feat(contracts): move attestation phases policy references#2802
feat(contracts): move attestation phases policy references#2802Piskoo wants to merge 4 commits intochainloop-dev:mainfrom
Conversation
Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>
| // Controls at which attestation phases this policy is evaluated. | ||
| // Empty means evaluate at all phases (INIT and PUSH) for backwards compatibility. | ||
| // Only applicable when kind is ATTESTATION. | ||
| repeated AttestationPhase attestation_phases = 5; |
There was a problem hiding this comment.
I don't believe this is being used anywhere. But better mark it as "deprecated" and we can remove it later on.
There was a problem hiding this comment.
Or maybe we can have both behaviours (apply the one contract, and if not present, use the defaults in the policy if they exist)
There was a problem hiding this comment.
Added it back as fallback for now, but it's marked as depracted
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
migmartri
left a comment
migmartri
left a comment
There was a problem hiding this comment.
Wait. That this feature is meant to be in the policy itself not in the contract. I am wondering if we want to support both
https://docs.chainloop.dev/concepts/policies#configuring-phases-in-a-policy-spec |
Having it in the policy spec makes it less reusable. I wonder then why this change was applied 13386c8 |
We only have one use case for the release gate, and it should be placed in the contract, since it's using a policy that's also useful in different contexts. |
|
@Piskoo We're going to close this issue. The former issue was a policy being executed with wrong data. Instead of skipping the policy, we are fixing the workflow to ensure the data is consistent. We can come back to this PR if/when we need an actual override at the contract level for policy phases. |
3 participants
The
attestation_phasesfield was incorrectly placed onPolicySpecV2(the policy definition) instead ofPolicyAttachment(the contract attachment). This moves it toPolicyAttachmentso users can control at which lifecycle phase (INIT/PUSH) a policy is evaluated directly in the contract.attestation_phasesinPolicySpecV2was marked as depracted and acts as a fallback logic now.