feat: show annotations in notifications (#289)

Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>

Author: migmartri

app/cli/cmd/workflow_workflow_run_describe.go

@@ -121,6 +121,12 @@ func workflowRunDescribeTableOutput(run *action.WorkflowRunItemFull) error {
 		color = text.FgHiGreen
 	}
 	gt.AppendRow(table.Row{"Verified", color.Sprint(run.Verified)})
+	if len(att.Annotations) > 0 {
+		gt.AppendRow(table.Row{"Annotations", "------"})
+		for _, a := range att.Annotations {
+			gt.AppendRow(table.Row{"", fmt.Sprintf("%s: %s", a.Name, a.Value)})
+		}
+	}
 	gt.Render()
 
 	predicateV1Table(att)

app/cli/internal/action/workflow_run_describe.go

@@ -43,12 +43,13 @@ type WorkflowRunItemFull struct {
 }
 
 type WorkflowRunAttestationItem struct {
-	ID        string         `json:"id"`
-	CreatedAt *time.Time     `json:"createdAt"`
-	Envelope  *dsse.Envelope `json:"envelope"`
-	statement *in_toto.Statement
-	Materials []*Material `json:"materials,omitempty"`
-	EnvVars   []*EnvVar   `json:"envvars,omitempty"`
+	ID          string         `json:"id"`
+	CreatedAt   *time.Time     `json:"createdAt"`
+	Envelope    *dsse.Envelope `json:"envelope"`
+	statement   *in_toto.Statement
+	Materials   []*Material   `json:"materials,omitempty"`
+	EnvVars     []*EnvVar     `json:"envvars,omitempty"`
+	Annotations []*Annotation `json:"annotations,omitempty"`
 }
 
 type Material struct {
@@ -132,12 +133,26 @@ func (action *WorkflowRunDescribe) Run(runID string, verify bool, publicKey stri
 		materials = append(materials, materialPBToAction(v))
 	}
 
+	keys := make([]string, 0, len(attestation.GetAnnotations()))
+	for k := range attestation.GetAnnotations() {
+		keys = append(keys, k)
+	}
+	sort.Strings(keys)
+
+	annotations := make([]*Annotation, 0, len(attestation.GetAnnotations()))
+	for _, k := range keys {
+		annotations = append(annotations, &Annotation{
+			Name: k, Value: attestation.GetAnnotations()[k],
+		})
+	}
+
 	item.Attestation = &WorkflowRunAttestationItem{
 		ID: attestation.Id, CreatedAt: toTimePtr(attestation.CreatedAt.AsTime()),
-		Envelope:  envelope,
-		statement: statement,
-		EnvVars:   envVars,
-		Materials: materials,
+		Envelope:    envelope,
+		statement:   statement,
+		EnvVars:     envVars,
+		Materials:   materials,
+		Annotations: annotations,
 	}
 
 	return item, nil

app/controlplane/api/controlplane/v1/response_messages.pb.go

@@ -57,6 +57,7 @@ message AttestationItem {
   // denormalized envelope/statement content
   repeated EnvVariable env_vars = 4;
   repeated Material materials = 5;
+  map<string, string> annotations = 6;
 
   message EnvVariable {
     string name = 1; 

app/controlplane/api/controlplane/v1/response_messages.pb.validate.go

@@ -311,9 +311,10 @@ func bizAttestationToPb(att *biz.Attestation) (*cpAPI.AttestationItem, error) {
 	}
 
 	return &cpAPI.AttestationItem{
-		Envelope:  encodedAttestation,
-		EnvVars:   extractEnvVariables(predicate.GetEnvVars()),
-		Materials: materials,
+		Envelope:    encodedAttestation,
+		EnvVars:     extractEnvVariables(predicate.GetEnvVars()),
+		Materials:   materials,
+		Annotations: predicate.GetAnnotations(),
 	}, nil
 }
 

app/controlplane/api/controlplane/v1/response_messages.proto

@@ -22,6 +22,7 @@ import (
 
 	"github.com/chainloop-dev/chainloop/internal/attestation/renderer/chainloop"
 	"github.com/jedib0t/go-pretty/v6/table"
+	"github.com/muesli/reflow/wrap"
 )
 
 type renderer struct {
@@ -102,6 +103,18 @@ func (r *renderer) summaryTable(m *ChainloopMetadata, predicate chainloop.Normal
 	tw.AppendRow(table.Row{"Finished At", wr.FinishedAt.Format(time.RFC822)})
 	tw.AppendRow(table.Row{"State", wr.State})
 	tw.AppendRow(table.Row{"Runner Link", wr.RunURL})
+	if annotations := predicate.GetAnnotations(); len(annotations) > 0 {
+		keys := make([]string, 0, len(annotations))
+		for k := range annotations {
+			keys = append(keys, k)
+		}
+		sort.Strings(keys)
+
+		tw.AppendRow(table.Row{"Annotations", "------"})
+		for _, k := range keys {
+			tw.AppendRow(table.Row{"", fmt.Sprintf("%s: %s", k, annotations[k])})
+		}
+	}
 
 	var result = r.render(tw)
 
@@ -112,23 +125,32 @@ func (r *renderer) summaryTable(m *ChainloopMetadata, predicate chainloop.Normal
 		mt.SetStyle(table.StyleLight)
 
 		mt.SetTitle("Materials")
-		mt.AppendHeader(table.Row{"Name", "Type", "Value"})
-
 		for _, m := range materials {
-			// Initialize simply with the value
-			displayValue := m.Value
-			// Override if there is a hash attached
+			mt.AppendRow(table.Row{"Name", m.Name})
+			mt.AppendRow(table.Row{"Type", m.Type})
+			value := m.Value
+			// Override the value for the filename of the item uploaded
+			if m.EmbeddedInline || m.UploadedToCAS {
+				value = m.Filename
+			}
+			mt.AppendRow(table.Row{"Value", wrap.String(value, 100)})
 			if m.Hash != nil {
-				name := m.Value
-				if m.EmbeddedInline || m.UploadedToCAS {
-					name = m.Filename
+				mt.AppendRow(table.Row{"Digest", m.Hash.Hex})
+			}
+
+			if annotations := m.Annotations; len(annotations) > 0 {
+				keys := make([]string, 0, len(annotations))
+				for k := range annotations {
+					keys = append(keys, k)
 				}
+				sort.Strings(keys)
 
-				displayValue = fmt.Sprintf("%s@%s", name, m.Hash)
+				mt.AppendRow(table.Row{"Annotations", "------"})
+				for _, k := range keys {
+					mt.AppendRow(table.Row{"", fmt.Sprintf("%s: %s", k, annotations[k])})
+				}
 			}
-
-			row := table.Row{m.Name, m.Type, displayValue}
-			mt.AppendRow(row)
+			mt.AppendSeparator()
 		}
 
 		result += "\n" + r.render(mt)

