fix: Allow no inputs to TRW (#2203)

ianlewis · web-flow · commit e4be53ee2654 · 2023-06-02T10:37:52.000+09:00
Fixes #1780 --------- Signed-off-by: Ian Lewis <ianlewis@google.com>
diff --git a/.github/actions/verify-token/__tests__/inputs.test.ts b/.github/actions/verify-token/__tests__/inputs.test.ts
@@ -20,6 +20,19 @@ import { updateSLSAToken } from "../src/inputs";
 import { rawTokenInterface } from "../src/types";
 
 describe("updateSLSAToken", () => {
+  it("no inputs", async () => {
+    const inputs = JSON.parse("{}");
+    const token = createToken(inputs);
+    const content = `
+on:
+  workflow_call:
+`;
+    const ret = updateSLSAToken(content, token);
+    expect(ret.tool.inputs).toEqual(
+      new Map<string, string | number | boolean>()
+    );
+  });
+
   it("remove bool", async () => {
     const inputs = JSON.parse(
       '{"name1": "value1", "name2": 2, "name3": "", "name4": true}'
diff --git a/.github/actions/verify-token/dist/index.js b/.github/actions/verify-token/dist/index.js
@@ -272,17 +272,17 @@ function filterWorkflowInputs(slsaToken, ghToken, repoName, hash, workflowPath)
 }
 exports.filterWorkflowInputs = filterWorkflowInputs;
 function updateSLSAToken(content, slsaToken) {
+    var _a, _b, _c;
     const ret = Object.create(slsaToken);
     const workflow = YAML.parse(content);
     slsaToken.tool.inputs = (0, utils_1.asMap)(slsaToken.tool.inputs);
-    if (!workflow.on) {
-        throw new Error("no 'on' field");
-    }
-    if (!workflow.on.workflow_call) {
+    // NOTE: We need to check the presence of workflow_call but it could be empty
+    // (e.g. no inputs).
+    if (((_a = workflow.on) === null || _a === void 0 ? void 0 : _a.workflow_call) === undefined) {
         throw new Error("no 'workflow_call' field");
     }
     // No inputs field defined.
-    if (!workflow.on.workflow_call.inputs) {
+    if (!((_c = (_b = workflow.on) === null || _b === void 0 ? void 0 : _b.workflow_call) === null || _c === void 0 ? void 0 : _c.inputs)) {
         core.info("no input defined in the workflow");
         ret.tool.inputs = new Map();
         return ret;
diff --git a/.github/actions/verify-token/dist/index.js.map b/.github/actions/verify-token/dist/index.js.map
diff --git a/.github/actions/verify-token/src/inputs.ts b/.github/actions/verify-token/src/inputs.ts
@@ -46,15 +46,15 @@ export function updateSLSAToken(
   slsaToken.tool.inputs = asMap<string | number | boolean>(
     slsaToken.tool.inputs
   );
-  if (!workflow.on) {
-    throw new Error("no 'on' field");
-  }
-  if (!workflow.on.workflow_call) {
+
+  // NOTE: We need to check the presence of workflow_call but it could be empty
+  // (e.g. no inputs).
+  if (workflow.on?.workflow_call === undefined) {
     throw new Error("no 'workflow_call' field");
   }
 
   // No inputs field defined.
-  if (!workflow.on.workflow_call.inputs) {
+  if (!workflow.on?.workflow_call?.inputs) {
     core.info("no input defined in the workflow");
     ret.tool.inputs = new Map();
     return ret;
