Fix log message for tlog upload (#773)

* Temporarily disable Run test. Signed-off-by: Ian Lewis <ianlewis@google.com> * Fix log message for tlog upload Signed-off-by: Ian Lewis <ianlewis@google.com> * Fix unit tests run during pre-submit Signed-off-by: Ian Lewis <ianlewis@google.com> Signed-off-by: Ian Lewis <ianlewis@google.com>
slsa-framework · Aug 31, 2022 · b0db151 · b0db151
1 parent f3a107f
commit b0db151
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 9 deletions.
diff --git a/internal/builders/go/main.go b/internal/builders/go/main.go
@@ -78,7 +78,7 @@ func runProvenanceGeneration(subject, digest, commands, envs, workingDir, rekor
 	r := sigstore.NewRekor(rekor)
 	s := sigstore.NewDefaultFulcio()
 	attBytes, err := pkg.GenerateProvenance(subject, digest,
-		commands, envs, workingDir, s, r)
+		commands, envs, workingDir, s, r, nil)
 	if err != nil {
 		return err
 	}

diff --git a/internal/builders/go/pkg/provenance.go b/internal/builders/go/pkg/provenance.go
@@ -64,7 +64,7 @@ func (b *goProvenanceBuild) BuildConfig(context.Context) (interface{}, error) {
 // GenerateProvenance translates github context into a SLSA provenance
 // attestation.
 // Spec: https://slsa.dev/provenance/v0.2
-func GenerateProvenance(name, digest, command, envs, workingDir string, s signing.Signer, r signing.TransparencyLog) ([]byte, error) {
+func GenerateProvenance(name, digest, command, envs, workingDir string, s signing.Signer, r signing.TransparencyLog, provider slsa.ClientProvider) ([]byte, error) {
 	gh, err := github.GetWorkflowContext()
 	if err != nil {
 		return nil, err
@@ -84,6 +84,11 @@ func GenerateProvenance(name, digest, command, envs, workingDir string, s signin
 		return nil, err
 	}
 
+	var cmd []string
+	if len(com) > 0 {
+		cmd = []string{com[0], "mod", "vendor"}
+	}
+
 	b := goProvenanceBuild{
 		GithubActionsBuild: slsa.NewGithubActionsBuild([]intoto.Subject{
 			{
@@ -101,7 +106,7 @@ func GenerateProvenance(name, digest, command, envs, workingDir string, s signin
 					// Note: vendoring and compilation are
 					// performed in the same VM, so the compiler is
 					// the same.
-					Command:    []string{com[0], "mod", "vendor"},
+					Command:    cmd,
 					WorkingDir: workingDir,
 					// Note: No user-defined env set for this step.
 				},
@@ -116,15 +121,25 @@ func GenerateProvenance(name, digest, command, envs, workingDir string, s signin
 	}
 
 	// Pre-submit tests don't have access to write OIDC token.
-	if utils.IsPresubmitTests() {
-		b.GithubActionsBuild.WithClients(&slsa.NilClientProvider{})
+	if provider != nil {
+		b.WithClients(provider)
+	} else {
+		// TODO(github.com/slsa-framework/slsa-github-generator/issues/124): Remove
+		if utils.IsPresubmitTests() {
+			b.GithubActionsBuild.WithClients(&slsa.NilClientProvider{})
+		}
 	}
 
 	ctx := context.Background()
 	g := slsa.NewHostedActionsGenerator(&b)
 	// Pre-submit tests don't have access to write OIDC token.
-	if utils.IsPresubmitTests() {
-		g.WithClients(&slsa.NilClientProvider{})
+	if provider != nil {
+		g.WithClients(provider)
+	} else {
+		// TODO(github.com/slsa-framework/slsa-github-generator/issues/124): Remove
+		if utils.IsPresubmitTests() {
+			g.WithClients(&slsa.NilClientProvider{})
+		}
 	}
 	p, err := g.Generate(ctx)
 	if err != nil {
@@ -163,10 +178,12 @@ func GenerateProvenance(name, digest, command, envs, workingDir string, s signin
 	}
 
 	// Upload the signed attestation to rekor.
-	if logEntry, err := r.Upload(ctx, att); err != nil {
-		fmt.Printf("Uploaded signed attestation to rekor with UUID %s.\n", logEntry.UUID())
+	logEntry, err := r.Upload(ctx, att)
+	if err != nil {
 		return nil, err
 	}
 
+	fmt.Printf("Uploaded signed attestation to rekor with UUID %s.\n", logEntry.UUID())
+
 	return att.Bytes(), nil
 }
diff --git a/internal/builders/go/pkg/provenance_test.go b/internal/builders/go/pkg/provenance_test.go
@@ -1 +1,66 @@
+// Copyright 2022 SLSA Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package pkg
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"testing"
+
+	intoto "github.com/in-toto/in-toto-golang/in_toto"
+	"github.com/slsa-framework/slsa-github-generator/signing"
+	"github.com/slsa-framework/slsa-github-generator/slsa"
+)
+
+type testAttestation struct {
+	cert  []byte
+	bytes []byte
+}
+
+func (a *testAttestation) Cert() []byte {
+	return a.cert
+}
+
+func (a *testAttestation) Bytes() []byte {
+	return a.bytes
+}
+
+type testSigner struct{}
+
+func (s testSigner) Sign(context.Context, *intoto.Statement) (signing.Attestation, error) {
+	return &testAttestation{}, nil
+}
+
+type tLogWithErr struct{}
+
+var errTransparencyLog = errors.New("transparency log error")
+
+func (tLogWithErr) Upload(context.Context, signing.Attestation) (signing.LogEntry, error) {
+	fmt.Printf("Upload")
+	return nil, errTransparencyLog
+}
+
+func TestGenerateProvenance_withErr(t *testing.T) {
+	// Disable pre-submit detection.
+	// TODO(github.com/slsa-framework/slsa-github-generator/issues/124): Remove
+	t.Setenv("GITHUB_EVENT_NAME", "non_event")
+	t.Setenv("GITHUB_CONTEXT", "{}")
+	sha256 := "2e0390eb024a52963db7b95e84a9c2b12c004054a7bad9a97ec0c7c89d4681d2"
+	_, err := GenerateProvenance("foo", sha256, "", "", "/home/foo", &testSigner{}, &tLogWithErr{}, &slsa.NilClientProvider{})
+	if want, got := errTransparencyLog, err; want != got {
+		t.Errorf("expected error, want: %v, got: %v", want, got)
+	}
+}