From e60694077d705f565409259111af2eabe5ae47d2 Mon Sep 17 00:00:00 2001 From: Fredrik Skogman Date: Thu, 16 May 2024 10:55:41 +0200 Subject: [PATCH 1/3] Read the server url from the environment variable. Instead of having the urls hardcoded, read them from the environment. I opted to read from the environment variable instead of the github context because it would be easier to test. --- packages/attest/__tests__/endpoints.test.ts | 41 ++++++++++++++++++++ packages/attest/__tests__/provenance.test.ts | 4 +- packages/attest/src/endpoints.ts | 24 +++++++----- 3 files changed, 58 insertions(+), 11 deletions(-) create mode 100644 packages/attest/__tests__/endpoints.test.ts diff --git a/packages/attest/__tests__/endpoints.test.ts b/packages/attest/__tests__/endpoints.test.ts new file mode 100644 index 00000000..5ddbab43 --- /dev/null +++ b/packages/attest/__tests__/endpoints.test.ts @@ -0,0 +1,41 @@ +import {signingEndpoints} from '../src/endpoints' + +describe('signingEndpoints', () => { + const originalEnv = process.env + + afterEach(() => { + process.env = originalEnv + }) + + describe('when using github.com', () => { + beforeEach(async () => { + process.env = { + ...originalEnv, + GITHUB_SERVER_URL: 'https://github.com' + } + }) + + it('returns expected endpoints', async () => { + const endpoints = signingEndpoints('github') + + expect(endpoints.fulcioURL).toEqual('https://fulcio.githubapp.com') + expect(endpoints.tsaServerURL).toEqual('https://timestamp.githubapp.com') + }) + }) + + describe('when using custom domain', () => { + beforeEach(async () => { + process.env = { + ...originalEnv, + GITHUB_SERVER_URL: 'https://foo.bar.com' + } + }) + + it('returns a expected endpoints', async () => { + const endpoints = signingEndpoints('github') + + expect(endpoints.fulcioURL).toEqual('https://fulcio.foo.bar.com') + expect(endpoints.tsaServerURL).toEqual('https://timestamp.foo.bar.com') + }) + }) +}) diff --git a/packages/attest/__tests__/provenance.test.ts b/packages/attest/__tests__/provenance.test.ts index 91770f9e..f4ac707e 100644 --- a/packages/attest/__tests__/provenance.test.ts +++ b/packages/attest/__tests__/provenance.test.ts @@ -3,7 +3,7 @@ import {mockFulcio, mockRekor, mockTSA} from '@sigstore/mock' import * as jose from 'jose' import nock from 'nock' import {MockAgent, setGlobalDispatcher} from 'undici' -import {SIGSTORE_GITHUB, SIGSTORE_PUBLIC_GOOD} from '../src/endpoints' +import {SIGSTORE_PUBLIC_GOOD, signingEndpoints} from '../src/endpoints' import {attestProvenance, buildSLSAProvenancePredicate} from '../src/provenance' describe('provenance functions', () => { @@ -95,7 +95,7 @@ describe('provenance functions', () => { }) describe('when using the github Sigstore instance', () => { - const {fulcioURL, tsaServerURL} = SIGSTORE_GITHUB + const {fulcioURL, tsaServerURL} = signingEndpoints('github') beforeEach(async () => { // Mock Sigstore diff --git a/packages/attest/src/endpoints.ts b/packages/attest/src/endpoints.ts index 3abecd1a..28b63ac7 100644 --- a/packages/attest/src/endpoints.ts +++ b/packages/attest/src/endpoints.ts @@ -6,9 +6,6 @@ const GITHUB_ID = 'github' const FULCIO_PUBLIC_GOOD_URL = 'https://fulcio.sigstore.dev' const REKOR_PUBLIC_GOOD_URL = 'https://rekor.sigstore.dev' -const FULCIO_INTERNAL_URL = 'https://fulcio.githubapp.com' -const TSA_INTERNAL_URL = 'https://timestamp.githubapp.com' - export type SigstoreInstance = typeof PUBLIC_GOOD_ID | typeof GITHUB_ID export type Endpoints = { @@ -22,11 +19,6 @@ export const SIGSTORE_PUBLIC_GOOD: Endpoints = { rekorURL: REKOR_PUBLIC_GOOD_URL } -export const SIGSTORE_GITHUB: Endpoints = { - fulcioURL: FULCIO_INTERNAL_URL, - tsaServerURL: TSA_INTERNAL_URL -} - export const signingEndpoints = (sigstore?: SigstoreInstance): Endpoints => { let instance: SigstoreInstance @@ -45,6 +37,20 @@ export const signingEndpoints = (sigstore?: SigstoreInstance): Endpoints => { case PUBLIC_GOOD_ID: return SIGSTORE_PUBLIC_GOOD case GITHUB_ID: - return SIGSTORE_GITHUB + return buildGitHubEndpoints() } } + +function buildGitHubEndpoints(): Endpoints { + const serverURL = process.env.GITHUB_SERVER_URL ?? `https://github.com` + let url = serverURL.replace('https://', '') + + if (url === 'github.com') { + url = 'githubapp.com' + } + const endpoints: Endpoints = { + fulcioURL: `https://fulcio.${url}`, + tsaServerURL: `https://timestamp.${url}` + } + return endpoints +} From 7d18e7aa0d80fe8db8b610d39b971b7876e9e234 Mon Sep 17 00:00:00 2001 From: Fredrik Skogman Date: Mon, 20 May 2024 07:52:36 +0200 Subject: [PATCH 2/3] PR feedback. Juse more JS idiomatic code --- packages/attest/src/endpoints.ts | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/packages/attest/src/endpoints.ts b/packages/attest/src/endpoints.ts index 28b63ac7..9f6467de 100644 --- a/packages/attest/src/endpoints.ts +++ b/packages/attest/src/endpoints.ts @@ -42,15 +42,14 @@ export const signingEndpoints = (sigstore?: SigstoreInstance): Endpoints => { } function buildGitHubEndpoints(): Endpoints { - const serverURL = process.env.GITHUB_SERVER_URL ?? `https://github.com` - let url = serverURL.replace('https://', '') + const serverURL = process.env.GITHUB_SERVER_URL || 'https://github.com' + let host = new URL(serverURL).hostname - if (url === 'github.com') { - url = 'githubapp.com' + if (host === 'github.com') { + host = 'githubapp.com' } - const endpoints: Endpoints = { - fulcioURL: `https://fulcio.${url}`, - tsaServerURL: `https://timestamp.${url}` + return { + fulcioURL: `https://fulcio.${hostl}`, + tsaServerURL: `https://timestamp.${host}` } - return endpoints } From d3d7736baeb618f34b4a3d1d8f07c4b843682cab Mon Sep 17 00:00:00 2001 From: Fredrik Skogman Date: Mon, 20 May 2024 07:57:44 +0200 Subject: [PATCH 3/3] Fixed a spelling error --- packages/attest/src/endpoints.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/attest/src/endpoints.ts b/packages/attest/src/endpoints.ts index 9f6467de..0510e19b 100644 --- a/packages/attest/src/endpoints.ts +++ b/packages/attest/src/endpoints.ts @@ -49,7 +49,7 @@ function buildGitHubEndpoints(): Endpoints { host = 'githubapp.com' } return { - fulcioURL: `https://fulcio.${hostl}`, + fulcioURL: `https://fulcio.${host}`, tsaServerURL: `https://timestamp.${host}` } }