ghcontrol

package

v0.6.3 Latest Latest Go to latest Published: Aug 12, 2025 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/slsa-framework/source-tool

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func BranchToFullRef(branch string) string
func CheckNameToControlName(checkName string) slsa.ControlName
func GetBranchFromRef(ref string) string
func GetTagFromRef(ref string) string
func TagToFullRef(tag string) string
type GhControlStatus
- func (cs *GhControlStatus) AddControl(newControls ...*provenance.Control)
type GitHubConnection
- func NewGhConnection(owner, repo, ref string) *GitHubConnection
- func NewGhConnectionWithClient(owner, repo, ref string, client *github.Client) *GitHubConnection
type Options
type RequiredCheck

Constants ¶

View Source

const (
	AnyReference               = "*"
	GitHubActionsIntegrationId = int64(15368)
)

Matches any reference type.

View Source

const (
	EnforcementActive = "active"
)

Variables ¶

This section is empty.

Functions ¶

func BranchToFullRef ¶

func BranchToFullRef(branch string) string

func CheckNameToControlName ¶

func CheckNameToControlName(checkName string) slsa.ControlName

func GetTagFromRef ¶

func GetTagFromRef(ref string) string

func TagToFullRef ¶

func TagToFullRef(tag string) string

Types ¶

type GhControlStatus ¶

type GhControlStatus struct {
	// The time the commit we're evaluating was pushed.
	CommitPushTime time.Time
	// The actor that pushed the commit.
	ActorLogin string
	// The type of activity that created the commit.
	ActivityType string
	// The controls that are enabled according to the GitHub API.
	// May not include other controls like if we have provenance.
	Controls slsa.Controls
}

func (*GhControlStatus) AddControl ¶

func (cs *GhControlStatus) AddControl(newControls ...*provenance.Control)

Adds the control, but only if it existed when the commit was pushed.

type GitHubConnection ¶

type GitHubConnection struct {
	Options Options
	// contains filtered or unexported fields
}

Manages a connection to a GitHub repository.

func NewGhConnection ¶

func NewGhConnection(owner, repo, ref string) *GitHubConnection

func NewGhConnectionWithClient ¶

func NewGhConnectionWithClient(owner, repo, ref string, client *github.Client) *GitHubConnection

func (*GitHubConnection) Client ¶

func (ghc *GitHubConnection) Client() *github.Client

func (*GitHubConnection) EnableBranchRules ¶

func (ghc *GitHubConnection) EnableBranchRules(ctx context.Context) error

EnableBranchRules adds a ruleset to the repo to enforce delete and push protection if one of them is missing. We check first so if other rules already protect the branch, this function noops.

func (*GitHubConnection) EnableTagRules ¶

func (ghc *GitHubConnection) EnableTagRules(ctx context.Context) error

EnableTagRules adds a ruleset to the repo to enforce delete and push and update protection on all branches.

func (*GitHubConnection) GetBranchControls ¶

func (ghc *GitHubConnection) GetBranchControls(ctx context.Context, ref string) (*slsa.Controls, error)

GetBranchControls returns a list of the controls enabled at present for a branch. This function does not take into account a commit date, it just returns those controls that are active when called.

func (*GitHubConnection) GetBranchControlsAtCommit ¶

func (ghc *GitHubConnection) GetBranchControlsAtCommit(ctx context.Context, commit, ref string) (*GhControlStatus, error)

GetBranchControlsAtCommit determines the controls that are in place for a branch at a specific commit using GitHub's APIs. This is necessarily only as good as GitHub's controls and existing APIs.

func (*GitHubConnection) GetDefaultBranch ¶

func (ghc *GitHubConnection) GetDefaultBranch(ctx context.Context) (string, error)

GetDefaultBranch reads the default repository branch from the GitHub API

func (*GitHubConnection) GetFullRef ¶

func (ghc *GitHubConnection) GetFullRef() string

func (*GitHubConnection) GetLatestCommit ¶

func (ghc *GitHubConnection) GetLatestCommit(ctx context.Context, targetBranch string) (string, error)

func (*GitHubConnection) GetNotesForCommit ¶

func (ghc *GitHubConnection) GetNotesForCommit(ctx context.Context, commit string) (string, error)

GetNotesForCommit returns the unparsed notes blob for a commit as stored in git via the GitHub API. If no notes data can be found at the specified commit GetNotesForCommit returns a blank string (and no error).

func (*GitHubConnection) GetPriorCommit ¶

func (ghc *GitHubConnection) GetPriorCommit(ctx context.Context, sha string) (string, error)

Gets the previous commit to 'sha' if it has one. If there are more than one parents this fails with an error. (This tool generally operates in an environment of linear history)

func (*GitHubConnection) GetRepoUri ¶

func (ghc *GitHubConnection) GetRepoUri() string

Returns the URI of the repo this connection tracks.

func (*GitHubConnection) GetTagControls ¶

func (ghc *GitHubConnection) GetTagControls(ctx context.Context, commit, ref string) (*GhControlStatus, error)

func (*GitHubConnection) Owner ¶

func (ghc *GitHubConnection) Owner() string

func (*GitHubConnection) Repo ¶

func (ghc *GitHubConnection) Repo() string

func (*GitHubConnection) WithAuthToken ¶

func (ghc *GitHubConnection) WithAuthToken(token string) *GitHubConnection

Uses the provide token for auth. If the token is the empty string this is a no-op.

type Options ¶

type Options struct {
	// AllowMergeCommits causes the GitHub connector to reject merge
	// commits when set to false.
	AllowMergeCommits bool
	// contains filtered or unexported fields
}

type RequiredCheck ¶

type RequiredCheck struct {
	// The name of the required status check as reported in the GitHub UI/API.
	Name string
	// How long that check has been required.
	Since time.Time
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL