Documentation
¶
Index ¶
Constants ¶
const ( // DockerBasedBuildType is type for container-based builds. // TODO(#1191): Update to the final BuildType URI. DockerBasedBuildType = "https://slsa.dev/container-based-build/v0.1?draft" // SourceKey is the lookup key for source repository in ExternalParameters. SourceKey = "source" // BuilderImageKey is the lookup key for builder image in ExternalParameters. BuilderImageKey = "builderImage" // ConfigFileKey is the lookup key for the config file in ExternalParameters. ConfigFileKey = "configFile" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ArtifactReference ¶
type ArtifactReference struct {
// [URI] describing where this artifact came from. When possible, this SHOULD
// be a universal and stable identifier, such as a source location or Package
// URL ([purl]).
//
// Example: `pkg:pypi/pyyaml@6.0`
//
// REQUIRED.
URI string `json:"uri"`
// A map of cryptographic digests for the contents of this artifact.
// The key indicates the cryptographic algorithm used for computing the digest.
//
// REQUIRED.
Digest map[string]string `json:"digest"`
// The name for this artifact local to the build.
//
// Example: `PyYAML-6.0.tar.gz`
//
// OPTIONAL.
LocalName string `json:"localName,omitempty"`
//nolint:lll
// [URI] identifying the location that this artifact was downloaded from, if
// different and not derivable from `uri`.
//
// Example: `https://files.pythonhosted.org/packages/36/2b/61d51a2c4f25ef062ae3f74576b01638bebad5e045f747ff12643df63844/PyYAML-6.0.tar.gz`
//
// OPTIONAL.
DownloadLocation string `json:"downloadLocation,omitempty"`
// [Media Type] (aka MIME type) of this artifact.
//
// OPTIONAL.
MediaType string `json:"mediaType,omitempty"`
}
ArtifactReference contains details about an artifact.
type BuildConfig ¶
type BuildConfig struct {
// The path, relative to the root of the git repository, where the artifact
// built by the `docker run` command is expected to be found.
ArtifactPath string `toml:"artifact_path"`
// TODO(#1191): Add env and options if needed.
// Command to pass to `docker run`. The command is taken as an array
// instead of a single string to avoid unnecessary parsing. See
// https://docs.docker.com/engine/reference/builder/#cmd and
// https://man7.org/linux/man-pages/man3/exec.3.html for more details.
Command []string `toml:"command"`
}
BuildConfig is a collection of parameters to use for building the artifact.
type BuildDefinition ¶
type BuildDefinition struct {
// BuildType indicates how to unambiguously interpret this BuildDefinition.
BuildType string `json:"buildType"`
// The set of top-level external inputs to the build. This SHOULD contain all
// the information necessary and sufficient to initialize the build and begin
// execution. "Top-level" means that it is not derived from another input.
//
// REQUIRED for SLSA Build L1.
ExternalParameters ParameterCollection `json:"externalParameters"`
// Parameters of the build environment that were provided by the `builder` and
// not under external control. The primary intention of this field is for
// debugging, incident response, and vulnerability management. The values here
// MAY be necessary for reproducing the build.
//
// OPTIONAL.
SystemParameters ParameterCollection `json:"systemParameters,omitempty"`
// Resolved dependencies needed at build time.
//
// OPTIONAL.
ResolvedDependencies []ArtifactReference `json:"resolvedDependencies,omitempty"`
}
BuildDefinition contains the information required for building an artifact using a Docker image. Based on BuildDefinition in https://github.com/slsa-framework/slsa/pull/525.
func CreateBuildDefinition ¶
func CreateBuildDefinition(config *DockerBuildConfig) *BuildDefinition
CreateBuildDefinition creates a BuildDefinition from the given DockerBuildConfig.
type Builder ¶
type Builder struct {
// contains filtered or unexported fields
}
Builder is responsible for setting up the environment and using docker commands to build artifacts as specified in a DockerBuildConfig.
func NewBuilderWithGitFetcher ¶
func NewBuilderWithGitFetcher(config DockerBuildConfig, forceCheckout bool) (*Builder, error)
NewBuilderWithGitFetcher creates a new Builder that fetches the sources from a Git repository.
