Refactor - Use interface for rekor and fulcio

- Refactored the implementation to accept the interface instead of the concrete implementation within the function. - With this change `GenerateProvenance` can be tested with mocks. At the moment there aren't any unit tests for `GenerateProvenance`. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
slsa-framework · Jun 18, 2022 · 799449d · 799449d
1 parent cb8f03b
commit 799449d
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 5 deletions.
diff --git a/internal/builders/go/main.go b/internal/builders/go/main.go
@@ -24,6 +24,8 @@ import (
 	"os"
 	"os/exec"
 
+	"github.com/slsa-framework/slsa-github-generator/signing/sigstore"
+
 	// Enable the github OIDC auth provider.
 	_ "github.com/sigstore/cosign/pkg/providers/github"
 
@@ -72,8 +74,10 @@ func runBuild(dry bool, configFile, evalEnvs string) error {
 }
 
 func runProvenanceGeneration(subject, digest, commands, envs, workingDir string) error {
+	r := sigstore.NewDefaultRekor()
+	s := sigstore.NewDefaultFulcio()
 	attBytes, err := pkg.GenerateProvenance(subject, digest,
-		commands, envs, workingDir)
+		commands, envs, workingDir, s, r)
 	if err != nil {
 		return err
 	}

diff --git a/internal/builders/go/pkg/provenance.go b/internal/builders/go/pkg/provenance.go
@@ -18,13 +18,13 @@ import (
 	"context"
 	"encoding/hex"
 	"fmt"
+	"github.com/slsa-framework/slsa-github-generator/signing"
 	"os"
 
 	intoto "github.com/in-toto/in-toto-golang/in_toto"
 	slsa02 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
 	"github.com/slsa-framework/slsa-github-generator/github"
 	"github.com/slsa-framework/slsa-github-generator/internal/utils"
-	"github.com/slsa-framework/slsa-github-generator/signing/sigstore"
 	"github.com/slsa-framework/slsa-github-generator/slsa"
 )
 
@@ -63,7 +63,7 @@ func (b *goProvenanceBuild) BuildConfig(context.Context) (interface{}, error) {
 // GenerateProvenance translates github context into a SLSA provenance
 // attestation.
 // Spec: https://slsa.dev/provenance/v0.2
-func GenerateProvenance(name, digest, command, envs, workingDir string) ([]byte, error) {
+func GenerateProvenance(name, digest, command, envs, workingDir string, s signing.Signer, r signing.TransparencyLog) ([]byte, error) {
 	gh, err := github.GetWorkflowContext()
 	if err != nil {
 		return nil, err
@@ -153,7 +153,6 @@ func GenerateProvenance(name, digest, command, envs, workingDir string) ([]byte,
 	}
 
 	// Sign the provenance.
-	s := sigstore.NewDefaultFulcio()
 	att, err := s.Sign(ctx, &intoto.Statement{
 		StatementHeader: p.StatementHeader,
 		Predicate:       p.Predicate,
@@ -163,7 +162,6 @@ func GenerateProvenance(name, digest, command, envs, workingDir string) ([]byte,
 	}
 
 	// Upload the signed attestation to rekor.
-	r := sigstore.NewDefaultRekor()
 	if logEntry, err := r.Upload(ctx, att); err != nil {
 		fmt.Printf("Uploaded signed attestation to rekor with UUID %s.\n", logEntry.UUID())
 		return nil, err