app/controlplane/api/gen/frontend/controlplane/v1/response_messages.ts

@@ -1,6 +1,6 @@
 {
    "payloadType": "application/vnd.in-toto+json",
-   "payload": "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGVUeXBlIjogImNoYWlubG9vcC5kZXYvYXR0ZXN0YXRpb24vdjAuMiIsCiAgInN1YmplY3QiOiBbCiAgICB7CiAgICAgICJuYW1lIjogImNoYWlubG9vcC5kZXYvd29ya2Zsb3cvb25seS1zYm9tIiwKICAgICAgImRpZ2VzdCI6IHsKICAgICAgICAic2hhMjU2IjogIjMwMzZmMmU1ZDcwOWEyMzgwOGVhYTA1NTcwZjE3MThhZmZmOTJkNGFkMzVlMjMyYzEzODczODM3MmFjOTNkZmIiCiAgICAgIH0KICAgIH0KICBdLAogICJwcmVkaWNhdGUiOiB7CiAgICAibWV0YWRhdGEiOiB7CiAgICAgICJuYW1lIjogIm9ubHktc2JvbSIsCiAgICAgICJwcm9qZWN0IjogImZvbyIsCiAgICAgICJ0ZWFtIjogIiIsCiAgICAgICJpbml0aWFsaXplZEF0IjogIjIwMjMtMDYtMjNUMTM6MDA6MjkuMTgzNjE4OTY2WiIsCiAgICAgICJmaW5pc2hlZEF0IjogIjIwMjMtMDYtMjNUMTU6MDA6NDMuNzA5OTcwNjcrMDI6MDAiLAogICAgICAid29ya2Zsb3dSdW5JRCI6ICJhMTdjYTIxNi0yOWI2LTQxMDctYjNmYy05MjU2ZjdhZjJmZTYiLAogICAgICAid29ya2Zsb3dJRCI6ICI1ZTM0YjM0Zi04ODJjLTQ4YjgtODRjMC00ZjIzOGUxNWE1ZmQiCiAgICB9LAogICAgImVudiI6IHsgIm93bmVyIjogImpvaG4tY0BjaGFpbmxvb3AuZGV2IiwgInByb2plY3QiOiAiY2hhdGdwdCIgfSwKICAgICJidWlsZGVyIjogewogICAgICAiaWQiOiAiY2hhaW5sb29wLmRldi9jbGkvZGV2QHNoYTI1NjphOGRkZDczODEzMDAyZjYyZDJkZTExYTQyMDU0YzA2ZmFlMGQwYTg4YjZjODkwNGU3ZGU0NDc1MTk4YzBiMGQzIgogICAgfSwKICAgICJidWlsZFR5cGUiOiAiY2hhaW5sb29wLmRldi93b3JrZmxvd3J1bi92MC4xIiwKICAgICJydW5uZXJUeXBlIjogIlJVTk5FUl9UWVBFX1VOU1BFQ0lGSUVEIiwKICAgICJtYXRlcmlhbHMiOiBbCiAgICAgIHsKICAgICAgICAiZGlnZXN0IjogewogICAgICAgICAgInNoYTI1NiI6ICIyNjRmNTVhNmZmOWNlYzJmNDc0MmE5ZmFhY2MwMzNiMjlmNjVjMDRkZDQ0ODBlNzFlMjM1NzlkNDg0Mjg4ZDYxIgogICAgICAgIH0sCiAgICAgICAgIm5hbWUiOiAiaW5kZXguZG9ja2VyLmlvL2JpdG5hbWkvbmdpbngiLAogICAgICAgICJhbm5vdGF0aW9ucyI6IHsKICAgICAgICAgICJjaGFpbmxvb3AubWF0ZXJpYWwubmFtZSI6ICJpbWFnZSIsCiAgICAgICAgICAiY2hhaW5sb29wLm1hdGVyaWFsLnR5cGUiOiAiQ09OVEFJTkVSX0lNQUdFIgogICAgICAgIH0KICAgICAgfSwKICAgICAgewogICAgICAgICJkaWdlc3QiOiB7CiAgICAgICAgICAic2hhMjU2IjogIjE2MTU5YmI4ODFlYjRhYjdlYjVkOGFmYzUzNTBiMGZlZWVkMWUzMWMwYTI2OGUzNTVlNzRmOWNjYmU4ODVlMGMiCiAgICAgICAgfSwKICAgICAgICAibmFtZSI6ICJzYm9tLmN5Y2xvbmVkeC5qc29uIiwKICAgICAgICAiYW5ub3RhdGlvbnMiOiB7CiAgICAgICAgICAiY2hhaW5sb29wLm1hdGVyaWFsLmNhcyI6IHRydWUsCiAgICAgICAgICAiY2hhaW5sb29wLm1hdGVyaWFsLm5hbWUiOiAic2t5bmV0LXNib20iLAogICAgICAgICAgImNoYWlubG9vcC5tYXRlcmlhbC50eXBlIjogIlNCT01fQ1lDTE9ORURYX0pTT04iCiAgICAgICAgfQogICAgICB9LAogICAgICB7CiAgICAgICAgImRpZ2VzdCI6IHsKICAgICAgICAgICJzaGEyNTYiOiAiMTYxNTliYjg4MWViNGFiN2ViNWQ4YWZjNTM1MGIwZmVlZWQxZTMxYzBhMjY4ZTM1NWU3NGY5Y2NiZTg4NWUwYyIKICAgICAgICB9LAogICAgICAgICJuYW1lIjogInNib20uY3ljbG9uZWR4Lmpzb24iLAogICAgICAgICJhbm5vdGF0aW9ucyI6IHsKICAgICAgICAgICJjaGFpbmxvb3AubWF0ZXJpYWwuY2FzIjogdHJ1ZSwKICAgICAgICAgICJjaGFpbmxvb3AubWF0ZXJpYWwubmFtZSI6ICJza3luZXQyLXNib20iLAogICAgICAgICAgImNoYWlubG9vcC5tYXRlcmlhbC50eXBlIjogIlNCT01fQ1lDTE9ORURYX0pTT04iCiAgICAgICAgfQogICAgICB9CiAgICBdCiAgfQp9Cg==",
