[feature][byob] Distinguish between user inputs and TRW inputs

[laurentsimon]

See actions/runner#2274

We could:

1. Ask TRW writers to give a list of inputs. This is error prone, especially when TRW writers start updating their inputs.
2. Compare the TRW inputs (in the token) with those in the workflow_dispatch event. This does not work if some TRW inputs have the same name as the workflow_dispatch
3. Read the TRW workflow and parse it, keep only the fields from the slsa-token that are defined in the workflow.

[ianlewis]

Compare the TRW inputs (in the token) with those in the workflow_dispatch event.

Would the TRW's inputs not presumably be polluted by the calling workflow's inputs in this case as well?

This does not work if some TRW inputs have the same name as the workflow_dispatch

What happens in this case? Is one overwritten by the other?

[asraa]

What happens in this case? Is one overwritten by the other?

I'm guessing that if, say, there was an input-a detected in the delegator, and an input-a in the slsa-token, we have no way to tell whether that input-a was ONLY the calling workflow's workflow_dispatch input, or whether it was also a TRW input.

[laurentsimon]

Looks like there is on.workflow_call.inputs we can use. I have not confirmed, but this would mean the only necessary change is for TRWs to use toJson(on.workflow_call.inputs) instead of toJson(inputs)

[ianlewis]

Looks like there is on.workflow_call.inputs we can use. I have not confirmed, but this would mean the only necessary change is for TRWs to use toJson(on.workflow_call.inputs) instead of toJson(inputs)

The reply on the other bug is basically your option 3. This doesn't exist as a context that passed at runtime.

[laurentsimon]

I think we need the Fulcio claims to be available to do this. The certificate contains the GITHUB_SHA of the project, but not the sha of the TRW, ie the workflow_sha is not present in Fulcio certs yet (it's only present in OIDC token). We need sigstore/fulcio#945 to land.
@haydentherapper when do you think it will be implemented?

[Hayden-IO]

Working on it currently! Hoping in a couple weeks, it's pretty straightforward.

[laurentsimon]

Awesome, please ping us here when it's landed if you can

[laurentsimon]

The PR got merged, and @haydentherapper will put it in staging, so we may be able to test it. @haydentherapper What's the fulcio URL / TUF to test against?

[Hayden-IO]

https://docs.sigstore.dev/cosign/keyless/#public-staging-environment - fulcio.sigstage.dev, and tuf-root-staging for the staging bucket.