fanout-dispatcher aggregation mode #205
Description
Currently, the integrations fan-out dispatcher dispatch an Execute command for every attestation and material types (if they are present in the attestation of course) the plugin is subscribed to.
Current Approach
For example, let's say we have a plugin that's subscribed to receive not only the attestation metadata but also any SBOM and JUNIT pieces of evidence.
if the attestation contains no matching materials, dispatch will be called once, containing the attestation information and the plugin can call the third party service with it.
If we receive also N materials that matche. N+1 executions with different inputs will be performed
The problem with this approach is that we do not allow plugins to act on aggregate. For exmaple, a notification plugin will not be able to send a single notification containing the rest of materials as attachments, or a storage backend will not be able to upload all the relevant artifacts and metadata in a transaction.
New Approach
The new approach could just call an integration execution once containing all the resolved pieces of evidence and attestation envelope.
This will enable plugin developers to decide whether the want to aggregate or fan out results.
This issue is about designing and implementing this or a similar method in our SDK + dispatcher.