(t *testing.T)
| 261 | } |
| 262 | |
| 263 | func TestValidateSignerWorkflow(t *testing.T) { |
| 264 | type testcase struct { |
| 265 | name string |
| 266 | providedSignerWorkflow string |
| 267 | expectedWorkflowRegex string |
| 268 | host string |
| 269 | expectErr bool |
| 270 | errContains string |
| 271 | } |
| 272 | |
| 273 | testcases := []testcase{ |
| 274 | { |
| 275 | name: "workflow with no host specified", |
| 276 | providedSignerWorkflow: "github/artifact-attestations-workflows/.github/workflows/attest.yml", |
| 277 | expectErr: true, |
| 278 | errContains: "unknown signer workflow host", |
| 279 | }, |
| 280 | { |
| 281 | name: "workflow with default host", |
| 282 | providedSignerWorkflow: "github/artifact-attestations-workflows/.github/workflows/attest.yml", |
| 283 | expectedWorkflowRegex: "^https://github.com/github/artifact-attestations-workflows/.github/workflows/attest.yml", |
| 284 | host: "github.com", |
| 285 | }, |
| 286 | { |
| 287 | name: "workflow with workflow URL included", |
| 288 | providedSignerWorkflow: "github.com/github/artifact-attestations-workflows/.github/workflows/attest.yml", |
| 289 | expectedWorkflowRegex: "^https://github.com/github/artifact-attestations-workflows/.github/workflows/attest.yml", |
| 290 | host: "github.com", |
| 291 | }, |
| 292 | { |
| 293 | name: "workflow with GH_HOST set", |
| 294 | providedSignerWorkflow: "github/artifact-attestations-workflows/.github/workflows/attest.yml", |
| 295 | expectedWorkflowRegex: "^https://myhost.github.com/github/artifact-attestations-workflows/.github/workflows/attest.yml", |
| 296 | host: "myhost.github.com", |
| 297 | }, |
| 298 | { |
| 299 | name: "workflow with authenticated host", |
| 300 | providedSignerWorkflow: "github/artifact-attestations-workflows/.github/workflows/attest.yml", |
| 301 | expectedWorkflowRegex: "^https://authedhost.github.com/github/artifact-attestations-workflows/.github/workflows/attest.yml", |
| 302 | host: "authedhost.github.com", |
| 303 | }, |
| 304 | } |
| 305 | |
| 306 | for _, tc := range testcases { |
| 307 | // All host resolution is done verify.go:RunE |
| 308 | workflowRegex, err := validateSignerWorkflow(tc.host, tc.providedSignerWorkflow) |
| 309 | require.Equal(t, tc.expectedWorkflowRegex, workflowRegex) |
| 310 | |
| 311 | if tc.expectErr { |
| 312 | require.Error(t, err) |
| 313 | require.ErrorContains(t, err, tc.errContains) |
| 314 | } else { |
| 315 | require.NoError(t, err) |
| 316 | require.Equal(t, tc.expectedWorkflowRegex, workflowRegex) |
| 317 | } |
| 318 | } |
| 319 | } |
nothing calls this directly
no test coverage detected