chore: update test files for v2.1.0 (#836)

Similar to #758, we are updating the test files.

Errors for checking the tag in attestations are slightly different. Unit
tests are adjusted with the new test cases.

---------

Signed-off-by: Ramon Petgrave <[email protected]>

Author: ramonpetgrave64

cli/slsa-verifier/main_regression_test.go

@@ -787,21 +787,39 @@ func Test_runVerifyGHAArtifactImage(t *testing.T) {
 			err:         serrors.ErrorInvalidRef,
 		},
 		{
-			name:       "tag no match empty tag workflow_dispatch > v1.9.0",
+			name:       "tag no match empty tag workflow_dispatch > v1.9.0, <= v2.0.0",
 			artifact:   "container_workflow_dispatch",
 			source:     "github.com/slsa-framework/example-package",
 			ptag:       pString("v1.2.3"),
 			minversion: "v1.9.0",
+			maxversion: "v2.0.0",
 			err:        serrors.ErrorMismatchTag,
 		},
 		{
-			name:        "versioned tag no match empty tag workflow_dispatch > v1.9.0",
+			name:       "tag no match empty tag workflow_dispatch > v2.0.0",
+			artifact:   "container_workflow_dispatch",
+			source:     "github.com/slsa-framework/example-package",
+			ptag:       pString("v1.2.3"),
+			minversion: "v2.0.0",
+			err:        serrors.ErrorInvalidRef,
+		},
+		{
+			name:        "versioned tag no match empty tag workflow_dispatch > v1.9.0, <= v2.0.0",
 			artifact:    "container_workflow_dispatch",
 			source:      "github.com/slsa-framework/example-package",
 			pversiontag: pString("v1"),
 			minversion:  "v1.9.0",
+			maxversion:  "v2.0.0",
 			err:         serrors.ErrorMismatchVersionedTag,
 		},
+		{
+			name:        "versioned tag no match empty tag workflow_dispatch > v2.0.0",
+			artifact:    "container_workflow_dispatch",
+			source:      "github.com/slsa-framework/example-package",
+			pversiontag: pString("v1"),
+			minversion:  "v2.0.0",
+			err:         serrors.ErrorInvalidRef,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

cli/slsa-verifier/testdata/gha_container-based/v2.1.0/binary-linux-amd64-push-v13.0.30

@@ -0,0 +1 @@
+hello

cli/slsa-verifier/testdata/gha_container-based/v2.1.0/binary-linux-amd64-push-v13.0.30.intoto.build.slsa

@@ -0,0 +1 @@
+hello

cli/slsa-verifier/testdata/gha_container-based/v2.1.0/binary-linux-amd64-push-v14

@@ -0,0 +1 @@
+hello

cli/slsa-verifier/testdata/gha_container-based/v2.1.0/binary-linux-amd64-push-v14.2

@@ -0,0 +1 @@
+hello

cli/slsa-verifier/testdata/gha_container-based/v2.1.0/binary-linux-amd64-push-v14.2.intoto.build.slsa

@@ -0,0 +1 @@
+sha256:234e2c830c2fb31ac5671789d22adfe44d30c3ee831d01beae5e237841a13122

cli/slsa-verifier/testdata/gha_container-based/v2.1.0/binary-linux-amd64-push-v14.intoto.build.slsa

