diff --git a/docs/source/pages/using.rst b/docs/source/pages/using.rst index b5c7e1e89..960e9cce6 100644 --- a/docs/source/pages/using.rst +++ b/docs/source/pages/using.rst @@ -299,6 +299,9 @@ Analyzing a locally cloned repository Therefore, any uncommitted changes in the repository need to be backed up to prevent loss (these include unstaged changes, staged changes and untracked files). However, Macaron will not modify the history of the repository. +.. note:: + We assume that the ``origin`` remote exists in the cloned repository and checkout the relevant commits from ``origin`` only. + If you have a local repository that you want to analyze, Macaron also supports running the analysis against a local repository. Assume that the dir tree at the local repository has the following components: diff --git a/scripts/dev_scripts/integration_tests.sh b/scripts/dev_scripts/integration_tests.sh index 176afe21f..fc51b51e8 100755 --- a/scripts/dev_scripts/integration_tests.sh +++ b/scripts/dev_scripts/integration_tests.sh @@ -330,7 +330,6 @@ echo -e "\n--------------------------------------------------------------------- echo "apache/maven: Check: Check the e2e status code of running with invalid branch or digest defined in the yaml configuration." echo -e "----------------------------------------------------------------------------------\n" declare -a INVALID_BRANCH_DIGEST=( - "maven_digest_no_branch.yaml" "maven_invalid_branch.yaml" "maven_invalid_digest.yaml" ) diff --git a/src/macaron/__main__.py b/src/macaron/__main__.py index cadcdc7de..a600e486d 100644 --- a/src/macaron/__main__.py +++ b/src/macaron/__main__.py @@ -90,11 +90,11 @@ def analyze_slsa_levels_single(analyzer_single_args: argparse.Namespace) -> None branch = analyzer_single_args.branch digest = analyzer_single_args.digest - if repo_path and purl and not (branch and digest): + if repo_path and purl and not digest: # To provide the purl together with the repository path, the user must specify the branch and commit # digest. logger.error( - "Please provide the branch and commit digest for the repo at %s that matches to the PURL string %s.", + "Please provide the commit digest for the repo at %s that matches to the PURL string %s.", repo_path, purl, ) diff --git a/src/macaron/slsa_analyzer/analyzer.py b/src/macaron/slsa_analyzer/analyzer.py index fbb97c7df..af6d1c05f 100644 --- a/src/macaron/slsa_analyzer/analyzer.py +++ b/src/macaron/slsa_analyzer/analyzer.py @@ -649,13 +649,6 @@ def _prepare_repo( The pydriller.Git object of the repository or None if error. """ # TODO: separate the logic for handling remote and local repos instead of putting them into this method. - # Cannot specify a commit hash without specifying the branch. - if not branch_name and digest: - logger.error( - "Cannot specify a commit hash without specifying the branch for repo at %s.", - repo_path, - ) - return None logger.info( "Preparing the repository for the analysis (path=%s, branch=%s, digest=%s)", diff --git a/src/macaron/slsa_analyzer/git_url.py b/src/macaron/slsa_analyzer/git_url.py index 61c322c9a..50ba9736e 100644 --- a/src/macaron/slsa_analyzer/git_url.py +++ b/src/macaron/slsa_analyzer/git_url.py @@ -25,22 +25,123 @@ logger: logging.Logger = logging.getLogger(__name__) -def check_out_repo_target(git_obj: Git, branch_name: str = "", digest: str = "", offline_mode: bool = False) -> bool: +def parse_git_branch_output(content: str) -> list[str]: + """Return the list of branch names from a string that has a format similar to the output of ``git branch --list``. + + Parameters + ---------- + content : str + The raw output as string from the ``git branch`` command. + + Returns + ------- + list[str] + The list of strings where each string is a branch element from the raw output. + + Examples + -------- + >>> from pprint import pprint + >>> content = ''' + ... * (HEAD detached at 7fc81f8) + ... master + ... remotes/origin/HEAD -> origin/master + ... remotes/origin/master + ... remotes/origin/v2.dev + ... remotes/origin/v3.dev + ... ''' + >>> pprint(parse_git_branch_output(content)) + ['(HEAD detached at 7fc81f8)', + 'master', + 'remotes/origin/HEAD -> origin/master', + 'remotes/origin/master', + 'remotes/origin/v2.dev', + 'remotes/origin/v3.dev'] + """ + git_branch_output_lines = content.splitlines() + branches = [] + for line in git_branch_output_lines: + # The ``*`` symbol will appear next to the branch name where HEAD is currently on. + # Branches in git cannot have ``*`` in its name so we can safely replace without tampering with its actual name. + # https://git-scm.com/docs/git-check-ref-format + branch = line.replace("*", "").strip() + + # Ignore elements that contain only whitespaces. This is because the raw content of git branch + # can have extra new line at the end, which can be picked up as an empty element in `git_branch_output_lines`. + if len(branch) == 0: + continue + + branches.append(branch) + + return branches + + +def get_branches_containing_commit(git_obj: Git, commit: str, remote: str = "origin") -> list[str]: + """Get the branches from a remote that contains a specific commit. + + The returned branch names will be in the form of /. + + Parameters + ---------- + git_obj : Git + The pydriller.Git wrapper object of the target repository. + commit : str + The hash of the commit we want to get all the branches. + remote : str, optional + The name of the remote to check the branches, by default "origin". + + Returns + ------- + list[str] + The list of branches that contains the commit. + """ + try: + raw_output: str = git_obj.repo.git.branch( + "--remotes", + "--list", + f"{remote}/*", + "--contains", + commit, + ) + except GitCommandError: + logger.debug("Error while looking up branches that contain commit %s.", commit) + return [] + + return parse_git_branch_output(raw_output) + + +def check_out_repo_target( + git_obj: Git, + branch_name: str = "", + digest: str = "", + offline_mode: bool = False, +) -> bool: """Checkout the branch and commit specified by the user. - If no branch name is provided, this method will checkout the default branch - of the repository and analyze the latest commit from remote. Note that checking out the branch - is always performed before checking out the specific ``digest`` (if provided). + This fucntion assumes that a remote "origin" exist and checkout from that remote ONLY. - If ``digest`` is not provided, this method always pulls (fast-forward only) and checks out the latest commit. + If ``offline_mode`` is False, this function will fetch new changes from origin remote. The fetching operation + will prune and update all references (e.g. tags, branches) to make sure that the local repository is up-to-date + with the repository specified by origin remote. - If ``digest`` is provided, this method will checkout that specific commit. If ``digest`` - cannot be found in the current branch, this method will pull (fast-forward only) from remote. + If ``branch_name`` and a commit are not provided, this function will checkout the latest commit of the + default branch (i.e. origin/HEAD). - This method supports repositories which are cloned from existing remote repositories. - Other scenarios are not covered (e.g. a newly initiated repository). + If ``branch_name`` is provided and a commit is not provided, this function will checkout that branch from origin + remote (i.e. origin/. If not, this fucntion will return False. - If ``offline_mode`` is set, this method will not pull/fetch from remote while checking out the branch or commit. + For all scenarios: + - If the checkout fails (e.g. a branch or a commit doesn't exist), this function will return + False. + - This function will perform a force checkout + https://git-scm.com/docs/git-checkout#Documentation/git-checkout.txt---force + + This function supports repositories which are cloned from existing remote repositories. + Other scenarios are not covered (e.g. a newly initiated repository). Parameters ---------- @@ -58,74 +159,67 @@ def check_out_repo_target(git_obj: Git, branch_name: str = "", digest: str = "", bool True if succeed else False. """ - # Resolve the branch name to check out. - res_branch = "" - if branch_name: - res_branch = branch_name - else: - res_branch = get_default_branch(git_obj) - if not res_branch: - logger.error("Cannot determine the default branch for this repository.") - logger.info("Consider providing the specific branch to be analyzed or fully cloning the repo instead.") + if not offline_mode: + # Fetch from remote origin by running ``git fetch origin --force --tags --prune --prune-tags`` inside the target + # repository. + # The flags `--force --tags --prune --prune-tags` are used to make sure we analyze the most