0.1.20220324094800

nais-salsa (0.1.20220324094800)

Changelog

• a11c8de use: pkg for main
• 0acd3a5 remove: changelog
• f17acc4 Merge pull request #9 from nais/salsa_cli_releaser
• ffeafa6 Merge remote-tracking branch 'origin/salsa_cli_releaser' into salsa_cli_releaser
• 6ce349e add: new release info
• fdd953e Merge pull request #10 from nais/dependabot/go_modules/github.com/stretchr/testify-1.7.1
• 053def7 build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1
• e6bf3b4 Merge branch 'main' into salsa_cli_releaser
• 19e055e fix: cleanup code
• 37710c4 fix: cleanup code
• 9dd8398 test: increase test coverage.
• dbcd7f9 remove: codecov, can achive same with ide or other tools
• 8abb833 add: codecov and specify cosign ver
• a9cf256 add: cover profiles to see code coverage.
• e2fe49e add: caching of go mod
• 6a212d7 update: .goreleaser.yml
• f6b217b feat: add version cmd and goreleaser.yml
• 15eecc7 Merge pull request #8 from nais/resolve_context
• 4f28efc Merge remote-tracking branch 'origin/resolve_context' into resolve_context
• c0711a1 fix: renaming
• 63510b2 Merge branch 'main' into resolve_context
• 9aeaff3 add: run for PR
• 1f1eb37 feat: resolve context type before building to add support for several build types.
• 3faf2ff Merge pull request #7 from nais/dependabot/go_modules/github.com/spf13/cobra-1.4.0
• 9733308 Merge branch 'main' into dependabot/go_modules/github.com/spf13/cobra-1.4.0
• 59a547d fix: find
• c02c437 feat: Environment for actual runner is now an interface. Possible to use contexts github or other build tools for the cli.
• 40328ff fix: re-arrange pkg for interface vcs
• 5f2183c Merge branch 'main' into dependabot/go_modules/github.com/spf13/cobra-1.4.0
• bead144 fix: add test pkg for build
• d1c63e2 fix: move dsse to own pkg
• a7a7560 fix: dont test om cmd path
• 4d2c147 fix: test
• 11f64bd build(deps): bump github.com/spf13/cobra from 1.3.0 to 1.4.0
• 586793a cleanup: integration tests to build and tools. Better error handling. export all to hash digest.
• 9422608 add: clone private repos, add progress for clone
• ca25716 add: make cmd api more smooth for clone and ad ability to provide authentication for private and internal repos.
• fc53aac fix: gradle parsing, testing with several projects
• b5b897e cleanup: simplify and remove pkg not in use.
• 5f8a7a3 cleanup: move file and function
• 21c5733 cleanup: more readable code, rename of functions to make more sense.
• a998156 Merge pull request #6 from nais/build_dependencies_map
• 0a70d7b cleanup: rename buildtool -> tool in own file. Create functions for dependencies and checksum, makes code more clean easier to read, and defaults kan be implicit or explicit. Clean up test build tests. Remove print statements
• a320ce3 add: more test cases to gradle tests. remove check for empty checksum, need to be handle more robust.
• 6243394 fix: use map when getting dependencies. Instead of slice to not have to filter/compare/contain dependencies with same coordinates.
• 6d8785c fix: error in parsing gradle dependencies. Before: left double deps and deps not '.jar' with empty checksum Now: filtered, should consider build.Dependency to be a map.
• 1baab76 add: reproducible check.
• 4953d45 add: tests for filtering of environment variables.
• 6dc4f3b Merge pull request #5 from nais/dependabot/github_actions/actions/checkout-3
• 481c6c1 build(deps): bump actions/checkout from 2.4.0 to 3
• 3c40065 add: filtering of envs
• f8f44c6 debug: output
• 098c4ca add: env to NonRep metadata object
• 4882115 remove: no default for image. needs to be provided for provenance.
• b57b36c remove: no default for image. needs to be provided for provenance.
• c7bc24c fix: simplify, get ENVs for running container, reuse IMAGE. Remove env as input.
• 70f441f add: filtered environment variables from workflow. Image is defaulted
• f2d6c76 update: ManuallyRunCommands@v1 buildconfig with command to build dependencies to be added to run commands. fix waring about imported package name.
• 24f3c44 add: mvn testdata and tests
• a8eaf36 fix: works for both local and remote, some changes wil bee needed when we start building out own images and curl them instead generating salsa each action run.
• 24c2763 fix: github_workspace
• f2aaf8e debug: print values in github to debug
• db3595b update: entrypoint.sh
• 8cbf00c fix: use sed instead of bash interpolation.
• dc85adf revert: digest usage in go., remove unused files and code.
• 2b0b5d5 revert: changes for workingDir.
• 0b4ee58 add: support for maven
• 044fa42 update: action.yml with better descriptions. add attest and verify commands. Clean up docker file.
• a5074df fix: filepath for find command
• cf4dfc4 fix: filepath for attest command
• 2b260eb feat: add manual generated commands to buildconfig in provenance. simplify scanCommand with a struct to hold relevant info and update tests accordingly.
• ca890e9 add: more robust handling of parameters input. remove unused code
• b949fcd remove: env, not working in real environment.