+   "payload": "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGVUeXBlIjogImNoYWlubG9vcC5kZXYvYXR0ZXN0YXRpb24vdjAuMiIsCiAgInN1YmplY3QiOiBbCiAgICB7CiAgICAgICJuYW1lIjogImNoYWlubG9vcC5kZXYvd29ya2Zsb3cvb25seS1zYm9tIiwKICAgICAgImRpZ2VzdCI6IHsKICAgICAgICAic2hhMjU2IjogIjMwMzZmMmU1ZDcwOWEyMzgwOGVhYTA1NTcwZjE3MThhZmZmOTJkNGFkMzVlMjMyYzEzODczODM3MmFjOTNkZmIiCiAgICAgIH0KICAgIH0KICBdLAogICJwcmVkaWNhdGUiOiB7CiAgICAibWV0YWRhdGEiOiB7CiAgICAgICJuYW1lIjogIm9ubHktc2JvbSIsCiAgICAgICJwcm9qZWN0IjogImZvbyIsCiAgICAgICJ0ZWFtIjogIiIsCiAgICAgICJpbml0aWFsaXplZEF0IjogIjIwMjMtMDYtMjNUMTM6MDA6MjkuMTgzNjE4OTY2WiIsCiAgICAgICJmaW5pc2hlZEF0IjogIjIwMjMtMDYtMjNUMTU6MDA6NDMuNzA5OTcwNjcrMDI6MDAiLAogICAgICAid29ya2Zsb3dSdW5JRCI6ICJhMTdjYTIxNi0yOWI2LTQxMDctYjNmYy05MjU2ZjdhZjJmZTYiLAogICAgICAid29ya2Zsb3dJRCI6ICI1ZTM0YjM0Zi04ODJjLTQ4YjgtODRjMC00ZjIzOGUxNWE1ZmQiCiAgICB9LAogICAgImVudiI6IHsgIm93bmVyIjogImpvaG4tY0BjaGFpbmxvb3AuZGV2IiwgInByb2plY3QiOiAiY2hhdGdwdCIgfSwKICAgICJidWlsZGVyIjogewogICAgICAiaWQiOiAiY2hhaW5sb29wLmRldi9jbGkvZGV2QHNoYTI1NjphOGRkZDczODEzMDAyZjYyZDJkZTExYTQyMDU0YzA2ZmFlMGQwYTg4YjZjODkwNGU3ZGU0NDc1MTk4YzBiMGQzIgogICAgfSwKICAgICJidWlsZFR5cGUiOiAiY2hhaW5sb29wLmRldi93b3JrZmxvd3J1bi92MC4xIiwKICAgICJydW5uZXJUeXBlIjogIlJVTk5FUl9UWVBFX1VOU1BFQ0lGSUVEIiwKICAgICJhbm5vdGF0aW9ucyI6IHsKICAgICAgInRvcGxldmVsIjogInRydWUiLAogICAgICAiYnJhbmNoIjogInN0YWJsZSIKICAgIH0sCiAgICAibWF0ZXJpYWxzIjogWwogICAgICB7CiAgICAgICAgImRpZ2VzdCI6IHsKICAgICAgICAgICJzaGEyNTYiOiAiMjY0ZjU1YTZmZjljZWMyZjQ3NDJhOWZhYWNjMDMzYjI5ZjY1YzA0ZGQ0NDgwZTcxZTIzNTc5ZDQ4NDI4OGQ2MSIKICAgICAgICB9LAogICAgICAgICJuYW1lIjogImluZGV4LmRvY2tlci5pby9iaXRuYW1pL25naW54IiwKICAgICAgICAiYW5ub3RhdGlvbnMiOiB7CiAgICAgICAgICAiY2hhaW5sb29wLm1hdGVyaWFsLm5hbWUiOiAiaW1hZ2UiLAogICAgICAgICAgImNoYWlubG9vcC5tYXRlcmlhbC50eXBlIjogIkNPTlRBSU5FUl9JTUFHRSIKICAgICAgICB9CiAgICAgIH0sCiAgICAgIHsKICAgICAgICAiZGlnZXN0IjogewogICAgICAgICAgInNoYTI1NiI6ICIxNjE1OWJiODgxZWI0YWI3ZWI1ZDhhZmM1MzUwYjBmZWVlZDFlMzFjMGEyNjhlMzU1ZTc0ZjljY2JlODg1ZTBjIgogICAgICAgIH0sCiAgICAgICAgIm5hbWUiOiAic2JvbS5jeWNsb25lZHguanNvbiIsCiAgICAgICAgImFubm90YXRpb25zIjogewogICAgICAgICAgImNoYWlubG9vcC5tYXRlcmlhbC5jYXMiOiB0cnVlLAogICAgICAgICAgImNoYWlubG9vcC5tYXRlcmlhbC5uYW1lIjogInNreW5ldC1zYm9tIiwKICAgICAgICAgICJjaGFpbmxvb3AubWF0ZXJpYWwudHlwZSI6ICJTQk9NX0NZQ0xPTkVEWF9KU09OIiwKICAgICAgICAgICJjb21wb25lbnQiOiAibmdpbngiCiAgICAgICAgfQogICAgICB9LAogICAgICB7CiAgICAgICAgImRpZ2VzdCI6IHsKICAgICAgICAgICJzaGEyNTYiOiAiMTYxNTliYjg4MWViNGFiN2ViNWQ4YWZjNTM1MGIwZmVlZWQxZTMxYzBhMjY4ZTM1NWU3NGY5Y2NiZTg4NWUwYyIKICAgICAgICB9LAogICAgICAgICJuYW1lIjogInNib20uY3ljbG9uZWR4Lmpzb24iLAogICAgICAgICJhbm5vdGF0aW9ucyI6IHsKICAgICAgICAgICJjaGFpbmxvb3AubWF0ZXJpYWwuY2FzIjogdHJ1ZSwKICAgICAgICAgICJjaGFpbmxvb3AubWF0ZXJpYWwubmFtZSI6ICJza3luZXQyLXNib20iLAogICAgICAgICAgImNoYWlubG9vcC5tYXRlcmlhbC50eXBlIjogIlNCT01fQ1lDTE9ORURYX0pTT04iCiAgICAgICAgfQogICAgICB9CiAgICBdCiAgfQp9Cg==",
    "signatures": [
       {
          "keyid": "",