up-to-date version + # of the repo. + # - Any modified tags in the remote repository is updated locally. + # - Prune deleted branches and tags in the remote from the local repository. + # References: + # https://git-scm.com/docs/git-fetch + # https://github.com/oracle/macaron/issues/547 + try: + git_obj.repo.git.fetch( + "origin", + "--force", + "--tags", + "--prune", + "--prune-tags", + ) + except GitCommandError: + logger.error("Unable to fetch from the origin remote of the repository.") return False - if not offline_mode: - # Fetch from remote by running ``git fetch`` inside the target repository. - # We don't specify any remote name (e.g. origin) because we want git to resolve the default fetching - # target by itself. - # For example, the user runs Macaron on a local repository where the remote is set to have name "foo_origin" - # instead. - # References: https://git-scm.com/docs/git-fetch + if not branch_name and not digest: try: - git_obj.repo.git.fetch() - except GitCommandError as error: - logger.error("Unable to fetch from the remote repository. Error: %s", error) + git_obj.repo.git.checkout("--force", "origin/HEAD") + except GitCommandError: + logger.debug("Cannot checkout the default branch at origin/HEAD") return False - try: - # Switch to the target branch by running ``git checkout `` in the target repository. - # We need to use force checkout to prevent issues similar to https://github.com/oracle/macaron/issues/530. - git_obj.repo.git.checkout("--force", res_branch) - except GitCommandError as error: - logger.error("Cannot checkout branch %s. Error: %s", res_branch, error) - return False + if branch_name and not digest: + try: + git_obj.repo.git.checkout("--force", f"origin/{branch_name}") + except GitCommandError: + logger.debug("Cannot checkout branch %s from origin remote.", branch_name) + return False - logger.info("Successfully checkout branch %s.", res_branch) + if not branch_name and digest: + try: + git_obj.repo.git.checkout("--force", f"{digest}") + except GitCommandError: + logger.debug("Cannot checkout commit %s.", digest) + return False - if not offline_mode: - # We only pull the latest changes if one of these scenarios happens: - # - no digest is provided: we need to pull and analyze the latest commit. - # - a commit digest is provided but it does not exist locally: we need to - # pull the latest changes to check if that commit is available. - # We want to check if the commit already exist locally first because we want to avoid pulling unecessary - # if it does. - # We do this by checking if the commit we want to analyze is an ancestor of the commit being referenced by HEAD - # (which point to the tip of the branch). - # If the commit we want to analyze is same as HEAD, that commit is still considered as the ancestor of HEAD. - # The ``is_ancestor`` method runs ``git merge-base`` behind the scence. - # For more information on computing the ancestor status of two commits: https://git-scm.com/docs/git-merge-base. - if not digest or not git_obj.repo.is_ancestor(digest, "HEAD"): - logger.info("Pulling the latest changes of branch %s fast-forward only.", res_branch) + if branch_name and digest: + branches = get_branches_containing_commit( + git_obj=git_obj, + commit=digest, + remote="origin", + ) + + if f"origin/{branch_name}" in branches: try: - # Pull the latest changes on the current branch fast-forward only. - git_obj.repo.git.pull("--ff-only") - except GitCommandError as error: - logger.error(error) + git_obj.repo.git.checkout("--force", f"{digest}") + except GitCommandError: + logger.debug("Cannot checkout commit %s.", digest) return False - - if digest: - # Checkout the specific commit that the user want by running ``git checkout `` in the target repository. - # We need to use force checkout to prevent issues similar to https://github.com/oracle/macaron/issues/530. - try: - git_obj.repo.git.checkout("--force", digest) - except GitCommandError as error: - logger.error( - "Commit %s cannot be checked out. Error: %s", - digest, - error, - ) + else: + logger.error("Commit %s is not in branch %s.", digest, branch_name) return False + # Further validation to make sure the git checkout operations happen as expected. final_head_commit: Commit = git_obj.repo.head.commit if not final_head_commit: logger.critical("Cannot get the head commit after checking out.") diff --git a/tests/dependency_analyzer/configurations/micronaut_test_config.yaml b/tests/dependency_analyzer/configurations/micronaut_test_config.yaml index dcf7062e8..780a01f05 100644 --- a/tests/dependency_analyzer/configurations/micronaut_test_config.yaml +++ b/tests/dependency_analyzer/configurations/micronaut_test_config.yaml @@ -4,21 +4,18 @@ target: id: micronaut-test # https://github.com/micronaut-projects/micronaut-test/commit/7679d10b4073a3b842b6c56877c35fa8cd10acff - branch: master digest: 7679d10b4073a3b842b6c56877c35fa8cd10acff path: https://github.com/micronaut-projects/micronaut-test dependencies: - id: slf4j - # For version 1.7.36 - # https://github.com/qos-ch/slf4j/commit/e9ee55cca93c2bf26f14482a9bdf961c750d2a56 - branch: v_1.7.36 + # For version 1.7.36 + # https://github.com/qos-ch/slf4j/commit/e9ee55cca93c2bf26f14482a9bdf961c750d2a56 digest: e9ee55cca93c2bf26f14482a9bdf961c750d2a56 path: https://github.com/qos-ch/slf4j.git - id: caffeine - # For version 2.9.3 - # https://github.com/ben-manes/caffeine/commit/05a040c2478341bab8a58a02b3dc1fe14d626d72 - branch: v2.9.3 + # For version 2.9.3 + # https://github.com/ben-manes/caffeine/commit/05a040c2478341bab8a58a02b3dc1fe14d626d72 digest: 05a040c2478341bab8a58a02b3dc1fe14d626d72 path: https://github.com/ben-manes/caffeine.git diff --git a/tests/dependency_analyzer/configurations/micronaut_test_config_branch_commit.yaml b/tests/dependency_analyzer/configurations/micronaut_test_config_branch_commit.yaml new file mode 100644 index 000000000..0785fc5ce --- /dev/null +++ b/tests/dependency_analyzer/configurations/micronaut_test_config_branch_commit.yaml @@ -0,0 +1,9 @@ +# Copyright (c) 2023 - 2023, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. + +target: + id: micronaut-test + # https://github.com/micronaut-projects/micronaut-test/commit/7679d10b4073a3b842b6c56877c35fa8cd10acff + branch: master + digest: 7679d10b4073a3b842b6c56877c35fa8cd10acff + path: https://github.com/micronaut-projects/micronaut-test diff --git a/tests/dependency_analyzer/expected_results/cyclonedx_micronaut-projects_micronaut-test.json b/tests/dependency_analyzer/expected_results/cyclonedx_micronaut-projects_micronaut-test.json index 80c9f2997..93a4d5634 100644 --- a/tests/dependency_analyzer/expected_results/cyclonedx_micronaut-projects_micronaut-test.json +++ b/tests/dependency_analyzer/expected_results/cyclonedx_micronaut-projects_micronaut-test.json @@ -3,7 +3,7 @@ "id": "slf4j", "purl": "", "path": "https://github.com/qos-ch/slf4j.git", - "branch": "v_1.7.36", + "branch": "", "digest": "e9ee55cca93c2bf26f14482a9bdf961c750d2a56", "note": "", "available": "AVAILABLE" @@ -12,7 +12,7 @@ "id": "caffeine", "purl": "", "path": "https://github.com/ben-manes/caffeine.git", - "branch": "v2.9.3", + "branch": "", "digest": "05a040c2478341bab8a58a02b3dc1fe14d626d72", "note": "", "available": "AVAILABLE" diff --git a/tests/dependency_analyzer/expected_results/skipdep_micronaut-projects_micronaut-test.json b/tests/dependency_analyzer/expected_results/skipdep_micronaut-projects_micronaut-test.json index 80c9f2997..93a4d5634 100644 --- a/tests/dependency_analyzer/expected_results/skipdep_micronaut-projects_micronaut-test.json +++ b/tests/dependency_analyzer/expected_results/skipdep_micronaut-projects_micronaut-test.json @@ -3,7 +3,7 @@ "id": "slf4j", "purl": "", "path": "https://github.com/qos-ch/slf4j.git", - "branch": "v_1.7.36", + "branch": "", "digest": "e9ee55cca93c2bf26f14482a9bdf961c750d2a56", "note": "", "available": "AVAILABLE" @@ -12,7 +12,7 @@ "id": "caffeine", "purl": "", "path": "https://github.com/ben-manes/caffeine.git", - "branch": "v2.9.3", + "branch": "", "digest": "05a040c2478341bab8a58a02b3dc1fe14d626d72", "note": "", "available": "AVAILABLE" diff --git a/tests/e2e/configurations/maven_digest_no_branch.yaml b/tests/e2e/configurations/maven_digest_no_branch.yaml deleted file mode 100644 index 8d882365e..000000000 --- a/tests/e2e/configurations/maven_digest_no_branch.