name": "IMAGE_DIGEST",
"value": "sha256:827521c857fdcd4374f4da5442fbae2edb01e7fbae285c3ec15673d4c1daecb7"
},
{
"name": "IMAGE_URL",
"value": "test.io/test/image\n"
}
],
"taskSpec": {
"params": [
{
"description": "Git CHAINS URL",
"name": "CHAINS-GIT_URL",
"type": "string"
},
{
"description": "Git CHAINS Commit",
"name": "CHAINS-GIT_COMMIT",
"type": "string"
}
],
"results": [
{
"description": "Digest of the image just built.",
"name": "IMAGE_DIGEST"
},
{
"description": "URL of the image just built.",
"name": "IMAGE_URL"
}
],
"steps": [
{
"command": [
"buildah",
"build"
],
"image": "test.io/test/build-image",
"name": "generate"
},
{
"command": [
"buildah",
"push"
],
"image": "test.io/test/build-image",
"name": "push"
}
]
}
}
}
},
"provenance": {
"configSource": {
"uri": "github.com/test",
"digest": {
"sha1": "28b123"
},
"entryPoint": "pipeline.yaml"
}
}
}
}

0 comments on commit 1b142b5

Please sign in to comment.