Merge pull request #1735 from kommendorkapten/dynamic-urls

Read the server url from the environment variable.
actions · May 21, 2024 · d1df13e · d1df13e
2 parents ae38557 + d3d7736
commit d1df13e
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 11 deletions.
diff --git a/packages/attest/__tests__/endpoints.test.ts b/packages/attest/__tests__/endpoints.test.ts
@@ -0,0 +1,41 @@
+import {signingEndpoints} from '../src/endpoints'
+
+describe('signingEndpoints', () => {
+ const originalEnv = process.env
+
+ afterEach(() => {
+ process.env = originalEnv
+ })
+
+ describe('when using github.com', () => {
+ beforeEach(async () => {
+ process.env = {
+ ...originalEnv,
+ GITHUB_SERVER_URL: 'https://github.com'
+ }
+ })
+
+ it('returns expected endpoints', async () => {
+ const endpoints = signingEndpoints('github')
+
+ expect(endpoints.fulcioURL).toEqual('https://fulcio.githubapp.com')
+ expect(endpoints.tsaServerURL).toEqual('https://timestamp.githubapp.com')
+ })
+ })
+
+ describe('when using custom domain', () => {
+ beforeEach(async () => {
+ process.env = {
+ ...originalEnv,
+ GITHUB_SERVER_URL: 'https://foo.bar.com'
+ }
+ })
+
+ it('returns a expected endpoints', async () => {
+ const endpoints = signingEndpoints('github')
+
+ expect(endpoints.fulcioURL).toEqual('https://fulcio.foo.bar.com')
+ expect(endpoints.tsaServerURL).toEqual('https://timestamp.foo.bar.com')
+ })
+ })
+})
diff --git a/packages/attest/__tests__/provenance.test.ts b/packages/attest/__tests__/provenance.test.ts
@@ -3,7 +3,7 @@ import {mockFulcio, mockRekor, mockTSA} from '@sigstore/mock'
 import * as jose from 'jose'
 import nock from 'nock'
 import {MockAgent, setGlobalDispatcher} from 'undici'
-import {SIGSTORE_GITHUB, SIGSTORE_PUBLIC_GOOD} from '../src/endpoints'
+import {SIGSTORE_PUBLIC_GOOD, signingEndpoints} from '../src/endpoints'
 import {attestProvenance, buildSLSAProvenancePredicate} from '../src/provenance'
 
 describe('provenance functions', () => {
@@ -95,7 +95,7 @@ describe('provenance functions', () => {
  })
 
  describe('when using the github Sigstore instance', () => {
- const {fulcioURL, tsaServerURL} = SIGSTORE_GITHUB
+ const {fulcioURL, tsaServerURL} = signingEndpoints('github')
 
  beforeEach(async () => {
  // Mock Sigstore

diff --git a/packages/attest/src/endpoints.ts b/packages/attest/src/endpoints.ts
@@ -6,9 +6,6 @@ const GITHUB_ID = 'github'
 const FULCIO_PUBLIC_GOOD_URL = 'https://fulcio.sigstore.dev'
 const REKOR_PUBLIC_GOOD_URL = 'https://rekor.sigstore.dev'
 
-const FULCIO_INTERNAL_URL = 'https://fulcio.githubapp.com'
-const TSA_INTERNAL_URL = 'https://timestamp.githubapp.com'
-
 export type SigstoreInstance = typeof PUBLIC_GOOD_ID | typeof GITHUB_ID
 
 export type Endpoints = {
@@ -22,11 +19,6 @@ export const SIGSTORE_PUBLIC_GOOD: Endpoints = {
  rekorURL: REKOR_PUBLIC_GOOD_URL
 }
 
-export const SIGSTORE_GITHUB: Endpoints = {
- fulcioURL: FULCIO_INTERNAL_URL,
- tsaServerURL: TSA_INTERNAL_URL
-}
-
 export const signingEndpoints = (sigstore?: SigstoreInstance): Endpoints => {
  let instance: SigstoreInstance
 
@@ -45,6 +37,19 @@ export const signingEndpoints = (sigstore?: SigstoreInstance): Endpoints => {
  case PUBLIC_GOOD_ID:
  return SIGSTORE_PUBLIC_GOOD
  case GITHUB_ID:
- return SIGSTORE_GITHUB
+ return buildGitHubEndpoints()
+ }
+}
+
+function buildGitHubEndpoints(): Endpoints {
+ const serverURL = process.env.GITHUB_SERVER_URL || 'https://github.com'
+ let host = new URL(serverURL).hostname
+
+ if (host === 'github.com') {
+ host = 'githubapp.com'
+ }
+ return {
+ fulcioURL: `https://fulcio.${host}`,
+ tsaServerURL: `https://timestamp.${host}`
  }
 }