maven fixes

Signed-off-by: laurentsimon <laurentsimon@google.com>

.github/workflows/scripts/e2e-verify.common.sh

@@ -225,6 +225,15 @@ get_builder_id() {
     "nodejs")
         builder_id="https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_nodejs_slsa3.yml@refs/heads/main"
         ;;
+    "maven")
+        builder_id="https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@refs/heads/main"
+        ;;
+    "gradle")
+        builder_id="https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_gradle_slsa3.yml@refs/heads/main"
+        ;;
+    "bazel")
+        builder_id="https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_bazel_slsa3.yml@refs/heads/main"
+        ;;
     "delegator-generic" | "delegator-lowperms")
         # The builder ID is set by the workflow.
         # NOTE: the TRW is referenced at a tag, but the BYOB is referenced at HEAD.
@@ -252,6 +261,15 @@ assemble_minimum_builder_args() {
         echo "--builder-id=${builder_id}"
     elif [[ "${this_builder}" == "delegator-lowperms" ]]; then
         echo "--builder-id=${builder_id}"
+    elif [[ "${this_builder}" == "maven" ]]; then
+        echo "--builder-id=${builder_id}"
+    elif [[ "${this_builder}" == "gradle" ]]; then
+        echo "--builder-id=${builder_id}"
+    elif [[ "${this_builder}" == "bazel" ]]; then
+        echo "--builder-id=${builder_id}"
+    else
+        echo "unknown builder: ${this_builder}"
+        exit 1
     fi
 }
 
@@ -400,7 +418,6 @@ verify_provenance_authenticity() {
     # https://github.com/slsa-framework/slsa-verifier/pull/192
     if [[ "$tag" == "HEAD" ]] || version_ge "$tag" "v1.3"; then
         echo "  **** Default parameters (annotated tags) *****"
-
         $verifierCmd "${artifactAndbuilderMinArgs[@]}" "${provenanceArg[@]}" "${packageArg[@]}" "${sourceArg[@]}" "github.com/$GITHUB_REPOSITORY"
         e2e_assert_eq "$?" "0" "not main default parameters (annotated_tags)"
     elif [[ -z "$annotated_tags" ]]; then

.github/workflows/scripts/e2e.maven.default.verify.sh

@@ -15,24 +15,35 @@ if [[ -n "${RUNNER_DEBUG}" ]]; then
     set -x
 fi
 
-artifact_version=$(mvn org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate  -Dexpression=project.version -q -DforceStdout -f "${POMXML}")
+# See https://stackoverflow.com/questions/17998978/removing-colors-from-output
+# I tried -Dmaven.color=false and --batch-mode tomvn, without success.
+remove_colors() {
+    local s="$1"
+    echo "$s" | sed -r "s/[[:cntrl:]]\[[0-9]{1,3}m//g"
+}
+
+artifact_version=$(mvn org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.version -q -DforceStdout -f "${POMXML}")
 artifact_id=$(mvn org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.artifactId -q -DforceStdout -f "${POMXML}")
-artifact_name="${artifact_id}-${artifact_version}.jar"
-provenance="${PROVENANCE_DIR}/${artifact_name}.build.slsa"
+artifact_version=$(remove_colors "$artifact_version")
+artifact_id=$(remove_colors "$artifact_id")
 
-go env -w GOFLAGS=-mod=mod
+# Set the BINARY and PROVENANCE env variables: they
+# are expected to be set for the call to e2e_run_verifier_all_releases().
+BINARY="${artifact_id}-${artifact_version}.jar"
+PROVENANCE="${PROVENANCE_DIR}/${BINARY}.build.slsa"
 
 verify_provenance_content() {
     local attestation
-    attestation=$(jq -r '.dsseEnvelope.payload' "${provenance}" | base64 -d)
+
+    attestation=$(jq -r '.dsseEnvelope.payload' "${PROVENANCE}" | base64 -d)
 
     # Run the artifact and verify the output is correct
-    artifact_output=$(java -jar target/"${artifact_name}")
+    artifact_output=$(java -jar target/"${BINARY}")
     expected_artifact_output="${EXPECTED_ARTIFACT_OUTPUT}"
     e2e_assert_eq "${artifact_output}" "${expected_artifact_output}" "The output from the artifact should be '${expected_artifact_output}' but was '${artifact_output}'"
 
     # Verify the content of the attestation
-    e2e_verify_predicate_subject_name "${attestation}" "${artifact_name}"
+    e2e_verify_predicate_subject_name "${attestation}" "${BINARY}"
     e2e_verify_predicate_v1_runDetails_builder_id "${attestation}" "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@refs/heads/main"
     e2e_verify_predicate_v1_buildDefinition_buildType "${attestation}" "https://github.com/slsa-framework/slsa-github-generator/delegator-generic@v0"
 }
@@ -44,7 +55,7 @@ echo "GITHUB_REF_NAME: $GITHUB_REF_NAME"
 echo "GITHUB_REF_TYPE: $GITHUB_REF_TYPE"
 echo "GITHUB_REF: $GITHUB_REF"
 echo "DEBUG: file is $this_file"
-echo "PROVENANCE is: ${provenance}"
+echo "PROVENANCE is: ${PROVENANCE}"
 
 export SLSA_VERIFIER_TESTING="true"
 

setvar.sh

@@ -18,13 +18,25 @@ export_var() {
     export "${name}"="${value}"
 }
 
-export GH=~/slsa/slsa-github-generator/gh/gh_2.9.0_linux_amd64/bin/gh
-export GH_TOKEN=${GITHUB_AUTH_TOKEN}
+# NOTE: These must be manually updated.
+
+# BYOB
+# export CHECKOUT_SHA1=f0afb8daaa59dc649b7c839fc3afce24f319527a
+export CHECKOUT_MESSAGE="Hello world!"
 export BINARY=my-artifact
 export PROVENANCE=my-artifact.build.slsa
-export THIS_FILE=e2e.delegator-generic.workflow_dispatch.branch1.checkout.slsa3.yml
-export BUILDER_ID=https://github.com/slsa-framework/example-trw/.github/workflows/builder_example_slsa3.yml
-export BUILDER_TAG=v3.0.0
+
+# Maven
+# ln -s tmp/target/ .
+export EXPECTED_ARTIFACT_OUTPUT="Hello world!"
+export PROVENANCE_DIR=./tmp
+export POMXML=./e2e/maven/workflow_dispatch/pom.xml
+
+# Global vars.
+export GH=~/slsa/slsa-github-generator/gh/gh_2.9.0_linux_amd64/bin/gh
+export GH_TOKEN=${GITHUB_AUTH_TOKEN}
+export THIS_FILE=e2e.maven.workflow_dispatch.main.default.slsa3.yml
+export BUILDER_ID=https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml
 export SLSA_VERIFIER_TESTING=1
 
 export_var GITHUB_SHA
@@ -45,5 +57,3 @@ export_var GITHUB_WORKFLOW_SHA
 GITHUB_REF_NAME=$(echo "${GITHUB_REF}" | cut -d '/' -f3)
 export GITHUB_REF_NAME
 
-export CHECKOUT_SHA1=f0afb8daaa59dc649b7c839fc3afce24f319527a
-export CHECKOUT_MESSAGE="hello checkout"