MCPcopy
hub / github.com/cli/cli / TestRunVerify

Function TestRunVerify

pkg/cmd/attestation/verify/verify_test.go:373–538  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

371}
372
373func TestRunVerify(t *testing.T) {
374 logger := io.NewTestHandler()
375
376 publicGoodOpts := Options{
377 ArtifactPath: artifactPath,
378 BundlePath: bundlePath,
379 DigestAlgorithm: "sha512",
380 APIClient: api.NewTestClient(),
381 Logger: logger,
382 OCIClient: oci.MockClient{},
383 OIDCIssuer: verification.GitHubOIDCIssuer,
384 Owner: "sigstore",
385 PredicateType: verification.SLSAPredicateV1,
386 SANRegex: "^https://github.com/sigstore/",
387 SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
388 }
389
390 t.Run("with valid artifact and bundle", func(t *testing.T) {
391 require.NoError(t, runVerify(&publicGoodOpts))
392 })
393
394 t.Run("with failing OCI artifact fetch", func(t *testing.T) {
395 opts := publicGoodOpts
396 opts.ArtifactPath = "oci://ghcr.io/github/test"
397 opts.OCIClient = oci.ReferenceFailClient{}
398
399 err := runVerify(&opts)
400 require.Error(t, err)
401 require.ErrorContains(t, err, "failed to parse reference")
402 })
403
404 t.Run("with missing artifact path", func(t *testing.T) {
405 opts := publicGoodOpts
406 opts.ArtifactPath = "../test/data/non-existent-artifact.zip"
407 require.Error(t, runVerify(&opts))
408 })
409
410 t.Run("with missing bundle path", func(t *testing.T) {
411 opts := publicGoodOpts
412 opts.BundlePath = "../test/data/non-existent-sigstoreBundle.json"
413 require.Error(t, runVerify(&opts))
414 })
415
416 t.Run("with owner", func(t *testing.T) {
417 opts := publicGoodOpts
418 opts.BundlePath = ""
419 opts.Owner = "sigstore"
420
421 require.NoError(t, runVerify(&opts))
422 })
423
424 t.Run("with owner which not matches SourceRepositoryOwnerURI", func(t *testing.T) {
425 opts := publicGoodOpts
426 opts.BundlePath = ""
427 opts.Owner = "owner"
428
429 err := runVerify(&opts)
430 require.ErrorContains(t, err, "expected SourceRepositoryOwnerURI to be https://github.com/owner, got https://github.com/sigstore")

Callers

nothing calls this directly

Calls 7

NewTestHandlerFunction · 0.92
NewTestClientFunction · 0.92
NewMockSigstoreVerifierFunction · 0.92
NewFailTestClientFunction · 0.92
runVerifyFunction · 0.85
RunMethod · 0.65
ErrorMethod · 0.45

Tested by

no test coverage detected