gh attestation verify test for custom OIDC issuers#9595
Conversation
59f2a8b to
b15c5e9
Compare
|
The file being attested appears to be binary, would you mind changing that to a text file? Having binary files in a repo (even for tests) can be seen suspicious. Especially with the recent |
|
@kommendorkapten my first attempt at this had a text file as the subject but I couldn't get the tests to pass when running under Windows -- I suspect the line endings were being changed somewhere in the process. Using a binary file solved the issue, but I'll give it another try. |
|
How about creating a file with only one line and no newlines? I guess the content doesn't really matter here so a silly file like that should work I think. |
b293168 to
201b85c
Compare
Signed-off-by: Brian DeHamer <bdehamer@github.com>
201b85c to
f128ae8
Compare
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cli/cli](https://redirect.github.com/cli/cli) | minor | `v2.56.0` -> `v2.57.0` | --- ### Release Notes <details> <summary>cli/cli (cli/cli)</summary> ### [`v2.57.0`](https://redirect.github.com/cli/cli/releases/tag/v2.57.0): GitHub CLI 2.57.0 [Compare Source](https://redirect.github.com/cli/cli/compare/v2.56.0...v2.57.0) #### What's Changed - Move non-integration tests to different test file by [@​codysoyland](https://redirect.github.com/codysoyland) in [https://github.com/cli/cli/pull/9577](https://redirect.github.com/cli/cli/pull/9577) - Added tenancy aware attestation commands by [@​kommendorkapten](https://redirect.github.com/kommendorkapten) in [https://github.com/cli/cli/pull/9542](https://redirect.github.com/cli/cli/pull/9542) - Added `--active` flag to the `gh auth status` command by [@​velumuruganr](https://redirect.github.com/velumuruganr) in [https://github.com/cli/cli/pull/9520](https://redirect.github.com/cli/cli/pull/9520) - build(deps): bump github.com/sigstore/sigstore-go from 0.6.1 to 0.6.2 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/cli/cli/pull/9601](https://redirect.github.com/cli/cli/pull/9601) - `gh attestation verify` test for custom OIDC issuers by [@​bdehamer](https://redirect.github.com/bdehamer) in [https://github.com/cli/cli/pull/9595](https://redirect.github.com/cli/cli/pull/9595) - Suggest installing Rosetta when extension installation fails due to missing `darwin-arm64` binary, but a `darwin-amd64` binary is available by [@​timrogers](https://redirect.github.com/timrogers) in [https://github.com/cli/cli/pull/9599](https://redirect.github.com/cli/cli/pull/9599) - Update `gh attestation verify` bundle parsing and validation errors by [@​malancas](https://redirect.github.com/malancas) in [https://github.com/cli/cli/pull/9564](https://redirect.github.com/cli/cli/pull/9564) - Suppress `attestation verify` output when no TTY present by [@​bdehamer](https://redirect.github.com/bdehamer) in [https://github.com/cli/cli/pull/9612](https://redirect.github.com/cli/cli/pull/9612) - Use api subdomains for tenant hosts by [@​williammartin](https://redirect.github.com/williammartin) in [https://github.com/cli/cli/pull/9618](https://redirect.github.com/cli/cli/pull/9618) #### New Contributors - [@​kommendorkapten](https://redirect.github.com/kommendorkapten) made their first contribution in [https://github.com/cli/cli/pull/9542](https://redirect.github.com/cli/cli/pull/9542) - [@​velumuruganr](https://redirect.github.com/velumuruganr) made their first contribution in [https://github.com/cli/cli/pull/9520](https://redirect.github.com/cli/cli/pull/9520) - [@​bdehamer](https://redirect.github.com/bdehamer) made their first contribution in [https://github.com/cli/cli/pull/9595](https://redirect.github.com/cli/cli/pull/9595) - [@​timrogers](https://redirect.github.com/timrogers) made their first contribution in [https://github.com/cli/cli/pull/9599](https://redirect.github.com/cli/cli/pull/9599) **Full Changelog**: cli/cli@v2.56.0...v2.57.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/izumin5210/dotfiles). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC44MC4wIiwidXBkYXRlZEluVmVyIjoiMzguODAuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: izumin5210-update-aqua-checksum[bot] <169593670+izumin5210-update-aqua-checksum[bot]@users.noreply.github.com>
