Documentation
¶
Overview ¶
Package manifest defines the StageFreight manifest schema and deterministic JSON serialization. The manifest is the normalized data bus between raw evidence (Dockerfile, SBOM, scans) and rendering consumers (narrator, inspect, diff).
Index ¶
- func ExtractSection(m *Manifest, dotPath string) (interface{}, error)
- func FindDefaultBuildID(cfg *config.Config) string
- func Inspect(m *Manifest, opts InspectOptions) (string, error)
- func MarshalDeterministic(m *Manifest) ([]byte, error)
- func PopulateBaseImage(m *Manifest, rootDir string)
- func RenderBadges(data interface{}) (string, error)
- func RenderKV(data interface{}) (string, error)
- func RenderList(data interface{}) (string, error)
- func RenderSection(m *Manifest, section, renderer string, columns []string) (string, error)
- func RenderTable(data interface{}, columns []string) (string, error)
- func ResolveManifestPath(rootDir string, cfg *config.Config, buildID string) string
- type Build
- type Complete
- type GenerateOptions
- type Image
- type InspectOptions
- type InvItem
- type Invs
- type Manifest
- type Metadata
- type Platform
- type Release
- type Repo
- type SBOMInfo
- type ScanInfo
- type Scope
- type Security
- type SigInfo
- type Target
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ExtractSection ¶
ExtractSection extracts a nested value from a manifest using a dot-path. e.g., "inventories.pip" → manifest.Inventories.Pip
func FindDefaultBuildID ¶
FindDefaultBuildID returns the first build ID from config, or empty string.
func Inspect ¶
func Inspect(m *Manifest, opts InspectOptions) (string, error)
Inspect pretty-prints a manifest or a specific section.
func MarshalDeterministic ¶
MarshalDeterministic produces canonical JSON output: sorted map keys, two-space indentation, trailing newline. Identical inputs → byte-identical output.
func PopulateBaseImage ¶
PopulateBaseImage fills in the base_image field from Dockerfile parsing.
func RenderBadges ¶
RenderBadges renders an array of inventory items as inline shields.io badge images. Items with version+pinned get green badges, version+unpinned get blue, no version gets grey.
func RenderList ¶
RenderList renders an array as a bullet list. Items with "name" and "version" fields are rendered as "name: version". Otherwise just the "name" or string value.
func RenderSection ¶
RenderSection renders a manifest section using the specified renderer.
func RenderTable ¶
RenderTable renders an array of objects as a markdown table. columns selects which fields to include. If empty, uses all keys from the first item.
Types ¶
type Build ¶
type Build struct {
ConfigPath string `json:"config_path"`
BuildID string `json:"build_id"`
Dockerfile string `json:"dockerfile"`
Context string `json:"context"`
Target *string `json:"target"`
BaseImage string `json:"base_image"`
Args map[string]string `json:"args"`
}
Build holds build configuration.
type Complete ¶
type Complete struct {
ImageMeta bool `json:"image_metadata"`
SecurityMeta bool `json:"security_metadata"`
SBOMImported bool `json:"sbom_imported"`
}
Complete tracks which data categories are populated.
type GenerateOptions ¶
type GenerateOptions struct {
RootDir string
BuildID string // filter to a specific build ID
Platform string // filter to a specific platform (os/arch)
Mode string // ephemeral, workspace, commit, publish
OutputDir string // output directory for manifest files
DryRun bool
Version string // app version for generator field
}
GenerateOptions controls manifest generation behavior.
type Image ¶
type Image struct {
Refs []string `json:"refs"`
Digest *string `json:"digest"`
ConfigDigest *string `json:"config_digest"`
}
Image holds built image metadata.
type InspectOptions ¶
type InspectOptions struct {
Section string // dot-path to extract (empty = whole manifest)
Format string // "json", "table", "human" (default: "human")
}
InspectOptions controls manifest inspection behavior.
type InvItem ¶
type InvItem struct {
Name string `json:"name"`
Version string `json:"version"`
Pinned bool `json:"pinned"`
Source string `json:"source"`
SourceRef string `json:"source_ref"`
Manager string `json:"manager"`
Confidence string `json:"confidence,omitempty"`
URL string `json:"url,omitempty"`
Stage string `json:"stage,omitempty"`
Final bool `json:"final,omitempty"`
}
InvItem represents a single inventory entry.
type Invs ¶
type Invs struct {
Versions []InvItem `json:"versions"`
Lineage []InvItem `json:"lineage,omitempty"`
Apk []InvItem `json:"apk"`
Apt []InvItem `json:"apt"`
Pip []InvItem `json:"pip"`
Galaxy []InvItem `json:"galaxy"`
Npm []InvItem `json:"npm"`
Go []InvItem `json:"go"`
Binaries []InvItem `json:"binaries"`
}
Invs groups inventory items by manager.
type Manifest ¶
type Manifest struct {
SchemaVersion int `json:"schema_version"`
Kind string `json:"kind"`
Metadata Metadata `json:"metadata"`
Repo Repo `json:"repo"`
Scope Scope `json:"scope"`
Release *Release `json:"release,omitempty"`
Build Build `json:"build"`
Targets []Target `json:"targets"`
Image Image `json:"image"`
Completeness Complete `json:"completeness"`
Inventories Invs `json:"inventories"`
Security Security `json:"security"`
}
Manifest is the top-level StageFreight manifest (schema_version: 1).
func Generate ¶
func Generate(cfg *config.Config, opts GenerateOptions) ([]*Manifest, error)
Generate creates manifests for all matching builds.
func LoadManifest ¶
LoadManifest reads and parses a manifest JSON file.
type Metadata ¶
type Metadata struct {
GeneratedAt string `json:"generated_at,omitempty"` // omitted in commit/workspace modes
Generator string `json:"generator"`
State string `json:"state"` // "prebuild" or "postbuild"
Mode string `json:"mode"`
}
Metadata holds generation metadata.
type Platform ¶
type Platform struct {
OS string `json:"os"`
Arch string `json:"arch"`
Variant *string `json:"variant"`
}
Platform describes the target platform.
type Repo ¶
type Repo struct {
URL string `json:"url"`
DefaultBranch string `json:"default_branch"`
Commit string `json:"commit"`
Dirty bool `json:"dirty"`
}
Repo holds git repository metadata.
type SBOMInfo ¶
type SBOMInfo struct {
Present bool `json:"present"`
Format *string `json:"format"`
Path *string `json:"path"`
Digest *string `json:"digest"`
}
SBOMInfo describes SBOM availability.
type Scope ¶
type Scope struct {
Name string `json:"name"`
BuildID string `json:"build_id"`
Platform *Platform `json:"platform,omitempty"`
}
Scope identifies the manifest scope.
type Security ¶
type Security struct {
SBOM SBOMInfo `json:"sbom"`
Signatures []SigInfo `json:"signatures"`
Scans []ScanInfo `json:"scans"`
}
Security holds security-related metadata.
type Target ¶
type Target struct {
ID string `json:"id"`
Kind string `json:"kind"`
Provider string `json:"provider,omitempty"`
URL string `json:"url"`
Path string `json:"path"`
Tags []string `json:"tags,omitempty"`
CredentialRef string `json:"credential_ref,omitempty"`
}
Target holds distribution target metadata.
Source Files