@@ -0,0 +1 @@
+{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":233,"digest":"sha256:994025264a85542118ab73a59d30e51516ea596238c1fb4adeb674294519de57"},"layers":[{"mediaType":"application/vnd.dsse.envelope.v1+json","size":12888,"digest":"sha256:e163b472f2e5d66e5a2a45e26e020c51a0d2da7dc8b567b31fc2ebfd33dbc33a","annotations":{"dev.cosignproject.cosign/signature":"","dev.sigstore.cosign/bundle":"{\"SignedEntryTimestamp\":\"MEYCIQCWt4DirRtCm8f2byrh4TZRrrhdWXpZSu/XK7azEZsQLAIhAIUkeR2rnU2fAI8aptYAOmqnEOFSM44j6jhsNBngtxXl\",\"Payload\":{\"body\":\"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiZHNzZSIsInNwZWMiOnsiZW52ZWxvcGVIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiZTE2M2I0NzJmMmU1ZDY2ZTVhMmE0NWUyNmUwMjBjNTFhMGQyZGE3ZGM4YjU2N2IzMWZjMmViZmQzM2RiYzMzYSJ9LCJwYXlsb2FkSGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6ImJkZDQwMDdiNGVhZjQ1ZTg5YTc2Y2M1NjMwNTMwYzFjZjdmZDQzNDcyYzQyZjQ0M2JhNWJjMTUxNTA3NmZlYjIifSwic2lnbmF0dXJlcyI6W3sic2lnbmF0dXJlIjoiTUVRQ0lITFZyMlF3eTJXOWswTWFzdUlVRWZYOCsyczJLUUlvRHJYSUQvNHlraDNuQWlBS0s4RHRUeDljdlZldUo0dDhCNjM5Z0JlRzZTNmlQby9PTWVjM2RWSnhrdz09IiwidmVyaWZpZXIiOiJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VoemFrTkRRbnBwWjBGM1NVSkJaMGxWU0Rka1JrcFhXa0pOUzNaS1ZGWkdLemh4VVRORWVqa3lkVmh2ZDBObldVbExiMXBKZW1vd1JVRjNUWGNLVG5wRlZrMUNUVWRCTVZWRlEyaE5UV015Ykc1ak0xSjJZMjFWZFZwSFZqSk5ValIzU0VGWlJGWlJVVVJGZUZaNllWZGtlbVJIT1hsYVV6RndZbTVTYkFwamJURnNXa2RzYUdSSFZYZElhR05PVFdwVmQwMXFTVEZOYWtVeFQwUkJNMWRvWTA1TmFsVjNUV3BKTVUxcVNYZFBSRUV6VjJwQlFVMUdhM2RGZDFsSUNrdHZXa2w2YWpCRFFWRlpTVXR2V2tsNmFqQkVRVkZqUkZGblFVVkVWbEJQUm1ocFpsSXpURXgxYW5sWWREWllkMkpWUWpoMGFYbEJjemRpU21NMlVVNEtLMVZGZDFwMGFXbFhiMUJFU0hkWFZqaExlRXAwTTNWSE9XMUNjREZ1TDJSa01UQlhhbmhaY2xoMmNtVm1VbVZYVUV0UFEwSnNZM2RuWjFwVVRVRTBSd3BCTVZWa1JIZEZRaTkzVVVWQmQwbElaMFJCVkVKblRsWklVMVZGUkVSQlMwSm5aM0pDWjBWR1FsRmpSRUY2UVdSQ1owNVdTRkUwUlVablVWVmFObE5xQ2tKS2NURXdTVmRQYjNvNVFUVlRaRmxETWt4dlpIaFZkMGgzV1VSV1VqQnFRa0puZDBadlFWVXpPVkJ3ZWpGWmEwVmFZalZ4VG1wd1MwWlhhWGhwTkZrS1drUTRkMmRaV1VkQk1WVmtSVkZGUWk5M1VqaE5TSEZIWlVkb01HUklRbnBQYVRoMldqSnNNR0ZJVm1sTWJVNTJZbE01ZW1KSVRtaE1WMXA1V1ZjeGJBcGtNamw1WVhrNWVtSklUbWhNVjJSd1pFZG9NVmxwTVc1YVZ6VnNZMjFHTUdJelNYWk1iV1J3WkVkb01WbHBPVE5pTTBweVdtMTRkbVF6VFhaYU1sWjFDbHBZU21oa1J6bDVXREpPZG1KdVVtaGhWelZzWTJ3NWVtSklUbWhOZVRVMVlsZDRRV050Vm0xamVUa3dXVmRrZWt3eldYbE1ha1YxVFVSQk5VSm5iM0lLUW1kRlJVRlpUeTlOUVVWQ1FrTjBiMlJJVW5kamVtOTJURE5TZG1FeVZuVk1iVVpxWkVkc2RtSnVUWFZhTW13d1lVaFdhV1JZVG14amJVNTJZbTVTYkFwaWJsRjFXVEk1ZEUxQ09FZERhWE5IUVZGUlFtYzNPSGRCVVVsRlJWaGtkbU50ZEcxaVJ6a3pXREpTY0dNelFtaGtSMDV2VFVSWlIwTnBjMGRCVVZGQ0NtYzNPSGRCVVUxRlMwUlNhMDE2U1RWWmVtTXhXbFJrYkZsNlJUTk5hbFp0VGpKTk5Wa3lWVFZOVkdSb1QwUmpOVTlYVVRCTlJHaHJUVVJhYVZwVVRYY0tWbEZaUzB0M1dVSkNRVWRFZG5wQlFrSkJVa2hNYldSd1pFZG9NVmxwT1ROaU0wcHlXbTE0ZG1RelRYWmtiVlo1WVZkYWNGcFlTWFJhVkVwc1RHMUdjd3BpUXpVellqTktjbHB0ZUhaa01UbHJZVmhPZDFsWVVtcGhRelYwV1Zkc2RVeHRSbk5pUXpWNllraE9hRTE1TlRWaVYzZDNURUZaUzB0M1dVSkNRVWRFQ25aNlFVSkNVVkZsWXpKNGVsbFRNVzFqYlVaMFdsaGtkbU50YzNaYVdHaG9ZbGhDYzFwVE1YZFpWMDV5V1Zka2JFMUNNRWREYVhOSFFWRlJRbWMzT0hjS1FWRlpSVVF6U214YWJrMTJZVWRXYUZwSVRYWmlWMFp3WW1wQk4wSm5iM0pDWjBWRlFWbFBMMDFCUlVsQ1F6Qk5TekpvTUdSSVFucFBhVGgyWkVjNWNncGFWelIxV1ZkT01HRlhPWFZqZVRWdVlWaFNiMlJYU2pGak1sWjVXVEk1ZFdSSFZuVmtRelZxWWpJd2QyZFpaMGREYVhOSFFWRlJRbWMzT0hkQlVXdEZDbVZuZURSaFNGSXdZMGhOTmt4NU9XNWhXRkp2WkZkSmRWa3lPWFJNTTA1ell6SkZkRnB1U21oaVYxWXpZak5LY2t3elRuTmpNa1YwV2pKc01HRklWbWtLVEZka2JHSnRWbmxaV0ZKMlkyazRkVm95YkRCaFNGWnBURE5rZG1OdGRHMWlSemt6WTNrNWJscFhOV3hqYlVZd1lqTktabGt5T1hWa1IwWndZbTFXZVFwWU0wNXpZekpGZWt4dWJIUmlSVUo1V2xkYWVrd3pVbWhhTTAxMlpHcEpkVTFUTkhkTlJHZEhRMmx6UjBGUlVVSm5OemgzUVZGdlJVdG5kMjlhYW1SckNscEVhR3BPVkZKcVRXcEJNazR5U21oYWJVMTRUVzFPYUU0eVJURk9WRlUxVGxkUk1WcFhWVFZaYW1NeFRXcEJNRmxVUVdSQ1oyOXlRbWRGUlVGWlR5OEtUVUZGVEVKQk9FMUVWMlJ3WkVkb01WbHBNVzlpTTA0d1dsZFJkMUZSV1V0TGQxbENRa0ZIUkhaNlFVSkVRVkY2UkVSR2IyUklVbmRqZW05MlRESmtjQXBrUjJneFdXazFhbUl5TUhaak1uaDZXVk14YldOdFJuUmFXR1IyWTIxemRscFlhR2hpV0VKeldsTXhkMWxYVG5KWlYyUnNUVVJuUjBOcGMwZEJVVkZDQ21jM09IZEJVVEJGUzJkM2IwNUhVWHBOYW14cVRucFdiRTR5Vm1wTlZHTjVUbGRaTTFsNmJHcGFWR3Q0VGpKRk5FNTZhelZhUkZGM1QwZFJkMDV0U213S1RYcEJaa0puYjNKQ1owVkZRVmxQTDAxQlJVOUNRa1ZOUkROS2JGcHVUWFpoUjFab1draE5kbUpYUm5CaWFrRmFRbWR2Y2tKblJVVkJXVTh2VFVGRlVBcENRWE5OUTFSUk5FNXFUWGxPVkdkM1QxUkJlRUpuYjNKQ1owVkZRVmxQTDAxQlJWRkNRMDFOU1Zkb01HUklRbnBQYVRoMldqSnNNR0ZJVm1sTWJVNTJDbUpUT1hwaVNFNW9URmRhZVZsWE1XeGtNamw1WVhwQldVSm5iM0pDWjBWRlFWbFBMMDFCUlZKQ1FXOU5RMFJuZDA1RVRYaE5WR2N6VFVsSFlrSm5iM0lLUW1kRlJVRlpUeTlOUVVWVFFrbEhUVVJKUjBwaFNGSXdZMGhOTmt4NU9XNWhXRkp2WkZkSmRWa3lPWFJNTTA1ell6SkZkRnB1U21oaVYxWXpZak5LY2dwTU1sWTBXVmN4ZDJKSFZYUmpSMFpxWVRKR2JscFRPSFZhTW13d1lVaFdhVXd6WkhaamJYUnRZa2M1TTJONU9USmFXRXB3V20xc2JHTnBNV3hOYlZWMUNsbFhlSE5NYm1SMlkyMTBiV0pIT1ROWU1sSndZek5DYUdSSFRtOU1iVEZvWVZjMGRWbFhlSE5NYms1ell6SkZla3h1YkhSaVJVSjVXbGRhZWt3eWFHd0tXVmRTZWt3eU1XaGhWelIzVDBGWlMwdDNXVUpDUVVkRWRucEJRa1YzVVhGRVEyY3dXa1JOZVU5WFRUTk9WMVV6V2xkTmVFNTZTVEZhYW1ScVQxZE9iQXBQVkVVeldWUm5NMDlVYkd0T1JFRTBXa1JCTWxsdFZYcE5RMFZIUTJselIwRlJVVUpuTnpoM1FWSlJSVVYzZDFKa01qbDVZVEphYzJJelpHWmFSMng2Q21OSFJqQlpNbWQzV2xGWlMwdDNXVUpDUVVkRWRucEJRa1pSVWxoRVJsWnZaRWhTZDJONmIzWk1NbVJ3WkVkb01WbHBOV3BpTWpCMll6SjRlbGxUTVcwS1kyMUdkRnBZWkhaamJYTjJXbGhvYUdKWVFuTmFVekYzV1ZkT2NsbFhaR3hNTWtacVpFZHNkbUp1VFhaamJsWjFZM2s0ZUUxNlZYcE5WR042VFZSQmR3cE9VemxvWkVoU2JHSllRakJqZVRoNFRVSlpSME5wYzBkQlVWRkNaemM0ZDBGU1dVVkRRWGRIWTBoV2FXSkhiR3BOU1VkS1FtZHZja0puUlVWQlpGbzFDa0ZuVVVOQ1NITkZaVkZDTTBGSVZVRXpWREIzWVhOaVNFVlVTbXBIVWpSamJWZGpNMEZ4U2t0WWNtcGxVRXN6TDJnMGNIbG5Remh3TjI4MFFVRkJSMVlLVUhnMFNFUjNRVUZDUVUxQlVtcENSVUZwUW0xNE4wazVURTF5U0VKeFpGbHlja1o2YjFKR01GRnpWVWhLUldoNWNGSlFhbXRaY25KeUwzSlhhRkZKWndwRFIyNUVha3R6VlRjdmJUWlhVMkZ2Y0ZGbVpXUmtXbVk1VHpFek9GTjVXSFpEVjJSNldqWm9VakZKZDBObldVbExiMXBKZW1vd1JVRjNUVVJoUVVGM0NscFJTWGRETHpkb1YxSlVOV0kwZG0wdlkwNVZkWFpzY1hNMFFXTnJSalZYU0ZWNlNqRm5OREF4ZVVwVllXVmFaWEpZUTNOV0wzUjFWMUJCWmpkVWJHc0taM2x6YlVGcVJVRXdSMlZ2VVhGVWNXdE9NMjVvUmtaWVMyaFBUbFp0VkdwTmEzSk1URzlCZWxCaWRFVlRLM3BGVGk5dU4zTkNZVlI2UTNoelducG9ad3BVTmpOSmQzRnNVd290TFMwdExVVk9SQ0JEUlZKVVNVWkpRMEZVUlMwdExTMHRDZz09In1dfX0=\",\"integratedTime\":1740520687,\"logIndex\":174304112,\"logID\":\"c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d\"}}","dev.sigstore.cosign/certificate":"-----BEGIN CERTIFICATE-----\nMIIHsjCCBzigAwIBAgIUH7dFJWZBMKvJTVF+8qQ3Dz92uXowCgYIKoZIzj0EAwMw\nNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl\ncm1lZGlhdGUwHhcNMjUwMjI1MjE1ODA3WhcNMjUwMjI1MjIwODA3WjAAMFkwEwYH\nKoZIzj0CAQYIKoZIzj0DAQcDQgAEDVPOFhifR3LLujyXt6XwbUB8tiyAs7bJc6QN\n+UEwZtiiWoPDHwWV8KxJt3uG9mBp1n/dd10WjxYrXvrefReWPKOCBlcwggZTMA4G\nA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUZ6Sj\nBJq10IWOoz9A5SdYC2LodxUwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4Y\nZD8wgYYGA1UdEQEB/wR8MHqGeGh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1l\nd29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3IvLmdpdGh1Yi93b3JrZmxvd3MvZ2Vu\nZXJhdG9yX2NvbnRhaW5lcl9zbHNhMy55bWxAcmVmcy90YWdzL3YyLjEuMDA5Bgor\nBgEEAYO/MAEBBCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRl\nbnQuY29tMB8GCisGAQQBg78wAQIEEXdvcmtmbG93X2Rpc3BhdGNoMDYGCisGAQQB\ng78wAQMEKDRkMzI5Yzc1ZTdlYzE3MjVmN2M5Y2U5MTdhODc5OWQ0MDhkMDZiZTMw\nVQYKKwYBBAGDvzABBARHLmdpdGh1Yi93b3JrZmxvd3MvdmVyaWZpZXItZTJlLmFs\nbC53b3JrZmxvd19kaXNwYXRjaC5tYWluLmFsbC5zbHNhMy55bWwwLAYKKwYBBAGD\nvzABBQQec2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlMB0GCisGAQQBg78w\nAQYED3JlZnMvaGVhZHMvbWFpbjA7BgorBgEEAYO/MAEIBC0MK2h0dHBzOi8vdG9r\nZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20wgYgGCisGAQQBg78wAQkE\negx4aHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHVi\nLWdlbmVyYXRvci8uZ2l0aHViL3dvcmtmbG93cy9nZW5lcmF0b3JfY29udGFpbmVy\nX3Nsc2EzLnltbEByZWZzL3RhZ3MvdjIuMS4wMDgGCisGAQQBg78wAQoEKgwoZjdk\nZDhjNTRjMjA2N2JhZmMxMmNhN2E1NTU5NWQ1ZWU5Yjc1MjA0YTAdBgorBgEEAYO/\nMAELBA8MDWdpdGh1Yi1ob3N0ZWQwQQYKKwYBBAGDvzABDAQzDDFodHRwczovL2dp\ndGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlMDgGCisGAQQB\ng78wAQ0EKgwoNGQzMjljNzVlN2VjMTcyNWY3YzljZTkxN2E4Nzk5ZDQwOGQwNmJl\nMzAfBgorBgEEAYO/MAEOBBEMD3JlZnMvaGVhZHMvbWFpbjAZBgorBgEEAYO/MAEP\nBAsMCTQ4NjMyNTgwOTAxBgorBgEEAYO/MAEQBCMMIWh0dHBzOi8vZ2l0aHViLmNv\nbS9zbHNhLWZyYW1ld29yazAYBgorBgEEAYO/MAERBAoMCDgwNDMxMTg3MIGbBgor\nBgEEAYO/MAESBIGMDIGJaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3Jr\nL2V4YW1wbGUtcGFja2FnZS8uZ2l0aHViL3dvcmtmbG93cy92ZXJpZmllci1lMmUu\nYWxsLndvcmtmbG93X2Rpc3BhdGNoLm1haW4uYWxsLnNsc2EzLnltbEByZWZzL2hl\nYWRzL21haW4wOAYKKwYBBAGDvzABEwQqDCg0ZDMyOWM3NWU3ZWMxNzI1ZjdjOWNl\nOTE3YTg3OTlkNDA4ZDA2YmUzMCEGCisGAQQBg78wARQEEwwRd29ya2Zsb3dfZGlz\ncGF0Y2gwZQYKKwYBBAGDvzABFQRXDFVodHRwczovL2dpdGh1Yi5jb20vc2xzYS1m\ncmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2FjdGlvbnMvcnVucy8xMzUzMTczMTAw\nNS9hdHRlbXB0cy8xMBYGCisGAQQBg78wARYECAwGcHVibGljMIGJBgorBgEEAdZ5\nAgQCBHsEeQB3AHUA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGV\nPx4HDwAABAMARjBEAiBmx7I9LMrHBqdYrrFzoRF0QsUHJEhypRPjkYrrr/rWhQIg\nCGnDjKsU7/m6WSaopQfeddZf9O138SyXvCWdzZ6hR1IwCgYIKoZIzj0EAwMDaAAw\nZQIwC/7hWRT5b4vm/cNUuvlqs4AckF5WHUzJ1g401yJUaeZerXCsV/tuWPAf7Tlk\ngysmAjEA0GeoQqTqkN3nhFFXKhONVmTjMkrLLoAzPbtES+zEN/n7sBaTzCxsZzhg\nT63IwqlS\n-----END CERTIFICATE-----\n","dev.sigstore.cosign/chain":"-----BEGIN CERTIFICATE-----\nMIICGjCCAaGgAwIBAgIUALnViVfnU0brJasmRkHrn/UnfaQwCgYIKoZIzj0EAwMw\nKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0y\nMjA0MTMyMDA2MTVaFw0zMTEwMDUxMzU2NThaMDcxFTATBgNVBAoTDHNpZ3N0b3Jl\nLmRldjEeMBwGA1UEAxMVc2lnc3RvcmUtaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0C\nAQYFK4EEACIDYgAE8RVS/ysH+NOvuDZyPIZtilgUF9NlarYpAd9HP1vBBH1U5CV7\n7LSS7s0ZiH4nE7Hv7ptS6LvvR/STk798LVgMzLlJ4HeIfF3tHSaexLcYpSASr1kS\n0N/RgBJz/9jWCiXno3sweTAOBgNVHQ8BAf8EBAMCAQYwEwYDVR0lBAwwCgYIKwYB\nBQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU39Ppz1YkEZb5qNjp\nKFWixi4YZD8wHwYDVR0jBBgwFoAUWMAeX5FFpWapesyQoZMi0CrFxfowCgYIKoZI\nzj0EAwMDZwAwZAIwPCsQK4DYiZYDPIaDi5HFKnfxXx6ASSVmERfsynYBiX2X6SJR\nnZU84/9DZdnFvvxmAjBOt6QpBlc4J/0DxvkTCqpclvziL6BCCPnjdlIB3Pu3BxsP\nmygUY7Ii2zbdCdliiow=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIB9zCCAXygAwIBAgIUALZNAPFdxHPwjeDloDwyYChAO/4wCgYIKoZIzj0EAwMw\nKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0y\nMTEwMDcxMzU2NTlaFw0zMTEwMDUxMzU2NThaMCoxFTATBgNVBAoTDHNpZ3N0b3Jl\nLmRldjERMA8GA1UEAxMIc2lnc3RvcmUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT7\nXeFT4rb3PQGwS4IajtLk3/OlnpgangaBclYpsYBr5i+4ynB07ceb3LP0OIOZdxex\nX69c5iVuyJRQ+Hz05yi+UF3uBWAlHpiS5sh0+H2GHE7SXrk1EC5m1Tr19L9gg92j\nYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRY\nwB5fkUWlZql6zJChkyLQKsXF+jAfBgNVHSMEGDAWgBRYwB5fkUWlZql6zJChkyLQ\nKsXF+jAKBggqhkjOPQQDAwNpADBmAjEAj1nHeXZp+13NWBNa+EDsDP8G1WWg1tCM\nWP/WHPqpaVo0jhsweNFZgSs0eE7wYI4qAjEA2WB9ot98sIkoF3vZYdd3/VtWB5b9\nTNMea7Ix/stJ5TfcLLeABLE4BNJOsQ4vnBHJ\n-----END CERTIFICATE-----","predicateType":"https://slsa.dev/provenance/v0.2"}}]}

