bug: fix nancy by removing tekton payload from cosign test (#7841)

* fix: remove tekton payload from cosign test

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* fix: update image and identity to kyverno

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* style: extra tab in json payload

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

---------

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

go.mod

@@ -80,6 +80,7 @@ require (
 	sigs.k8s.io/controller-runtime v0.15.0
 	sigs.k8s.io/kustomize/api v0.13.4
 	sigs.k8s.io/kustomize/kyaml v0.14.2
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.3
 	sigs.k8s.io/yaml v1.3.0
 )
 
@@ -333,5 +334,4 @@ require (
 	oras.land/oras-go/v2 v2.2.0 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/release-utils v0.7.3 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 )

pkg/cosign/cosign_test.go

@@ -33,20 +33,28 @@ const cosignPayload = `{
 	}
 }`
 
-const tektonPayload = `{
-  "Critical": {
-    "Identity": {
-      "docker-reference": "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop"
-    },
-    "Image": {
-      "Docker-manifest-digest": "sha256:6a037d5ba27d9c6be32a9038bfe676fb67d2e4145b4f53e9c61fb3e69f06e816"
-    },
-    "Type": "Tekton container signature"
-  },
-  "Optional": {
-	  "Issuer": "https://github.com/login/oauth",
-	  "Subject": "https://github.com/mycompany/demo/.github/workflows/ci.yml@refs/heads/main"
-  }
+const keylessPayload = `{
+	"critical": {
+		"identity": {
+			"docker-reference": "ghcr.io/kyverno/test-verify-image"
+		},
+		"image": {
+			"docker-manifest-digest": "sha256:ee53528c4e3c723945cf870d73702b76135955a218dd7497bf344aa73ebb4227"
+		},
+		"type": "cosign container image signature"
+	},
+	"optional": {
+		"Bundle": {
+			"SignedEntryTimestamp": "--TIME-STAMP--",
+			"Payload": {
+				"integratedTime": 1689234389,
+				"logIndex": 27432442,
+				"logID": "--LOG-ID--"
+			}
+		},
+		"Issuer": "https://accounts.google.com",
+		"Subject": "kyverno@nirmata.com"
+	}
 }`
 
 func TestCosignPayload(t *testing.T) {
@@ -61,15 +69,15 @@ func TestCosignPayload(t *testing.T) {
 	assert.NilError(t, err)
 	assert.Equal(t, d, "sha256:4a1c4b21597c1b4415bdbecb28a3296c6b5e23ca4f9feeb599860a1dac6a0108")
 
-	image2 := "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop"
-	signedPayloads2 := cosign.SignedPayload{Payload: []byte(tektonPayload)}
+	image2 := "ghcr.io/kyverno/test-verify-image"
+	signedPayloads2 := cosign.SignedPayload{Payload: []byte(keylessPayload)}
 	signatures2 := []oci.Signature{&sig{cosignPayload: signedPayloads2}}
 	p2, err := extractPayload(signatures2)
 	assert.NilError(t, err)
 
 	d2, err := extractDigest(image2, p2)
 	assert.NilError(t, err)
-	assert.Equal(t, d2, "sha256:6a037d5ba27d9c6be32a9038bfe676fb67d2e4145b4f53e9c61fb3e69f06e816")
+	assert.Equal(t, d2, "sha256:ee53528c4e3c723945cf870d73702b76135955a218dd7497bf344aa73ebb4227")
 }
 
 func TestCosignKeyless(t *testing.T) {