test: comprehensive sign-cache and cache resilience test suite

pkg/leeway/signing/attestation.go

@@ -21,14 +21,14 @@ import (
 
 // GitHubContext contains GitHub Actions environment information
 type GitHubContext struct {
-	RunID        string // GITHUB_RUN_ID
-	RunNumber    string // GITHUB_RUN_NUMBER
-	Actor        string // GITHUB_ACTOR
-	Repository   string // GITHUB_REPOSITORY
-	Ref          string // GITHUB_REF
-	SHA          string // GITHUB_SHA
-	ServerURL    string // GITHUB_SERVER_URL
-	WorkflowRef  string // GITHUB_WORKFLOW_REF
+	RunID       string // GITHUB_RUN_ID
+	RunNumber   string // GITHUB_RUN_NUMBER
+	Actor       string // GITHUB_ACTOR
+	Repository  string // GITHUB_REPOSITORY
+	Ref         string // GITHUB_REF
+	SHA         string // GITHUB_SHA
+	ServerURL   string // GITHUB_SERVER_URL
+	WorkflowRef string // GITHUB_WORKFLOW_REF
 }
 
 // Validate ensures all required GitHub context fields are present
@@ -72,8 +72,6 @@ type SignedAttestationResult struct {
 	ArtifactName     string `json:"artifact_name"`     // Name of the artifact
 }
 
-
-
 // GenerateSignedSLSAAttestation generates and signs SLSA provenance in one integrated step
 func GenerateSignedSLSAAttestation(ctx context.Context, artifactPath string, githubCtx *GitHubContext) (*SignedAttestationResult, error) {
 	// Calculate artifact checksum
@@ -172,7 +170,7 @@ func computeSHA256(filePath string) (string, error) {
 	if err != nil {
 		return "", fmt.Errorf("failed to open file: %w", err)
 	}
-	defer file.Close()
+	defer func() { _ = file.Close() }()
 
 	hash := sha256.New()
 	if _, err := io.Copy(hash, file); err != nil {
@@ -355,4 +353,4 @@ func validateSigstoreEnvironment() error {
 
 	log.Debug("Sigstore environment validation passed")
 	return nil
-}
+}