From 6c5dba6a6b823e40fa37e93b8b700d0cb47ee89c Mon Sep 17 00:00:00 2001 From: Sylwester Piskozub Date: Fri, 27 Jun 2025 15:08:47 +0200 Subject: [PATCH 1/4] feat(attestation): add warning when outdated contract is used Signed-off-by: Sylwester Piskozub --- app/cli/cmd/attestation_init.go | 12 ++++++++ app/cli/internal/action/attestation_init.go | 32 +++++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/app/cli/cmd/attestation_init.go b/app/cli/cmd/attestation_init.go index 87b015f03..4ab9e8d01 100644 --- a/app/cli/cmd/attestation_init.go +++ b/app/cli/cmd/attestation_init.go @@ -121,6 +121,18 @@ func newAttestationInitCmd() *cobra.Command { return newGracefulError(err) } + if !attestationDryRun && newWorkflowcontract == "" { + err := a.WarnIfOutdatedContract( + cmd.Context(), + workflowName, + projectName, + int32(contractRevision), + ) + if err != nil { + return newGracefulError(err) + } + } + if res.DryRun { logger.Info().Msg("The attestation is being crafted in dry-run mode. It will not get stored once rendered") } diff --git a/app/cli/internal/action/attestation_init.go b/app/cli/internal/action/attestation_init.go index 9e4a9515c..073796af1 100644 --- a/app/cli/internal/action/attestation_init.go +++ b/app/cli/internal/action/attestation_init.go @@ -326,3 +326,35 @@ func groupMaterialToCraftingSchemaMaterial(gm *v1.PolicyGroup_Material, group *v Optional: gm.Optional, }, nil } + +// Shows warning if newer contract revision exists +func (action *AttestationInit) WarnIfOutdatedContract( + ctx context.Context, + workflowName, projectName string, + currentRevision int32, +) error { + if action.dryRun || action.useRemoteState || currentRevision == 0 { + return nil + } + client := pb.NewAttestationServiceClient(action.CPConnection) + latestResp, err := client.GetContract(ctx, &pb.AttestationServiceGetContractRequest{ + ContractRevision: 0, + WorkflowName: workflowName, + ProjectName: projectName, + }) + + if err != nil { + if status.Code(err) != codes.NotFound { + action.Logger.Debug().Err(err).Msg("failed to check for contract version") + } + return nil + } + + latestRev := latestResp.Result.GetContract().GetRevision() + if currentRevision < latestRev { + action.Logger.Warn(). + Msgf("Newer contract revision available - latest revision: %d", latestRev) + } + + return nil +} From 1ab63668f624061aabcd712b86b09cb95f1dc179 Mon Sep 17 00:00:00 2001 From: Sylwester Piskozub Date: Mon, 30 Jun 2025 08:50:52 +0200 Subject: [PATCH 2/4] refactor: get latest revision from workflow Signed-off-by: Sylwester Piskozub --- app/cli/cmd/attestation_init.go | 12 -------- app/cli/internal/action/attestation_init.go | 31 ++++++--------------- 2 files changed, 8 insertions(+), 35 deletions(-) diff --git a/app/cli/cmd/attestation_init.go b/app/cli/cmd/attestation_init.go index 4ab9e8d01..87b015f03 100644 --- a/app/cli/cmd/attestation_init.go +++ b/app/cli/cmd/attestation_init.go @@ -121,18 +121,6 @@ func newAttestationInitCmd() *cobra.Command { return newGracefulError(err) } - if !attestationDryRun && newWorkflowcontract == "" { - err := a.WarnIfOutdatedContract( - cmd.Context(), - workflowName, - projectName, - int32(contractRevision), - ) - if err != nil { - return newGracefulError(err) - } - } - if res.DryRun { logger.Info().Msg("The attestation is being crafted in dry-run mode. It will not get stored once rendered") } diff --git a/app/cli/internal/action/attestation_init.go b/app/cli/internal/action/attestation_init.go index 073796af1..e17dc42c1 100644 --- a/app/cli/internal/action/attestation_init.go +++ b/app/cli/internal/action/attestation_init.go @@ -132,6 +132,10 @@ func (action *AttestationInit) Run(ctx context.Context, opts *AttestationInitRun } workflow := workflowsResp.GetResult() + if err := action.warnIfOutdatedContract(workflow.ContractRevisionLatest, int32(opts.ContractRevision)); err != nil { + return "", err + } + // 2 - Get contract contractResp, err := client.GetContract(ctx, &pb.AttestationServiceGetContractRequest{ ContractRevision: int32(opts.ContractRevision), @@ -328,33 +332,14 @@ func groupMaterialToCraftingSchemaMaterial(gm *v1.PolicyGroup_Material, group *v } // Shows warning if newer contract revision exists -func (action *AttestationInit) WarnIfOutdatedContract( - ctx context.Context, - workflowName, projectName string, - currentRevision int32, -) error { - if action.dryRun || action.useRemoteState || currentRevision == 0 { - return nil - } - client := pb.NewAttestationServiceClient(action.CPConnection) - latestResp, err := client.GetContract(ctx, &pb.AttestationServiceGetContractRequest{ - ContractRevision: 0, - WorkflowName: workflowName, - ProjectName: projectName, - }) - - if err != nil { - if status.Code(err) != codes.NotFound { - action.Logger.Debug().Err(err).Msg("failed to check for contract version") - } +func (action *AttestationInit) warnIfOutdatedContract(latestRevision, providedRevision int32) error { + if action.dryRun || action.useRemoteState || providedRevision == 0 { return nil } - latestRev := latestResp.Result.GetContract().GetRevision() - if currentRevision < latestRev { + if providedRevision < latestRevision { action.Logger.Warn(). - Msgf("Newer contract revision available - latest revision: %d", latestRev) + Msgf("Newer contract revision available - latest revision: %d", latestRevision) } - return nil } From e065f52fe0bd057bb1466c1dfc4f380153fd1ec3 Mon Sep 17 00:00:00 2001 From: Sylwester Piskozub Date: Mon, 30 Jun 2025 10:44:56 +0200 Subject: [PATCH 3/4] refactor: simplify contract revision warning Signed-off-by: Sylwester Piskozub --- app/cli/internal/action/attestation_init.go | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) diff --git a/app/cli/internal/action/attestation_init.go b/app/cli/internal/action/attestation_init.go index e17dc42c1..214b2930a 100644 --- a/app/cli/internal/action/attestation_init.go +++ b/app/cli/internal/action/attestation_init.go @@ -132,8 +132,10 @@ func (action *AttestationInit) Run(ctx context.Context, opts *AttestationInitRun } workflow := workflowsResp.GetResult() - if err := action.warnIfOutdatedContract(workflow.ContractRevisionLatest, int32(opts.ContractRevision)); err != nil { - return "", err + // Show warning if newer contract revision exists + if opts.ContractRevision > 0 && int32(opts.ContractRevision) < workflow.ContractRevisionLatest { + action.Logger.Warn(). + Msgf("Newer contract revision available - latest revision: %d", workflow.ContractRevisionLatest) } // 2 - Get contract @@ -330,16 +332,3 @@ func groupMaterialToCraftingSchemaMaterial(gm *v1.PolicyGroup_Material, group *v Optional: gm.Optional, }, nil } - -// Shows warning if newer contract revision exists -func (action *AttestationInit) warnIfOutdatedContract(latestRevision, providedRevision int32) error { - if action.dryRun || action.useRemoteState || providedRevision == 0 { - return nil - } - - if providedRevision < latestRevision { - action.Logger.Warn(). - Msgf("Newer contract revision available - latest revision: %d", latestRevision) - } - return nil -} From 78c5f73e140d332ee1cbae43f473e062d5c20b62 Mon Sep 17 00:00:00 2001 From: Sylwester Piskozub Date: Mon, 30 Jun 2025 10:53:43 +0200 Subject: [PATCH 4/4] update warning content Co-authored-by: Miguel Martinez Trivino Signed-off-by: Sylwester Piskozub --- app/cli/internal/action/attestation_init.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/cli/internal/action/attestation_init.go b/app/cli/internal/action/attestation_init.go index 214b2930a..a6d53cf14 100644 --- a/app/cli/internal/action/attestation_init.go +++ b/app/cli/internal/action/attestation_init.go @@ -135,7 +135,7 @@ func (action *AttestationInit) Run(ctx context.Context, opts *AttestationInitRun // Show warning if newer contract revision exists if opts.ContractRevision > 0 && int32(opts.ContractRevision) < workflow.ContractRevisionLatest { action.Logger.Warn(). - Msgf("Newer contract revision available - latest revision: %d", workflow.ContractRevisionLatest) + Msgf("Newer contract revision available: %d, pinned version: %d", workflow.ContractRevisionLatest, opts.ContractRevision) } // 2 - Get contract