Skip to content

fix(attestation-result): Include material annotations to attestation results #1969

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 11, 2025
Merged

fix(attestation-result): Include material annotations to attestation results #1969

merged 1 commit into from
Apr 11, 2025
+19 −0

Conversation

javirln
Copy link
Member

@javirln javirln commented Apr 11, 2025

This patch fixes the attestation result logic to include annotations from the attestation materials. Previously, although the annotations were present in the final attestation, they were not reflected in the attestation result, causing it to display NOT SET.

Before:

INF push completed
┌───────────────────────────┬─────────────────────────────────────────────────────────────────────────┐
│ Initialized At            │ 11 Apr 25 09:49 UTC                                                     │
├───────────────────────────┼─────────────────────────────────────────────────────────────────────────┤
│ Attestation ID            │ 4f177397-a8f8-4ca8-9ad8-82d141c8dd2c                                    │
│ Digest                    │ sha256:fffc6326efc1503972c36686c5f4a9ed587faab3ba05f08c86659b7363a99d7d │
│ Organization              │ testing                                                                 │
│ Name                      │ goreleaser                                                              │
│ Project                   │ core                                                                    │
│ Version                   │ 1.0 (prerelease)                                                        │
│ Contract                  │ core-goreleaser (revision 2)                                            │
│ Policy violation strategy │ ADVISORY                                                                │
└───────────────────────────┴─────────────────────────────────────────────────────────────────────────┘
┌───────────────────────────────────────────────────────────────────────────────────────┐
│ Materials                                                                             │
├─────────────┬─────────────────────────────────────────────────────────────────────────┤
│ Name        │ slsa-attestation                                                        │
│ Type        │ SLSA_PROVENANCE                                                         │
│ Set         │ Yes                                                                     │
│ Required    │ Yes                                                                     │
│ Value       │ chainloop-dev-chainloop-attestation-6231042.sigstore.json               │
│ Digest      │ sha256:dd80c34cadd25107f2b68f9bfd7acf0cc65d1c00ff1c4de52ae78610eb28a29f │
│ Annotations │ ------                                                                  │
│             │ github_attestation: [NOT SET]                                           │
└─────────────┴─────────────────────────────────────────────────────────────────────────┘

After:

INF push completed
┌───────────────────────────┬─────────────────────────────────────────────────────────────────────────┐
│ Initialized At            │ 11 Apr 25 09:43 UTC                                                     │
├───────────────────────────┼─────────────────────────────────────────────────────────────────────────┤
│ Attestation ID            │ fb120b3d-a014-48e2-98dc-144a58250b5d                                    │
│ Digest                    │ sha256:8297e6c3759290837a6b9d0b0e3cb15e465a8a25ddf8ccedf3bf83ed6d451ae2 │
│ Organization              │ testing                                                                 │
│ Name                      │ goreleaser                                                              │
│ Project                   │ core                                                                    │
│ Version                   │ 1.0 (prerelease)                                                        │
│ Contract                  │ core-goreleaser (revision 2)                                            │
│ Policy violation strategy │ ADVISORY                                                                │
└───────────────────────────┴─────────────────────────────────────────────────────────────────────────┘
┌───────────────────────────────────────────────────────────────────────────────────────┐
│ Materials                                                                             │
├─────────────┬─────────────────────────────────────────────────────────────────────────┤
│ Name        │ slsa-attestation                                                        │
│ Type        │ SLSA_PROVENANCE                                                         │
│ Set         │ Yes                                                                     │
│ Required    │ Yes                                                                     │
│ Value       │ chainloop-dev-chainloop-attestation-6231042.sigstore.json               │
│ Digest      │ sha256:dd80c34cadd25107f2b68f9bfd7acf0cc65d1c00ff1c4de52ae78610eb28a29f │
│ Annotations │ ------                                                                  │
│             │ github_attestation: https://example.com                                 │
└─────────────┴─────────────────────────────────────────────────────────────────────────┘

@javirln
fix(attestation-result): Include material annotations to attestation …
f0c383e 
…results

Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
@javirln javirln self-assigned this Apr 11, 2025
@javirln javirln requested review from migmartri and jiparis April 11, 2025 09:50
@javirln javirln merged commit 6e6f144 into chainloop-dev:main Apr 11, 2025
13 checks passed
@BrewTestBot BrewTestBot mentioned this pull request May 5, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jiparis jiparis jiparis approved these changes

@migmartri migmartri Awaiting requested review from migmartri

Assignees

@javirln javirln

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@javirln @jiparis