Documentation
¶
Index ¶
- Constants
- func NewOAuth2Client(ctx context.Context, tokenRetriever TokenRetriever) *http.Client
- type AnyEvent
- type Context
- type Environment
- type ReleaseClient
- func (p *ReleaseClient) AddProvenanceToRelease(ctx context.Context, owner, repo string, releaseID int64, provenance *os.File) (*github.ReleaseAsset, error)
- func (p *ReleaseClient) DownloadReleaseAssets(ctx context.Context, owner, repo string, releaseID int64, ...) ([]*github.ReleaseAsset, error)
- func (p *ReleaseClient) FetchRelease(ctx context.Context, owner, repo, tagName string) (*github.RepositoryRelease, error)
- func (p *ReleaseClient) ListReleaseAssets(ctx context.Context, owner, repo string, releaseID int64, ...) ([]*github.ReleaseAsset, error)
- func (p *ReleaseClient) ListReleases(ctx context.Context, owner, repo string, listOptions github.ListOptions) ([]*github.RepositoryRelease, error)
- type ReleaseEnvironment
- func (e *ReleaseEnvironment) GenerateProvenanceStatement(ctx context.Context, subjecter intoto.Subjecter, materials ...intoto.Item) (*intoto.Statement, error)
- func (e *ReleaseEnvironment) GetReleaseID(ctx context.Context, tagName string) (int64, error)
- func (e *ReleaseEnvironment) PersistProvenanceStatement(ctx context.Context, stmt *intoto.Statement, path string) error
- type RunnerContext
- type Token
- type TokenRetriever
Constants ¶
const ( // HostedIDSuffix the GitHub hosted attestation type HostedIDSuffix = "/Attestations/GitHubHostedActions@v1" // SelfHostedIDSuffix the GitHub self hosted attestation type SelfHostedIDSuffix = "/Attestations/SelfHostedActions@v1" // BuildType URI indicating what type of build was performed. It determines the meaning of invocation, buildConfig and materials. BuildType = "https://github.com/Attestations/GitHubActionsWorkflow@v1" // PayloadContentType used to define the Envelope content type // See: https://github.com/in-toto/attestation#provenance-example PayloadContentType = "application/vnd.in-toto+json" )
Variables ¶
This section is empty.
Functions ¶
func NewOAuth2Client ¶
func NewOAuth2Client(ctx context.Context, tokenRetriever TokenRetriever) *http.Client
NewOAuth2Client creates a oauth2 client using the token from the TokenRetriever
Types ¶
type AnyEvent ¶
type AnyEvent struct {
Inputs json.RawMessage `json:"inputs"`
}
AnyEvent holds the inputs from a Github workflow
See https://docs.github.com/en/actions/reference/events-that-trigger-workflows The only Event with dynamically-provided input is workflow_dispatch which exposes the user params at the key "input."
type Context ¶
type Context struct {
Action string `json:"action"`
ActionPath string `json:"action_path"`
Actor string `json:"actor"`
BaseRef string `json:"base_ref"`
Event json.RawMessage `json:"event"`
EventName string `json:"event_name"`
EventPath string `json:"event_path"`
HeadRef string `json:"head_ref"`
Job string `json:"job"`
Ref string `json:"ref"`
Repository string `json:"repository"`
RepositoryOwner string `json:"repository_owner"`
RunID string `json:"run_id"`
RunNumber string `json:"run_number"`
SHA string `json:"sha"`
Token Token `json:"token,omitempty"`
Workflow string `json:"workflow"`
Workspace string `json:"workspace"`
}
Context holds all the information set on Github runners in relation to the job
This information is retrieved from variables during workflow execution
type Environment ¶
type Environment struct {
Context *Context `json:"github,omitempty"`
Runner *RunnerContext `json:"runner,omitempty"`
}
Environment the environment from which provenance is generated.
func (*Environment) GenerateProvenanceStatement ¶
func (e *Environment) GenerateProvenanceStatement(ctx context.Context, subjecter intoto.Subjecter, materials ...intoto.Item) (*intoto.Statement, error)
GenerateProvenanceStatement generates provenance from the provided artifactPath
The artifactPath can be a file or a directory.
