ArtC: Add integrityProtection member

eiffel-community · Oct 10, 2022 · 37fb520 · 37fb520
1 parent 4da1d54
commit 37fb520
Show file tree

Hide file tree

Showing 4 changed files with 558 additions and 1 deletion.
diff --git a/definitions/EiffelArtifactCreatedEvent/3.2.0.yml b/definitions/EiffelArtifactCreatedEvent/3.2.0.yml
@@ -0,0 +1,243 @@
+# Copyright 2017-2022 Ericsson AB and others.
+# For a full list of individual contributors, please see the commit history.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+$schema: http://json-schema.org/draft-04/schema#
+_abbrev: ArtC
+_description: The EiffelArtifactCreatedEvent declares that a software
+  artifact has been created, what its coordinates are, what it contains
+  and how it was created.
+type: object
+properties:
+  meta:
+    $ref: ../EiffelMetaProperty/3.0.0.yml
+  data:
+    type: object
+    properties:
+      identity:
+        _description: The identity of the created artifact, in [purl
+          format](https://github.com/package-url/purl-spec).
+        _format: '[purl specification](https://github.com/package-url/purl-spec)'
+        type: string
+        pattern: '^pkg:'
+      fileInformation:
+        _description: A list of the artifact file contents. This information
+          is optional and, when included, MAY include a complete or
+          incomplete list of contents. In other words, it may be used
+          to highlight only particular files of interest, such as launcher
+          binaries or other entry-points.
+        type: array
+        items:
+          type: object
+          properties:
+            name:
+              _description: The name (including relative path from
+                the root of the artifact) on syntax appropriate for
+                the artifact packaging type.
+              type: string
+            tags:
+              _description: Any tags associated with the file, to support
+                navigation and identification of items of interest.
+              type: array
+              items:
+                type: string
+            integrityProtection:
+              _description: An optional object containing a digest of
+                the file's contents, i.e. a checksum, computed using
+                the specified algorithm.
+              type: object
+              properties:
+                alg:
+                  _description: The cryptographic algorithm used to compute
+                    the digest of the file's contents.
+                  _format: One of the hash algorithms listed in section 1 of
+                    [NIST FIPS 180-4](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf),
+                    excluding "SHA-1".
+                  type: string
+                  enum:
+                    - SHA-224
+                    - SHA-256
+                    - SHA-384
+                    - SHA-512
+                    - SHA-512/224
+                    - SHA-512/256
+                digest:
+                  _description: The digest of the file contents.
+                  _format: A lowercase string of hexadecimal digits.
+                  type: string
+                  pattern: ^[0-9a-f]+$
+              required:
+                - alg
+                - digest
+              additionalProperties: false
+          required:
+            - name
+          additionalProperties: false
+      buildCommand:
+        _description: The command used to build the artifact within
+          the identified environment. Used for reproducability purposes.
+        type: string
+      requiresImplementation:
+        _description: |-
+          Defines whether this artifact requires an implementing artifact. This is typically used for interfaces requiring some backend implementation, although the interface does not presume to define _which_ implementation. Implicitly interpreted as "ANY" if undefined.
+          NONE signifies that there SHALL no implementations of this artifact. In other words, a composition containing another artifact identifying it in __data.implements__ would be illegal.  
+          ANY signifies that there may or may not be implementations of this artifact.  
+          EXACTLY_ONE signifies that a legal composition must contain one and only one implementation of this artifact.  
+          AT_LEAST_ONE signifies that a legal composition must contain one or more implementations of this artifact.
+        type: string
+        enum:
+          - NONE
+          - ANY
+          - EXACTLY_ONE
+          - AT_LEAST_ONE
+      dependsOn:
+        _description: An array of [purl identified](https://github.com/package-url/purl-spec)
+          entities this artifact depends on. While not included in
+          the purl specification itself, the Eiffel protocol allows
+          version range notation according to [Maven syntax](https://docs.oracle.com/middleware/1212/core/MAVEN/maven_version.htm#MAVEN402)
+          to be used for the version component of the package identity.
+          Note that the purl specification always requires the version
+          component to be percent-encoded.
+        _format: '[purl specification](https://github.com/package-url/purl-spec)'
+        type: array
+        items:
+          type: string
