feat(extensions): add Discord extension and additional metadata

[migmartri]

Extension that leverages Discord webhooks to send attestations.

The inputs at registration time are a required webhook URL and an optional username override

$ chainloop integration available describe --id discord-webhook

Available integrations ready to be used during registration
┌─────────────────┬─────────┬──────────────────────────────┐
│ ID              │ VERSION │ DESCRIPTION                  │
├─────────────────┼─────────┼──────────────────────────────┤
│ discord-webhook │ 0.1     │ Send attestations to Discord │
└─────────────────┴─────────┴──────────────────────────────┘
┌───────────────────────────────────────────────────────────────────────────────────────┐
│ Registration inputs                                                                   │
├──────────┬──────────────┬──────────┬──────────────────────────────────────────────────┤
│ FIELD    │ TYPE         │ REQUIRED │ DESCRIPTION                                      │
├──────────┼──────────────┼──────────┼──────────────────────────────────────────────────┤
│ username │ string       │ no       │ Override the default username of the webhook     │
│ webhook  │ string (uri) │ yes      │ URL of the discord webhook                       │
└──────────┴──────────────┴──────────┴──────────────────────────────────────────────────┘

The result is a message that includes some metadata in the content body and an attached intoto attestation.

This patch also includes some improvements in the sdk. we now inject additional workflow information (name, project) as well as the runnerURL. refs #174 cc/ @danlishka

That new data is used to craft the resulting message.

Another interesting aspect about the implementation, is that during registration I fetch information about the webhook itself (i.e name set in discord) so we can clearly differentiate them.

$ chainloop integration registered list                        
┌──────────────────────────────────────┬─────────────────┬─────────────────┬──────────────────────────────────────────────────────────────────────────────────────┬─────────────────────┐
│ ID                                   │ DESCRIPTION     │ KIND            │ CONFIG                                                                               │ CREATED AT          │
├──────────────────────────────────────┼─────────────────┼─────────────────┼──────────────────────────────────────────────────────────────────────────────────────┼─────────────────────┤
│ 16fff68c-a017-46fe-8937-df7b7c9d7d20 │                 │ discord-webhook │ name: Chainloop webhook                                                              │ 15 Jun 23 15:19 UTC │
│                                      │                 │                 │ owner: migmartri                                                                     │                     │
│                                      │                 │                 │ username: miguel-test                                                                │                     │
├──────────────────────────────────────┼─────────────────┼─────────────────┼────────────────────────────────────────────

Closes #176

[migmartri]

I noticed that this code was buggy when the registration didn't have any metadata.

[danlishka]

LGTM!

[danlishka]

Are we merging integration and attachment configs or we are merging configurations provided during registration and attachment?

[migmartri]

Hi.

Not sure I understand the difference, but we are showing together both registration and attachment configuration states. Does it make sense?

[danlishka]

Yeah, I am nitpicking here a bit, but I was not sure at first what you mean by the integration config here.

[danlishka]

I think this is not correct. We are overwriting the configuration provided at the attachment state, and I think we should either show both (attachment and registration configs) or use the attachment value instead in case the keys are the same.

[danlishka]

To give you an example, imagine I want to add another To field at the attachment stage in the smtp extension because today the to field in the registration is more like a default value and I may want to have different values for different workflows (set via attachment).

--- a/app/controlplane/extensions/core/smtp/v1/extension.go
+++ b/app/controlplane/extensions/core/smtp/v1/extension.go
@@ -49,10 +49,12 @@ type registrationState struct {
 }

 type attachmentRequest struct {
+       To string `json:"to,omitempty" jsonschema:"format=email,description=The email address to send the ema
il to."`
        CC string `json:"cc,omitempty" jsonschema:"format=email,description=The email address of the carbon c
opy recipient."`
 }

 type attachmentState struct {
+       To string `json:"to"`

Does it make sense?

[migmartri]

Yeah, that's a good point. I updated it to instead use the attachment config in the case of a conflict.

Thanks!

[danlishka]

Do you think we should mention anything about the way we store webhooks? We treat them like credentials, which may be worth mentioning here.

[migmartri]

as an user I don't see value on mentioning it, or do you think that it could help with adoption?

[danlishka]

ok. I would like to know that this is stored securely without looking into the code.