first attempt at working provider

sigstore · May 19, 2023 · 1f52d97 · 1f52d97
1 parent 6fb1e0c
commit 1f52d97
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 39 deletions.
diff --git a/pkg/cosign/env/env.go b/pkg/cosign/env/env.go
@@ -62,6 +62,7 @@ const (
 	VariableGitHubToken               Variable = "GITHUB_TOKEN" //nolint:gosec
 	VariableGitHubRequestToken        Variable = "ACTIONS_ID_TOKEN_REQUEST_TOKEN"
 	VariableGitHubRequestURL          Variable = "ACTIONS_ID_TOKEN_REQUEST_URL"
+	VariableGitpodWorkspaceId         Variable = "GITPOD_WORKSPACE_ID"
 	VariableSPIFFEEndpointSocket      Variable = "SPIFFE_ENDPOINT_SOCKET"
 	VariableGoogleServiceAccountName  Variable = "GOOGLE_SERVICE_ACCOUNT_NAME"
 	VariableGitLabHost                Variable = "GITLAB_HOST"
@@ -151,6 +152,12 @@ var (
 			Sensitive:   false,
 			External:    true,
 		},
+		VariableGitpodWorkspaceId: {
+			Description: "is the ID of the workspace in Gitpod",
+			Expects:     "string with the ID of the Gitpod workspace",
+			Sensitive:   false,
+			External:    true,
+		},
 		VariableSPIFFEEndpointSocket: {
 			Description: "allows you to specify non-default SPIFFE socket to use.",
 			Expects:     "string with SPIFFE socket path",

diff --git a/pkg/providers/gitpod/gitpod.go b/pkg/providers/gitpod/gitpod.go
@@ -17,11 +17,7 @@ package gitpod
 
 import (
 	"context"
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"os"
-	"time"
+	"os/exec"
 
 	"github.com/sigstore/cosign/v2/pkg/cosign/env"
 	"github.com/sigstore/cosign/v2/pkg/providers"
@@ -37,45 +33,14 @@ var _ providers.Interface = (*gitpod)(nil)
 
 // Enabled implements providers.Interface
 func (ga *gitpod) Enabled(_ context.Context) bool {
-	if env.Getenv(env.VariableGitHubRequestToken) == "" {
-		return false
-	}
-	if env.Getenv(env.VariableGitHubRequestURL) == "" {
-		return false
-	}
-	return true
+	return env.Getenv(env.VariableGitpodWorkspaceId) != ""
 }
 
 // Provide implements providers.Interface
 func (ga *gitpod) Provide(ctx context.Context, audience string) (string, error) {
-	url := env.Getenv(env.VariableGitHubRequestURL) + "&audience=" + audience
-
-	req, err := http.NewRequest("GET", url, nil)
+	token, err := exec.Command("gp idp token --audience " + audience).Output()
 	if err != nil {
 		return "", err
 	}
-
-	// Retry up to 3 times.
-	for i := 0; ; i++ {
-		req.Header.Add("Authorization", "bearer "+env.Getenv(env.VariableGitHubRequestToken))
-		resp, err := http.DefaultClient.Do(req)
-		if err != nil {
-			if i == 2 {
-				return "", err
-			}
-			fmt.Fprintf(os.Stderr, "error fetching GitHub OIDC token (will retry): %v\n", err)
-			time.Sleep(time.Second)
-			continue
-		}
-		defer resp.Body.Close()
-
-		var payload struct {
-			Value string `json:"value"`
-		}
-		decoder := json.NewDecoder(resp.Body)
-		if err := decoder.Decode(&payload); err != nil {
-			return "", err
-		}
-		return payload.Value, nil
-	}
+	return string(token), nil
 }