Fix SPDX format function (#904)

Prior, the function prepends `git+` and appends `.git` regardless of whether the original url has the prefix or suffix already. Now, it only prepends & appends if they don't exist. Signed-off-by: Chuang Wang <chuangw@google.com>
tektoncd · Aug 23, 2023 · 4ea5fa2 · 4ea5fa2
1 parent 1425998
commit 4ea5fa2
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/pkg/chains/formats/slsa/attest/attest.go b/pkg/chains/formats/slsa/attest/attest.go
@@ -116,11 +116,17 @@ func convertConfigSource(source *v1beta1.RefSource) slsa.ConfigSource {
 }
 
 // supports the SPDX format which is recommended by in-toto
-// ref: https://spdx.dev/spdx-specification-21-web-version/#h.49x2ik5
+// ref: https://spdx.github.io/spdx-spec/v2-draft/package-information/#773-examples
 // ref: https://github.com/in-toto/attestation/blob/849867bee97e33678f61cc6bd5da293097f84c25/spec/field_types.md
 func SPDXGit(url, revision string) string {
+	if !strings.HasPrefix(url, artifacts.GitSchemePrefix) {
+		url = artifacts.GitSchemePrefix + url
+	}
+	if !strings.HasSuffix(url, ".git") {
+		url = url + ".git"
+	}
 	if revision == "" {
-		return artifacts.GitSchemePrefix + url + ".git"
+		return url
 	}
-	return artifacts.GitSchemePrefix + url + fmt.Sprintf("@%s", revision)
+	return url + fmt.Sprintf("@%s", revision)
 }
diff --git a/pkg/chains/formats/slsa/internal/material/material_test.go b/pkg/chains/formats/slsa/internal/material/material_test.go
@@ -161,7 +161,7 @@ func TestTaskMaterials(t *testing.T) {
 				},
 			},
 			{
-				URI: artifacts.GitSchemePrefix + "https://github.com/GoogleContainerTools/distroless@my-revision",
+				URI: artifacts.GitSchemePrefix + "https://github.com/GoogleContainerTools/distroless.git@my-revision",
 				Digest: common.DigestSet{
 					"sha1": "50c56a48cfb3a5a80fa36ed91c739bdac8381cbe",
 				},