(t *testing.T)
| 371 | } |
| 372 | |
| 373 | func TestRunVerify(t *testing.T) { |
| 374 | logger := io.NewTestHandler() |
| 375 | |
| 376 | publicGoodOpts := Options{ |
| 377 | ArtifactPath: artifactPath, |
| 378 | BundlePath: bundlePath, |
| 379 | DigestAlgorithm: "sha512", |
| 380 | APIClient: api.NewTestClient(), |
| 381 | Logger: logger, |
| 382 | OCIClient: oci.MockClient{}, |
| 383 | OIDCIssuer: verification.GitHubOIDCIssuer, |
| 384 | Owner: "sigstore", |
| 385 | PredicateType: verification.SLSAPredicateV1, |
| 386 | SANRegex: "^https://github.com/sigstore/", |
| 387 | SigstoreVerifier: verification.NewMockSigstoreVerifier(t), |
| 388 | } |
| 389 | |
| 390 | t.Run("with valid artifact and bundle", func(t *testing.T) { |
| 391 | require.NoError(t, runVerify(&publicGoodOpts)) |
| 392 | }) |
| 393 | |
| 394 | t.Run("with failing OCI artifact fetch", func(t *testing.T) { |
| 395 | opts := publicGoodOpts |
| 396 | opts.ArtifactPath = "oci://ghcr.io/github/test" |
| 397 | opts.OCIClient = oci.ReferenceFailClient{} |
| 398 | |
| 399 | err := runVerify(&opts) |
| 400 | require.Error(t, err) |
| 401 | require.ErrorContains(t, err, "failed to parse reference") |
| 402 | }) |
| 403 | |
| 404 | t.Run("with missing artifact path", func(t *testing.T) { |
| 405 | opts := publicGoodOpts |
| 406 | opts.ArtifactPath = "../test/data/non-existent-artifact.zip" |
| 407 | require.Error(t, runVerify(&opts)) |
| 408 | }) |
| 409 | |
| 410 | t.Run("with missing bundle path", func(t *testing.T) { |
| 411 | opts := publicGoodOpts |
| 412 | opts.BundlePath = "../test/data/non-existent-sigstoreBundle.json" |
| 413 | require.Error(t, runVerify(&opts)) |
| 414 | }) |
| 415 | |
| 416 | t.Run("with owner", func(t *testing.T) { |
| 417 | opts := publicGoodOpts |
| 418 | opts.BundlePath = "" |
| 419 | opts.Owner = "sigstore" |
| 420 | |
| 421 | require.NoError(t, runVerify(&opts)) |
| 422 | }) |
| 423 | |
| 424 | t.Run("with owner which not matches SourceRepositoryOwnerURI", func(t *testing.T) { |
| 425 | opts := publicGoodOpts |
| 426 | opts.BundlePath = "" |
| 427 | opts.Owner = "owner" |
| 428 | |
| 429 | err := runVerify(&opts) |
| 430 | require.ErrorContains(t, err, "expected SourceRepositoryOwnerURI to be https://github.com/owner, got https://github.com/sigstore") |
nothing calls this directly
no test coverage detected