Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge OCI-repositories and Integration models #28

Open
migmartri opened this issue Mar 14, 2023 · 2 comments
Open

Merge OCI-repositories and Integration models #28

migmartri opened this issue Mar 14, 2023 · 2 comments
Assignees
@migmartri
Labels
component/controlplane

Comments

@migmartri
Copy link
Member

migmartri commented Mar 14, 2023
edited

Chainloop control plane has a mechanism to forward received DSSE attestation envelopes or SBOMs to different backends, i.e OCI registry or Dependency-Track.

overview-2

This means that conceptually both OCI registries and SBOM processors are at the same level, third party fan out integrations, but reality is that the implementation grew in a different manner.

Because of historical development reasons, currently, an OCI repository is mapped as its own identity in both the database and business logic.

image

while dependency track integration makes use of a generic "integration" model meant to encapsulate different processors.

type Integration struct {
	ent.Schema
}

func (Integration) Fields() []ent.Field {
	return []ent.Field{
		field.UUID("id", uuid.UUID{}).Default(uuid.New).Unique().Immutable(),
		field.String("kind").Immutable(),
		field.String("secret_name").Immutable(),
		field.Time("created_at").
			Default(time.Now).
			Immutable().
			Annotations(&entsql.Annotation{Default: "CURRENT_TIMESTAMP"}),
		// kind specific config
		field.Bytes("config").GoType(&pb.IntegrationConfig{}),
		field.Time("deleted_at").Optional(),
	}
}

func (Integration) Edges() []ent.Edge {
	return []ent.Edge{
		edge.From("attachments", IntegrationAttachment.Type).Ref("integration"),
		edge.From("organization", Organization.Type).Ref("integrations").Unique().Required(),
	}
}

both of them belongs to an organization and get attached to different workflows. The only difference is that having a valid OCI registry is mandatory

This issue is about making the OCI repository feature part of the more generic "integrations" feature for consistency.
This was referenced Mar 16, 2023
Closed
Closed
@danlishka
Copy link
Member

+1 for moving OCI registries to integrations.

How we add or update the OCI registries today might be confusing. I will explain why.

There are two related commands in the CLI:

  - config       Configure this client
  - integration  Third party integrations

The config one is about the CLI setup, so as an end user, I assume this is only about local changes.

Now let's take a look at this example:

$ chainloop config set-oci-repo --username danlishka --password <secret> --repo ghcr.io/danlishka/chainloop-test-lab

This command will, however, update the Chainloop backend service database and may affect other users in the org/project. This may break some pipelines because if you have more than one org, you might accidentally update the OCI registry you did not intend.

I think OCI registries belong to integrations.

@migmartri migmartri mentioned this issue Jun 5, 2023
Merged
@migmartri migmartri mentioned this issue Jun 14, 2023
Closed
@migmartri migmartri self-assigned this Jun 15, 2023
@migmartri
Copy link
Member Author

This issue might not be needed in the end. A different approach is described here #179

@migmartri migmartri mentioned this issue Jun 22, 2023
Closed
@migmartri migmartri mentioned this issue Jul 20, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@migmartri migmartri

Labels
component/controlplane
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@danlishka @migmartri