Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type ArtifactUploader ¶
type ArtifactUploader struct {
// contains filtered or unexported fields
}
ArtifactUploader handles uploading signed artifacts and attestations to remote cache
func NewArtifactUploader ¶
func NewArtifactUploader(remoteCache cache.RemoteCache) *ArtifactUploader
NewArtifactUploader creates a new artifact uploader
func (*ArtifactUploader) UploadArtifactWithAttestation ¶
func (u *ArtifactUploader) UploadArtifactWithAttestation(ctx context.Context, artifactPath string, attestationBytes []byte) error
UploadArtifactWithAttestation uploads both the artifact and its .att file to remote cache
type GitHubContext ¶
type GitHubContext struct {
RunID string // GITHUB_RUN_ID
RunNumber string // GITHUB_RUN_NUMBER
Actor string // GITHUB_ACTOR
Repository string // GITHUB_REPOSITORY
Ref string // GITHUB_REF
SHA string // GITHUB_SHA
ServerURL string // GITHUB_SERVER_URL
WorkflowRef string // GITHUB_WORKFLOW_REF
}
GitHubContext contains GitHub Actions environment information
func GetGitHubContext ¶
func GetGitHubContext() *GitHubContext
GetGitHubContext extracts GitHub Actions context from environment variables
func (*GitHubContext) Validate ¶
func (ctx *GitHubContext) Validate() error
Validate ensures all required GitHub context fields are present
type SignedAttestationResult ¶
type SignedAttestationResult struct {
AttestationBytes []byte `json:"attestation_bytes"` // Complete .att file content
Checksum string `json:"checksum"` // SHA256 of the artifact
ArtifactName string `json:"artifact_name"` // Name of the artifact
}
SignedAttestationResult contains the signed SLSA attestation ready for upload
func GenerateSignedSLSAAttestation ¶
func GenerateSignedSLSAAttestation(ctx context.Context, artifactPath string, githubCtx *GitHubContext) (*SignedAttestationResult, error)
GenerateSignedSLSAAttestation generates and signs SLSA provenance in one integrated step
type SigningError ¶
type SigningError struct {
Type SigningErrorType `json:"type"`
Artifact string `json:"artifact"`
Message string `json:"message"`
Cause error `json:"-"`
}
SigningError represents a categorized error during the signing process
func CategorizeError ¶
func CategorizeError(artifact string, err error) *SigningError
CategorizeError attempts to categorize a generic error into a SigningError
func NewSigningError ¶
func NewSigningError(errorType SigningErrorType, artifact, message string, cause error) *SigningError
NewSigningError creates a new categorized signing error
func (*SigningError) Error ¶
func (e *SigningError) Error() string
Error implements the error interface
func (*SigningError) IsRetryable ¶
func (e *SigningError) IsRetryable() bool
IsRetryable determines if an error type should be retried
func (*SigningError) Unwrap ¶
func (e *SigningError) Unwrap() error
Unwrap returns the underlying cause for error wrapping
type SigningErrorType ¶
type SigningErrorType string
SigningErrorType categorizes different types of signing errors
const ( ErrorTypeNetwork SigningErrorType = "network" ErrorTypeSigstore SigningErrorType = "sigstore" ErrorTypePermission SigningErrorType = "permission" ErrorTypeValidation SigningErrorType = "validation" ErrorTypeFileSystem SigningErrorType = "filesystem" )
Source Files