func (*Environment) PersistProvenanceStatement ¶
func (e *Environment) PersistProvenanceStatement(ctx context.Context, stmt *intoto.Statement, path string) error
PersistProvenanceStatement writes the provenance statement at the given path
type ReleaseClient ¶
ReleaseClient GitHub client adding convenience methods to add provenance to a release
func NewReleaseClient ¶
func NewReleaseClient(httpClient *http.Client) *ReleaseClient
NewReleaseClient create new ReleaseClient instance
func (*ReleaseClient) AddProvenanceToRelease ¶
func (p *ReleaseClient) AddProvenanceToRelease(ctx context.Context, owner, repo string, releaseID int64, provenance *os.File) (*github.ReleaseAsset, error)
AddProvenanceToRelease uploads the provenance for the given release
func (*ReleaseClient) DownloadReleaseAssets ¶
func (p *ReleaseClient) DownloadReleaseAssets(ctx context.Context, owner, repo string, releaseID int64, storageLocation string) ([]*github.ReleaseAsset, error)
DownloadReleaseAssets download the assets for a release at the given storage location.
func (*ReleaseClient) FetchRelease ¶
func (p *ReleaseClient) FetchRelease(ctx context.Context, owner, repo, tagName string) (*github.RepositoryRelease, error)
FetchRelease get the release by its tagName
func (*ReleaseClient) ListReleaseAssets ¶
func (p *ReleaseClient) ListReleaseAssets(ctx context.Context, owner, repo string, releaseID int64, listOptions github.ListOptions) ([]*github.ReleaseAsset, error)
ListReleaseAssets will retrieve the list of all release assets.
func (*ReleaseClient) ListReleases ¶
func (p *ReleaseClient) ListReleases(ctx context.Context, owner, repo string, listOptions github.ListOptions) ([]*github.RepositoryRelease, error)
ListReleases will retrieve the list of all releases.
type ReleaseEnvironment ¶
type ReleaseEnvironment struct {
*Environment
// contains filtered or unexported fields
}
ReleaseEnvironment implements intoto.Provenancer to Generate provenance based on a GitHub release
func NewReleaseEnvironment ¶
func NewReleaseEnvironment(gh Context, runner RunnerContext, tagName string, rc *ReleaseClient, artifactPath string) *ReleaseEnvironment
NewReleaseEnvironment creates a new instance of ReleaseEnvironment with the given tagName and provenanceClient
func (*ReleaseEnvironment) GenerateProvenanceStatement ¶
func (e *ReleaseEnvironment) GenerateProvenanceStatement(ctx context.Context, subjecter intoto.Subjecter, materials ...intoto.Item) (*intoto.Statement, error)
GenerateProvenanceStatement generates provenance from the GitHub release environment Release assets will be downloaded to the given artifactPath The artifactPath has to be a directory.
func (*ReleaseEnvironment) GetReleaseID ¶
GetReleaseID fetches a release and caches the releaseID in the environment
func (*ReleaseEnvironment) PersistProvenanceStatement ¶
func (e *ReleaseEnvironment) PersistProvenanceStatement(ctx context.Context, stmt *intoto.Statement, path string) error
PersistProvenanceStatement writes the provenance statement at the given path and uploads it to the GitHub release
type RunnerContext ¶
type RunnerContext struct {
OS string `json:"os"`
Temp string `json:"temp"`
ToolCache string `json:"tool_cache"`
}
RunnerContext holds information about the given Github Runner in which a workflow executes
This information is retrieved from variables during workflow execution
type Token ¶
type Token string
Token the github token used during a workflow
func (Token) MarshalText ¶
MarshalText masks the token as *** when marshalling
func (*Token) UnmarshalText ¶
UnmarshalText Unmarshals the token received from Github
type TokenRetriever ¶
type TokenRetriever func() string
TokenRetriever allows to implement a function to retrieve the token The token is placed in a StaticTokenSource to authenticate using oauth2.
Source Files