 Documentation
      ¶
      Documentation
      ¶
    
    
  
    
  
    Index ¶
- Variables
- type CommitRemote
- type Crafter
- func (c *Crafter) AddMaterialContactFreeWithAutoDetectedKind(ctx context.Context, attestationID, name, value string, ...) (*api.Attestation_Material, error)
- func (c *Crafter) AddMaterialContractFree(ctx context.Context, attestationID, kind, name, value string, ...) (*api.Attestation_Material, error)
- func (c *Crafter) AddMaterialFromContract(ctx context.Context, attestationID, key, value string, ...) (*api.Attestation_Material, error)
- func (c *Crafter) AlreadyInitialized(ctx context.Context, stateID string) (bool, error)
- func (c *Crafter) EvaluateAttestationPolicies(ctx context.Context, attestationID string, statement *intoto.Statement) error
- func (c *Crafter) Init(ctx context.Context, opts *InitOpts) error
- func (c *Crafter) IsMaterialInContract(key string) bool
- func (c *Crafter) LoadCraftingState(ctx context.Context, attestationID string) error
- func (c *Crafter) Reset(ctx context.Context, stateID string) error
- func (c *Crafter) ResolveEnvVars(ctx context.Context, attestationID string) error
- func (c *Crafter) ValidateAttestation() error
 