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# Copyright (c) 2022 - 2023, Oracle and/or its affiliates. All rights reserved. -# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. - -target: - id: apache/maven - branch: '' - digest: 3fc399318edef0d5ba593723a24fff64291d6f9b - path: https://github.com/apache/maven.git diff --git a/tests/e2e/configurations/micronaut_test_config.yaml b/tests/e2e/configurations/micronaut_test_config.yaml index dcf7062e8..780a01f05 100644 --- a/tests/e2e/configurations/micronaut_test_config.yaml +++ b/tests/e2e/configurations/micronaut_test_config.yaml @@ -4,21 +4,18 @@ target: id: micronaut-test # https://github.com/micronaut-projects/micronaut-test/commit/7679d10b4073a3b842b6c56877c35fa8cd10acff - branch: master digest: 7679d10b4073a3b842b6c56877c35fa8cd10acff path: https://github.com/micronaut-projects/micronaut-test dependencies: - id: slf4j - # For version 1.7.36 - # https://github.com/qos-ch/slf4j/commit/e9ee55cca93c2bf26f14482a9bdf961c750d2a56 - branch: v_1.7.36 + # For version 1.7.36 + # https://github.com/qos-ch/slf4j/commit/e9ee55cca93c2bf26f14482a9bdf961c750d2a56 digest: e9ee55cca93c2bf26f14482a9bdf961c750d2a56 path: https://github.com/qos-ch/slf4j.git - id: caffeine - # For version 2.9.3 - # https://github.com/ben-manes/caffeine/commit/05a040c2478341bab8a58a02b3dc1fe14d626d72 - branch: v2.9.3 + # For version 2.9.3 + # https://github.com/ben-manes/caffeine/commit/05a040c2478341bab8a58a02b3dc1fe14d626d72 digest: 05a040c2478341bab8a58a02b3dc1fe14d626d72 path: https://github.com/ben-manes/caffeine.git diff --git a/tests/e2e/expected_results/micronaut-test/caffeine.json b/tests/e2e/expected_results/micronaut-test/caffeine.json index 88ac3fe9a..2064b6431 100644 --- a/tests/e2e/expected_results/micronaut-test/caffeine.json +++ b/tests/e2e/expected_results/micronaut-test/caffeine.json @@ -1,13 +1,14 @@ { "metadata": { - "timestamps": "2023-09-12 22:55:15" + "timestamps": "2023-12-22 01:32:17", + "has_passing_check": true }, "target": { "info": { "full_name": "pkg:github.com/ben-manes/caffeine@05a040c2478341bab8a58a02b3dc1fe14d626d72", "local_cloned_path": "git_repos/github_com/ben-manes/caffeine", "remote_path": "https://github.com/ben-manes/caffeine", - "branch": "v2.9.3", + "branch": null, "commit_hash": "05a040c2478341bab8a58a02b3dc1fe14d626d72", "commit_date": "2021-12-02T01:04:44-08:00" }, @@ -26,7 +27,7 @@ "buildType": "Custom github_actions", "invocation": { "configSource": { - "uri": "https://github.com/ben-manes/caffeine@refs/heads/v2.9.3", + "uri": "https://github.com/ben-manes/caffeine@refs/heads/None", "digest": { "sha1": "05a040c2478341bab8a58a02b3dc1fe14d626d72" }, @@ -189,7 +190,7 @@ "Provenance content - Identifies builder - SLSA Level 1" ], "justification": [ - "Could not find any SLSA provenances." + "Could not find any SLSA or Witness provenances." ], "result_type": "FAILED" }, @@ -254,7 +255,7 @@ "unique_dep_repos": 0, "checks_summary": [ { - "check_id": "mcn_provenance_expectation_1", + "check_id": "mcn_version_control_system_1", "num_deps_pass": 0 }, { @@ -262,7 +263,7 @@ "num_deps_pass": 0 }, { - "check_id": "mcn_provenance_available_1", + "check_id": "mcn_build_as_code_1", "num_deps_pass": 0 }, { @@ -270,23 +271,23 @@ "num_deps_pass": 0 }, { - "check_id": "mcn_build_as_code_1", + "check_id": "mcn_trusted_builder_level_three_1", "num_deps_pass": 0 }, { - "check_id": "mcn_version_control_system_1", + "check_id": "mcn_provenance_level_three_1", "num_deps_pass": 0 }, { - "check_id": "mcn_trusted_builder_level_three_1", + "check_id": "mcn_build_script_1", "num_deps_pass": 0 }, { - "check_id": "mcn_build_script_1", + "check_id": "mcn_provenance_expectation_1", "num_deps_pass": 0 }, { - "check_id": "mcn_provenance_level_three_1", + "check_id": "mcn_provenance_available_1", "num_deps_pass": 0 }, { diff --git a/tests/e2e/expected_results/micronaut-test/dependencies.json b/tests/e2e/expected_results/micronaut-test/dependencies.json index b55908ec0..328510099 100644 --- a/tests/e2e/expected_results/micronaut-test/dependencies.json +++ b/tests/e2e/expected_results/micronaut-test/dependencies.json @@ -1 +1 @@ -[{"id": "slf4j", "path": "https://github.com/qos-ch/slf4j.git", "branch": "v_1.7.36", "digest": "e9ee55cca93c2bf26f14482a9bdf961c750d2a56", "note": "", "available": "AVAILABLE"}, {"id": "caffeine", "path": "https://github.com/ben-manes/caffeine.git", "branch": "v2.9.3", "digest": "05a040c2478341bab8a58a02b3dc1fe14d626d72", "note": "", "available": "AVAILABLE"}] +[{"id": "slf4j", "path": "https://github.com/qos-ch/slf4j.git", "branch": "", "digest": "e9ee55cca93c2bf26f14482a9bdf961c750d2a56", "note": "", "available": "AVAILABLE"}, {"id": "caffeine", "path": "https://github.com/ben-manes/caffeine.git", "branch": "", "digest": "05a040c2478341bab8a58a02b3dc1fe14d626d72", "note": "", "available": "AVAILABLE"}] diff --git a/tests/e2e/expected_results/micronaut-test/micronaut-test-branch-commit.json b/tests/e2e/expected_results/micronaut-test/micronaut-test-branch-commit.json new file mode 100644 index 000000000..03327b0b1 --- /dev/null +++ b/tests/e2e/expected_results/micronaut-test/micronaut-test-branch-commit.json @@ -0,0 +1,518 @@ +{ + "metadata": { + "timestamps": "2023-12-22 12:47:48", + "has_passing_check": true + }, + "target": { + "info": { + "full_name": "pkg:github.com/micronaut-projects/micronaut-test@7679d10b4073a3b842b6c56877c35fa8cd10acff", + "local_cloned_path": "git_repos/github_com/micronaut-projects/micronaut-test", + "remote_path": "https://github.com/micronaut-projects/micronaut-test", + "branch": "master", + "commit_hash": "7679d10b4073a3b842b6c56877c35fa8cd10acff", + "commit_date": "2023-11-07T06:43:31+01:00" + }, + "provenances": { + "is_inferred": false, + "content": { + "github_actions": [ + { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.2", + "subject": [ + { + "name": "build/repo/io/micronaut/test/micronaut-test-bom/4.1.1/micronaut-test-bom-4.1.1.pom", + "digest": { + "sha256": "df0ac294009fb49a90d3b43eb6866b118d4e63f1e41f43b85ef472278835171e" + } + }, + { + "name": "build/repo/io/micronaut/test/micronaut-test-core/4.1.1/micronaut-test-core-4.1.1.jar", + "digest": { + "sha256": "374a135cd10f5dc3affb7c69129f51907260d5d09c40fe1c612a3f2967c1db82" + } + }, + { + "name": "build/repo/io/micronaut/test/micronaut-test-core/4.1.1/micronaut-test-core-4.1.1.pom", + "digest": { + "sha256": "de4735ef53a4019584c4f16cc17e476cecdd9e44efc37c3ba9c9cedeafe23e43" + } + }, + { + "name": "build/repo/io/micronaut/test/micronaut-test-junit5/4.1.1/micronaut-test-junit5-4.1.1.jar", + "digest": { + "sha256": "655a851b405ed4fa8d86927591f0860fe600458b5e311f5074096f6cfa8ac596" + } + }, + { + "name": "build/repo/io/micronaut/test/micronaut-test-junit5/4.1.1/micronaut-test-junit5-4.1.1.pom", + "digest": { + "sha256": "9210cec65c1050305497f4c7751d951964cfb1f1f60c1e21434f74d60345a487" + } + }, + { + "name": "build/repo/io/micronaut/test/micronaut-test-kotest5/4.1.1/micronaut-test-kotest5-4.1.1.jar", + "digest": { + "sha256": "b80e3b51b9a5af5ceab3c4e424069081872107d5fdd1e005811b204ea497e399" + } + }, + { + "name": "build/repo/io/micronaut/test/micronaut-test-kotest5/4.1.1/micronaut-test-kotest5-4.1.1.pom", + "digest": { + "sha256": "f9146d727be9811ff4dac12b0a96c60849cda063b51d534d2c4415766b438c45" + } + }, + { + "name": "build/repo/io/micronaut/test/micronaut-test-rest-assured/4.1.1/micronaut-test-rest-assured-4.1.1.jar", + "digest": { + "sha256": "39aaef0081f064468125446a1fab1da68e49f1af4cd396445dab6b89ec9f778c" + } + }, + { + "name": "build/repo/io/micronaut/test/micronaut-test-rest-assured/4.1.1/micronaut-test-rest-assured-4.1.1.pom", + "digest": { + "sha256": "9fc1c1f0c4824d990310234e223acba57cb7c3dbbcebbb194382989f5bd4145b" + } + }, + { + "name": "build/repo/io/micronaut/test/micronaut-test-spock/4.1.1/micronaut-test-spock-4.1.1.jar", + "digest": { + "sha256": "ba34b2238565a5d5737aabcc4e96dde1d328348b7fcbbc123c3f37cb3884c7fc" + } + }, + { + "name": "build/repo/io/micronaut/test/micronaut-test-spock/4.1.1/micronaut-test-spock-4.1.1.pom", + "digest": { + "sha256": "6ad7b0bc411fa8e0dcd3de9fb27aa8f1f23c5c946f738c607ecb873314ba86b4" + } + } + ], + "predicate": { + "builder": { + "id": "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v1.9.0" + }, + "buildType": "https://github.com/slsa-framework/slsa-github-generator/generic@v1", + "invocation": { + "configSource": { + "uri": "git+https://github.com/micronaut-projects/micronaut-test@refs/tags/v4.1.1", + "digest": { + "sha1": "0ad6b0e87e695e90ab9f0c8df28a49101cd00d70" + }, + "entryPoint": ".github/workflows/release.yml" + }, + "parameters": {}, + "environment": { + "github_actor": "sdelamo", + "github_actor_id": "864788", + "github_base_ref": "", + "github_event_name": "release", + "github_event_payload": { + "action": "published", + "organization": { + "avatar_url": "https://avatars.githubusercontent.com/u/36880643?v=4", + "description": "", + "events_url": "https://api.github.com/orgs/micronaut-projects/events", + "hooks_url": "https://api.github.com/orgs/micronaut-projects/hooks", + "id": 