fix(release): stabilize final validation checks

2026-05-06 15:30:47 +00:00 · 2026-05-06 10:18:12 +01:00
parent bf0f547632
commit ceaa56fb12
4 changed files with 99 additions and 50 deletions
--- a/test/scripts/verify-docker-attestations.test.ts
+++ b/test/scripts/verify-docker-attestations.test.ts
@@ -51,11 +51,6 @@ function createAttestation(
  };
 }

-function createAttestationWithoutArtifactType() {
-  const { artifactType: _artifactType, ...attestation } = createAttestation();
-  return attestation;
-}
-
 describe("verify-docker-attestations", () => {
  it("resolves digest refs from tagged image refs", () => {
    expect(imageRefForDigest("ghcr.io/openclaw/openclaw:2026.4.26", imageDigest)).toBe(
@@ -77,17 +72,37 @@ describe("verify-docker-attestations", () => {
    expect(errors).toEqual([]);
  });

-  it("accepts OCI attestation manifests without artifactType", () => {
+  it("accepts attestation manifests with omitted artifactType", () => {
    const errors = collectDockerAttestationErrors({
      imageRef: "ghcr.io/openclaw/openclaw:test",
      index: createIndex(),
      requiredPlatforms: [parsePlatform("linux/amd64")],
-      inspectAttestation: () => createAttestationWithoutArtifactType(),
+      inspectAttestation: () => {
+        const attestation: Record<string, unknown> = createAttestation();
+        delete attestation.artifactType;
+        return attestation;
+      },
    });

    expect(errors).toEqual([]);
  });

+  it("reports unexpected attestation artifact types", () => {
+    const errors = collectDockerAttestationErrors({
+      imageRef: "ghcr.io/openclaw/openclaw:test",
+      index: createIndex(),
+      requiredPlatforms: [parsePlatform("linux/amd64")],
+      inspectAttestation: () => ({
+        ...createAttestation(),
+        artifactType: "application/vnd.unknown",
+      }),
+    });
+
+    expect(errors).toEqual([
+      `ghcr.io/openclaw/openclaw:test: linux/amd64 attestation ${attestationDigest} has unexpected artifactType "application/vnd.unknown"`,
+    ]);
+  });
+
  it("reports missing attestation manifests", () => {
    const index = createIndex();
    index.manifests = index.manifests.slice(0, 1);
@@ -116,20 +131,4 @@ describe("verify-docker-attestations", () => {
      "ghcr.io/openclaw/openclaw:test: linux/amd64 missing predicate https://slsa.dev/provenance/v1",
    ]);
  });
-
-  it("reports an unexpected attestation manifest shape", () => {
-    const errors = collectDockerAttestationErrors({
-      imageRef: "ghcr.io/openclaw/openclaw:test",
-      index: createIndex(),
-      requiredPlatforms: [parsePlatform("linux/amd64")],
-      inspectAttestation: () => ({
-        ...createAttestation(),
-        artifactType: "application/vnd.example.invalid",
-      }),
-    });
-
-    expect(errors).toEqual([
-      `ghcr.io/openclaw/openclaw:test: linux/amd64 attestation ${attestationDigest} has unexpected manifest shape artifactType="application/vnd.example.invalid" mediaType="application/vnd.oci.image.manifest.v1+json"`,
-    ]);
-  });
 });