func (*Builder) SetUpBuildState ¶
func (b *Builder) SetUpBuildState() (*DockerBuild, error)
SetUpBuildState sets up the build by checking out the source repository and loading the config file. It returns an instance of DockerBuild, or an error if setting up the build state fails.
type Digest ¶
Digest specifies a digest values, including the name of the hash function that was used for computing the digest.
type DockerBuild ¶
type DockerBuild struct {
BuildDefinition *BuildDefinition
BuildConfig *BuildConfig
RepoInfo *RepoCheckoutInfo
}
DockerBuild represents a state in the process of building the artifacts where the source repository is checked out and the config file is loaded and parsed, and we are ready for running the `docker run` command.
func (*DockerBuild) BuildArtifact ¶
func (db *DockerBuild) BuildArtifact() ([]intoto.Subject, error)
BuildArtifact builds the artifacts based on the user-provided inputs, and returns the names and SHA256 digests of the generated artifacts.
type DockerBuildConfig ¶
type DockerBuildConfig struct {
SourceRepo string
SourceDigest Digest
BuilderImage DockerImage
BuildConfigPath string
ForceCheckout bool
}
DockerBuildConfig is a convenience class for holding validated user inputs.
func NewDockerBuildConfig ¶
func NewDockerBuildConfig(io *InputOptions) (*DockerBuildConfig, error)
NewDockerBuildConfig validates the inputs and generates an instance of DockerBuildConfig.
func (*DockerBuildConfig) LoadBuildConfigFromFile ¶
func (dbc *DockerBuildConfig) LoadBuildConfigFromFile() (*BuildConfig, error)
LoadBuildConfigFromFile loads build configuration from a toml file specified by the BuildConfigPath of this DockerBuildConfig. An instance of BuildConfig is returned on success.
type DockerImage ¶
DockerImage fully specifies a docker image by a URI (e.g., including the docker image name and registry), and its digest.
func (*DockerImage) ToString ¶
func (bi *DockerImage) ToString() string
ToString returns the builder image in the form of NAME@ALG:VALUE.
type Fetcher ¶
type Fetcher interface {
Fetch() (*RepoCheckoutInfo, error)
}
Fetcher is an interface with a single method Fetch, for fetching a repository from its source.
type GitClient ¶
type GitClient struct {
// contains filtered or unexported fields
}
GitClient provides data and functions for fetching the source files from a Git repository.
func (*GitClient) Fetch ¶
func (c *GitClient) Fetch() (*RepoCheckoutInfo, error)
Fetch is implemented for GitClient to make it usable in contexts where a Fetcher is needed.
type InputOptions ¶
type InputOptions struct {
BuildConfigPath string
SourceRepo string
GitCommitHash string
BuilderImage string
}
InputOptions are the common options for the dry run and build command.
func (*InputOptions) AddFlags ¶
func (io *InputOptions) AddFlags(cmd *cobra.Command)
AddFlags adds input flags to the given command.
type ParameterCollection ¶
type ParameterCollection struct {
// References to the top-level, independent input artifacts to the build. In
// many cases, this is a singular "source" artifact to be built.
//
// The key is a name whose interpretation depends on `buildType`. If there is
// only one input, it SHOULD be named "source".
Artifacts map[string]ArtifactReference `json:"artifacts,omitempty"`
// Other parameters that are not artifact references. Like `artifacts`, the
// key is a name whose interpretation depends on `buildType`.
Values map[string]string `json:"values,omitempty"`
}
ParameterCollection is a collection of parameters that appear in a build definition.
type RepoCheckoutInfo ¶
type RepoCheckoutInfo struct {
// Path to the root of the repo.
RepoRoot string
}
RepoCheckoutInfo contains info about the location of a locally checked out repository.
func (*RepoCheckoutInfo) Cleanup ¶
func (info *RepoCheckoutInfo) Cleanup()
Cleanup removes the generated temp files. But it might not be able to remove all the files, for instance the ones generated by the build script.
Source Files