Skip to content

feat(cli): retrieve worklowRun by attestation digest #425

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 9, 2023
Merged

feat(cli): retrieve worklowRun by attestation digest #425

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 9 additions & 4 deletions app/cli/cmd/workflow_workflow_run_describe.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
package cmd

import (
"context"
"errors"
"fmt"
"os"
Expand All @@ -32,7 +33,7 @@ const formatStatement = "statement"
const formatAttestation = "attestation"

func newWorkflowWorkflowRunDescribeCmd() *cobra.Command {
var runID, publicKey string
var runID, attestationDigest, publicKey string
var verifyAttestation bool
// TODO: Replace by retrieving key from rekor
const signingKeyEnvVarName = "CHAINLOOP_SIGNING_PUBLIC_KEY"
Expand All @@ -44,10 +45,15 @@ func newWorkflowWorkflowRunDescribeCmd() *cobra.Command {
if verifyAttestation && publicKey == "" {
return errors.New("a public key needs to be provided for verification")
}

if runID == "" && attestationDigest == "" {
return errors.New("either a run ID or the attestation digest needs to be provided")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[very nit]

must be provided

}

return nil
},
RunE: func(cmd *cobra.Command, args []string) error {
res, err := action.NewWorkflowRunDescribe(actionOpts).Run(runID, verifyAttestation, publicKey)
res, err := action.NewWorkflowRunDescribe(actionOpts).Run(context.Background(), runID, attestationDigest, verifyAttestation, publicKey)
if err != nil {
return err
}
Expand All @@ -57,8 +63,7 @@ func newWorkflowWorkflowRunDescribeCmd() *cobra.Command {
}

cmd.Flags().StringVar(&runID, "id", "", "workflow Run ID")
err := cmd.MarkFlagRequired("id")
cobra.CheckErr(err)
cmd.Flags().StringVar(&attestationDigest, "digest", "", "content digest of the attestation")

cmd.Flags().BoolVar(&verifyAttestation, "verify", false, "verify the attestation")
cmd.Flags().StringVar(&publicKey, "key", "", fmt.Sprintf("public key used to verify the attestation. Note: You can also use env variable %s", signingKeyEnvVarName))
Expand Down
16 changes: 11 additions & 5 deletions app/cli/internal/action/workflow_run_describe.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,11 +80,17 @@ func NewWorkflowRunDescribe(cfg *ActionsOpts) *WorkflowRunDescribe {
return &WorkflowRunDescribe{cfg}
}

func (action *WorkflowRunDescribe) Run(runID string, verify bool, publicKey string) (*WorkflowRunItemFull, error) {
func (action *WorkflowRunDescribe) Run(ctx context.Context, runID string, digest string, verify bool, publicKey string) (*WorkflowRunItemFull, error) {
client := pb.NewWorkflowRunServiceClient(action.cfg.CPConnection)
resp, err := client.View(context.Background(), &pb.WorkflowRunServiceViewRequest{
Ref: &pb.WorkflowRunServiceViewRequest_Id{Id: runID},
})

req := &pb.WorkflowRunServiceViewRequest{}
if digest != "" {
req.Ref = &pb.WorkflowRunServiceViewRequest_Digest{Digest: digest}
} else if runID != "" {
req.Ref = &pb.WorkflowRunServiceViewRequest_Id{Id: runID}
}

resp, err := client.View(ctx, req)
Comment on lines +87 to +93
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nit]
Maybe the 2nd branch could be a simple else.
Not a big deal though.

if err != nil {
return nil, err
}
Expand Down Expand Up @@ -113,7 +119,7 @@ func (action *WorkflowRunDescribe) Run(runID string, verify bool, publicKey stri
}

if verify {
if err := verifyEnvelope(context.Background(), envelope, publicKey); err != nil {
if err := verifyEnvelope(ctx, envelope, publicKey); err != nil {
action.cfg.Logger.Debug().Err(err).Msg("verifying the envelope")
return nil, errors.New("invalid signature, did you provide the right key?")
}
Expand Down