chore: remove check of discovered commit against provenance commit; f…

…ix more integration test related issues Signed-off-by: Ben Selwyn-Smith <[email protected]>
oracle · Jul 17, 2024 · 5e36475 · 5e36475
1 parent fc918cd
commit 5e36475
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 7 deletions.
diff --git a/src/macaron/slsa_analyzer/analyzer.py b/src/macaron/slsa_analyzer/analyzer.py
@@ -346,7 +346,7 @@ def run_single(
             ):
                 return Record(
                     record_id=repo_id,
-                    description="Input mismatch between repo/commit and provenance.",
+                    description="Input mismatch between repo and provenance.",
                     pre_config=config,
                     status=SCMStatus.ANALYSIS_FAILED,
                 )
@@ -440,9 +440,7 @@ def run_single(
             provenance_payload = ProvenanceFinder().find_provenance_from_ci(analyze_ctx, git_obj)
             # If found, verify analysis target against new provenance
             if provenance_payload:
-                # If the digest and repository URL were not provided as input, check those found during analysis.
-                if not digest_input and component.repository:
-                    digest_input = component.repository.commit_sha
+                # If repository URL was not provided as input, check the one found during analysis.
                 if not repo_path_input and component.repository:
                     repo_path_input = component.repository.remote_path
 

diff --git a/tests/integration/cases/micronaut-projects_micronaut-core/check_results_policy.dl b/tests/integration/cases/micronaut-projects_micronaut-core/check_results_policy.dl
@@ -8,8 +8,8 @@ Policy("test_policy", component_id, "") :-
     check_passed(component_id, "mcn_build_script_1"),
     check_passed(component_id, "mcn_build_service_1"),
     check_passed(component_id, "mcn_version_control_system_1"),
+    check_passed(component_id, "mcn_provenance_derived_repo_1"),
     check_failed(component_id, "mcn_provenance_derived_commit_1"),
-    check_failed(component_id, "mcn_provenance_derived_repo_1"),
     check_failed(component_id, "mcn_trusted_builder_level_three_1"),
     is_repo_url(component_id, "https://github.com/micronaut-projects/micronaut-core").
 

diff --git a/tests/integration/cases/slsa-framework_slsa-verifier/policy.dl b/tests/integration/cases/slsa-framework_slsa-verifier/policy.dl
@@ -7,10 +7,10 @@ Policy("test_policy", component_id, "") :-
     check_passed(component_id, "mcn_build_as_code_1"),
     check_passed(component_id, "mcn_build_script_1"),
     check_passed(component_id, "mcn_build_service_1"),
-    check_passed(component_id, "mcn_provenance_available_1"),
-    check_passed(component_id, "mcn_provenance_expectation_1"),
     check_passed(component_id, "mcn_trusted_builder_level_three_1"),
     check_passed(component_id, "mcn_version_control_system_1"),
+    check_failed(component_id, "mcn_provenance_available_1"),
+    check_failed(component_id, "mcn_provenance_expectation_1"),
     check_failed(component_id, "mcn_infer_artifact_pipeline_1"),
     check_failed(component_id, "mcn_provenance_derived_commit_1"),
     check_failed(component_id, "mcn_provenance_derived_repo_1"),