Skip to content

Commit

Permalink
bump @actions/attest from 1.0.0 to 1.1.0 (#33)
Browse files Browse the repository at this point in the history
Signed-off-by: Brian DeHamer <[email protected]>
  • Loading branch information
bdehamer authored Mar 29, 2024
1 parent 5096d30 commit 810042e
Show file tree
Hide file tree
Showing 6 changed files with 15,578 additions and 1,769 deletions.
83 changes: 55 additions & 28 deletions __tests__/main.test.ts
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
import * as core from '@actions/core'
import * as jose from 'jose'
import nock from 'nock'
import * as main from '../src/main'

// Mock the GitHub Actions core library
jest.mock('@actions/core')
// Mock the GitHub Actions core library functions
const setOutputMock = jest.spyOn(core, 'setOutput')
const setFailedMock = jest.spyOn(core, 'setFailed')

Expand All @@ -11,50 +12,76 @@ setFailedMock.mockImplementation(() => {})

describe('main', () => {
let outputs = {} as Record<string, string>
const originalEnv = process.env
const issuer = 'https://token.actions.githubusercontent.com'
const audience = 'nobody'
const jwksPath = '/.well-known/jwks.json'
const tokenPath = '/token'

beforeEach(() => {
const claims = {
iss: issuer,
aud: 'nobody',
repository: 'owner/repo',
ref: 'refs/heads/main',
sha: 'babca52ab0c93ae16539e5923cb0d7403b9a093b',
workflow_ref: 'owner/repo/.github/workflows/main.yml@main',
event_name: 'push',
repository_id: 'repo-id',
repository_owner_id: 'owner-id',
run_id: 'run-id',
run_attempt: 'run-attempt',
runner_environment: 'github-hosted'
}

beforeEach(async () => {
jest.resetAllMocks()

setOutputMock.mockImplementation((key, value) => {
outputs[key] = value
})

process.env = {
...originalEnv,
ACTIONS_ID_TOKEN_REQUEST_URL: `${issuer}${tokenPath}?`,
ACTIONS_ID_TOKEN_REQUEST_TOKEN: 'token',
GITHUB_SERVER_URL: 'https://github.com',
GITHUB_REPOSITORY: claims.repository
}

// Generate JWT signing key
const key = await jose.generateKeyPair('PS256')

// Create JWK, JWKS, and JWT
const kid = '12345'
const jwk = await jose.exportJWK(key.publicKey)
const jwks = { keys: [{ ...jwk, kid }] }
const jwt = await new jose.SignJWT(claims)
.setProtectedHeader({ alg: 'PS256', kid })
.sign(key.privateKey)

// Mock OpenID configuration and JWKS endpoints
nock(issuer)
.get('/.well-known/openid-configuration')
.reply(200, { jwks_uri: `${issuer}${jwksPath}` })
nock(issuer).get(jwksPath).reply(200, jwks)

// Mock OIDC token endpoint for populating the provenance
nock(issuer).get(tokenPath).query({ audience }).reply(200, { value: jwt })
})

afterEach(() => {
outputs = {}
process.env = originalEnv
})

it('successfully run main', async () => {
const originalEnv = process.env
process.env = {
...originalEnv,
GITHUB_REPOSITORY: 'owner/repo',
GITHUB_REF: 'refs/heads/main',
GITHUB_SHA: 'babca52ab0c93ae16539e5923cb0d7403b9a093b',
GITHUB_WORKFLOW_REF: 'owner/repo/.github/workflows/main.yml@main',
GITHUB_SERVER_URL: 'https://github.com',
GITHUB_EVENT_NAME: 'push',
GITHUB_REPOSITORY_ID: 'repo-id',
GITHUB_REPOSITORY_OWNER_ID: 'owner-id',
GITHUB_RUN_ID: 'run-id',
GITHUB_RUN_ATTEMPT: 'run-attempt',
RUNNER_ENVIRONMENT: 'github-hosted'
}

// Run the main function
await main.run()

// Verify that outputs were set correctly
expect(setOutputMock).toHaveBeenCalledTimes(2)

// Use the expected object in the test assertion
expect(outputs['predicate']).toMatchSnapshot()

expect(setOutputMock).toHaveBeenNthCalledWith(
2,
'predicate-type',
'https://slsa.dev/provenance/v1'
)

process.env = originalEnv
expect(outputs['predicate-type']).toBe('https://slsa.dev/provenance/v1')
})
})
Loading

0 comments on commit 810042e

Please sign in to comment.