add multi subject test

Signed-off-by: William Woodruff <[email protected]>
Homebrew · Dec 5, 2024 · 057a6c5 · 057a6c5
1 parent 9e82563
commit 057a6c5
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/Library/Homebrew/test/attestation_spec.rb b/Library/Homebrew/test/attestation_spec.rb
@@ -34,6 +34,15 @@
                       } },
                     ]))
   end
+  let(:fake_result_json_resp_multi_subject) do
+    instance_double(SystemCommand::Result,
+                    stdout: JSON.dump([
+                      { verificationResult: {
+                        verifiedTimestamps: [{ timestamp: "2024-03-13T00:00:00Z" }],
+                        statement:          { subject: [{ name: "nonsense" }, { name: fake_bottle_filename.to_s }] },
+                      } },
+                    ]))
+  end
   let(:fake_result_json_resp_backfill) do
     digest = Digest::SHA256.hexdigest(fake_bottle_url)
     instance_double(SystemCommand::Result,
@@ -234,6 +243,17 @@
       described_class.check_core_attestation fake_bottle
     end
 
+    it "calls gh with args for homebrew-core and handles a multi-subject attestation" do
+      expect(described_class).to receive(:system_command!)
+        .with(fake_gh, args: ["attestation", "verify", cached_download, "--repo",
+                              described_class::HOMEBREW_CORE_REPO, "--format", "json"],
+              env: { "GH_TOKEN" => fake_gh_creds, "GH_HOST" => "github.com" }, secrets: [fake_gh_creds],
+              print_stderr: false, chdir: HOMEBREW_TEMP)
+        .and_return(fake_result_json_resp_multi_subject)
+
+      described_class.check_core_attestation fake_bottle
+    end
+
     it "calls gh with args for backfill when homebrew-core attestation is missing" do
       expect(described_class).to receive(:system_command!)
         .with(fake_gh, args: ["attestation", "verify", cached_download, "--repo",