Skip to content

feat(dependency-track): support global annotations in project name #285

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 31, 2023
Merged

feat(dependency-track): support global annotations in project name #285

merged 3 commits into from
Jul 31, 2023

Conversation

migmartri
Copy link
Member

Allows leveraging global annotations in the dependency-track project name.

For example, let's assume we have the following contract with both material (called component) and global annotations (branch)

cat /tmp/schema-old.json                        
{
        "schemaVersion":  "v1",
        "annotations":  [
                {
                        "name":  "branch",
                        "value": "stable"
                }
        ],
        "materials":  [
                {
                        "type":  "SBOM_CYCLONEDX_JSON",
                        "name":  "controlplane-sbom",
                        "annotations":  [
                                {
                                        "name":  "component",
                                        "value":  "controlplane"
                                }
                        ]
                },
                {
                        "type":  "SBOM_CYCLONEDX_JSON",
                        "name":  "cas-sbom",
                        "annotations":  [
                                {
                                        "name":  "component",
                                        "value":  "cas"
                                }
                        ]
                }
        ]
}

You can now attach the dependency-track instance to leverage both types of annotations

$ chainloop integration attached add .... 
--opt projectName="{{.Material.Annotations.component}}-{{ .Attestation.Annotations.branch }}"

This will push the SBOMs to different projects based on those annotations.

image

@migmartri
feat: support global annotations
0161053 
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
@migmartri migmartri requested a review from danlishka July 31, 2023 11:43
migmartri added 2 commits July 31, 2023 14:17
@migmartri
feat: support global annotations
1e456a6 
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
@migmartri
feat: support global annotations
f3d830f 
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
danlishka
danlishka approved these changes Jul 31, 2023
View reviewed changes
Copy link
Member

@danlishka danlishka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@migmartri migmartri merged commit b2a5117 into chainloop-dev:main Jul 31, 2023
@migmartri migmartri deleted the enable-dep-track branch July 31, 2023 12:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danlishka danlishka danlishka approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@migmartri @danlishka