cli/slsa-verifier/testdata/gha_container-based/v2.1.0/binary-linux-amd64-workflow_dispatch

@@ -0,0 +1,28 @@
+{
+  "schemaVersion": 2,
+  "mediaType": "application/vnd.oci.image.index.v1+json",
+  "manifests": [
+    {
+      "mediaType": "application/vnd.oci.image.manifest.v1+json",
+      "digest": "sha256:d1fc0de9c6a33e502c488221644de1736c53d8ddb59b0e41b4946fb26af50e69",
+      "size": 2557,
+      "platform": {
+        "architecture": "amd64",
+        "os": "linux"
+      }
+    },
+    {
+      "mediaType": "application/vnd.oci.image.manifest.v1+json",
+      "digest": "sha256:a79645dc6fd76a0db9c9c04f5ba722ecb7d1fa8cdfc1d848d931d884cbab02ea",
+      "size": 566,
+      "annotations": {
+        "vnd.docker.reference.digest": "sha256:d1fc0de9c6a33e502c488221644de1736c53d8ddb59b0e41b4946fb26af50e69",
+        "vnd.docker.reference.type": "attestation-manifest"
+      },
+      "platform": {
+        "architecture": "unknown",
+        "os": "unknown"
+      }
+    }
+  ]
+}

cli/slsa-verifier/testdata/gha_container-based/v2.1.0/binary-linux-amd64-workflow_dispatch.intoto.build.slsa

