Add GitHub Actions summary for the create evidence command

Author: mnsboev

evidence/create/create_base.go

@@ -4,16 +4,18 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	evidenceUtils "github.com/jfrog/jfrog-cli-artifactory/evidence/utils"
 	"os"
 	"strings"
 
-	"github.com/jfrog/jfrog-cli-artifactory/evidence/sign"
+	"github.com/jfrog/jfrog-cli-core/v2/artifactory/utils/commandsummary"
 
 	"github.com/jfrog/gofrog/log"
 	"github.com/jfrog/jfrog-cli-artifactory/evidence/cryptox"
 	"github.com/jfrog/jfrog-cli-artifactory/evidence/dsse"
 	"github.com/jfrog/jfrog-cli-artifactory/evidence/intoto"
 	"github.com/jfrog/jfrog-cli-artifactory/evidence/model"
+	"github.com/jfrog/jfrog-cli-artifactory/evidence/sign"
 	"github.com/jfrog/jfrog-cli-core/v2/artifactory/utils"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
 	"github.com/jfrog/jfrog-client-go/artifactory"
@@ -30,6 +32,8 @@ type createEvidenceBase struct {
 	keyId             string
 	providerId        string
 	flagType          FlagType
+	displayName       string
+	subjectType       commandsummary.SubjectType
 }
 
 const EvdDefaultUser = "JFrog CLI"
@@ -147,10 +151,10 @@ func (c *createEvidenceBase) setMarkdown(statement *intoto.Statement) error {
 	return nil
 }
 
-func (c *createEvidenceBase) uploadEvidence(evidencePayload []byte, repoPath string) error {
+func (c *createEvidenceBase) uploadEvidence(evidencePayload []byte, repoPath string) (*model.CreateResponse, error) {
 	evidenceManager, err := utils.CreateEvidenceServiceManager(c.serverDetails, false)
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	evidenceDetails := evidenceService.EvidenceDetails{
@@ -162,20 +166,33 @@ func (c *createEvidenceBase) uploadEvidence(evidencePayload []byte, repoPath str
 	clientlog.Debug("Uploading evidence for subject:", repoPath)
 	body, err := evidenceManager.UploadEvidence(evidenceDetails)
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	createResponse := &model.CreateResponse{}
 	err = json.Unmarshal(body, createResponse)
 	if err != nil {
-		return err
+		return nil, err
 	}
 	if createResponse.Verified {
 		clientlog.Info("Evidence successfully created and verified")
+	} else {
+		clientlog.Info("Evidence successfully created but not verified due to missing/invalid public key")
+	}
+	return createResponse, nil
+}
+
+func (c *createEvidenceBase) recordEvidenceSummary(summaryData commandsummary.EvidenceSummaryData) error {
+	if !evidenceUtils.IsRunningUnderGitHubAction() {
 		return nil
 	}
-	clientlog.Info("Evidence successfully created but not verified due to missing/invalid public key")
-	return nil
+
+	evidenceSummary, err := commandsummary.NewEvidenceSummary()
+	if err != nil {
+		return err
+	}
+
+	return evidenceSummary.Record(summaryData)
 }
 
 func (c *createEvidenceBase) createArtifactoryClient() (artifactory.ArtifactoryServicesManager, error) {

