Skip to content

Commit 1e044ff

Browse files
lumjjblumjjb
committed
DNM: output log information
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
1 parent 07d441f commit 1e044ff

File tree

3 files changed

+23
-12
lines changed

3 files changed

+23
-12
lines changed

go.mod

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -216,3 +216,5 @@ require (
216216
golang.org/x/sys v0.0.0-20220209214540-3681064d5158 // indirect
217217
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
218218
)
219+
220+
replace github.com/slsa-framework/slsa-github-generator => ../slsa-github-generator

main.go

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -89,7 +89,7 @@ func main() {
8989
usage(os.Args[0])
9090
}
9191

92-
attBytes, err := pkg.GenerateProvenance(*provenanceName, *provenanceDigest,
92+
attBytes, logRef, err := pkg.GenerateProvenance(*provenanceName, *provenanceDigest,
9393
*provenanceCommand, *provenanceEnv)
9494
check(err)
9595

@@ -103,6 +103,8 @@ func main() {
103103
check(err)
104104
fmt.Printf("::set-output name=signed-provenance-sha256::%s\n", h)
105105

106+
fmt.Printf("transparency log entry created at index: %s\n", logRef)
107+
106108
default:
107109
fmt.Println("expected 'build' or 'provenance' subcommands")
108110
os.Exit(1)

pkg/provenance.go

Lines changed: 18 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -52,29 +52,30 @@ type (
5252
// GenerateProvenance translates github context into a SLSA provenance
5353
// attestation.
5454
// Spec: https://slsa.dev/provenance/v0.2
55-
func GenerateProvenance(name, digest, command, envs string) ([]byte, error) {
55+
// Returns the SLSA provenance statement, and a string containing log reference information
56+
func GenerateProvenance(name, digest, command, envs string) ([]byte, string, error) {
5657
gh, err := github.GetWorkflowContext()
5758
if err != nil {
58-
return nil, err
59+
return nil, "", err
5960
}
6061

6162
if _, err := hex.DecodeString(digest); err != nil || len(digest) != 64 {
62-
return nil, fmt.Errorf("sha256 digest is not valid: %s", digest)
63+
return nil, "", fmt.Errorf("sha256 digest is not valid: %s", digest)
6364
}
6465

6566
com, err := unmarshallList(command)
6667
if err != nil {
67-
return nil, err
68+
return nil, "", err
6869
}
6970

7071
env, err := unmarshallList(envs)
7172
if err != nil {
72-
return nil, err
73+
return nil, "", err
7374
}
7475

7576
c, err := github.NewOIDCClient()
7677
if err != nil {
77-
return nil, err
78+
return nil, "", err
7879
}
7980

8081
// Generate a basic WorkflowRun for our subject based on the github
@@ -106,7 +107,7 @@ func GenerateProvenance(name, digest, command, envs string) ([]byte, error) {
106107
ctx := context.Background()
107108
p, err := slsa.HostedActionsProvenance(ctx, wr, c)
108109
if err != nil {
109-
return nil, err
110+
return nil, "", err
110111
}
111112

112113
// Set the architecture based on the runner. Architecture should be the
@@ -123,15 +124,21 @@ func GenerateProvenance(name, digest, command, envs string) ([]byte, error) {
123124
s := sigstore.NewDefaultSigner()
124125
att, err := s.Sign(ctx, p)
125126
if err != nil {
126-
return nil, err
127+
return nil, "", err
127128
}
128129

129130
// Upload the signed attestation to recor.
130-
if err := s.Upload(ctx, att); err != nil {
131-
return nil, err
131+
logEntry, err := s.Upload(ctx, att)
132+
if err != nil {
133+
return nil, "", err
134+
}
135+
136+
if logEntry.LogIndex == nil || logEntry.LogID == nil {
137+
return nil, "", fmt.Errorf("logEntry fields not present for tlog upload")
132138
}
139+
logRef := fmt.Sprintf("index:%d, logID:%s", *logEntry.LogIndex, *logEntry.LogID)
133140

134-
return att.Bytes(), nil
141+
return att.Bytes(), logRef, nil
135142
}
136143

137144
func unmarshallList(arg string) ([]string, error) {

0 commit comments

Comments
 (0)