@@ -0,0 +1 @@
+{"architecture":"amd64","config":{"User":"0","Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt"],"Entrypoint":["/app"],"WorkingDir":"/","Labels":{"org.opencontainers.image.created":"2025-02-25T21:57:05.844Z","org.opencontainers.image.description":"","org.opencontainers.image.licenses":"Apache-2.0","org.opencontainers.image.revision":"4d329c75e7ec1725f7c9ce917a8799d408d06be3","org.opencontainers.image.source":"https://github.com/slsa-framework/example-package","org.opencontainers.image.title":"example-package","org.opencontainers.image.url":"https://github.com/slsa-framework/example-package","org.opencontainers.image.version":"main"}},"created":"2025-02-25T21:57:29.579251262Z","history":[{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"2025-02-25T21:57:29.579251262Z","created_by":"COPY /app/app /app # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2025-02-25T21:57:29.579251262Z","created_by":"ENTRYPOINT [\"/app\"]","comment":"buildkit.dockerfile.v0","empty_layer":true}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:f920c5680b0b677741c5500dc365a9b074aa263ab43c3eb6be6a465b1caadd8e","sha256:8fa10c0194df9b7c054c90dbe482585f768a54428fc90a5b78a0066a123b1bba","sha256:a80545a98dcd0866ae5eeadc9a28dec703b1e54a01ce8ff245e83f48261fe575","sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368","sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc","sha256:6f1cdceb6a3146f0ccb986521156bef8a422cdbb0863396f7f751f575ba308f4","sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b","sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1","sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849","sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3","sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217","sha256:1b1886b9acf4ab23bfb87940146ddb1cfdad8babe6b602e75ed168e23eb66686"]}}

