Skip to content

Conversation

Piskoo
Copy link
Collaborator

@Piskoo Piskoo commented Jun 27, 2025

Adds warning when outdated contract revisions are used during attestation:

WRN Newer contract revision available - latest revision: 3

Closes #1910

Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>
}

// Shows warning if newer contract revision exists
func (action *AttestationInit) WarnIfOutdatedContract(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it might be easier if we extend the init API response to include the latest version if it doesn't do it already

Copy link
Member

@migmartri migmartri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, in fact I think I am wrong, there is an easier way that does not neither update the API endpoint nor doing an additional request.

The workflow response here should contain the number of the latest revision of the contract available for that workflow

workflowsResp, err := client.FindOrCreateWorkflow(ctx, &pb.FindOrCreateWorkflowRequest{

and in that action, you also have the "desired" contract revision provided by the user (note that if you do not provide it, you'll get the default value 0 which means latest, so it's optional)

ContractRevision: contractRevision,

So basically the code shoudl just check if the value is provided and smaller that the latest one that comes from the workflow API

What do you think?

Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>
@Piskoo
Copy link
Collaborator Author

Piskoo commented Jun 30, 2025

Ok, in fact I think I am wrong, there is an easier way that does not neither update the API endpoint nor doing an additional request.

The workflow response here should contain the number of the latest revision of the contract available for that workflow

workflowsResp, err := client.FindOrCreateWorkflow(ctx, &pb.FindOrCreateWorkflowRequest{

and in that action, you also have the "desired" contract revision provided by the user (note that if you do not provide it, you'll get the default value 0 which means latest, so it's optional)

ContractRevision: contractRevision,

So basically the code shoudl just check if the value is provided and smaller that the latest one that comes from the workflow API

What do you think?

You are right, I've updated the code.


// Shows warning if newer contract revision exists
func (action *AttestationInit) warnIfOutdatedContract(latestRevision, providedRevision int32) error {
if action.dryRun || action.useRemoteState || providedRevision == 0 {
Copy link
Member

@migmartri migmartri Jun 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why if remote state is set we should ignore it?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We actually shouldn't ignore it, since it does not really matter whether the attestation is stored or where it is stored.

}
workflow := workflowsResp.GetResult()

if err := action.warnIfOutdatedContract(workflow.ContractRevisionLatest, int32(opts.ContractRevision)); err != nil {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it feels like this method adds an unnecessary level of indirection. For example it can never return an error.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moved remaining logic to Run function.

Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>
Co-authored-by: Miguel Martinez Trivino <migmartri@gmail.com>
Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>
@Piskoo Piskoo merged commit e461bc7 into chainloop-dev:main Jun 30, 2025
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

show a warning ot the user when they are pinned to an old version of the contract

2 participants