Add work around for provenance generation. (#3015)

Cloud build provenance in plain text is not consistent with the base64 payload. This change makes it consistent to pass the validation. Bug: flutter/flutter#133376
flutter · Aug 29, 2023 · 5d700be · 5d700be
1 parent c3ba4f2
commit 5d700be
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/cloud_build/get_docker_image_provenance.sh b/cloud_build/get_docker_image_provenance.sh
@@ -13,8 +13,10 @@ for attempt in $(seq 1 $MAX_ATTEMPTS)
 do
     echo "(Attempt $attempt) Obtaining provenance for $1"
     gcloud artifacts docker images describe \
-        $DOCKER_IMAGE_URL --show-provenance --format json > $OUTPUT_DIRECTORY
+	    $DOCKER_IMAGE_URL --show-provenance --format json > tmp.json
     COMMAND_RESULT=$?
+    val=$(cat tmp.json | jq -r '.provenance_summary.provenance[0].envelope.payload' | base64 -d | jq '.predicate.recipe.arguments.sourceProvenance')
+    cat tmp.json | jq ".provenance_summary.provenance[0].build.intotoStatement.slsaProvenance.recipe.arguments.sourceProvenance = ${val}" > $OUTPUT_DIRECTORY
     if [[ $COMMAND_RESULT -eq 0 ]]
     then
         echo "Successfully obtained provenance and saved to $2"
@@ -28,4 +30,4 @@ done
 if [[ $COMMAND_RESULT -ne 0 ]]
 then
   echo "Failed to download provenance." && exit $COMMAND_RESULT
-fi
+fi