Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

_cli: exit with an error code when verification fails #57

Merged
merged 5 commits into from
Oct 7, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .github/workflows/tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ jobs:
python:
- "3.11"
- "3.12"
- "3.13"
runs-on: ubuntu-latest
permissions:
id-token: write # unit tests use the ambient OIDC credential
Expand All @@ -24,6 +25,7 @@ jobs:
python-version: ${{ matrix.python }}
cache: "pip"
cache-dependency-path: pyproject.toml
allow-prereleases: true

- name: test
run: make test INSTALL_EXTRA=test
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

### Fixed

- `python -m pypi_attestations verify` now exits with a non-zero exit code
if the verification step fails
([#57](https://github.com/trailofbits/pypi-attestations/pull/57))

## [0.0.12]

### Fixed
Expand Down
3 changes: 1 addition & 2 deletions src/pypi_attestations/_cli.py
Original file line number Diff line number Diff line change
Expand Up @@ -279,8 +279,7 @@ def _verify(args: argparse.Namespace) -> None:
try:
attestation.verify(verifier, pol, dist)
except VerificationError as verification_error:
_logger.error("Verification failed for %s: %s", file_path, verification_error)
continue
_die(f"Verification failed for {file_path}: {verification_error}")

_logger.info(f"OK: {attestation_path}")

Expand Down
19 changes: 10 additions & 9 deletions test/test_cli.py
Original file line number Diff line number Diff line change
Expand Up @@ -191,15 +191,16 @@ def test_verify_command(caplog: pytest.LogCaptureFixture, monkeypatch: pytest.Mo

caplog.clear()

# Failure from the Sigstore environment
run_main_with_command(
[
"verify",
"--identity",
"william@yossarian.net",
artifact_path.as_posix(),
]
)
with pytest.raises(SystemExit):
# Failure from the Sigstore environment
run_main_with_command(
[
"verify",
"--identity",
"william@yossarian.net",
artifact_path.as_posix(),
]
)
assert (
"Verification failed: failed to build chain: unable to get local issuer certificate"
in caplog.text
Expand Down