+          pattern: '^pkg:'
+      implements:
+        _description: An array of [purl identified](https://github.com/package-url/purl-spec)
+          entities this artifact implements. The typical use case of
+          this is to identify interfaces implemented by this artifact.
+          While not included in the purl specification itself, the
+          Eiffel protocol allows version range notation according to
+          [Maven syntax](https://docs.oracle.com/middleware/1212/core/MAVEN/maven_version.htm#MAVEN402)
+          to be used for the version component of the package identity.
+          Note that the purl specification always requires the version
+          component to be percent-encoded.
+        _format: '[purl specification](https://github.com/package-url/purl-spec)'
+        type: array
+        items:
+          type: string
+          pattern: '^pkg:'
+      name:
+        _description: Any (colloquial) name of the artifact. Unlike
+          __data.identity__, this is not intended as an unambiguous
+          identifier of the artifact, but as a descriptive and human
+          readable name.
+        type: string
+      customData:
+        type: array
+        items:
+          $ref: ../EiffelCustomDataProperty/1.0.0.yml
+    required:
+      - identity
+    additionalProperties: false
+  links:
+    type: array
+    items:
+      $ref: ../EiffelEventLink/1.1.1.yml
+required:
+  - meta
+  - data
+  - links
+additionalProperties: false
+_links:
+  CAUSE:
+    description: 'Identifies a cause of the event occurring. SHOULD
+      not be used in conjunction with __CONTEXT__: individual events
+      providing __CAUSE__ within a larger context gives rise to ambiguity.
+      It is instead recommended to let the root event of the context
+      declare __CAUSE__.'
+    required: false
+    multiple: true
+    targets:
+      any_type: true
+      types: []
+  COMPOSITION:
+    description: Identifies the composition from which this artifact
+      was built.
+    required: false
+    multiple: false
+    targets:
+      any_type: false
+      types:
+        - EiffelCompositionDefinedEvent
+  CONTEXT:
+    description: Identifies the activity or test suite of which this
+      event constitutes a part.
+    required: false
+    multiple: false
+    targets:
+      any_type: false
+      types:
+        - EiffelActivityTriggeredEvent
+        - EiffelTestSuiteStartedEvent
+  ENVIRONMENT:
+    description: Identifies the environment in which this artifact
+      was built.
+    required: false
+    multiple: false
+    targets:
+      any_type: false
+      types:
+        - EiffelEnvironmentDefinedEvent
+  FLOW_CONTEXT:
+    description: 'Identifies the flow context of the event: which is
+      the continuous integration and delivery flow in which this occurred
+      – e.g. which product, project, track or version this is applicable
+      to.'
+    required: false
+    multiple: true
+    targets:
+      any_type: false
+      types:
+        - EiffelFlowContextDefinedEvent
+  PREVIOUS_VERSION:
+    description: Identifies a latest previous version (there may be
+      more than one in case of merges) of the artifact the event represents.
+    required: false
+    multiple: true
+    targets:
+      any_type: false
+      types:
+        - EiffelArtifactCreatedEvent
+_history:
+  - version: 3.2.0
+    introduced_in: No edition set
+    changes: Added data.fileInformation.integrityProtection member (see [Issue 290](https://github.com/eiffel-community/eiffel/issues/290)).
+  - version: 3.1.0
+    introduced_in: '[edition-lyon](../../../tree/edition-lyon)'
+    changes: Add links.domainId member (see [Issue 233](https://github.com/eiffel-community/eiffel/issues/233)).
+  - version: 3.0.0
+    introduced_in: '[edition-agen](../../../tree/edition-agen)'
+    changes: Improved information integrity protection (see [Issue
+      185](https://github.com/eiffel-community/eiffel/issues/185)).
+  - version: 2.0.0
+    introduced_in: '[dc5ec6f](../../../blob/dc5ec6fb87e293eeffe88fdafe698eec0f5a2c89/eiffel-vocabulary/EiffelArtifactCreatedEvent.md)'
+    changes: Introduced purl identifiers instead of GAVs (see [Issue
+      182](https://github.com/eiffel-community/eiffel/issues/182))
+  - version: 1.1.0
+    introduced_in: '[edition-toulouse](../../../tree/edition-toulouse)'
+    changes: Multiple links of type FLOW_CONTEXT allowed.
+  - version: 1.0.0
+    introduced_in: '[edition-bordeaux](../../../tree/edition-bordeaux)'
+    changes: Initial version.
+_examples:
+  - title: Simple example
+    url: ../examples/events/EiffelArtifactCreatedEvent/simple.json
+  - title: Interface example
+    url: ../examples/events/EiffelArtifactCreatedEvent/interface.json
+  - title: Backend example
+    url: ../examples/events/EiffelArtifactCreatedEvent/backend.json
+  - title: Dependent example
+    url: ../examples/events/EiffelArtifactCreatedEvent/dependent.json
diff --git a/eiffel-vocabulary/EiffelArtifactCreatedEvent.md b/eiffel-vocabulary/EiffelArtifactCreatedEvent.md
@@ -1,5 +1,5 @@
 <!---
-   This file was generated from ../definitions/EiffelArtifactCreatedEvent/3.1.0.yml.
+   This file was generated from ../definitions/EiffelArtifactCreatedEvent/3.2.0.yml.
    See that file for a copyright notice.
 --->
 