evidence/create/create_base_test.go

@@ -10,9 +10,12 @@ import (
 
 	"github.com/jfrog/jfrog-cli-artifactory/evidence/dsse"
 	"github.com/jfrog/jfrog-cli-artifactory/evidence/intoto"
+	"github.com/jfrog/jfrog-cli-core/v2/artifactory/utils/commandsummary"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
+	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 	"github.com/jfrog/jfrog-client-go/evidence/services"
 	"github.com/jfrog/jfrog-client-go/utils/errorutils"
+	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
 	clientlog "github.com/jfrog/jfrog-client-go/utils/log"
 	"github.com/stretchr/testify/assert"
 )
@@ -166,3 +169,157 @@ func TestCreateAndSignEnvelope(t *testing.T) {
 		})
 	}
 }
+func TestCreateEvidenceBase_RecordEvidenceSummaryIfInGitHubActions_NotInGitHub(t *testing.T) {
+	assert.NoError(t, os.Unsetenv("GITHUB_ACTIONS"))
+
+	base := &createEvidenceBase{
+		predicateType: "https://slsa.dev/provenance/v1",
+		providerId:    "test-provider",
+	}
+
+	summaryData := commandsummary.EvidenceSummaryData{
+		Subject:       "/test/subject",
+		Verified:      true,
+		PredicateType: base.predicateType,
+	}
+	err := base.recordEvidenceSummary(summaryData)
+	assert.NoError(t, err)
+}
+
+func TestCreateEvidenceBase_RecordEvidenceSummaryIfInGitHubActions_GitHubCommiter(t *testing.T) {
+	tempDir, err := fileutils.CreateTempDir()
+	assert.NoError(t, err)
+	defer func() {
+		assert.NoError(t, fileutils.RemoveTempDir(tempDir))
+	}()
+
+	assert.NoError(t, os.Setenv("GITHUB_ACTIONS", "true"))
+	assert.NoError(t, os.Setenv(coreutils.SummaryOutputDirPathEnv, tempDir))
+	defer func() {
+		assert.NoError(t, os.Unsetenv("GITHUB_ACTIONS"))
+		assert.NoError(t, os.Unsetenv(coreutils.SummaryOutputDirPathEnv))
+	}()
+
+	base := &createEvidenceBase{
+		predicateType: "https://slsa.dev/provenance/v1",
+		providerId:    "test-provider",
+		flagType:      "gh-commiter",
+	}
+
+	summaryData := commandsummary.EvidenceSummaryData{
+		Subject:       "/test/subject",
+		Verified:      true,
+		PredicateType: base.predicateType,
+	}
+	err = base.recordEvidenceSummary(summaryData)
+	assert.NoError(t, err)
+}
+
+func TestCreateEvidenceBase_RecordEvidenceSummaryIfInGitHubActions_Success(t *testing.T) {
+	tempDir, err := fileutils.CreateTempDir()
+	assert.NoError(t, err)
+	defer func() {
+		assert.NoError(t, fileutils.RemoveTempDir(tempDir))
+	}()
+
+	assert.NoError(t, os.Setenv("GITHUB_ACTIONS", "true"))
+	assert.NoError(t, os.Setenv(coreutils.SummaryOutputDirPathEnv, tempDir))
+	defer func() {
+		assert.NoError(t, os.Unsetenv("GITHUB_ACTIONS"))
+		assert.NoError(t, os.Unsetenv(coreutils.SummaryOutputDirPathEnv))
+	}()
+
+	base := &createEvidenceBase{
+		predicateType: "https://slsa.dev/provenance/v1",
+		providerId:    "test-provider",
+		flagType:      "other",
+	}
+
+	summaryData := commandsummary.EvidenceSummaryData{
+		Subject:       "/docker-cosign-test/hello-world",
+		Verified:      true,
+		PredicateType: base.predicateType,
+	}
+	err = base.recordEvidenceSummary(summaryData)
+	assert.NoError(t, err)
+}
+
+func TestCreateEvidenceBase_RecordEvidenceSummaryIfInGitHubActions_NoSummaryEnv(t *testing.T) {
+	assert.NoError(t, os.Setenv("GITHUB_ACTIONS", "true"))
+	assert.NoError(t, os.Unsetenv(coreutils.SummaryOutputDirPathEnv))
+	defer func() {
+		assert.NoError(t, os.Unsetenv("GITHUB_ACTIONS"))
+	}()
+
+	base := &createEvidenceBase{
+		predicateType: "https://slsa.dev/provenance/v1",
+		providerId:    "test-provider",
+		flagType:      "other",
+	}
+
+	summaryData := commandsummary.EvidenceSummaryData{
+		Subject:       "/test/subject",
+		Verified:      true,
+		PredicateType: base.predicateType,
+	}
+	err := base.recordEvidenceSummary(summaryData)
+	assert.Error(t, err)
+}
+
+func TestCreateEvidenceBase_RecordEvidenceSummaryIfInGitHubActions_Verified(t *testing.T) {
+	tempDir, err := fileutils.CreateTempDir()
+	assert.NoError(t, err)
+	defer func() {
+		assert.NoError(t, fileutils.RemoveTempDir(tempDir))
+	}()
+
+	assert.NoError(t, os.Setenv("GITHUB_ACTIONS", "true"))
+	assert.NoError(t, os.Setenv(coreutils.SummaryOutputDirPathEnv, tempDir))
+	defer func() {
+		assert.NoError(t, os.Unsetenv("GITHUB_ACTIONS"))
+		assert.NoError(t, os.Unsetenv(coreutils.SummaryOutputDirPathEnv))
+	}()
+
+	base := &createEvidenceBase{
+		predicateType: "https://slsa.dev/provenance/v1",
+		providerId:    "test-provider",
+		flagType:      "other",
+	}
+
+	summaryData := commandsummary.EvidenceSummaryData{
+		Subject:       "/docker-cosign-test/hello-world",
+		Verified:      true,
+		PredicateType: base.predicateType,
+	}
+	err = base.recordEvidenceSummary(summaryData)
+	assert.NoError(t, err)
+}
+
+func TestCreateEvidenceBase_RecordEvidenceSummaryIfInGitHubActions_NotVerified(t *testing.T) {
+	tempDir, err := fileutils.CreateTempDir()
+	assert.NoError(t, err)
+	defer func() {
+		assert.NoError(t, fileutils.RemoveTempDir(tempDir))
+	}()
+
+	assert.NoError(t, os.Setenv("GITHUB_ACTIONS", "true"))
+	assert.NoError(t, os.Setenv(coreutils.SummaryOutputDirPathEnv, tempDir))
+	defer func() {
+		assert.NoError(t, os.Unsetenv("GITHUB_ACTIONS"))
+		assert.NoError(t, os.Unsetenv(coreutils.SummaryOutputDirPathEnv))
+	}()
+
+	base := &createEvidenceBase{
+		predicateType: "",
+		providerId:    "test-provider",
+		flagType:      "other",
+	}
+
+	summaryData := commandsummary.EvidenceSummaryData{
+		Subject:       "/test-repo/artifact",
+		Verified:      false,
+		PredicateType: base.predicateType,
+	}
+	err = base.recordEvidenceSummary(summaryData)
+	assert.NoError(t, err)
+}