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [cli/cli](https://github.com/cli/cli) | minor | `v2.55.0` -> `v2.57.0` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>cli/cli (cli/cli)</summary> ### [`v2.57.0`](https://github.com/cli/cli/releases/tag/v2.57.0): GitHub CLI 2.57.0 [Compare Source](cli/cli@v2.56.0...v2.57.0) #### What's Changed - Move non-integration tests to different test file by [@​codysoyland](https://github.com/codysoyland) in cli/cli#9577 - Added tenancy aware attestation commands by [@​kommendorkapten](https://github.com/kommendorkapten) in cli/cli#9542 - Added `--active` flag to the `gh auth status` command by [@​velumuruganr](https://github.com/velumuruganr) in cli/cli#9520 - build(deps): bump github.com/sigstore/sigstore-go from 0.6.1 to 0.6.2 by [@​dependabot](https://github.com/dependabot) in cli/cli#9601 - `gh attestation verify` test for custom OIDC issuers by [@​bdehamer](https://github.com/bdehamer) in cli/cli#9595 - Suggest installing Rosetta when extension installation fails due to missing `darwin-arm64` binary, but a `darwin-amd64` binary is available by [@​timrogers](https://github.com/timrogers) in cli/cli#9599 - Update `gh attestation verify` bundle parsing and validation errors by [@​malancas](https://github.com/malancas) in cli/cli#9564 - Suppress `attestation verify` output when no TTY present by [@​bdehamer](https://github.com/bdehamer) in cli/cli#9612 - Use api subdomains for tenant hosts by [@​williammartin](https://github.com/williammartin) in cli/cli#9618 #### New Contributors - [@​kommendorkapten](https://github.com/kommendorkapten) made their first contribution in cli/cli#9542 - [@​velumuruganr](https://github.com/velumuruganr) made their first contribution in cli/cli#9520 - [@​bdehamer](https://github.com/bdehamer) made their first contribution in cli/cli#9595 - [@​timrogers](https://github.com/timrogers) made their first contribution in cli/cli#9599 **Full Changelog**: cli/cli@v2.56.0...v2.57.0 ### [`v2.56.0`](https://github.com/cli/cli/releases/tag/v2.56.0): GitHub CLI 2.56.0 [Compare Source](cli/cli@v2.55.0...v2.56.0) #### Important note about renewed GPG key The Debian and RedHat releases have been signed with a new GPG key. If you are experiencing issues updating your `.deb` or `.rpm` packages, please read [cli/cli#9569](cli/cli#9569). #### What's Changed - Always print URL scheme to stdout by [@​heaths](https://github.com/heaths) in cli/cli#9471 - Quote repo names consistently in `gh repo sync` stdout by [@​muzimuzhi](https://github.com/muzimuzhi) in cli/cli#9491 - Fetch bundle from OCI registry for verify by [@​ejahnGithub](https://github.com/ejahnGithub) in cli/cli#9421 - Remove `Internal` from `gh repo create` prompt when owner is not an org by [@​jtmcg](https://github.com/jtmcg) in cli/cli#9465 - Drop surplus trailing space char in flag names in web by [@​muzimuzhi](https://github.com/muzimuzhi) in cli/cli#9495 - fix the trimming of log filenames for `gh run view` by [@​benebsiny](https://github.com/benebsiny) in cli/cli#9482 - "offline" verification using the bundle of attestations without any additional handling of the file by [@​aryanbhosale](https://github.com/aryanbhosale) in cli/cli#9523 - build(deps): bump actions/attest-build-provenance from 1.4.1 to 1.4.2 by [@​dependabot](https://github.com/dependabot) in cli/cli#9518 - Fix doc typo for `repo sync` by [@​muzimuzhi](https://github.com/muzimuzhi) in cli/cli#9509 - Correct the help message for -F by [@​Goooler](https://github.com/Goooler) in cli/cli#9525 - chore: fix some function names by [@​crystalstall](https://github.com/crystalstall) in cli/cli#9555 - verify 2nd artifact without swapping order by [@​aryanbhosale](https://github.com/aryanbhosale) in cli/cli#9532 - `gh attestation verify` handles empty JSONL files by [@​malancas](https://github.com/malancas) in cli/cli#9541 - Enhance Linux installation docs to redirect users to GPG renewal issue, better troubleshooting support by [@​andyfeller](https://github.com/andyfeller) in cli/cli#9573 - Upgrade sigstore-go to v0.6.1 by [@​codysoyland](https://github.com/codysoyland) in cli/cli#9566 - Check for nil values to prevent nil dereference panic by [@​codysoyland](https://github.com/codysoyland) in cli/cli#9578 - build(deps): bump actions/attest-build-provenance from 1.4.2 to 1.4.3 by [@​dependabot](https://github.com/dependabot) in cli/cli#9575 #### New Contributors - [@​aryanbhosale](https://github.com/aryanbhosale) made their first contribution in cli/cli#9523 - [@​Goooler](https://github.com/Goooler) made their first contribution in cli/cli#9525 - [@​crystalstall](https://github.com/crystalstall) made their first contribution in cli/cli#9555 **Full Changelog**: cli/cli@v2.55.0...v2.56.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->

Adds a new integration test for the
gh attestation verifycommand that attempts to verify a build provenance attestation bundle generated from an account where the OIDC token is using a custom issuer value.