- type HeadCommit
- type InitOpts
- type NewOpt
- type RunnerM
- type SigningOpts
- type StateManager
- type SupportedRunner
- type VersionedCraftingState
Constants ¶
This section is empty.
Variables ¶
var ErrAttestationStateNotLoaded = errors.New("crafting state not loaded")
    var ErrRunnerContextNotFound = errors.New("the runner environment doesn't match the required runner type")
    var RunnersMap = map[schemaapi.CraftingSchema_Runner_RunnerType]SupportedRunner{ schemaapi.CraftingSchema_Runner_GITHUB_ACTION: runners.NewGithubAction(), schemaapi.CraftingSchema_Runner_GITLAB_PIPELINE: runners.NewGitlabPipeline(), schemaapi.CraftingSchema_Runner_AZURE_PIPELINE: runners.NewAzurePipeline(), schemaapi.CraftingSchema_Runner_JENKINS_JOB: runners.NewJenkinsJob(), schemaapi.CraftingSchema_Runner_CIRCLECI_BUILD: runners.NewCircleCIBuild(), schemaapi.CraftingSchema_Runner_DAGGER_PIPELINE: runners.NewDaggerPipeline(), }
Functions ¶
This section is empty.
Types ¶
type CommitRemote ¶
type CommitRemote struct {
	Name, URL string
}
    type Crafter ¶
type Crafter struct {
	Logger        *zerolog.Logger
	CraftingState *VersionedCraftingState
	Runner        SupportedRunner
	// contains filtered or unexported fields
}
    func NewCrafter ¶
func NewCrafter(stateManager StateManager, attClient v1.AttestationServiceClient, opts ...NewOpt) (*Crafter, error)
Create a completely new crafter
func (*Crafter) AddMaterialContactFreeWithAutoDetectedKind ¶
func (c *Crafter) AddMaterialContactFreeWithAutoDetectedKind(ctx context.Context, attestationID, name, value string, casBackend *casclient.CASBackend, runtimeAnnotations map[string]string) (*api.Attestation_Material, error)
AddMaterialContactFreeWithAutoDetectedKind adds a material to the crafting state checking the incoming material matches any of the supported types in validation order. If the material is not found it will return an error.
func (*Crafter) AddMaterialContractFree ¶
func (c *Crafter) AddMaterialContractFree(ctx context.Context, attestationID, kind, name, value string, casBackend *casclient.CASBackend, runtimeAnnotations map[string]string) (*api.Attestation_Material, error)
AddMaterialContractFree adds a material to the crafting state without checking the contract schema. This is useful for adding materials that are not defined in the schema. The name of the material is automatically calculated to conform the API contract if not provided.
func (*Crafter) AddMaterialFromContract ¶
func (c *Crafter) AddMaterialFromContract(ctx context.Context, attestationID, key, value string, casBackend *casclient.CASBackend, runtimeAnnotations map[string]string) (*api.Attestation_Material, error)
AddMaterialFromContract adds a material to the crafting state checking the incoming materials is in the schema and has not been set yet
func (*Crafter) AlreadyInitialized ¶
func (*Crafter) EvaluateAttestationPolicies ¶ added in v0.147.0
func (c *Crafter) EvaluateAttestationPolicies(ctx context.Context, attestationID string, statement *intoto.Statement) error
EvaluateAttestationPolicies evaluates the attestation-level policies and stores them in the attestation state
func (*Crafter) IsMaterialInContract ¶
IsMaterialInContract checks if the material is in the contract schema
func (*Crafter) LoadCraftingState ¶
func (*Crafter) ResolveEnvVars ¶
ResolveEnvVars will iterate on the env vars in the allow list and resolve them from the system context strict indicates if it should fail if any env variable can not be found
func (*Crafter) ValidateAttestation ¶
type HeadCommit ¶
type InitOpts ¶
type InitOpts struct {
	// Control plane workflow metadata
	WfInfo *api.WorkflowMetadata
	// already marshaled schema
	SchemaV1 *schemaapi.CraftingSchema
	// do not record, upload or push attestation
	DryRun bool
	// Identifier of the attestation state
	AttestationID string
	Runner        SupportedRunner
	// fail the attestation if policy evaluation fails
	BlockOnPolicyViolation bool
	// Signing options
	SigningOptions *SigningOpts
}
    type RunnerM ¶
type RunnerM map[schemaapi.CraftingSchema_Runner_RunnerType]SupportedRunner
type SigningOpts ¶ added in v0.170.0
type SigningOpts struct {
	// Timestamp Authority to use
	TimestampAuthorityURL string
}
    type StateManager ¶
type StateManager interface {
	// Check if the state is already initialized
	Initialized(ctx context.Context, key string) (bool, error)
	// Write the state to the manager backend
	Write(ctx context.Context, key string, state *VersionedCraftingState) error
	// Read the state from the manager backend
	Read(ctx context.Context, key string, state *VersionedCraftingState) error
	// Reset/Delete the state
	Reset(ctx context.Context, key string) error
	// String returns a string representation of the state manager
	Info(ctx context.Context, key string) string
}
    StateManager is an interface for managing the state of the crafting process
type SupportedRunner ¶
type SupportedRunner interface {
	// Whether the attestation is happening in this environment
	CheckEnv() bool
	// List the env variables registered
	ListEnvVars() []*runners.EnvVarDefinition
	// Return the list of env vars associated with this runner already resolved
	ResolveEnvVars() (map[string]string, []*error)
	// uri to the running job/workload
	RunURI() string
	// ID returns the runner type
	ID() schemaapi.CraftingSchema_Runner_RunnerType
}
    func DiscoverAndEnforceRunner ¶
func DiscoverAndEnforceRunner(enforcedRunnerType schemaapi.CraftingSchema_Runner_RunnerType, dryRun bool, logger zerolog.Logger) (SupportedRunner, error)
func DiscoverRunner ¶
func DiscoverRunner(logger zerolog.Logger) SupportedRunner
DiscoverRunner the runner environment This method does a simple check to see which runner is available in the environment by iterating over the different runners and performing duck-typing checks If more than one runner is detected, we default to generic since its an incongruent result
func NewRunner ¶
func NewRunner(t schemaapi.CraftingSchema_Runner_RunnerType) SupportedRunner
Load a specific runner
type VersionedCraftingState ¶
type VersionedCraftingState struct {
	*api.CraftingState
	// This digest is used to verify the integrity of the state during updates
	UpdateCheckSum string
}