36880643, + "issues_url": "https://api.github.com/orgs/micronaut-projects/issues", + "login": "micronaut-projects", + "members_url": "https://api.github.com/orgs/micronaut-projects/members{/member}", + "node_id": "MDEyOk9yZ2FuaXphdGlvbjM2ODgwNjQz", + "public_members_url": "https://api.github.com/orgs/micronaut-projects/public_members{/member}", + "repos_url": "https://api.github.com/orgs/micronaut-projects/repos", + "url": "https://api.github.com/orgs/micronaut-projects" + }, + "release": { + "assets": [], + "assets_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/releases/132296768/assets", + "author": { + "avatar_url": "https://avatars.githubusercontent.com/u/864788?v=4", + "events_url": "https://api.github.com/users/sdelamo/events{/privacy}", + "followers_url": "https://api.github.com/users/sdelamo/followers", + "following_url": "https://api.github.com/users/sdelamo/following{/other_user}", + "gists_url": "https://api.github.com/users/sdelamo/gists{/gist_id}", + "gravatar_id": "", + "html_url": "https://github.com/sdelamo", + "id": 864788, + "login": "sdelamo", + "node_id": "MDQ6VXNlcjg2NDc4OA==", + "organizations_url": "https://api.github.com/users/sdelamo/orgs", + "received_events_url": "https://api.github.com/users/sdelamo/received_events", + "repos_url": "https://api.github.com/users/sdelamo/repos", + "site_admin": false, + "starred_url": "https://api.github.com/users/sdelamo/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/sdelamo/subscriptions", + "type": "User", + "url": "https://api.github.com/users/sdelamo" + }, + "body": "\r\n\r\n## What's Changed\r\n### Improvements \u2b50\r\n* check if bean of type ResourceLoader exists by @sdelamo in https://github.com/micronaut-projects/micronaut-test/pull/906\r\n### Dependency updates \ud83d\ude80\r\n* fix(deps): update junit5 monorepo to v5.10.1 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/885\r\n* chore(deps): update graalvm/setup-graalvm action to v1.1.5 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/884\r\n\r\n\r\n**Full Changelog**: https://github.com/micronaut-projects/micronaut-test/compare/v4.1.0...v4.1.1", + "created_at": "2023-12-01T14:49:53Z", + "draft": false, + "html_url": "https://github.com/micronaut-projects/micronaut-test/releases/tag/v4.1.1", + "id": 132296768, + "mentions_count": 2, + "name": "Micronaut Test 4.1.1", + "node_id": "RE_kwDOCPx9Ys4H4rBA", + "prerelease": false, + "published_at": "2023-12-01T14:50:40Z", + "tag_name": "v4.1.1", + "tarball_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/tarball/v4.1.1", + "target_commitish": "4.1.x", + "upload_url": "https://uploads.github.com/repos/micronaut-projects/micronaut-test/releases/132296768/assets{?name,label}", + "url": "https://api.github.com/repos/micronaut-projects/micronaut-test/releases/132296768", + "zipball_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/zipball/v4.1.1" + }, + "repository": { + "allow_forking": true, + "archive_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/{archive_format}{/ref}", + "archived": false, + "assignees_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/assignees{/user}", + "blobs_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/git/blobs{/sha}", + "branches_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/branches{/branch}", + "clone_url": "https://github.com/micronaut-projects/micronaut-test.git", + "collaborators_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/collaborators{/collaborator}", + "comments_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/comments{/number}", + "commits_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/commits{/sha}", + "compare_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/compare/{base}...{head}", + "contents_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/contents/{+path}", + "contributors_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/contributors", + "created_at": "2018-09-28T16:07:55Z", + "custom_properties": {}, + "default_branch": "master", + "deployments_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/deployments", + "description": "Repository for Test Related Utilities for Micronaut", + "disabled": false, + "downloads_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/downloads", + "events_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/events", + "fork": false, + "forks": 58, + "forks_count": 58, + "forks_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/forks", + "full_name": "micronaut-projects/micronaut-test", + "git_commits_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/git/commits{/sha}", + "git_refs_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/git/refs{/sha}", + "git_tags_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/git/tags{/sha}", + "git_url": "git://github.com/micronaut-projects/micronaut-test.git", + "has_discussions": false, + "has_downloads": true, + "has_issues": true, + "has_pages": true, + "has_projects": true, + "has_wiki": true, + "homepage": "", + "hooks_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/hooks", + "html_url": "https://github.com/micronaut-projects/micronaut-test", + "id": 150764898, + "is_template": false, + "issue_comment_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/issues/comments{/number}", + "issue_events_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/issues/events{/number}", + "issues_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/issues{/number}", + "keys_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/keys{/key_id}", + "labels_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/labels{/name}", + "language": "Java", + "languages_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/languages", + "license": { + "key": "apache-2.0", + "name": "Apache License 2.0", + "node_id": "MDc6TGljZW5zZTI=", + "spdx_id": "Apache-2.0", + "url": "https://api.github.com/licenses/apache-2.0" + }, + "merges_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/merges", + "milestones_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/milestones{/number}", + "mirror_url": null, + "name": "micronaut-test", + "node_id": "MDEwOlJlcG9zaXRvcnkxNTA3NjQ4OTg=", + "notifications_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/notifications{?since,all,participating}", + "open_issues": 44, + "open_issues_count": 44, + "owner": { + "avatar_url": "https://avatars.githubusercontent.com/u/36880643?v=4", + "events_url": "https://api.github.com/users/micronaut-projects/events{/privacy}", + "followers_url": "https://api.github.com/users/micronaut-projects/followers", + "following_url": "https://api.github.com/users/micronaut-projects/following{/other_user}", + "gists_url": "https://api.github.com/users/micronaut-projects/gists{/gist_id}", + "gravatar_id": "", + "html_url": "https://github.com/micronaut-projects", + "id": 36880643, + "login": "micronaut-projects", + "node_id": "MDEyOk9yZ2FuaXphdGlvbjM2ODgwNjQz", + "organizations_url": "https://api.github.com/users/micronaut-projects/orgs", + "received_events_url": "https://api.github.com/users/micronaut-projects/received_events", + "repos_url": "https://api.github.com/users/micronaut-projects/repos", + "site_admin": false, + "starred_url": "https://api.github.com/users/micronaut-projects/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/micronaut-projects/subscriptions", + "type": "Organization", + "url": "https://api.github.com/users/micronaut-projects" + }, + "private": false, + "pulls_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/pulls{/number}", + "pushed_at": "2023-12-01T14:50:39Z", + "releases_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/releases{/id}", + "size": 23465, + "ssh_url": "git@github.com:micronaut-projects/micronaut-test.git", + "stargazers_count": 78, + "stargazers_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/stargazers", + "statuses_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/statuses/{sha}", + "subscribers_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/subscribers", + "subscription_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/subscription", + "svn_url": "https://github.com/micronaut-projects/micronaut-test", + "tags_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/tags", + "teams_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/teams", + "topics": [], + "trees_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/git/trees{/sha}", + "updated_at": "2023-11-26T20:02:46Z", + "url": "https://api.github.com/repos/micronaut-projects/micronaut-test", + "visibility": "public", + "watchers": 78, + "watchers_count": 78, + "web_commit_signoff_required": false + }, + "sender": { + "avatar_url": "https://avatars.githubusercontent.com/u/864788?v=4", + "events_url": "https://api.github.com/users/sdelamo/events{/privacy}", + "followers_url": "https://api.github.com/users/sdelamo/followers", + "following_url": "https://api.github.com/users/sdelamo/following{/other_user}", + "gists_url": "https://api.github.com/users/sdelamo/gists{/gist_id}", + "gravatar_id": "", + "html_url": "https://github.com/sdelamo", + "id": 864788, + "login": "sdelamo", + "node_id": "MDQ6VXNlcjg2NDc4OA==", + "organizations_url": "https://api.github.com/users/sdelamo/orgs", + "received_events_url": "https://api.github.com/users/sdelamo/received_events", + "repos_url": "https://api.github.com/users/sdelamo/repos", + "site_admin": false, + "starred_url": "https://api.github.com/users/sdelamo/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/sdelamo/subscriptions", + "type": "User", + "url": "https://api.github.com/users/sdelamo" + } + }, + "github_head_ref": "", + "github_ref": "refs/tags/v4.1.1", + "github_ref_type": "tag", + "github_repository_id": "150764898", + "github_repository_owner": "micronaut-projects", + "github_repository_owner_id": "36880643", + "github_run_attempt": "1", + "github_run_id": "7061527707", + "github_run_number": "74", + "github_sha1": "0ad6b0e87e695e90ab9f0c8df28a49101cd00d70" + } + }, + "metadata": { + "buildInvocationID": "7061527707-1", + "completeness": { + "parameters": true, + "environment": false, + "materials": false + }, + "reproducible": false + }, + "materials": [ + { + "uri": "git+https://github.com/micronaut-projects/micronaut-test@refs/tags/v4.1.1", + "digest": { + "sha1": "0ad6b0e87e695e90ab9f0c8df28a49101cd00d70" + } + } + ] + } + } + ], + "Maven Central Registry": [] + } + }, + "checks": { + "summary": { + "DISABLED": 0, + "FAILED": 3, + "PASSED": 6, + "SKIPPED": 0, + "UNKNOWN": 1 + }, + "results": [ + { + "check_id": "mcn_provenance_expectation_1", + "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", + "slsa_requirements": [ + "Provenance conforms with expectations - SLSA Level 3" + ], + "justification": [ + "No expectation defined for this repository." + ], + "result_type": "UNKNOWN" + }, + { + "check_id": "mcn_build_as_code_1", + "check_description": "The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.", + "slsa_requirements": [ + "Build as code - SLSA Level 3" + ], + "justification": [ + { + "The target repository uses build tool gradle to deploy": "https://github.com/micronaut-projects/micronaut-test/blob/7679d10b4073a3b842b6c56877c35fa8cd10acff/.github/workflows/gradle.yml", + "The build is triggered by": "https://github.com/micronaut-projects/micronaut-test/blob/7679d10b4073a3b842b6c56877c35fa8cd10acff/.github/workflows/gradle.yml" + }, + "Deploy command: ['./gradlew', 'publishToSonatype', 'docs', '--no-daemon']", + "However, could not find a passing workflow run." + ], + "result_type": "PASSED" + }, + { + "check_id": "mcn_build_script_1", + "check_description": "Check if the target repo has a valid build script.", + "slsa_requirements": [ + "Scripted Build - SLSA Level 1" + ], + "justification": [ + "Check mcn_build_script_1 is set to PASSED because mcn_build_service_1 PASSED." + ], + "result_type": "PASSED" + }, + { + "check_id": "mcn_build_service_1", + "check_description": "Check if the target repo has a valid build service.", + "slsa_requirements": [ + "Build service - SLSA Level 2" + ], + "justification": [ + "Check mcn_build_service_1 is set to PASSED because mcn_build_as_code_1 PASSED." + ], + "result_type": "PASSED" + }, + { + "check_id": "mcn_provenance_available_1", + "check_description": "Check whether the target has intoto provenance.", + "slsa_requirements": [ + "Provenance - Available - SLSA Level 1", + "Provenance content - Identifies build instructions - SLSA Level 1", + "Provenance content - Identifies artifacts - SLSA Level 1", + "Provenance content - Identifies builder - SLSA Level 1" + ], + "justification": [ + "Found provenance in release assets:", + "https://api.github.com/repos/micronaut-projects/micronaut-test/releases/assets/138429786" + ], + "result_type": "PASSED" + }, + { + "check_id": "mcn_provenance_level_three_1", + "check_description": "Check whether the target has SLSA provenance level 3.", + "slsa_requirements": [ + "Provenance - Non falsifiable - SLSA Level 3", + "Provenance content - Includes all build parameters - SLSA Level 3", + "Provenance content - Identifies entry point - SLSA Level 3", + "Provenance content - Identifies source code - SLSA Level 2" + ], + "justification": [ + "Successfully verified level 3: ", + "verify passed : build/repo/micronaut-test-bom/4.1.1/micronaut-test-bom-4.1.1.pom,verify passed : build/repo/micronaut-test-core/4.1.1/micronaut-test-core-4.1.1.jar,verify passed : build/repo/micronaut-test-core/4.1.1/micronaut-test-core-4.1.1.pom,verify passed : build/repo/micronaut-test-junit5/4.1.1/micronaut-test-junit5-4.1.1.jar,verify passed : build/repo/micronaut-test-junit5/4.1.1/micronaut-test-junit5-4.1.1.pom,verify passed : build/repo/micronaut-test-kotest5/4.1.1/micronaut-test-kotest5-4.1.1.jar,verify passed : build/repo/micronaut-test-kotest5/4.1.1/micronaut-test-kotest5-4.1.1.pom,verify passed : build/repo/micronaut-test-rest-assured/4.1.1/micronaut-test-rest-assured-4.1.1.jar,verify passed : build/repo/micronaut-test-rest-assured/4.1.1/micronaut-test-rest-assured-4.1.1.pom,verify passed : build/repo/micronaut-test-spock/4.1.1/micronaut-test-spock-4.1.1.jar,verify passed : build/repo/micronaut-test-spock/4.1.1/micronaut-test-spock-4.1.1.pom" + ], + "result_type": "PASSED" + }, + { + "check_id": "mcn_version_control_system_1", + "check_description": "Check whether the target repo uses a version control system.", + "slsa_requirements": [ + "Version controlled - SLSA Level 2" + ], + "justification": [ + { + "This is a Git repository": "https://github.com/micronaut-projects/micronaut-test" + } + ], + "result_type": "PASSED" + }, + { + "check_id": "mcn_infer_artifact_pipeline_1", + "check_description": "Detects potential pipelines from which an artifact is published.", + "slsa_requirements": [ + "Build as code - SLSA Level 3" + ], + "justification": [ + "Unable to find a publishing timestamp for the artifact." + ], + "result_type": "FAILED" + }, + { + "check_id": "mcn_provenance_witness_level_one_1", + "check_description": "Check whether the target has a level-1 witness provenance.", + "slsa_requirements": [ + "Provenance - Available - SLSA Level 1", + "Provenance content - Identifies build instructions - SLSA Level 1", + "Provenance content - Identifies artifacts - SLSA Level 1", + "Provenance content - Identifies builder - SLSA Level 1" + ], + "justification": [ + "Failed to discover any witness provenance." + ], + "result_type": "FAILED" + }, + { + "check_id": "mcn_trusted_builder_level_three_1", + "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", + "slsa_requirements": [ + "Hermetic - SLSA Level 4", + "Isolated - SLSA Level 3", + "Parameterless - SLSA Level 4", + "Ephemeral environment - SLSA Level 3" + ], + "justification": [ + "Could not find a trusted level 3 builder as a GitHub Actions workflow." + ], + "result_type": "FAILED" + } + ] + } + }, + "dependencies": { + "analyzed_deps": 0, + "unique_dep_repos": 0, + "checks_summary": [ + { + "check_id": "mcn_version_control_system_1", + "num_deps_pass": 0 + }, + { + "check_id": "mcn_provenance_witness_level_one_1", + "num_deps_pass": 0 + }, + { + "check_id": "mcn_build_as_code_1", + "num_deps_pass": 0 + }, + { + "check_id": "mcn_infer_artifact_pipeline_1", + "num_deps_pass": 0 + }, + { + "check_id": "mcn_trusted_builder_level_three_1", + "num_deps_pass": 0 + }, + { + "check_id": "mcn_provenance_level_three_1", + "num_deps_pass": 0 + }, + { + "check_id": "mcn_build_script_1", + "num_deps_pass": 0 + }, + { + "check_id": "mcn_provenance_expectation_1", + "num_deps_pass": 0 + }, + { + "check_id": "mcn_provenance_available_1", + "num_deps_pass": 0 + }, + { + "check_id": "mcn_build_service_1", + "num_deps_pass": 0 + } + ], + "dep_status": [] + } +} diff --git a/tests/e2e/expected_results/micronaut-test/micronaut-test.json b/tests/e2e/expected_results/micronaut-test/micronaut-test.json index 25c927c53..7da0a24b8 100644 --- a/tests/e2e/expected_results/micronaut-test/micronaut-test.json +++ b/tests/e2e/expected_results/micronaut-test/micronaut-test.json @@ -1,6 +1,6 @@ { "metadata": { - "timestamps": "2023-11-09 12:01:32", + "timestamps": "2023-12-22 01:32:17", "has_passing_check": true }, "target": { @@ -8,7 +8,7 @@ "full_name": "pkg:github.com/micronaut-projects/micronaut-test@7679d10b4073a3b842b6c56877c35fa8cd10acff", "local_cloned_path": "git_repos/github_com/micronaut-projects/micronaut-test", "remote_path": "https://github.com/micronaut-projects/micronaut-test", - "branch": "master", + "branch": null, "commit_hash": "7679d10b4073a3b842b6c56877c35fa8cd10acff", "commit_date": "2023-11-07T06:43:31+01:00" }, @@ -21,69 +21,69 @@ "predicateType": "https://slsa.dev/provenance/v0.2", "subject": [ { - "name": "build/repo/io/micronaut/test/micronaut-test-bom/4.1.0/micronaut-test-bom-4.1.0.pom", + "name": "build/repo/io/micronaut/test/micronaut-test-bom/4.1.1/micronaut-test-bom-4.1.1.pom", "digest": { - "sha256": "08dba71ff79c6e52bbcf1baeb62f064858c76751b40093582e86e7ea02211cfc" + "sha256": "df0ac294009fb49a90d3b43eb6866b118d4e63f1e41f43b85ef472278835171e" } }, { - "name": "build/repo/io/micronaut/test/micronaut-test-core/4.1.0/micronaut-test-core-4.1.0.jar", + "name": "build/repo/io/micronaut/test/micronaut-test-core/4.1.1/micronaut-test-core-4.1.1.jar", "digest": { - "sha256": "ad1f26f5a2f0dbb6d1c47f523d88f762262803fea61ab5e85fc2524dc5712301" + "sha256": "374a135cd10f5dc3affb7c69129f51907260d5d09c40fe1c612a3f2967c1db82" } }, { - "name": "build/repo/io/micronaut/test/micronaut-test-core/4.1.0/micronaut-test-core-4.1.0.pom", + "name": "build/repo/io/micronaut/test/micronaut-test-core/4.1.1/micronaut-test-core-4.1.1.pom", "digest": { - "sha256": "08062321671f9bf3779d6b6fb495a1b44db818c6815f58a445eb46b771b364b1" + "sha256": "de4735ef53a4019584c4f16cc17e476cecdd9e44efc37c3ba9c9cedeafe23e43" } }, { - "name": "build/repo/io/micronaut/test/micronaut-test-junit5/4.1.0/micronaut-test-junit5-4.1.0.jar", + "name": "build/repo/io/micronaut/test/micronaut-test-junit5/4.1.1/micronaut-test-junit5-4.1.1.jar", "digest": { - "sha256": "21f9f3569e4d699bffaa1041b83146e198089f76f92e3f4f9e610fd1cf515ebf" + "sha256": "655a851b405ed4fa8d86927591f0860fe600458b5e311f5074096f6cfa8ac596" } }, { - "name": "build/repo/io/micronaut/test/micronaut-test-junit5/4.1.0/micronaut-test-junit5-4.1.0.pom", + "name": "build/repo/io/micronaut/test/micronaut-test-junit5/4.1.1/micronaut-test-junit5-4.1.1.pom", "digest": { - "sha256": "9261283a00c8f7c450fc0f85652993956332a71ccca2bbbdfccfd2af0446ecd3" + "sha256": "9210cec65c1050305497f4c7751d951964cfb1f1f60c1e21434f74d60345a487" } }, { - "name": "build/repo/io/micronaut/test/micronaut-test-kotest5/4.1.0/micronaut-test-kotest5-4.1.0.jar", + "name": "build/repo/io/micronaut/test/micronaut-test-kotest5/4.1.1/micronaut-test-kotest5-4.1.1.jar", "digest": { - "sha256": "402c84219c62fd1d913a2f69c9690cdacb005b02cd8ef360c0ffbf36b84e77d8" + "sha256": "b80e3b51b9a5af5ceab3c4e424069081872107d5fdd1e005811b204ea497e399" } }, { - "name": "build/repo/io/micronaut/test/micronaut-test-kotest5/4.1.0/micronaut-test-kotest5-4.1.0.pom", + "name": "build/repo/io/micronaut/test/micronaut-test-kotest5/4.1.1/micronaut-test-kotest5-4.1.1.pom", "digest": { - "sha256": "bde64394f3e599452117eb440401d2af89d6f7d1419cae84ae59baf73afdd5b1" + "sha256": "f9146d727be9811ff4dac12b0a96c60849cda063b51d534d2c4415766b438c45" } }, { - "name": "build/repo/io/micronaut/test/micronaut-test-rest-assured/4.1.0/micronaut-test-rest-assured-4.1.0.jar", + "name": "build/repo/io/micronaut/test/micronaut-test-rest-assured/4.1.1/micronaut-test-rest-assured-4.1.1.jar", "digest": { - "sha256": "70e4e5c6e7b07fa8c4d664f734f103ac177aaeee891622d96167b2cea61cd615" + "sha256": "39aaef0081f064468125446a1fab1da68e49f1af4cd396445dab6b89ec9f778c" } }, { - "name": "build/repo/io/micronaut/test/micronaut-test-rest-assured/4.1.0/micronaut-test-rest-assured-4.1.0.pom", + "name": "build/repo/io/micronaut/test/micronaut-test-rest-assured/4.1.1/micronaut-test-rest-assured-4.1.1.pom", "digest": { - "sha256": "a7e32bc55339a05cd82c7669f14914e062de798491cc27d8e52f373650c62bf9" + "sha256": "9fc1c1f0c4824d990310234e223acba57cb7c3dbbcebbb194382989f5bd4145b" } }, { - "name": "build/repo/io/micronaut/test/micronaut-test-spock/4.1.0/micronaut-test-spock-4.1.0.jar", + "name": "build/repo/io/micronaut/test/micronaut-test-spock/4.1.1/micronaut-test-spock-4.1.1.jar", "digest": { - "sha256": "2936f67ba26a8de7e5668a03dd9852492e19c7436b26ddeef5cd4311fcd5189a" + "sha256": "ba34b2238565a5d5737aabcc4e96dde1d328348b7fcbbc123c3f37cb3884c7fc" } }, { - "name": "build/repo/io/micronaut/test/micronaut-test-spock/4.1.0/micronaut-test-spock-4.1.0.pom", + "name": "build/repo/io/micronaut/test/micronaut-test-spock/4.1.1/micronaut-test-spock-4.1.1.pom", "digest": { - "sha256": "bb233d071a396c8990bc6d0f45d84f50ef3d97424179619ed620bf918e11714f" + "sha256": "6ad7b0bc411fa8e0dcd3de9fb27aa8f1f23c5c946f738c607ecb873314ba86b4" } } ], @@ -94,9 +94,9 @@ "buildType": "https://github.com/slsa-framework/slsa-github-generator/generic@v1", "invocation": { "configSource": { - "uri": "git+https://github.com/micronaut-projects/micronaut-test@refs/tags/v4.1.0", + "uri": "git+https://github.com/micronaut-projects/micronaut-test@refs/tags/v4.1.1", "digest": { - "sha1": "4b77a084a1f772f6bfe5c2e946de9796e12abf95" + "sha1": "0ad6b0e87e695e90ab9f0c8df28a49101cd00d70" }, "entryPoint": ".github/workflows/release.yml" }, @@ -124,7 +124,7 @@ }, "release": { "assets": [], - "assets_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/releases/126317732/assets", + "assets_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/releases/132296768/assets", "author": { "avatar_url": "https://avatars.githubusercontent.com/u/864788?v=4", "events_url": "https://api.github.com/users/sdelamo/events{/privacy}", @@ -145,22 +145,22 @@ "type": "User", "url": "https://api.github.com/users/sdelamo" }, - "body": "\r\n\r\n## What's Changed\r\n### New Features \ud83c\udf89\r\n* @Sql Annotation by @timyates in https://github.com/micronaut-projects/micronaut-test/pull/851\r\n\r\n### Improvements \u2b50\r\n* Removed hardcoded version of metadata repo by @msupic in https://github.com/micronaut-projects/micronaut-test/pull/846\r\n* Support multiple Kotest spec instances by @sksamuel in https://github.com/micronaut-projects/micronaut-test/pull/860\r\n* Fix first method with `@Property` not refreshing context by @dstepanov in https://github.com/micronaut-projects/micronaut-test/pull/873\r\n* MicronautKotest5Extension does not retain contexts anymore after test spec is done by @Spikhalskiy in https://github.com/micronaut-projects/micronaut-test/pull/868\r\n* Use and export kotest-bom for kotest dependencies management by @Spikhalskiy in https://github.com/micronaut-projects/micronaut-test/pull/844\r\n\r\n### Docs \ud83d\udcd6\r\n* doc: split documentation into sections by @sdelamo in https://github.com/micronaut-projects/micronaut-test/pull/866\r\n\r\n### Dependency updates \ud83d\ude80\r\n\r\n* fix(deps): update kotlin monorepo to v1.9.10 - autoclosed by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/842\r\n\r\n#### KoTest\r\n* fix(deps): update managed.kotest to v5.7.2 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/845\r\n\r\n#### Mockito\r\n\r\n* fix(deps): update mockito monorepo to v5.6.0 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/864\r\n* fix(deps): update mockito monorepo to v5.5.0 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/811\r\n \r\n#### Mockk\r\n* fix(deps): update dependency io.mockk:mockk to v1.13.8 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/862\r\n* fix(deps): update dependency io.mockk:mockk to v1.13.7 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/839\r\n\r\n#### Rest Assured\r\n\r\n* fix(deps): update dependency io.rest-assured:rest-assured-bom to v5.3.2 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/848\r\n\r\n#### JUnit 5\r\n* fix(deps): update junit5 monorepo to v5.10.0 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/840\r\n\r\n#### Micronaut Modules\r\n\r\n##### Micronaut Core\r\n* fix(deps): update dependency io.micronaut:micronaut-core-bom to v4.1.9 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/856\r\n* fix(deps): update dependency io.micronaut:micronaut-core-bom to v4.1.5 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/850\r\n* fix(deps): update dependency io.micronaut:micronaut-core-bom to v4.1.3 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/838\r\n\r\n##### Micronaut Data\r\n* fix(deps): update dependency io.micronaut.data:micronaut-data-bom to v4.1.4 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/869\r\n* fix(deps): update dependency io.micronaut.data:micronaut-data-bom to v4.1.3 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/854\r\n* fix(deps): update dependency io.micronaut.data:micronaut-data-bom to v4.1.2 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/821\r\n\r\n##### Micronaut Spring \r\n* fix(deps): update dependency io.micronaut.spring:micronaut-spring-bom to v5.0.2 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/826\r\n\r\n##### Micronaut Hibernate Validator\r\n\r\n* fix(deps): update dependency io.micronaut.beanvalidation:micronaut-hibernate-validator