Fix serialization of SLSA BuildMetadata.InvocationID - Githubissues

in-toto / in-toto-golang

A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.

https://in-toto.io/

Other

129 stars 51 forks source link

Fix serialization of SLSA BuildMetadata.InvocationID #328

Closed msuozzo closed 4 months ago

msuozzo commented 4 months ago

per the docs, the correct serialization is "invocationId": https://slsa.dev/spec/v1.0/provenance#:~:text=%3A%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%22-,invocationId,-%22%3A%20old

This aligns this (deprecated) version with the proto-based one in in-toto/attestation: https://github.com/in-toto/attestation/blob/main/go/predicates/provenance/v1/provenance.pb.go#L287C85-L287C97

Fixes issue:

Fixes #260

Description:

Please verify and check that the pull request fulfills the following requirements:

[X] Tests have been added for the bug fix or new feature
[ ] Docs have been added for the bug fix or new feature

msuozzo commented 4 months ago

@marcelamelara @adityasaky

adityasaky commented 4 months ago

could you sign off the second commit?

msuozzo commented 4 months ago

could you sign off the second commit?

Done. sorry about that!

msuozzo commented 4 months ago

Thanks for the quick turnaround @adityasaky !!