policy: add testcases for !hasProvenance and sha256 git

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>

Author: tonistiigi

policy/validate_test.go

@@ -377,6 +377,14 @@ func TestSourceToInputWithLogger(t *testing.T) {
 				"input.image.workingDir",
 				"input.image.env",
 			},
+			assert: func(t *testing.T, inp Input, unknowns []string, err error) {
+				t.Helper()
+				require.NoError(t, err)
+				require.NotNil(t, inp.Image)
+				require.False(t, inp.Image.HasProvenance)
+				require.NotContains(t, unknowns, "input.image.hasProvenance")
+				require.NotContains(t, unknowns, "input.image.signatures")
+			},
 		},
 		{
 			name: "image-source-with-config-and-no-attestation-chain",
@@ -671,6 +679,28 @@ func TestSourceToInputWithLogger(t *testing.T) {
 			},
 			expUnk: []string{"input.git.commit", "input.git.tag"},
 		},
+		{
+			name: "git-meta-sha256-checksum-sets-is-sha256",
+			src: &gwpb.ResolveSourceMetaResponse{
+				Source: &pb.SourceOp{
+					Identifier: "git://github.com/docker/buildx.git",
+				},
+				Git: &gwpb.ResolveSourceGitResponse{
+					Checksum: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+				},
+			},
+			expInput: Input{
+				Git: &Git{
+					Schema:         "https",
+					Host:           "github.com",
+					Remote:         "https://github.com/docker/buildx.git",
+					Checksum:       "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+					CommitChecksum: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+					IsSHA256:       true,
+				},
+			},
+			expUnk: []string{"input.git.commit", "input.git.tag"},
+		},
 		{
 			name: "git-meta-checksum-ne-commit-checksum-sets-annotated-tag",
 			src: &gwpb.ResolveSourceMetaResponse{