From 061494387d4ccf8b05076d7ca3b146334850aea7 Mon Sep 17 00:00:00 2001
From: Javier Rodriguez <javier@chainloop.dev>
Date: Fri, 31 Jan 2025 11:27:21 +0100
Subject: [PATCH 1/2] feat(dagger): Allow to bypass policy checks on failures

Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
---
 extras/dagger/main.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/extras/dagger/main.go b/extras/dagger/main.go
index d735f5e14..35be079e7 100644
--- a/extras/dagger/main.go
+++ b/extras/dagger/main.go
@@ -374,6 +374,8 @@ func (att *Attestation) Push(
 	// The passphrase to decrypt the private key
 	// +optional
 	passphrase *dagger.Secret,
+	// Whether not fail if the policy check fails
+	exceptionBypassPolicyCheck bool,
 ) (string, error) {
 	container := att.Container(0)
 	args := []string{
@@ -388,6 +390,9 @@ func (att *Attestation) Push(
 	if passphrase != nil {
 		container = container.WithSecretVariable("CHAINLOOP_SIGNING_PASSWORD", passphrase)
 	}
+	if exceptionBypassPolicyCheck {
+		args = append(args, "--exception-bypass-policy-check")
+	}
 
 	return container.WithExec(args, execOpts).Stdout(ctx)
 }

From 983bf160ed8a3dc6bc47e2fb782e8aca0151c23e Mon Sep 17 00:00:00 2001
From: Javier Rodriguez <javier@chainloop.dev>
Date: Fri, 31 Jan 2025 11:35:44 +0100
Subject: [PATCH 2/2] make new option optional

Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
---
 extras/dagger/main.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/extras/dagger/main.go b/extras/dagger/main.go
index 35be079e7..a7fd5c4fe 100644
--- a/extras/dagger/main.go
+++ b/extras/dagger/main.go
@@ -375,7 +375,8 @@ func (att *Attestation) Push(
 	// +optional
 	passphrase *dagger.Secret,
 	// Whether not fail if the policy check fails
-	exceptionBypassPolicyCheck bool,
+	// +optional
+	exceptionBypassPolicyCheck *bool,
 ) (string, error) {
 	container := att.Container(0)
 	args := []string{
@@ -390,7 +391,7 @@ func (att *Attestation) Push(
 	if passphrase != nil {
 		container = container.WithSecretVariable("CHAINLOOP_SIGNING_PASSWORD", passphrase)
 	}
-	if exceptionBypassPolicyCheck {
+	if exceptionBypassPolicyCheck != nil && *exceptionBypassPolicyCheck {
 		args = append(args, "--exception-bypass-policy-check")
 	}