cli/slsa-verifier/testdata/gha_delegator/v2.1.0/binary-linux-amd64-push-v13.0.30

@@ -0,0 +1 @@
+{"architecture":"unknown","os":"unknown","config":{},"rootfs":{"type":"layers","diff_ids":["sha256:8d63b5e440cc7cfa68622b4a3cae2dbe215f8f8dcc9f2fa4ffd3078d40d61a84"]}}

cli/slsa-verifier/testdata/gha_delegator/v2.1.0/binary-linux-amd64-push-v13.0.30.build.slsa

@@ -0,0 +1 @@
+{"_type":"https://in-toto.io/Statement/v0.1","predicateType":"https://slsa.dev/provenance/v0.2","subject":[{"name":"pkg:docker/ghcr.io/slsa-framework/example-package.verifier-e2e.all.tag.main.default.slsa3@main?platform=linux%2Famd64","digest":{"sha256":"d1fc0de9c6a33e502c488221644de1736c53d8ddb59b0e41b4946fb26af50e69"}}],"predicate":{"builder":{"id":""},"buildType":"https://mobyproject.org/buildkit@v1","materials":[{"uri":"pkg:docker/[email protected]?digest=sha256:4746d26432a9117a5f58e95cb9f954ddf0de128e9d5816886514199316e4a2fb\u0026platform=linux%2Famd64","digest":{"sha256":"4746d26432a9117a5f58e95cb9f954ddf0de128e9d5816886514199316e4a2fb"}},{"uri":"pkg:docker/gcr.io/distroless/static?digest=sha256:3f2b64ef97bd285e36132c684e6b2ae8f2723293d09aae046196cca64251acac\u0026platform=linux%2Famd64","digest":{"sha256":"3f2b64ef97bd285e36132c684e6b2ae8f2723293d09aae046196cca64251acac"}},{"uri":"https://github.com/slsa-framework/example-package.git#4d329c75e7ec1725f7c9ce917a8799d408d06be3","digest":{"sha1":"4d329c75e7ec1725f7c9ce917a8799d408d06be3"}}],"invocation":{"configSource":{"uri":"https://github.com/slsa-framework/example-package.git#4d329c75e7ec1725f7c9ce917a8799d408d06be3","digest":{"sha1":"4d329c75e7ec1725f7c9ce917a8799d408d06be3"},"entryPoint":"Dockerfile"},"parameters":{"frontend":"dockerfile.v0"},"environment":{"platform":"linux/amd64"}},"metadata":{"buildInvocationID":"i2zs9o1wwh74vxm7k1kobli75","buildStartedOn":"2025-02-25T21:57:06.800879795Z","buildFinishedOn":"2025-02-25T21:57:29.66049539Z","completeness":{"parameters":false,"environment":true,"materials":true},"reproducible":false,"https://mobyproject.org/buildkit@v1#metadata":{}}}}

cli/slsa-verifier/testdata/gha_delegator/v2.1.0/binary-linux-amd64-push-v14

@@ -0,0 +1 @@
+{"architecture":"","created":"0001-01-01T00:00:00Z","history":[{"created":"0001-01-01T00:00:00Z"}],"os":"","rootfs":{"type":"layers","diff_ids":["sha256:e163b472f2e5d66e5a2a45e26e020c51a0d2da7dc8b567b31fc2ebfd33dbc33a"]},"config":{}}

cli/slsa-verifier/testdata/gha_delegator/v2.1.0/binary-linux-amd64-push-v14.2

@@ -0,0 +1,19 @@
+{
+  "schemaVersion": 2,
+  "mediaType": "application/vnd.oci.image.manifest.v1+json",
+  "config": {
+    "mediaType": "application/vnd.oci.image.config.v1+json",
+    "digest": "sha256:86c42567c8b6c16e73362c1aac3b0054744e29bd2f922b3e9cbcbb6b96fd7aae",
+    "size": 167
+  },
+  "layers": [
+    {
+      "mediaType": "application/vnd.in-toto+json",
+      "digest": "sha256:8d63b5e440cc7cfa68622b4a3cae2dbe215f8f8dcc9f2fa4ffd3078d40d61a84",
+      "size": 1664,
+      "annotations": {
+        "in-toto.io/predicate-type": "https://slsa.dev/provenance/v0.2"
+      }
+    }
+  ]
+}