only write attestation for non-private repos
This commit is contained in:
@@ -162,6 +162,34 @@ describe('config.resolvePublishActionOptions', () => {
|
||||
)
|
||||
})
|
||||
|
||||
it('throws an error when returned repository id does not match env var', async () => {
|
||||
getInputMock.mockReturnValueOnce('token')
|
||||
getContainerRegistryURLMock.mockResolvedValue(ghcrUrl)
|
||||
getRepositoryMetadataMock.mockResolvedValue({
|
||||
visibility: 'public',
|
||||
ownerId: '12345',
|
||||
repoId: '54321'
|
||||
})
|
||||
|
||||
await expect(cfg.resolvePublishActionOptions()).rejects.toThrow(
|
||||
'Repository ID mismatch.'
|
||||
)
|
||||
})
|
||||
|
||||
it('throws an error when returned repository owner id does not match env var', async () => {
|
||||
getInputMock.mockReturnValueOnce('token')
|
||||
getContainerRegistryURLMock.mockResolvedValue(ghcrUrl)
|
||||
getRepositoryMetadataMock.mockResolvedValue({
|
||||
visibility: 'public',
|
||||
ownerId: '123124',
|
||||
repoId: 'repositoryId'
|
||||
})
|
||||
|
||||
await expect(cfg.resolvePublishActionOptions()).rejects.toThrow(
|
||||
'Repository Owner ID mismatch.'
|
||||
)
|
||||
})
|
||||
|
||||
it('returns options when all values are present', async () => {
|
||||
getInputMock.mockImplementation((name: string) => {
|
||||
expect(name).toBe('github-token')
|
||||
@@ -170,7 +198,9 @@ describe('config.resolvePublishActionOptions', () => {
|
||||
getContainerRegistryURLMock.mockResolvedValue(ghcrUrl)
|
||||
|
||||
getRepositoryMetadataMock.mockResolvedValue({
|
||||
visibility: 'public'
|
||||
visibility: 'public',
|
||||
repoId: 'repositoryId',
|
||||
ownerId: 'repositoryOwnerId'
|
||||
})
|
||||
|
||||
const options = await cfg.resolvePublishActionOptions()
|
||||
@@ -198,8 +228,11 @@ describe('config.resolvePublishActionOptions', () => {
|
||||
return 'token'
|
||||
})
|
||||
getContainerRegistryURLMock.mockResolvedValue(ghcrUrl)
|
||||
|
||||
getRepositoryMetadataMock.mockResolvedValue({
|
||||
visibility: 'public'
|
||||
visibility: 'public',
|
||||
repoId: 'repositoryId',
|
||||
ownerId: 'repositoryOwnerId'
|
||||
})
|
||||
|
||||
process.env.GITHUB_SERVER_URL = 'https://github-enterprise.com'
|
||||
|
||||
+86
-3
@@ -241,7 +241,7 @@ describe('run', () => {
|
||||
expect(setFailedMock).toHaveBeenCalledWith('Something went wrong')
|
||||
})
|
||||
|
||||
it('uploads the artifact, returns package metadata from GHCR, and creates an attestation in enterprise', async () => {
|
||||
it('uploads the artifact, returns package metadata from GHCR, and skips writing attestation in enterprise', async () => {
|
||||
const options = baseOptions()
|
||||
options.isEnterprise = true
|
||||
resolvePublishActionOptionsMock.mockReturnValue(options)
|
||||
@@ -299,7 +299,7 @@ describe('run', () => {
|
||||
)
|
||||
})
|
||||
|
||||
it('uploads the artifact, returns package metadata from GHCR, and creates an attestation in non-enterprise', async () => {
|
||||
it('uploads the artifact, returns package metadata from GHCR, and creates an attestation in non-enterprise for public repo', async () => {
|
||||
resolvePublishActionOptionsMock.mockReturnValue(baseOptions())
|
||||
|
||||
createTempDirMock.mockImplementation(() => {
|
||||
@@ -330,7 +330,90 @@ describe('run', () => {
|
||||
}
|
||||
})
|
||||
|
||||
generateAttestationMock.mockImplementation(async () => {
|
||||
generateAttestationMock.mockImplementation(async options => {
|
||||
expect(options).toHaveProperty('skipWrite', false)
|
||||
|
||||
return {
|
||||
attestationID: 'test-attestation-id',
|
||||
certificate: 'test',
|
||||
bundle: {
|
||||
mediaType: 'application/vnd.cncf.notary.v2+jwt',
|
||||
verificationMaterial: {
|
||||
publicKey: {
|
||||
hint: 'test-hint'
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
// Run the action
|
||||
await main.run()
|
||||
|
||||
// Check the results
|
||||
expect(publishOCIArtifactMock).toHaveBeenCalledTimes(1)
|
||||
|
||||
// Check outputs
|
||||
expect(setOutputMock).toHaveBeenCalledTimes(4)
|
||||
|
||||
expect(setOutputMock).toHaveBeenCalledWith(
|
||||
'package-url',
|
||||
'https://ghcr.io/v2/test-org/test-repo:1.2.3'
|
||||
)
|
||||
|
||||
expect(setOutputMock).toHaveBeenCalledWith(
|
||||
'package-manifest',
|
||||
expect.any(String)
|
||||
)
|
||||
|
||||
expect(setOutputMock).toHaveBeenCalledWith(
|
||||
'package-manifest-sha',
|
||||
'sha256:my-test-digest'
|
||||
)
|
||||
|
||||
expect(setOutputMock).toHaveBeenCalledWith(
|
||||
'attestation-id',
|
||||
'test-attestation-id'
|
||||
)
|
||||
})
|
||||
|
||||
it('uploads the artifact, returns package metadata from GHCR, and creates an attestation but skips storing it in non-enterprise for private repo', async () => {
|
||||
const opts = baseOptions()
|
||||
opts.repositoryVisibility = 'private'
|
||||
|
||||
resolvePublishActionOptionsMock.mockReturnValue(opts)
|
||||
|
||||
createTempDirMock.mockImplementation(() => {
|
||||
return 'stagingOrArchivesDir'
|
||||
})
|
||||
|
||||
stageActionFilesMock.mockImplementation(() => {})
|
||||
|
||||
createArchivesMock.mockImplementation(() => {
|
||||
return {
|
||||
zipFile: {
|
||||
path: 'test',
|
||||
size: 5,
|
||||
sha256: '123'
|
||||
},
|
||||
tarFile: {
|
||||
path: 'test2',
|
||||
size: 52,
|
||||
sha256: '1234'
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
publishOCIArtifactMock.mockImplementation(() => {
|
||||
return {
|
||||
packageURL: 'https://ghcr.io/v2/test-org/test-repo:1.2.3',
|
||||
manifestDigest: 'sha256:my-test-digest'
|
||||
}
|
||||
})
|
||||
|
||||
generateAttestationMock.mockImplementation(async options => {
|
||||
expect(options).toHaveProperty('skipWrite', true)
|
||||
|
||||
return {
|
||||
attestationID: 'test-attestation-id',
|
||||
certificate: 'test',
|
||||
|
||||
Reference in New Issue
Block a user