Skip to content

Commit

Permalink
start building a separate policy struct
Browse files Browse the repository at this point in the history 
Signed-off-by: Meredith Lancaster <[email protected]>
  • Loading branch information
@malancas
malancas committed Oct 29, 2024
1 parent 14d339d commit 704de0c
Showing 1 changed file with 27 additions and 0 deletions.
27 changes: 27 additions & 0 deletions pkg/cmd/attestation/verify/policy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"github.com/sigstore/sigstore-go/pkg/fulcio/certificate"
"github.com/sigstore/sigstore-go/pkg/verify"

"github.com/cli/cli/v2/pkg/cmd/attestation/api"
"github.com/cli/cli/v2/pkg/cmd/attestation/artifact"
"github.com/cli/cli/v2/pkg/cmd/attestation/verification"
)
Expand All @@ -18,6 +19,32 @@ const (
hostRegex = `^[a-zA-Z0-9-]+\.[a-zA-Z0-9-]+.*$`
)

type ExpectedExtensions struct {
RunnerEnvironment string
SAN string
buildSourceRepo string
SignerWorkflow string
}

type Policy struct {
ExpectedExtensions ExpectedExtensions
ExpectedPredicateType string
ExpectedSigstoreInstance string
}

func buildPolicy(opts *Options, a artifact.DigestedArtifact) Policy {
return Policy{}
}

func (p *Policy) Verify(a []*api.Attestation) (bool, string) {
filtered := verification.FilterAttestations(p.ExpectedPredicateType, a)
if len(filtered) == 0 {
return false, fmt.Sprintf("✗ No attestations found with predicate type: %s\n", p.ExpectedPredicateType)
}

return true, ""
}

func expandToGitHubURL(tenant, ownerOrRepo string) string {
if tenant == "" {
return fmt.Sprintf("(?i)^https://github.com/%s/", ownerOrRepo)
Expand Down

0 comments on commit 704de0c

Please sign in to comment.