From 06b11d309ceb1c635f885379a5893d49dc888cb0 Mon Sep 17 00:00:00 2001 From: Daniel Liszka Date: Thu, 27 Jul 2023 17:51:05 +0200 Subject: [PATCH 1/2] feat: Azure Devops Pipeline support Signed-off-by: Daniel Liszka --- docs/reference/operator/contract.mdx | 18 ++++++++++++++++++ .../azure-devops-pipeline.yaml | 13 +++++++++++++ .../contracts/empty/azure-devops-pipeline.yaml | 5 +++++ 3 files changed, 36 insertions(+) create mode 100644 examples/contracts/container-image-sbom/azure-devops-pipeline.yaml create mode 100644 examples/contracts/empty/azure-devops-pipeline.yaml diff --git a/docs/reference/operator/contract.mdx b/docs/reference/operator/contract.mdx index d86a741..1a438dc 100644 --- a/docs/reference/operator/contract.mdx +++ b/docs/reference/operator/contract.mdx @@ -112,6 +112,24 @@ The following environment variables will be automatically added to the attestati A link to the Gitlab CI job will be recorded in the control plane too during initialization. +### `AZURE_DEVOPS_PIPELINE` + +The following environment variables will be automatically added to the attestation. For more information on what they mean refer to [this link](https://learn.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml). + +- `BUILD_REQUESTEDFOREMAIL` +- `BUILD_REQUESTEDFOR` +- `BUILD_REPOSITORY_URI` +- `BUILD_REPOSITORY_NAME` +- `BUILD_BUILDID` +- `BUILD_BUILDNUMBER` +- `BUILD_BUILDURI` +- `BUILD_REASON` +- `AGENT_VERSION` +- `TF_BUILD` + +A link to the Azure Pipeline build will be recorded in the control plane too during initialization. + + :::tip Remember, if all the **env variables** that you need are not defined in the context, you can extend such list via the `envAllowList` option. ::: diff --git a/examples/contracts/container-image-sbom/azure-devops-pipeline.yaml b/examples/contracts/container-image-sbom/azure-devops-pipeline.yaml new file mode 100644 index 0000000..b7156ca --- /dev/null +++ b/examples/contracts/container-image-sbom/azure-devops-pipeline.yaml @@ -0,0 +1,13 @@ +schemaVersion: v1 + +# Require both a container image reference and a CycloneDX SBOM with the attestation happening in Azure Devops Pipeline +materials: + - type: CONTAINER_IMAGE + name: image + output: true + + - type: SBOM_CYCLONEDX_JSON + name: sbom + +runner: + type: "AZURE_DEVOPS_PIPELINE" diff --git a/examples/contracts/empty/azure-devops-pipeline.yaml b/examples/contracts/empty/azure-devops-pipeline.yaml new file mode 100644 index 0000000..2e25451 --- /dev/null +++ b/examples/contracts/empty/azure-devops-pipeline.yaml @@ -0,0 +1,5 @@ +# Empty Chainloop contract valid for a workflow run in a Azure Devops Pipeline +schemaVersion: "v1" +# See https://docs.chainloop.dev/reference/operator/contract#runner-context +runner: + type: "AZURE_DEVOPS_PIPELINE" From 05e61edd85061a85b7f7f61036b20b4fdfae1f11 Mon Sep 17 00:00:00 2001 From: Daniel Liszka Date: Sat, 29 Jul 2023 23:14:54 +0200 Subject: [PATCH 2/2] feat: Azure Devops Pipeline support - use AZURE_PIPELINE instead of AZURE_DEVOPS_PIPELINE Signed-off-by: Daniel Liszka --- docs/reference/operator/contract.mdx | 2 +- .../{azure-devops-pipeline.yaml => azure-pipeline.yaml} | 2 +- examples/contracts/empty/azure-devops-pipeline.yaml | 5 ----- examples/contracts/empty/azure-pipeline.yaml | 5 +++++ 4 files changed, 7 insertions(+), 7 deletions(-) rename examples/contracts/container-image-sbom/{azure-devops-pipeline.yaml => azure-pipeline.yaml} (89%) delete mode 100644 examples/contracts/empty/azure-devops-pipeline.yaml create mode 100644 examples/contracts/empty/azure-pipeline.yaml diff --git a/docs/reference/operator/contract.mdx b/docs/reference/operator/contract.mdx index 1a438dc..1a17352 100644 --- a/docs/reference/operator/contract.mdx +++ b/docs/reference/operator/contract.mdx @@ -112,7 +112,7 @@ The following environment variables will be automatically added to the attestati A link to the Gitlab CI job will be recorded in the control plane too during initialization. -### `AZURE_DEVOPS_PIPELINE` +### `AZURE_PIPELINE` The following environment variables will be automatically added to the attestation. For more information on what they mean refer to [this link](https://learn.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml). diff --git a/examples/contracts/container-image-sbom/azure-devops-pipeline.yaml b/examples/contracts/container-image-sbom/azure-pipeline.yaml similarity index 89% rename from examples/contracts/container-image-sbom/azure-devops-pipeline.yaml rename to examples/contracts/container-image-sbom/azure-pipeline.yaml index b7156ca..c86d9a8 100644 --- a/examples/contracts/container-image-sbom/azure-devops-pipeline.yaml +++ b/examples/contracts/container-image-sbom/azure-pipeline.yaml @@ -10,4 +10,4 @@ materials: name: sbom runner: - type: "AZURE_DEVOPS_PIPELINE" + type: "AZURE_PIPELINE" diff --git a/examples/contracts/empty/azure-devops-pipeline.yaml b/examples/contracts/empty/azure-devops-pipeline.yaml deleted file mode 100644 index 2e25451..0000000 --- a/examples/contracts/empty/azure-devops-pipeline.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# Empty Chainloop contract valid for a workflow run in a Azure Devops Pipeline -schemaVersion: "v1" -# See https://docs.chainloop.dev/reference/operator/contract#runner-context -runner: - type: "AZURE_DEVOPS_PIPELINE" diff --git a/examples/contracts/empty/azure-pipeline.yaml b/examples/contracts/empty/azure-pipeline.yaml new file mode 100644 index 0000000..3042494 --- /dev/null +++ b/examples/contracts/empty/azure-pipeline.yaml @@ -0,0 +1,5 @@ +# Empty Chainloop contract valid for a workflow run in a Azure Pipeline +schemaVersion: "v1" +# See https://docs.chainloop.dev/reference/operator/contract#runner-context +runner: + type: "AZURE_PIPELINE"