From f6a3c6c49602061b3ffa418079b396f74116ac2f Mon Sep 17 00:00:00 2001
From: Drew Roen <102626803+drewroengoogle@users.noreply.github.com>
Date: Tue, 2 Jan 2024 13:35:10 -0600
Subject: [PATCH] Remove slsa-verifier tech debt (#3382)

* Remove the provenance injection workaround, as provenance should be correctly created now, and slsa-verifier 2.4.1 no longer requires this piece anyway
---
 cloud_build/get_docker_image_provenance.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/cloud_build/get_docker_image_provenance.sh b/cloud_build/get_docker_image_provenance.sh
index 2d40040ab..e36afae6f 100755
--- a/cloud_build/get_docker_image_provenance.sh
+++ b/cloud_build/get_docker_image_provenance.sh
@@ -6,7 +6,9 @@
 # This script is used to pull a docker image's provenance and save it to a file.
 DOCKER_IMAGE_URL=$1
 OUTPUT_DIRECTORY=$2
-# Getting the docker image provenance can be flaky, so retry up to 3 times.
+# Getting the docker image provenance can be flaky due to the provenance not
+# uploading fast enough, or a transient error from artifact registry, so retry
+# up to 3 times.
 MAX_ATTEMPTS=3
 
 # Download the jq binary in order to obtain the artifact registry url from the
@@ -18,10 +20,8 @@ for attempt in $(seq 1 $MAX_ATTEMPTS)
 do
     echo "(Attempt $attempt) Obtaining provenance for $1"
     gcloud artifacts docker images describe \
-	    $DOCKER_IMAGE_URL --show-provenance --format json > tmp.json
+	    $DOCKER_IMAGE_URL --show-provenance --format json > $OUTPUT_DIRECTORY
     COMMAND_RESULT=$?
-    val=$(cat tmp.json | jq -r '.provenance_summary.provenance[0].envelope.payload' | base64 -d | jq '.predicate.recipe.arguments.sourceProvenance')
-    cat tmp.json | jq ".provenance_summary.provenance[0].build.intotoStatement.slsaProvenance.recipe.arguments.sourceProvenance = ${val}" > $OUTPUT_DIRECTORY
     if [[ $COMMAND_RESULT -eq 0 ]]
     then
         echo "Successfully obtained provenance and saved to $2"