builder name (#37)

2026-05-14 04:26:41 +00:00 · 2022-04-25 09:23:54 -07:00
parent 2400fc0838
commit 8e3c3a760c
1 changed files with 7 additions and 3 deletions
--- a/pkg/provenance.go
+++ b/pkg/provenance.go
@@ -42,10 +42,14 @@ import (
 const (
 	defaultRekorAddr = "https://rekor.sigstore.dev"
 	certOidcIssuer   = "https://token.actions.githubusercontent.com"
-	// TODO: Make this into a list.
-	trustedReusableWorkflow = "slsa-framework/slsa-github-generator-go/.github/workflows/builder.yml"
 )

+// TODO: remove builder.yml
+var trustedReusableWorkflows = map[string]bool{
+	"slsa-framework/slsa-github-generator-go/.github/workflows/slsa3_builder.yml": true,
+	"slsa-framework/slsa-github-generator-go/.github/workflows/builder.yml":       true,
+}
+
 var (
 	ErrorInvalidDssePayload   = errors.New("invalid DSSE envelope payload")
 	errorRekorSearch          = errors.New("error searching rekor entries")
@@ -377,7 +381,7 @@ func VerifyWorkflowIdentity(id *WorkflowIdentity, source string) error {
 		return errors.New("malformed URI for workflow")
 	}

-	if !strings.EqualFold(strings.Trim(workflowPath[0], "/"), trustedReusableWorkflow) {
+	if _, ok := trustedReusableWorkflows[strings.Trim(workflowPath[0], "/")]; !ok {
 		return errors.New("untrusted reuseable workflow")
 	}