Skip to content

feat: add commit digest in subject #382

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Oct 11, 2023
Merged

feat: add commit digest in subject #382

merged 8 commits into from
Oct 11, 2023

Conversation

migmartri
Copy link
Member

@migmartri migmartri commented Oct 10, 2023
edited
Loading

It adds sha1 digest of the git repository where the attestation is made.

This value is empty if the attestation happens outside of a repo

{
  "_type": "https://in-toto.io/Statement/v0.1",
  "predicateType": "chainloop.dev/attestation/v0.2",
  "subject": [
    {
      "name": "chainloop.workflow.empty",
      "digest": {
        "sha256": "eec3f9e5bd477a5d95c4aea898d8ce05339e658a9634e090514746e9a2e8ca84"
      }
    },
    {
      "name": "git.head",
      "digest": {
        "sha1": "83d34125f5f6abe66c450fc1ed37ec630a7d4101"
      }
    }
  ],
  "predicate": {
    "metadata": {
      "name": "empty",
      "project": "empty",
      "team": "",
      "initializedAt": "2023-10-11T07:45:24.329348618Z",
      "finishedAt": "2023-10-11T09:45:40.019661234+02:00",
      "workflowRunID": "6888c2a8-9332-47d7-be37-8d344cb19358",
      "workflowID": "7e2f7529-1bef-4ba3-b3d2-297f96df7749"
    },
    "builder": {
      "id": "chainloop.dev/cli/dev@sha256:8aad02874ab3e15a45ac53199c8828aaa8c4367c328fb9bf38e13bf751e9392a"
    },
    "buildType": "chainloop.dev/workflowrun/v0.1",
    "runnerType": "RUNNER_TYPE_UNSPECIFIED",
    "materials": [
      {
        "digest": {
          "sha256": "0173a54b14c1f163c3015c9ddd32c781f6074a32986b7bcd5448a719f4e285aa"
        },
        "name": "main.go",
        "annotations": {
          "chainloop.material.cas": true,
          "chainloop.material.name": "foo",
          "chainloop.material.type": "ARTIFACT"
        }
      }
    ]
  }
}

Refs #373

@migmartri
feat: add sha1
d81aaa0 
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
@migmartri
chore: fix tests
a6e658a 
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
@migmartri
chore: fix tests
ac63c17 
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
@migmartri
fix tests
2ef1779 
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
@migmartri
fix tests
2bd5bb0 
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
@migmartri migmartri marked this pull request as ready for review October 10, 2023 22:49
@migmartri migmartri requested a review from danlishka October 10, 2023 22:49
@migmartri
update naming
83d3412 
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
@migmartri
update naming
46fa0ed 
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
@migmartri
update naming
0c46af3 
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
@migmartri migmartri mentioned this pull request Oct 11, 2023
Closed
2 tasks
danlishka
danlishka approved these changes Oct 11, 2023
View reviewed changes
Copy link
Member

@danlishka danlishka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please make sure we document how this repo gets found and that it happens during the attestation init.

@migmartri migmartri merged commit d8ccd9f into chainloop-dev:main Oct 11, 2023
@migmartri migmartri deleted the sha1-subject branch October 11, 2023 09:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danlishka danlishka danlishka approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@migmartri @danlishka