Skip to content

Commit f2507a5

Browse files
timyarkovtimyarkov
committed
fix: review fixes
Signed-off-by: Tim Yarkov <[email protected]>
1 parent 529ca1c commit f2507a5

File tree

4 files changed

+251
-5
lines changed

4 files changed

+251
-5
lines changed

scripts/dev_scripts/integration_tests.sh

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -110,15 +110,25 @@ $RUN_MACARON analyze -rp https://github.com/uiv-lib/uiv -b dev -d 057b25b4db0913
110110
python $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail
111111

112112
echo -e "\n----------------------------------------------------------------------------------"
113-
echo "facebook/yoga: Analysing the repo path, the branch name and the commit digest for a Yarn project,"
114-
echo "skipping dependency resolution."
113+
echo "facebook/yoga: Analysing the repo path, the branch name and the commit digest for a Yarn classic"
114+
echo "project, skipping dependency resolution."
115115
echo -e "----------------------------------------------------------------------------------\n"
116116
JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/yoga/yoga.json
117117
JSON_RESULT=$WORKSPACE/output/reports/github_com/facebook/yoga/yoga.json
118118
$RUN_MACARON analyze -rp https://github.com/facebook/yoga -b main -d f8e2bc0875c145c429d0e865c9b83a40f65b3070 --skip-deps || log_fail
119119

120120
python $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail
121121

122+
echo -e "\n----------------------------------------------------------------------------------"
123+
echo "wojtekmaj/react-pdf: Analysing the repo path, the branch name and the commit digest for a Yarn modern"
124+
echo "project, skipping dependency resolution."
125+
echo -e "----------------------------------------------------------------------------------\n"
126+
JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/react-pdf/react-pdf.json
127+
JSON_RESULT=$WORKSPACE/output/reports/github_com/wojtekmaj/react-pdf/react-pdf.json
128+
$RUN_MACARON analyze -rp https://github.com/wojtekmaj/react-pdf -b main -d be18436b7be827eb993b2e1e4bd9230dd835a9a3 --skip-deps || log_fail
129+
130+
python $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail
131+
122132
echo -e "\n----------------------------------------------------------------------------------"
123133
echo "sigstore/sget: Analysing the repo path, the branch name and the"
124134
echo "commit digest for a Go project, skipping dependency resolution."

src/macaron/config/defaults.ini

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -322,14 +322,12 @@ github_actions =
322322
[builder.npm]
323323
entry_conf =
324324
.npmrc
325-
.yarnrc
326325
build_configs =
327326
package.json
328327
package_lock =
329328
package-lock.json
330329
builder =
331330
npm
332-
yarn
333331
build_arg =
334332
build
335333
deploy_arg =
@@ -342,6 +340,7 @@ github_actions =
342340
[builder.yarn]
343341
entry_conf =
344342
.yarnrc
343+
.yarnrc.yml
345344
build_configs =
346345
package.json
347346
package_lock =
@@ -352,12 +351,14 @@ build_arg =
352351
build
353352
deploy_arg =
354353
publish
354+
npm publish
355355

356356
# This is the spec for trusted Go build tool usages.
357357
[builder.go]
358358
entry_conf =
359359
build_configs =
360360
go.mod
361+
go.sum
361362
builder =
362363
go
363364
build_arg =

src/macaron/slsa_analyzer/build_tool/go.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33

44
"""This module contains the Go class which inherits BaseBuildTool.
55
6-
This module is used to work with repositories that use Go as its build tool.
6+
This module is used to work with repositories that have Go.
77
"""
88