@@ -29,6 +29,24 @@ __Type:__ String[]
 __Required:__ No  
 __Description:__ Any tags associated with the file, to support navigation and identification of items of interest.
 
+#### data.fileInformation.integrityProtection
+__Type:__ Object  
+__Required:__ No  
+__Description:__ An optional object containing a digest of the file's contents, i.e. a checksum, computed using the specified algorithm.
+
+##### data.fileInformation.integrityProtection.alg
+__Type:__ String  
+__Format:__ One of the hash algorithms listed in section 1 of [NIST FIPS 180-4](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf), excluding "SHA-1".  
+__Required:__ Yes  
+__Legal values:__ SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256  
+__Description:__ The cryptographic algorithm used to compute the digest of the file's contents.
+
+##### data.fileInformation.integrityProtection.digest
+__Type:__ String  
+__Format:__ A lowercase string of hexadecimal digits.  
+__Required:__ Yes  
+__Description:__ The digest of the file contents.
+
 ### data.buildCommand
 __Type:__ String  
 __Required:__ No  
@@ -229,6 +247,7 @@ __Description:__ The number of the event within the named sequence.
 
 | Version | Introduced in | Changes |
 | ------- | ------------- | ------- |
+| 3.2.0 | No edition set | Added data.fileInformation.integrityProtection member (see [Issue 290](https://github.com/eiffel-community/eiffel/issues/290)). |
 | 3.1.0 | [edition-lyon](../../../tree/edition-lyon) | Add links.domainId member (see [Issue 233](https://github.com/eiffel-community/eiffel/issues/233)). |
 | 3.0.0 | [edition-agen](../../../tree/edition-agen) | Improved information integrity protection (see [Issue 185](https://github.com/eiffel-community/eiffel/issues/185)). |
 | 2.0.0 | [dc5ec6f](../../../blob/dc5ec6fb87e293eeffe88fdafe698eec0f5a2c89/eiffel-vocabulary/EiffelArtifactCreatedEvent.md) | Introduced purl identifiers instead of GAVs (see [Issue 182](https://github.com/eiffel-community/eiffel/issues/182)) |

diff --git a/examples/events/EiffelArtifactCreatedEvent/checksum.json b/examples/events/EiffelArtifactCreatedEvent/checksum.json
@@ -0,0 +1,31 @@
+{
+  "meta": {
+    "type": "EiffelArtifactCreatedEvent",
+    "version": "3.2.0",
+    "time": 1234567890,
+    "id": "aaaaaaaa-bbbb-5ccc-8ddd-eeeeeeeeeee0"
+  },
+  "data": {
+    "identity": "pkg:generic/empty-file",
+    "fileInformation": [
+      {
+        "name": "empty-file.txt",
+        "integrityProtection": {
+          "alg": "SHA-256",
+          "digest": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
+        }
+      }
+    ],
+    "name": "This artifact is just an empty file"
+  },
+  "links": [
+    {
+      "type": "CAUSE",
+      "target": "aaaaaaaa-bbbb-5ccc-8ddd-eeeeeeeeeee1"
+    },
+    {
+      "type": "COMPOSITION",
+      "target": "aaaaaaaa-bbbb-5ccc-8ddd-eeeeeeeeeee1"
+    }
+  ]
+}