Skip to content

Commit

Permalink
Don't add derivation path to externalParameters
Browse files Browse the repository at this point in the history
Signed-off-by: Joonas Rautiola <[email protected]>
  • Loading branch information
joinemm committed May 30, 2024
1 parent a1f0f88 commit 0b19e05
Showing 1 changed file with 16 additions and 6 deletions.
22 changes: 16 additions & 6 deletions src/provenance/main.py
Original file line number Diff line number Diff line change
Expand Up @@ -117,19 +117,27 @@ def get_dependencies(drv_path: str, recursive: bool = False) -> list[dict]:
return dependencies


def get_external_parameters(drv_path: str, metadata: BuildMeta) -> dict:
"""Get externalParameters from env variable and add derivation"""
def get_external_parameters(metadata: BuildMeta) -> dict:
"""Get externalParameters from env variable"""

params = json.loads(metadata.external_parameters or "{}")

# add derivation path always to params
params["derivation"] = drv_path
# return only params with non-empty values
return {k: v for k, v in params.items() if v}


def get_internal_parameters(metadata: BuildMeta) -> dict:
"""Get internalParameters from env variable"""

params = json.loads(metadata.internal_parameters or "{}")

# return only params with non-empty values
return {k: v for k, v in params.items() if v}


def timestamp(unix_time: int | str | None) -> str:
"""Turn unix timestamp into RFC 3339 format"""

if not unix_time:
return ""

Expand Down Expand Up @@ -162,8 +170,8 @@ def provenance(target: str, metadata: BuildMeta, recursive: bool = False) -> dic
"predicate": {
"buildDefinition": {
"buildType": metadata.build_type,
"externalParameters": get_external_parameters(drv_path, metadata),
"internalParameters": json.loads(metadata.internal_parameters or "{}"),
"externalParameters": get_external_parameters(metadata),
"internalParameters": get_internal_parameters(metadata),
"resolvedDependencies": get_dependencies(drv_path, recursive),
},
"runDetails": {
Expand All @@ -185,6 +193,7 @@ def provenance(target: str, metadata: BuildMeta, recursive: bool = False) -> dic

def getargs():
"""Parse command line arguments"""

parser = argparse.ArgumentParser(
prog="nix-provenance",
description="Get SLSA v1.0 provenance file from nix flake or derivation",
Expand Down Expand Up @@ -216,6 +225,7 @@ def getargs():

def main():
"""main entry point"""

args = getargs()
set_log_verbosity(args.verbose)

Expand Down

0 comments on commit 0b19e05

Please sign in to comment.