Change Run incovation URI extension to pipeline_id

Signed-off-by: Ilia Medvedev <ilia.medvedev@codefresh.io>
sigstore · Apr 5, 2024 · 9edc6ae · 9edc6ae
1 parent 1ee2e9a
commit 9edc6ae
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 4 deletions.
diff --git a/docs/oid-info.md b/docs/oid-info.md
@@ -205,7 +205,7 @@ that Sigstore operates.
 | repository_id         | project_id     | ??       | ?? | N/A        | Source Repository Identifier     | Stable identifier for the owner of the source repository.                                                                                                                                      |
 | server_url + repository_owner         | server_url + namespace_path | ??       | ?? | N/A        | Source Repository Owner URI     | Fully qualified URL for the owner of the source repository.                                                                                                                                     |
 | repository_owner_id         | namespace_id     | ??       | ?? | N/A        | Source Repository Owner Identifier     | Stable identifier for the owner of the source repository.                                                                                                                                   |
-| server_url + workflow_ref       |  ci_config_ref_uri ([WIP][gitlab-wip-cliams]) | ??       | ??        | platform_url + /build/ +  workflow_id        | Build Config URI             | A reference to the initiating build instructions.                                                                                                                                      |
+| server_url + workflow_ref       |  ci_config_ref_uri ([WIP][gitlab-wip-cliams]) | ??       | ??        | platform_url + /api/pipelines/ +  pipeline_id        | Build Config URI             | A reference to the initiating build instructions.                                                                                                                                      |
 | workflow_sha       |  ci_config_sha ([WIP][gitlab-wip-cliams]) | ??       | ?? | N/A        | Build Config Digest          | An immutable reference to the specific version of the top-level build instructions. Should include the digest type followed by the digest, e.g. `sha1:abc123`.                         |
 | event_name         | pipeline_source | ??       | ??        | N/A        | Build Trigger                | The event or action that triggered the build.                                                                                                                                          |
 | server_url + repository + "/actions/runs/" + run_id + "/attempts/" + run_attempt | server_url + project_path + /-/jobs/ + job_id | ??       | ??        | platform_url + /build/ +  workflow_id        | Run Invocation URI           | An immutable identifier that can uniquely identify the build execution     |

diff --git a/pkg/identity/codefresh/principal.go b/pkg/identity/codefresh/principal.go
@@ -154,7 +154,7 @@ func (w workflowPrincipal) Embed(_ context.Context, cert *x509.Certificate) erro
 		RunnerEnvironment:   w.runnerEnvironment,
 		SourceRepositoryURI: w.scmRepoURL,
 		SourceRepositoryRef: w.scmRef,
-		BuildConfigURI:      baseURL.JoinPath("build", w.workflowID).String(),
+		BuildConfigURI:      baseURL.JoinPath("api", "pipelines", w.pipelineID).String(),
 		RunInvocationURI:    baseURL.JoinPath("build", w.workflowID).String(),
 	}.Render()
 

diff --git a/pkg/identity/codefresh/principal_test.go b/pkg/identity/codefresh/principal_test.go
@@ -264,7 +264,7 @@ func TestEmbed(t *testing.T) {
 				`Certificate has correct runner environment extension`: factExtensionIs(asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 57264, 1, 11}, "hybrid"),
 				`Certificate has correct source repo URI extension`:    factExtensionIs(asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 57264, 1, 12}, "https://github.com/codefresh-io/fulcio-oidc"),
 				`Certificate has correct source repo ref extension`:    factExtensionIs(asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 57264, 1, 14}, "main"),
-				`Certificate has correct build config URI extension`:   factExtensionIs(asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 57264, 1, 18}, "https://g.codefresh.io/build/65e6bcf7c2af1f228fa97f80"),
+				`Certificate has correct build config URI extension`:   factExtensionIs(asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 57264, 1, 18}, "https://g.codefresh.io/api/pipelines/65e5a53e52853dc51a5b0cc1"),
 				`Certificate has correct run invocation URI extension`: factExtensionIs(asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 57264, 1, 21}, "https://g.codefresh.io/build/65e6bcf7c2af1f228fa97f80"),
 			},
 		},

diff --git a/pkg/server/grpc_server_test.go b/pkg/server/grpc_server_test.go
@@ -1225,7 +1225,7 @@ func TestAPIWithCodefresh(t *testing.T) {
 		11: claims.RunnerEnvironment,
 		12: claims.SCMRepoURL,
 		14: claims.SCMRef,
-		18: claims.PlatformURL + "/build/" + claims.WorkflowID,
+		18: claims.PlatformURL + "/api/pipelines/" + claims.PipelineID,
 		21: claims.PlatformURL + "/build/" + claims.WorkflowID,
 	}
 	for o, value := range expectedExts {