• 0269240 add: reproducible data structs, added github env context as input arg
• 1afb99a fix: use another approach, current root
• aed891b running the action on local "./" works for act.
• d916129 use current working
• b308396 disable: env context
• fa1e942 run the workflow
• 526073f fix: swallowed too much of the error
• 8247e9c fix: better error handling when looking for buildfiles
• e29e0f6 fix: parsing of metadata from github
• 21c9ace add: environment vars for .sh
• 35abc50 add: run and print cmd args
• c75ddb5 add: more debug and copy entrypoint
• b8e74dc add: more debug prints
• 94747fa print all arguments
• cab5ef9 add: debug print
• 1865eb3 fix: args
• cbf61ae refactor: add args as numbered arguments in entrypoint.sh
• c529af6 remove: project var
• e36e7c1 add: info log statement with output
• 267ea49 fix: remove space
• 4f341f3 add: action.yml repo_dir defaults to github.workspace
• 26daf5a revert: changes in scan command
• b6d1c79 udpate: dockerfile for running action.yml dockercontainer
• ac946de removed: default image
• c0ba85f Merge remote-tracking branch 'origin/main'
• 337045d removed: todo
• d54b12a refactor: too much of the goodies, simplified context parsing. Removed interface.
• 974fe92 Merge pull request #4 from nais/dependabot/go_modules/github.com/briandowns/spinner-1.18.1
• 5341ee5 Merge branch 'main' into dependabot/go_modules/github.com/briandowns/spinner-1.18.1
• 5110b15 refactor: yarn determine newline - change logic Co-authored-by: Jan-Kåre Solbakken jan-kare.solbakken@nav.no Co-authored-by: Youssef Bel Mekki youssef.bel.mekki@nav.no
• a1f60d8 build(deps): bump github.com/briandowns/spinner from 1.18.0 to 1.18.1
• 696b282 add: dockerfile action yml and entrypoint.sh
• 77b3dcb fix: fix github context parsing
• 1385686 test: add print of env in job
• d5024e7 test: add print of runner and env
• 90dc9f2 test: add som printing in pipline
• 075693a fix: enrich runner and github context apssed to provenance environment and parameters following the spec to slsa.
• c7cc3c2 clean: simplify provenance generation. rename provenance artifact to provenance options.
• 0cbb16b fix: deduplicate yarn lock deps. add more edge cases to tests.
• 61791db fix: trim start of dep from "
• ea281a4 fix: yarn parsing
• 184ebfc add: todos for separate verify to attest subcommand. Need integration testing. More robust provance build update test. yarn parsing is not perfect.
• 6828adc fix: simplify, fix tests
• 852f5c8 fix: handle errors.
• 10b7ee5 add: github machine runner context.
• 96fbdd9 fix: simplify and make provenance setup more readable.
• efe64b9 update: simplify and separate concern for structs.
• c8031fa update: provenance to use pa BuilderConfig
• bfb905b add: environment to tommy :D
• 086b24b fix: defaults
• e338e47 refactor: provenanceArtifact create function.
• 8e353d5 add: some more actions related vars. added some consts.
• f671238 refactor: rename pkgs and move functions closer to origin
• 7867c96 refactor: move lang/tool specific logic into same pkg/file
• c5e71b2 checksums for gradle stuff
• 3ca1d2a add: completeness check
• b0c5558 fix: missed separating a function
• 95eb35f refactor: separation of concern did the trick!
• 623a8cb refactor: Could be that a separation of concern could add some flow
• b73a871 add: set the right buildType Invocation
• e7cdf87 add: buildType to running context
• e3b1d35 fix: repoUrl and test
• b142e66 fix: renamed app -> ProvenanceArtifact moved provenance functions to same file clean up github-context test file. added some functions to Dependency. Added more tests to provenance raised test coverage from 25 % ish to 87 %.
• 923c7df refactor: wip - create separation between deps, tools and provenance stuff Co-authored-by: Jan-Kåre Solbakken jan-kare.solbakken@nav.no Co-authored-by: Sindre Rødseth Hansen sindre.rodseth.hansen@nav.no Co-authored-by: Youssef Bel Mekki youssef.bel.mekki@nav.no
• 64d20ee Add support for Composer (PHP) (#3)
• 95cdba9 fix: revert ./gradlew -M sha256 as this command resolves all dependencies - not only runtime deps * from gradle doc - https://docs.gradle.org/current/userguide/dependency_verification.html
• 4951509 feat: add verify command and refactor for easier use * attestations can now be saved from the verify command instead of using --no-upload * default value for provenance file
• 20ec809 add: TODO
• 3da28b2 update: doc
• a380cff add: support for digest for gradle
• 6b4463e add: support for digest for npm pkg
• 31b4f34 add: support yarn.lock and add digest to yarn and golang
• 5aeb8ea add: ability to scan nodejs and npm package-lock.json. Simplify build step as for npm and goolang dont need to exce, just read file.
• f33fd73 fix: should be dependency:list and update doc
• d019468 update: documenatation for prerequisites, setup of tool and usage, for further ref.
• e33bf59 fix: better output for commands
• 2f16f2e add: spinner for attest command, moved spinner to utils.
• 06e2573 fix: Better mer clear output in f...

v0.0.1-alpha

first attempt on marketplace