to v4.0.2 - autoclosed by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/825\r\n* fix(deps): update dependency io.micronaut.beanvalidation:micronaut-hibernate-validator to v4.0.1 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/820\r\n\r\n##### Micronaut Reactor\r\n* fix(deps): update dependency io.micronaut.reactor:micronaut-reactor-bom to v3.0.3 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/870\r\n* fix(deps): update dependency io.micronaut.reactor:micronaut-reactor-bom to v3.0.2 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/822\r\n\r\n##### Micronaut Serialization\r\n* fix(deps): update dependency io.micronaut.serde:micronaut-serde-bom to v2.2.6 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/858\r\n* fix(deps): update dependency io.micronaut.serde:micronaut-serde-bom to v2.2.4 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/835\r\n\r\n##### Micronaut SQL\r\n\r\n* fix(deps): update dependency io.micronaut.sql:micronaut-sql-bom to v5.0.3 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/859\r\n* fix(deps): update dependency io.micronaut.sql:micronaut-sql-bom to v5.0.1 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/827\r\n\r\n### CI \u2699\ufe0f Build \ud83d\udc18\r\n\r\n* fix/improve build for Java 21 by @wetted in https://github.com/micronaut-projects/micronaut-test/pull/875\r\n\r\n#### Gradle\r\n* chore(deps): update dependency gradle to v8.4 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/863\r\n/pull/877\r\n\r\n#### Micronaut Build\r\n* chore(deps): update plugin io.micronaut.build.shared.settings to v6.5.7 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/865\r\n* chore(deps): update plugin io.micronaut.build.shared.settings to v6.5.6 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/830\r\n\r\n#### Micronaut Library Gradle Plugin\r\n* fix(deps): update dependency io.micronaut.library:io.micronaut.library.gradle.plugin to v4.1.0 - autoclosed by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/823\r\n* * fix(deps): update dependency io.micronaut.library:io.micronaut.library.gradle.plugin to v4.1.1 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/852\r\n\r\n#### SLSA\r\n* chore(deps): update slsa-framework/slsa-github-generator action to v1.9.0 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/834\r\n\r\n####\u00a0GraalVM GitHub Action\r\n* chore(deps): update graalvm/setup-graalvm action to v1.1.4 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/853\r\n* chore(deps): update graalvm/setup-graalvm action to v1.1.3 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/828\r\n\r\n####\u00a0SVM\r\n* fix(deps): update dependency org.graalvm.nativeimage:svm to v23.0.1 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/833\r\n* fix(deps): update dependency org.graalvm.nativeimage:svm to v23.1.0 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/855\r\n* fix(deps): update dependency org.graalvm.nativeimage:svm to v23.1.1 by @renovate in https://github.com/micronaut-projects/micronaut-test\r\n\r\n#### Junit Report\r\n* chore(deps): update mikepenz/action-junit-report action to v4 - autoclosed by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/847\r\n\r\n\r\n\r\n## New Contributors\r\n* @Spikhalskiy made their first contribution in https://github.com/micronaut-projects/micronaut-test/pull/844\r\n* @sksamuel made their first contribution in https://github.com/micronaut-projects/micronaut-test/pull/860\r\n\r\n**Full Changelog**: https://github.com/micronaut-projects/micronaut-test/compare/v4.0.1...v4.1.0", - "created_at": "2023-10-23T14:40:27Z", + "body": "\r\n\r\n## What's Changed\r\n### Improvements \u2b50\r\n* check if bean of type ResourceLoader exists by @sdelamo in https://github.com/micronaut-projects/micronaut-test/pull/906\r\n### Dependency updates \ud83d\ude80\r\n* fix(deps): update junit5 monorepo to v5.10.1 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/885\r\n* chore(deps): update graalvm/setup-graalvm action to v1.1.5 by @renovate in https://github.com/micronaut-projects/micronaut-test/pull/884\r\n\r\n\r\n**Full Changelog**: https://github.com/micronaut-projects/micronaut-test/compare/v4.1.0...v4.1.1", + "created_at": "2023-12-01T14:49:53Z", "draft": false, - "html_url": "https://github.com/micronaut-projects/micronaut-test/releases/tag/v4.1.0", - "id": 126317732, - "mentions_count": 9, - "name": "Micronaut Test 4.1.0", - "node_id": "RE_kwDOCPx9Ys4Hh3Sk", + "html_url": "https://github.com/micronaut-projects/micronaut-test/releases/tag/v4.1.1", + "id": 132296768, + "mentions_count": 2, + "name": "Micronaut Test 4.1.1", + "node_id": "RE_kwDOCPx9Ys4H4rBA", "prerelease": false, - "published_at": "2023-10-23T19:35:01Z", - "tag_name": "v4.1.0", - "tarball_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/tarball/v4.1.0", - "target_commitish": "master", - "upload_url": "https://uploads.github.com/repos/micronaut-projects/micronaut-test/releases/126317732/assets{?name,label}", - "url": "https://api.github.com/repos/micronaut-projects/micronaut-test/releases/126317732", - "zipball_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/zipball/v4.1.0" + "published_at": "2023-12-01T14:50:40Z", + "tag_name": "v4.1.1", + "tarball_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/tarball/v4.1.1", + "target_commitish": "4.1.x", + "upload_url": "https://uploads.github.com/repos/micronaut-projects/micronaut-test/releases/132296768/assets{?name,label}", + "url": "https://api.github.com/repos/micronaut-projects/micronaut-test/releases/132296768", + "zipball_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/zipball/v4.1.1" }, "repository": { "allow_forking": true, @@ -177,6 +177,7 @@ "contents_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/contents/{+path}", "contributors_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/contributors", "created_at": "2018-09-28T16:07:55Z", + "custom_properties": {}, "default_branch": "master", "deployments_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/deployments", "description": "Repository for Test Related Utilities for Micronaut", @@ -184,8 +185,8 @@ "downloads_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/downloads", "events_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/events", "fork": false, - "forks": 57, - "forks_count": 57, + "forks": 58, + "forks_count": 58, "forks_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/forks", "full_name": "micronaut-projects/micronaut-test", "git_commits_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/git/commits{/sha}", @@ -223,8 +224,8 @@ "name": "micronaut-test", "node_id": "MDEwOlJlcG9zaXRvcnkxNTA3NjQ4OTg=", "notifications_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/notifications{?since,all,participating}", - "open_issues": 40, - "open_issues_count": 40, + "open_issues": 44, + "open_issues_count": 44, "owner": { "avatar_url": "https://avatars.githubusercontent.com/u/36880643?v=4", "events_url": "https://api.github.com/users/micronaut-projects/events{/privacy}", @@ -247,11 +248,11 @@ }, "private": false, "pulls_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/pulls{/number}", - "pushed_at": "2023-10-23T19:35:01Z", + "pushed_at": "2023-12-01T14:50:39Z", "releases_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/releases{/id}", - "size": 23267, + "size": 23465, "ssh_url": "git@github.com:micronaut-projects/micronaut-test.git", - "stargazers_count": 77, + "stargazers_count": 78, "stargazers_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/stargazers", "statuses_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/statuses/{sha}", "subscribers_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/subscribers", @@ -261,11 +262,11 @@ "teams_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/teams", "topics": [], "trees_url": "https://api.github.com/repos/micronaut-projects/micronaut-test/git/trees{/sha}", - "updated_at": "2023-07-29T06:07:44Z", + "updated_at": "2023-11-26T20:02:46Z", "url": "https://api.github.com/repos/micronaut-projects/micronaut-test", "visibility": "public", - "watchers": 77, - "watchers_count": 77, + "watchers": 78, + "watchers_count": 78, "web_commit_signoff_required": false }, "sender": { @@ -290,19 +291,19 @@ } }, "github_head_ref": "", - "github_ref": "refs/tags/v4.1.0", + "github_ref": "refs/tags/v4.1.1", "github_ref_type": "tag", "github_repository_id": "150764898", "github_repository_owner": "micronaut-projects", "github_repository_owner_id": "36880643", "github_run_attempt": "1", - "github_run_id": "6618130452", - "github_run_number": "73", - "github_sha1": "4b77a084a1f772f6bfe5c2e946de9796e12abf95" + "github_run_id": "7061527707", + "github_run_number": "74", + "github_sha1": "0ad6b0e87e695e90ab9f0c8df28a49101cd00d70" } }, "metadata": { - "buildInvocationID": "6618130452-1", + "buildInvocationID": "7061527707-1", "completeness": { "parameters": true, "environment": false, @@ -312,9 +313,9 @@ }, "materials": [ { - "uri": "git+https://github.com/micronaut-projects/micronaut-test@refs/tags/v4.1.0", + "uri": "git+https://github.com/micronaut-projects/micronaut-test@refs/tags/v4.1.1", "digest": { - "sha1": "4b77a084a1f772f6bfe5c2e946de9796e12abf95" + "sha1": "0ad6b0e87e695e90ab9f0c8df28a49101cd00d70" } } ] @@ -393,7 +394,7 @@ ], "justification": [ "Found provenance in release assets:", - "multiple.intoto.jsonl" + "https://api.github.com/repos/micronaut-projects/micronaut-test/releases/assets/138429786" ], "result_type": "PASSED" }, @@ -408,7 +409,7 @@ ], "justification": [ "Successfully verified level 3: ", - "verify passed : build/repo/micronaut-test-bom/4.1.0/micronaut-test-bom-4.1.0.pom,verify passed : build/repo/micronaut-test-core/4.1.0/micronaut-test-core-4.1.0.jar,verify passed : build/repo/micronaut-test-core/4.1.0/micronaut-test-core-4.1.0.pom,verify passed : build/repo/micronaut-test-junit5/4.1.0/micronaut-test-junit5-4.1.0.jar,verify passed : build/repo/micronaut-test-junit5/4.1.0/micronaut-test-junit5-4.1.0.pom,verify passed : build/repo/micronaut-test-kotest5/4.1.0/micronaut-test-kotest5-4.1.0.jar,verify passed : build/repo/micronaut-test-kotest5/4.1.0/micronaut-test-kotest5-4.1.0.pom,verify passed : build/repo/micronaut-test-rest-assured/4.1.0/micronaut-test-rest-assured-4.1.0.jar,verify passed : build/repo/micronaut-test-rest-assured/4.1.0/micronaut-test-rest-assured-4.1.0.pom,verify passed : build/repo/micronaut-test-spock/4.1.0/micronaut-test-spock-4.1.0.jar,verify passed : build/repo/micronaut-test-spock/4.1.0/micronaut-test-spock-4.1.0.pom" + "verify passed : build/repo/micronaut-test-bom/4.1.1/micronaut-test-bom-4.1.1.pom,verify passed : build/repo/micronaut-test-core/4.1.1/micronaut-test-core-4.1.1.jar,verify passed : build/repo/micronaut-test-core/4.1.1/micronaut-test-core-4.1.1.pom,verify passed : build/repo/micronaut-test-junit5/4.1.1/micronaut-test-junit5-4.1.1.jar,verify passed : build/repo/micronaut-test-junit5/4.1.1/micronaut-test-junit5-4.1.1.pom,verify passed : build/repo/micronaut-test-kotest5/4.1.1/micronaut-test-kotest5-4.1.1.jar,verify passed : build/repo/micronaut-test-kotest5/4.1.1/micronaut-test-kotest5-4.1.1.pom,verify passed : build/repo/micronaut-test-rest-assured/4.1.1/micronaut-test-rest-assured-4.1.1.jar,verify passed : build/repo/micronaut-test-rest-assured/4.1.1/micronaut-test-rest-assured-4.1.1.pom,verify passed : build/repo/micronaut-test-spock/4.1.1/micronaut-test-spock-4.1.1.jar,verify passed : build/repo/micronaut-test-spock/4.1.1/micronaut-test-spock-4.1.1.pom" ], "result_type": "PASSED" }, @@ -468,61 +469,61 @@ } }, "dependencies": { - "analyzed_deps": 0, - "unique_dep_repos": 0, + "analyzed_deps": 2, + "unique_dep_repos": 2, "checks_summary": [ { - "check_id": "mcn_provenance_expectation_1", - "num_deps_pass": 0 + "check_id": "mcn_version_control_system_1", + "num_deps_pass": 2 }, { "check_id": "mcn_provenance_witness_level_one_1", "num_deps_pass": 0 }, { - "check_id": "mcn_provenance_available_1", - "num_deps_pass": 0 + "check_id": "mcn_build_as_code_1", + "num_deps_pass": 1 }, { "check_id": "mcn_infer_artifact_pipeline_1", "num_deps_pass": 0 }, { - "check_id": "mcn_build_as_code_1", + "check_id": "mcn_trusted_builder_level_three_1", "num_deps_pass": 0 }, { - "check_id": "mcn_version_control_system_1", + "check_id": "mcn_provenance_level_three_1", "num_deps_pass": 0 }, { - "check_id": "mcn_trusted_builder_level_three_1", - "num_deps_pass": 0 + "check_id": "mcn_build_script_1", + "num_deps_pass": 2 }, { - "check_id": "mcn_build_script_1", + "check_id": "mcn_provenance_expectation_1", "num_deps_pass": 0 }, { - "check_id": "mcn_provenance_level_three_1", + "check_id": "mcn_provenance_available_1", "num_deps_pass": 0 }, { "check_id": "mcn_build_service_1", - "num_deps_pass": 0 + "num_deps_pass": 2 } ], "dep_status": [ { "id": "slf4j", - "description": "The repository https://github.com/qos-ch/slf4j.git is not available and no PURL is provided from the user.", - "report": "", + "description": "Analysis Completed.", + "report": "slf4j.html", "repo_url_status": "AVAILABLE" }, { "id": "caffeine", - "description": "The repository https://github.com/ben-manes/caffeine.git is not available and no PURL is provided from the user.", - "report": "", + "description": "Analysis Completed.", + "report": "caffeine.html", "repo_url_status": "AVAILABLE" } ] diff --git a/tests/e2e/expected_results/micronaut-test/slf4j.json b/tests/e2e/expected_results/micronaut-test/slf4j.json index 1de0884e2..dba3a9aa5 100644 --- a/tests/e2e/expected_results/micronaut-test/slf4j.json +++ b/tests/e2e/expected_results/micronaut-test/slf4j.json @@ -1,13 +1,14 @@ { "metadata": { - "timestamps": "2023-09-12 22:55:15" + "timestamps": "2023-12-22 01:32:17", + "has_passing_check": true }, "target": { "info": { "full_name": "pkg:github.com/qos-ch/slf4j@e9ee55cca93c2bf26f14482a9bdf961c750d2a56", "local_cloned_path": "git_repos/github_com/qos-ch/slf4j", "remote_path": "https://github.com/qos-ch/slf4j", - "branch": "v_1.7.36", + "branch": null, "commit_hash": "e9ee55cca93c2bf26f14482a9bdf961c750d2a56", "commit_date": "2022-02-08T14:32:21+01:00" }, @@ -26,7 +27,7 @@ "buildType": "Custom travis_ci", "invocation": { "configSource": { - "uri": "https://github.com/qos-ch/slf4j@refs/heads/v_1.7.36", + "uri": "https://github.com/qos-ch/slf4j@refs/heads/None", "digest": { "sha1": "e9ee55cca93c2bf26f14482a9bdf961c750d2a56" }, @@ -138,7 +139,7 @@ "Provenance content - Identifies builder - SLSA Level 1" ], "justification": [ - "Could not find any SLSA provenances." + "Could not find any SLSA or Witness provenances." ], "result_type": "FAILED" }, @@ -203,7 +204,7 @@ "unique_dep_repos": 0, "checks_summary": [ { - "check_id": "mcn_provenance_expectation_1", + "check_id": "mcn_version_control_system_1", "num_deps_pass": 0 }, { @@ -211,7 +212,7 @@ "num_deps_pass": 0 }, { - "check_id": "mcn_provenance_available_1", + "check_id": "mcn_build_as_code_1", "num_deps_pass": 0 }, { @@ -219,23 +220,23 @@ "num_deps_pass": 0 }, { - "check_id": "mcn_build_as_code_1", + "check_id": "mcn_trusted_builder_level_three_1", "num_deps_pass": 0 }, { - "check_id": "mcn_version_control_system_1", + "check_id": "mcn_provenance_level_three_1", "num_deps_pass": 0 }, { - "check_id": "mcn_trusted_builder_level_three_1", + "check_id": "mcn_build_script_1", "num_deps_pass": 0 }, { - "check_id": "mcn_build_script_1", + "check_id": "mcn_provenance_expectation_1", "num_deps_pass": 0 }, { - "check_id": "mcn_provenance_level_three_1", + "check_id": "mcn_provenance_available_1", "num_deps_pass": 0 }, { diff --git a/tests/slsa_analyzer/test_git_url.py b/tests/slsa_analyzer/test_git_url.py index bd9d29f6a..eff608f49 100644 --- a/tests/slsa_analyzer/test_git_url.py +++ b/tests/slsa_analyzer/test_git_url.py @@ -8,6 +8,8 @@ from pathlib import Path import pytest +from hypothesis import given +from hypothesis import strategies as st from macaron.config.defaults import defaults, load_defaults from macaron.slsa_analyzer import git_url @@ -242,3 +244,46 @@ def test_get_remote_vcs_url_with_user_defined_allowed_hostnames(tmp_path: Path) def test_get_unique_path(url: str, path: str) -> None: """Test the get unique path method.""" assert git_url.get_repo_dir_name(url) == os.path.normpath(path) + + +@pytest.mark.parametrize( + ("content", "expected_output"), + [ + ("", []), + ( + """ + * (HEAD detached at 7fc81f8) + master + remotes/origin/HEAD -> origin/master + remotes/origin/master + remotes/origin/v2.dev + remotes/origin/v3.dev + """, + [ + "(HEAD detached at 7fc81f8)", + "master", + "remotes/origin/HEAD -> origin/master", + "remotes/origin/master", + "remotes/origin/v2.dev", + "remotes/origin/v3.dev", + ], + ), + ("* master\n ", ["master"]), + ( + "* (HEAD detached at origin/master)\n some_other_branch", + ["(HEAD detached at origin/master)", "some_other_branch"], + ), + ("origin/main\n origin/dev", ["origin/main", "origin/dev"]), + ], +) +def test_parse_git_branch_output(content: str, expected_output: list[str]) -> None: + """Test the parse git branch output function.""" + assert git_url.parse_git_branch_output(content) == expected_output + + +# TODO: add the git branch output strategy which has the same properties as +# git branch where existing branch names are listed. +@given(st.text(min_size=10)) +def test_parse_git_branch_output_with_random_input(content: str) -> None: + """Test the parse git branch output function using random text input.""" + git_url.parse_git_branch_output(content)