refactor: generalize provenance out of predicate type info #463
Conversation
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Asra Ali <asraa@google.com>
|
|
||
| // GetStringFromEnvironment retrieves a string parameter from the environment | ||
| // attested to in the provenance. | ||
| GetStringFromEnvironment(name string) (string, error) |
There was a problem hiding this comment.
do you want to go further and have the high-level functions Branch(), Tag()?
This would work also for v1.0, but would look inside systemParameters... Can iterate later if it's too early to optimize now :-) Or maybe it's a bad idea. Just suggesting
There was a problem hiding this comment.
Yeah, I was a little bit unsure. On one hand it makes it very clear what info we require from the provenance. On the other hand I wasn't too sure to optimize away all of this too early.
I will follow-up w/ an issue and mark as fixed when I add the v1.0 impl
There was a problem hiding this comment.
FWIW i'm leaning towards exposing the high-level functions. Addressing in my next follow-up!
Thanks!
There was a problem hiding this comment.
sure, no urgency on this
| @@ -564,7 +574,7 @@ func Test_VerifyWorkflowInputs(t *testing.T) { | |||
| "some_bool": "true", | |||
| "some_integer": "123", | |||
| }, | |||
| expected: serrors.ErrorInvalidDssePayload, | |||
| expected: serrors.ErrorMismatchWorkflowInputs, | |||
There was a problem hiding this comment.
Reviewers: I had to update this testcase and the error it generated because it was actually a weirdly formed DSSE envelope input (doubly encoded), and my code made it fail when it was detecting predicateType. Meanwhile, the error had to change from InvalidDssePayload to the actual error check, which is mismatch workflow inputs.
Signed-off-by: Asra Ali <asraa@google.com>
* update * update * update
Signed-off-by: Asra Ali asraa@google.com
This generalized the provenance we verify in GHA to work against a generic Provenance interface, which may be provenance v0.2 or soon, v1.0
We can eventually move this package into the common code, when GCB also makes a migration.