evidence/create/create_build.go

@@ -3,6 +3,9 @@ package create
 import (
 	"errors"
 	"fmt"
+	"github.com/jfrog/jfrog-cli-artifactory/evidence/model"
+
+	"github.com/jfrog/jfrog-cli-core/v2/artifactory/utils/commandsummary"
 
 	"github.com/jfrog/jfrog-cli-artifactory/evidence"
 	"github.com/jfrog/jfrog-cli-artifactory/evidence/utils"
@@ -51,28 +54,31 @@ func (c *createEvidenceBuild) Run() error {
 		log.Error("failed to create Artifactory client", err)
 		return err
 	}
-	subject, sha256, err := c.buildBuildInfoSubjectPath(artifactoryClient)
+
+	timestamp, err := getBuildLatestTimestamp(c.buildName, c.buildNumber, c.project, artifactoryClient)
+	if err != nil {
+		return err
+	}
+
+	subject, sha256, err := c.buildBuildInfoSubjectPath(artifactoryClient, timestamp)
 	if err != nil {
 		return err
 	}
 	envelope, err := c.createEnvelope(subject, sha256)
 	if err != nil {
 		return err
 	}
-	err = c.uploadEvidence(envelope, subject)
+
+	response, err := c.uploadEvidence(envelope, subject)
 	if err != nil {
 		return err
 	}
+	c.recordSummary(subject, sha256, response, timestamp)
 
 	return nil
 }
 
-func (c *createEvidenceBuild) buildBuildInfoSubjectPath(artifactoryClient artifactory.ArtifactoryServicesManager) (string, string, error) {
-	timestamp, err := getBuildLatestTimestamp(c.buildName, c.buildNumber, c.project, artifactoryClient)
-	if err != nil {
-		return "", "", err
-	}
-
+func (c *createEvidenceBuild) buildBuildInfoSubjectPath(artifactoryClient artifactory.ArtifactoryServicesManager, timestamp string) (string, string, error) {
 	repoKey := utils.BuildBuildInfoRepoKey(c.project)
 	buildInfoPath := buildBuildInfoPath(repoKey, c.buildName, c.buildNumber, timestamp)
 	buildInfoChecksum, err := getBuildInfoPathChecksum(buildInfoPath, artifactoryClient)
@@ -82,6 +88,28 @@ func (c *createEvidenceBuild) buildBuildInfoSubjectPath(artifactoryClient artifa
 	return buildInfoPath, buildInfoChecksum, nil
 }
 
+func (c *createEvidenceBuild) recordSummary(subject string, sha256 string, response *model.CreateResponse, timestamp string) {
+	displayName := fmt.Sprintf("%s %s", c.buildName, c.buildNumber)
+	commandSummary := commandsummary.EvidenceSummaryData{
+		Subject:        subject,
+		SubjectSha256:  sha256,
+		PredicateType:  c.predicateType,
+		PredicateSlug:  response.PredicateSlug,
+		Verified:       response.Verified,
+		DisplayName:    displayName,
+		SubjectType:    commandsummary.SubjectTypeBuild,
+		BuildName:      c.buildName,
+		BuildNumber:    c.buildNumber,
+		BuildTimestamp: timestamp,
+		RepoKey:        utils.BuildBuildInfoRepoKey(c.project),
+	}
+
+	err := c.recordEvidenceSummary(commandSummary)
+	if err != nil {
+		log.Warn("Failed to record evidence summary:", err.Error())
+	}
+}
+
 func getBuildLatestTimestamp(name string, number string, project string, artifactoryClient artifactory.ArtifactoryServicesManager) (string, error) {
 	buildInfo := services.BuildInfoParams{
 		BuildName:   name,