chore: add integration test for asset information

Signed-off-by: Ben Selwyn-Smith <[email protected]>

Author: benmss

src/macaron/slsa_analyzer/checks/provenance_available_check.py

@@ -19,8 +19,6 @@
 
 logger: logging.Logger = logging.getLogger(__name__)
 
-# TODO replace this check with the provenance verification check.
-
 
 class ProvenanceAvailableException(MacaronError):
     """When there is an error while checking if a provenance is available."""

tests/integration/cases/provenance_available/policy.dl

@@ -0,0 +1,13 @@
+/* Copyright (c) 2025 - 2025, Oracle and/or its affiliates. All rights reserved. */
+/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */
+
+#include "prelude.dl"
+
+Policy("test_policy", component_id, "") :-
+    check_passed(component_id, "mcn_provenance_available_1"),
+    provenance_available_check(_, asset_name, asset_url),
+    asset_name = "toga",
+    asset_url = "https://pypi.org/integrity/toga/0.5.1/toga-0.5.1-py3-none-any.whl/provenance".
+
+apply_policy_to("test_policy", component_id) :-
+    is_component(component_id, "pkg:pypi/[email protected]").

tests/integration/cases/provenance_available/test.yaml

@@ -0,0 +1,20 @@
+# Copyright (c) 2025 - 2025, Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
+
+description: |
+  Analyzing a PyPI PURL that has provenance available on the PyPI registry.
+
+tags:
+- macaron-python-package
+
+steps:
+- name: Run macaron analyze
+  kind: analyze
+  options:
+    command_args:
+    - -purl
+    - pkg:pypi/[email protected]
+- name: Run macaron verify-policy to verify passed/failed checks
+  kind: verify
+  options:
+    policy: policy.dl