Skip to content

Commit 21727cc

Browse files
JacobinwweyJacobinwwey
committed
fix(ci): stabilize sbom attestation contract in npm publish
1 parent e762cce commit 21727cc

2 files changed

Lines changed: 14 additions & 2 deletions

File tree

.github/workflows/npm-publish.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,8 +17,6 @@ env:
1717
NOTE_CONNECTION_SBOM_ATTESTATION_REVOKED_KEY_IDS: ${{ secrets.SBOM_SIGNING_REVOKED_KEY_IDS }}
1818
NOTE_CONNECTION_SBOM_ATTESTATION_MIN_RSA_BITS: "2048"
1919
NOTE_CONNECTION_SBOM_ATTESTATION_MIN_ROTATION_OVERLAP_HOURS: "24"
20-
NOTE_CONNECTION_SBOM_ATTESTATION_ENABLE_TRANSPARENCY_LOG: "true"
21-
NOTE_CONNECTION_SBOM_ATTESTATION_TRANSPARENCY_LOG_PATH: "build/sbom/attestation-transparency-log.jsonl"
2220
NOTE_CONNECTION_RELEASE_COMMIT_SHA: ${{ github.sha }}
2321
NOTE_CONNECTION_RELEASE_GIT_TAG: ${{ github.ref_name }}
2422
NOTE_CONNECTION_RELEASE_REF: ${{ github.ref }}

src/sbom.attestation.policy.contract.test.ts

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,16 @@ function readJson<T>(filePath: string): T {
1212
return JSON.parse(fs.readFileSync(filePath, 'utf8')) as T;
1313
}
1414

15+
function buildUnsignedGeneratorEnv(): NodeJS.ProcessEnv {
16+
return {
17+
...process.env,
18+
NOTE_CONNECTION_SBOM_SIGNING_PRIVATE_KEY_PEM: '',
19+
NOTE_CONNECTION_SBOM_SIGNING_PRIVATE_KEY_FILE: '',
20+
NOTE_CONNECTION_SBOM_ATTESTATION_ENABLE_TRANSPARENCY_LOG: '0',
21+
NOTE_CONNECTION_SBOM_ATTESTATION_TRANSPARENCY_LOG_PATH: '',
22+
};
23+
}
24+
1525
describe('sbom attestation policy contract', () => {
1626
const repoRoot = path.resolve(__dirname, '..');
1727
const packageJsonPath = path.join(repoRoot, 'package.json');
@@ -154,6 +164,7 @@ describe('sbom attestation policy contract', () => {
154164
cwd: repoRoot,
155165
encoding: 'utf8',
156166
stdio: 'pipe',
167+
env: buildUnsignedGeneratorEnv(),
157168
});
158169
expect(generateResult.status).toBe(0);
159170

@@ -202,6 +213,7 @@ describe('sbom attestation policy contract', () => {
202213
cwd: repoRoot,
203214
encoding: 'utf8',
204215
stdio: 'pipe',
216+
env: buildUnsignedGeneratorEnv(),
205217
});
206218
expect(generateResult.status).toBe(0);
207219

@@ -258,6 +270,7 @@ describe('sbom attestation policy contract', () => {
258270
cwd: repoRoot,
259271
encoding: 'utf8',
260272
stdio: 'pipe',
273+
env: buildUnsignedGeneratorEnv(),
261274
});
262275
expect(generateResult.status).toBe(0);
263276

@@ -308,6 +321,7 @@ describe('sbom attestation policy contract', () => {
308321
cwd: repoRoot,
309322
encoding: 'utf8',
310323
stdio: 'pipe',
324+
env: buildUnsignedGeneratorEnv(),
311325
});
312326
expect(generateResult.status).toBe(0);
313327

0 commit comments

Comments
 (0)