-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refactor: generalize provenance out of predicate type info #463
Conversation
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Asra Ali <asraa@google.com>
|
||
// GetStringFromEnvironment retrieves a string parameter from the environment | ||
// attested to in the provenance. | ||
GetStringFromEnvironment(name string) (string, error) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do you want to go further and have the high-level functions Branch()
, Tag()
?
This would work also for v1.0, but would look inside systemParameters... Can iterate later if it's too early to optimize now :-) Or maybe it's a bad idea. Just suggesting
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I was a little bit unsure. On one hand it makes it very clear what info we require from the provenance. On the other hand I wasn't too sure to optimize away all of this too early.
I will follow-up w/ an issue and mark as fixed when I add the v1.0 impl
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SG!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FWIW i'm leaning towards exposing the high-level functions. Addressing in my next follow-up!
Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sure, no urgency on this
@@ -564,7 +574,7 @@ func Test_VerifyWorkflowInputs(t *testing.T) { | |||
"some_bool": "true", | |||
"some_integer": "123", | |||
}, | |||
expected: serrors.ErrorInvalidDssePayload, | |||
expected: serrors.ErrorMismatchWorkflowInputs, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewers: I had to update this testcase and the error it generated because it was actually a weirdly formed DSSE envelope input (doubly encoded), and my code made it fail when it was detecting predicateType. Meanwhile, the error had to change from InvalidDssePayload to the actual error check, which is mismatch workflow inputs.
Signed-off-by: Asra Ali <asraa@google.com>
* update * update * update
Signed-off-by: Asra Ali asraa@google.com
This generalized the provenance we verify in GHA to work against a generic Provenance interface, which may be provenance v0.2 or soon, v1.0
We can eventually move this package into the common code, when GCB also makes a migration.