always set skipWrite to false when generating attestations

This commit is contained in:
Conor Sloan
2024-08-10 10:09:49 +01:00
parent 1a8d07a497
commit 90d59724e7
3 changed files with 4 additions and 97 deletions
-87
View File
@@ -509,93 +509,6 @@ describe('run', () => {
'test-attestation-id'
)
})
it('uploads the artifact, returns package metadata from GHCR, and creates an attestation but skips storing it in non-enterprise for private repo', async () => {
const opts = baseOptions()
opts.repositoryVisibility = 'private'
resolvePublishActionOptionsMock.mockReturnValue(opts)
ensureCorrectShaCheckedOutMock.mockImplementation(() => {})
createTempDirMock.mockImplementation(() => {
return 'stagingOrArchivesDir'
})
stageActionFilesMock.mockImplementation(() => {})
createArchivesMock.mockImplementation(() => {
return {
zipFile: {
path: 'test',
size: 5,
sha256: '123'
},
tarFile: {
path: 'test2',
size: 52,
sha256: '1234'
}
}
})
calculateManifestDigestMock.mockImplementation(() => {
return 'sha256:my-test-digest'
})
publishOCIArtifactMock.mockImplementation(() => {
return {
packageURL: 'https://ghcr.io/v2/test-org/test-repo:1.2.3',
publishedDigest: 'sha256:my-test-digest'
}
})
generateAttestationMock.mockImplementation(async options => {
expect(options).toHaveProperty('skipWrite', true)
return {
attestationID: 'test-attestation-id',
certificate: 'test',
bundle: {
mediaType: 'application/vnd.cncf.notary.v2+jwt',
verificationMaterial: {
publicKey: {
hint: 'test-hint'
}
}
}
}
})
// Run the action
await main.run()
// Check the results
expect(publishOCIArtifactMock).toHaveBeenCalledTimes(1)
// Check outputs
expect(setOutputMock).toHaveBeenCalledTimes(4)
expect(setOutputMock).toHaveBeenCalledWith(
'package-url',
'https://ghcr.io/v2/test-org/test-repo:1.2.3'
)
expect(setOutputMock).toHaveBeenCalledWith(
'package-manifest',
expect.any(String)
)
expect(setOutputMock).toHaveBeenCalledWith(
'package-manifest-sha',
'sha256:my-test-digest'
)
expect(setOutputMock).toHaveBeenCalledWith(
'attestation-id',
'test-attestation-id'
)
})
})
function baseOptions(): cfg.PublishActionOptions {
Generated Vendored
+2 -5
View File
@@ -104972,11 +104972,8 @@ async function generateAttestation(manifestDigest, semverTag, options) {
subjectDigest: { sha256: subjectDigest },
token: options.token,
sigstore: 'github',
// Attestation storage is only supported for public repositories or repositories which belong to a GitHub Enterprise Cloud account.
// See: https://github.com/actions/toolkit/tree/main/packages/attest#storage
// Since internal repos can only be owned by Enterprises, we'll use this visibility as a proxy for "owned by a GitHub Enterprise Cloud account."
// See: https://docs.github.com/en/enterprise-cloud@latest/repositories/creating-and-managing-repositories/about-repositories#about-internal-repositories
skipWrite: options.repositoryVisibility === 'private'
// Always store the attestation using the GitHub Attestations API
skipWrite: false
});
}
function removePrefix(str, prefix) {
+2 -5
View File
@@ -127,11 +127,8 @@ async function generateAttestation(
subjectDigest: { sha256: subjectDigest },
token: options.token,
sigstore: 'github',
// Attestation storage is only supported for public repositories or repositories which belong to a GitHub Enterprise Cloud account.
// See: https://github.com/actions/toolkit/tree/main/packages/attest#storage
// Since internal repos can only be owned by Enterprises, we'll use this visibility as a proxy for "owned by a GitHub Enterprise Cloud account."
// See: https://docs.github.com/en/enterprise-cloud@latest/repositories/creating-and-managing-repositories/about-repositories#about-internal-repositories
skipWrite: options.repositoryVisibility === 'private'
// Always store the attestation using the GitHub Attestations API
skipWrite: false
})
}