refactor: migrate to intoto/attestations go library -> in-toto 1.0 bump #397
Conversation
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
| @@ -107,6 +109,9 @@ func (action *AttestationPush) Run(runtimeAnnotations map[string]string) (*Attes | |||
|
|
|||
| action.Logger.Debug().Msg("validation completed") | |||
|
|
|||
| // Indicate that we are done with the attestation | |||
| action.c.CraftingState.Attestation.FinishedAt = timestamppb.New(time.Now()) | |||
There was a problem hiding this comment.
The finishedAt timestamp is now in the attestation state. This simplifies testing by making rendering idempotent.
| @@ -26,7 +26,7 @@ import ( | |||
| "github.com/chainloop-dev/chainloop/internal/attestation/renderer/chainloop" | |||
| sigs "github.com/sigstore/cosign/v2/pkg/signature" | |||
|
|
|||
| "github.com/in-toto/in-toto-golang/in_toto" | |||
There was a problem hiding this comment.
moved away from github.com/in-toto/in-toto-golang/in_toto
| @@ -0,0 +1,96 @@ | |||
| { | |||
| "type": "https://in-toto.io/Statement/v1", | |||
| @@ -0,0 +1,96 @@ | |||
| { | |||
| "type": "https://in-toto.io/Statement/v1", | |||
| // transform to structpb.Struct in a two steps process | ||
| // 1 - ProvenancePredicate -> json -> map[string]interface{} | ||
| // 2 - map[string]interface{} -> structpb.Struct | ||
| predicateJSON, err := json.Marshal(p) |
There was a problem hiding this comment.
a little bit of trickery to transform to structpb :(
| @@ -43,8 +44,7 @@ type AttestationRenderer struct { | |||
| } | |||
|
|
|||
| type r interface { | |||
| Header() (*in_toto.StatementHeader, error) | |||
| Predicate() (interface{}, error) | |||
| Statement() (*intoto.Statement, error) | |||
There was a problem hiding this comment.
the interface has been simplified now.
|
@adityasaky, re this comment #60 (comment) I can see some deprecation warnings in the Am I missing anything? Is the path forward recommended by the in-toto team to adopt the bindings at Thank you! |
@migmartri Adding support for the proto bindings to in-toto-golang is in-flight: in-toto/in-toto-golang#268 We were blocked on something until last week, so I should be able to complete this PR now. |
hi @marcelamelara, thanks for the information. So great! We are both considering using in-toto/attestation/go as the source of truth for the bindings. It seems that in your PR you are also adding some exciting generators, I might use them in the future :) |
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
migmartri
force-pushed
the
migrate-intoto
branch
from
f689fd8
to
0ca3af4
Compare
Attestation rendering logic refactoring to support in-toto v1.0.
Previously, we did some work #103 adopting
resourceDescriptorsin our custom predicate, but now, in-toto 1.0 spec is fully supported.In practice, this patch:
Closes #60