99
from macaron.config.defaults import defaults

tests/e2e/expected_results/react-pdf/react-pdf.json

Lines changed: 235 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,235 @@
1+
{
2+
"metadata": {
3+
"timestamps": "2023-09-20 17:57:17"
4+
},
5+
"target": {
6+
"info": {
7+
"full_name": "pkg:github.com/wojtekmaj/react-pdf@be18436b7be827eb993b2e1e4bd9230dd835a9a3",
8+
"local_cloned_path": "git_repos/github_com/wojtekmaj/react-pdf",
9+
"remote_path": "https://github.com/wojtekmaj/react-pdf",
10+
"branch": "main",
11+
"commit_hash": "be18436b7be827eb993b2e1e4bd9230dd835a9a3",
12+
"commit_date": "2023-09-08T16:10:19+02:00"
13+
},
14+
"provenances": {
15+
"is_inferred": true,
16+
"content": {
17+
"github_actions": [
18+
{
19+
"_type": "https://in-toto.io/Statement/v0.1",
20+
"subject": [],
21+
"predicateType": "https://slsa.dev/provenance/v0.2",
22+
"predicate": {
23+
"builder": {
24+
"id": "https://github.com/wojtekmaj/react-pdf/blob/be18436b7be827eb993b2e1e4bd9230dd835a9a3/.github/workflows/publish.yml"
25+
},
26+
"buildType": "Custom github_actions",
27+
"invocation": {
28+
"configSource": {
29+
"uri": "https://github.com/wojtekmaj/react-pdf@refs/heads/main",
30+
"digest": {
31+
"sha1": "be18436b7be827eb993b2e1e4bd9230dd835a9a3"
32+
},
33+
"entryPoint": "https://github.com/wojtekmaj/react-pdf/blob/be18436b7be827eb993b2e1e4bd9230dd835a9a3/.github/workflows/publish.yml"
34+
},
35+
"parameters": {},
36+
"environment": {}
37+
},
38+
"buildConfig": {},
39+
"metadata": {
40+
"buildInvocationId": "",
41+
"buildStartedOn": "<TIMESTAMP>",
42+
"buildFinishedOn": "<TIMESTAMP>",
43+
"completeness": {
44+
"parameters": "false",
45+
"environment": "false",
46+
"materials": "false"
47+
},
48+
"reproducible": "false"
49+
},
50+
"materials": [
51+
{
52+
"uri": "<URI>",
53+
"digest": {}
54+
}
55+
]
56+
}
57+
}
58+
]
59+
}
60+
},
61+
"checks": {
62+
"summary": {
63+
"DISABLED": 0,
64+
"FAILED": 5,
65+
"PASSED": 4,
66+
"SKIPPED": 0,
67+
"UNKNOWN": 0
68+
},
69+
"results": [
70+
{
71+
"check_id": "mcn_build_as_code_1",
72+
"check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.",
73+
"slsa_requirements": [
74+
"Build as code - SLSA Level 3"
75+
],
76+
"justification": [
77+
"The target repository does not use npm to deploy.",
78+
{
79+
"The target repository uses build tool yarn to deploy": "https://github.com/wojtekmaj/react-pdf/blob/be18436b7be827eb993b2e1e4bd9230dd835a9a3/.github/workflows/publish.yml",
80+
"The build is triggered by": "https://github.com/wojtekmaj/react-pdf/blob/be18436b7be827eb993b2e1e4bd9230dd835a9a3/.github/workflows/publish.yml"
81+
},
82+
"Deploy command: ['yarn', 'npm', 'publish', '--tag', 'latest']",
83+
"However, could not find a passing workflow run."
84+
],
85+
"result_type": "PASSED"
86+
},
87+
{
88+
"check_id": "mcn_build_script_1",
89+
"check_description": "Check if the target repo has a valid build script.",
90+
"slsa_requirements": [
91+
"Scripted Build - SLSA Level 1"
92+
],
93+
"justification": [
94+
"Check mcn_build_script_1 is set to PASSED because mcn_build_service_1 PASSED."
95+
],
96+
"result_type": "PASSED"
97+
},
98+
{
99+
"check_id": "mcn_build_service_1",
100+
"check_description": "Check if the target repo has a valid build service.",
101+
"slsa_requirements": [
102+
"Build service - SLSA Level 2"
103+
],
104+
"justification": [
105+
"Check mcn_build_service_1 is set to PASSED because mcn_build_as_code_1 PASSED."
106+
],
107+
"result_type": "PASSED"
108+
},
109+
{
110+
"check_id": "mcn_version_control_system_1",
111+
"check_description": "Check whether the target repo uses a version control system.",
112+
"slsa_requirements": [
113+
"Version controlled - SLSA Level 2"
114+
],
115+
"justification": [
116+
{
117+
"This is a Git repository": "https://github.com/wojtekmaj/react-pdf"
118+
}
119+
],
120+
"result_type": "PASSED"
121+
},
122+
{
123+
"check_id": "mcn_provenance_available_1",
124+
"check_description": "Check whether the target has intoto provenance.",
125+
"slsa_requirements": [
126+
"Provenance - Available - SLSA Level 1",
127+
"Provenance content - Identifies build instructions - SLSA Level 1",
128+
"Provenance content - Identifies artifacts - SLSA Level 1",
129+
"Provenance content - Identifies builder - SLSA Level 1"
130+
],
131+
"justification": [
132+
"Could not find any SLSA provenances."
133+
],
134+
"result_type": "FAILED"
135+
},
136+
{
137+
"check_id": "mcn_provenance_expectation_1",
138+
"check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.",
139+
"slsa_requirements": [
140+
"Provenance conforms with expectations - SLSA Level 3"
141+
],
142+
"justification": [
143+
"Check mcn_provenance_expectation_1 is set to FAILED because mcn_provenance_available_1 FAILED."
144+
],
145+
"result_type": "FAILED"
146+
},
147+
{
148+
"check_id": "mcn_provenance_level_three_1",
149+
"check_description": "Check whether the target has SLSA provenance level 3.",
150+
"slsa_requirements": [
151+
"Provenance - Non falsifiable - SLSA Level 3",
152+
"Provenance content - Includes all build parameters - SLSA Level 3",
153+
"Provenance content - Identifies entry point - SLSA Level 3",
154+
"Provenance content - Identifies source code - SLSA Level 2"
155+
],
156+
"justification": [
157+
"Check mcn_provenance_level_three_1 is set to FAILED because mcn_provenance_available_1 FAILED."
158+
],
159+
"result_type": "FAILED"
160+
},
161+
{
162+
"check_id": "mcn_provenance_witness_level_one_1",
163+
"check_description": "Check whether the target has a level-1 witness provenance.",
164+
"slsa_requirements": [
165+
"Provenance - Available - SLSA Level 1",
166+
"Provenance content - Identifies build instructions - SLSA Level 1",
167+
"Provenance content - Identifies artifacts - SLSA Level 1",
168+
"Provenance content - Identifies builder - SLSA Level 1"
169+
],
170+
"justification": [
171+
"Check mcn_provenance_witness_level_one_1 is set to FAILED because mcn_provenance_available_1 FAILED."
172+
],
173+
"result_type": "FAILED"
174+
},
175+
{
176+
"check_id": "mcn_trusted_builder_level_three_1",
177+
"check_description": "Check whether the target uses a trusted SLSA level 3 builder.",
178+
"slsa_requirements": [
179+
"Hermetic - SLSA Level 4",
180+
"Isolated - SLSA Level 3",
181+
"Parameterless - SLSA Level 4",
182+
"Ephemeral environment - SLSA Level 3"
183+
],
184+
"justification": [
185+
"Could not find a trusted level 3 builder as a GitHub Actions workflow."
186+
],
187+
"result_type": "FAILED"
188+
}
189+
]
190+
}
191+
},
192+
"dependencies": {
193+
"analyzed_deps": 0,
194+
"unique_dep_repos": 0,
195+
"checks_summary": [
196+
{
197+
"check_id": "mcn_build_script_1",
198+
"num_deps_pass": 0
199+
},
200+
{
201+
"check_id": "mcn_version_control_system_1",
202+
"num_deps_pass": 0
203+
},
204+
{
205+
"check_id": "mcn_build_service_1",
206+
"num_deps_pass": 0
207+
},
208+
{
209+
"check_id": "mcn_trusted_builder_level_three_1",
210+
"num_deps_pass": 0
211+
},
212+
{
213+
"check_id": "mcn_provenance_witness_level_one_1",
214+
"num_deps_pass": 0
215+
},
216+
{
217+
"check_id": "mcn_provenance_available_1",
218+
"num_deps_pass": 0
219+
},
220+
{
221+
"check_id": "mcn_build_as_code_1",
222+
"num_deps_pass": 0
223+
},
224+
{
225+
"check_id": "mcn_provenance_level_three_1",
226+
"num_deps_pass": 0
227+
},
228+
{
229+
"check_id": "mcn_provenance_expectation_1",
230+
"num_deps_pass": 0
231+
}
232+
],
233+
"dep_status": []
234+
}
235+
}

0 commit comments

Comments
 (0)