app/controlplane/internal/service/attestation.go

@@ -9,12 +9,24 @@
 | Finished At | 22 Nov 21 00:10 UTC |
 | State | success |
 | Runner Link | chainloop.dev/runner |
+| Annotations | ------ |
+|  | branch: stable |
+|  | toplevel: true |
 # Materials
-| Name | Type | Value |
-| --- | --- | --- |
-| image | CONTAINER_IMAGE | index.docker.io/bitnami/nginx@sha256:264f55a6ff9cec2f4742a9faacc033b29f65c04dd4480e71e23579d484288d61 |
-| skynet-sbom | SBOM_CYCLONEDX_JSON | sbom.cyclonedx.json@sha256:16159bb881eb4ab7eb5d8afc5350b0feeed1e31c0a268e355e74f9ccbe885e0c |
-| skynet2-sbom | SBOM_CYCLONEDX_JSON | sbom.cyclonedx.json@sha256:16159bb881eb4ab7eb5d8afc5350b0feeed1e31c0a268e355e74f9ccbe885e0c |
+| Name | image |
+| Type | CONTAINER_IMAGE |
+| Value | index.docker.io/bitnami/nginx |
+| Digest | 264f55a6ff9cec2f4742a9faacc033b29f65c04dd4480e71e23579d484288d61 |
+| Name | skynet-sbom |
+| Type | SBOM_CYCLONEDX_JSON |
+| Value | sbom.cyclonedx.json |
+| Digest | 16159bb881eb4ab7eb5d8afc5350b0feeed1e31c0a268e355e74f9ccbe885e0c |
+| Annotations | ------ |
+|  | component: nginx |
+| Name | skynet2-sbom |
+| Type | SBOM_CYCLONEDX_JSON |
+| Value | sbom.cyclonedx.json |
+| Digest | 16159bb881eb4ab7eb5d8afc5350b0feeed1e31c0a268e355e74f9ccbe885e0c |
 # Environment Variables
 | Name | Value |
 | --- | --- |