/
main.go
109 lines (90 loc) · 2.99 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
// Copyright SLSA team.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package main
import (
"errors"
"flag"
"fmt"
"io/ioutil"
"os"
"os/exec"
"strings"
"github.com/laurentsimon/slsa-github-generator-ko/builder/pkg"
)
func usage(p string) {
panic(fmt.Sprintf(`Usage:
%s build [--dry] --env $ENV
%s registry --env $ENV
%s predicate --artifact-name $NAME --digest $DIGEST --command $COMMAND --env $ENV`, p, p, p))
}
func check(e error) {
if e != nil {
panic(e)
}
}
func main() {
// Build command.
buildCmd := flag.NewFlagSet("build", flag.ExitOnError)
buildDry := buildCmd.Bool("dry", false, "dry run of the build without invoking ko")
buildEnv := buildCmd.String("envs", "", "env variables for ko")
buildArgs := buildCmd.String("args", "", "arguments for ko")
// Predicate command.
predicateCmd := flag.NewFlagSet("predicate", flag.ExitOnError)
predicateName := predicateCmd.String("artifact-name", "", "untrusted artifact name")
predicateDigest := predicateCmd.String("digest", "", "sha256 digest of the artifact")
predicateCommand := predicateCmd.String("command", "", "command used to generate the artifact")
predicateEnv := predicateCmd.String("env", "", "env variables used to generate the artifact")
// Expect a sub-command.
if len(os.Args) < 2 {
usage(os.Args[0])
}
switch os.Args[1] {
case buildCmd.Name():
buildCmd.Parse(os.Args[2:])
ko, err := exec.LookPath("ko")
check(err)
kobuild := pkg.KoBuildNew(ko)
// Set arguments.
err = kobuild.SetArgs(*buildArgs)
check(err)
// Set env variables encoded as arguments.
err = kobuild.SetArgEnvVariables(*buildEnv)
check(err)
err = kobuild.Run(*buildDry)
check(err)
case predicateCmd.Name():
predicateCmd.Parse(os.Args[2:])
// Note: *predicateEnv may be empty.
if *predicateName == "" || *predicateDigest == "" ||
*predicateCommand == "" {
usage(os.Args[0])
}
githubContext, ok := os.LookupEnv("GITHUB_CONTEXT")
if !ok {
panic(errors.New("environment variable GITHUB_CONTEXT not present"))
}
attBytes, err := pkg.GeneratePredicate(*predicateName, *predicateDigest,
githubContext, *predicateCommand, *predicateEnv)
check(err)
name := strings.Replace(*predicateName, "/", "-", -1)
name = strings.Replace(name, ":", "--", -1)
filename := fmt.Sprintf("%s.intoto.jsonl", name)
err = ioutil.WriteFile(filename, attBytes, 0600)
check(err)
fmt.Printf("::set-output name=predicate::%s\n", filename)
default:
fmt.Println("expected 'build' or 'predicate' subcommands")
os.Exit(1)
}
}