README
¶
OCI registry plugin
Send attestations to a compatible OCI repository.
How to use it
- To get started, you need to register the plugin in your Chainloop organization.
$ chainloop integration registered add oci-registry --opt repository=[repo] --opt username=[username] --opt password=[password]
- When attaching the integration to your workflow, you have the option to specify an image name prefix:
chainloop integration attached add --workflow $WID --integration $IID --opt prefix=custom-prefix
Examples different providers
See below a non-exhaustive list of examples for different OCI registry providers known to work well with this plugin.
Google Artifact Registry
Using json-based service account https://console.cloud.google.com/iam-admin/serviceaccounts
$ chainloop integration registered add oci-registry \
# i.e us-east1-docker.pkg.dev/my-project/chainloop-cas-devel
--opt repository=[region]-docker.pkg.dev/[my-project]/[my-repository] \
--opt username=_json_key \
--opt "password=$(cat service-account.json)"
GitHub packages
Using personal access token with write:packages permissions https://github.com/settings/tokens
$ chainloop integration registered add oci-registry \
# i.e ghcr.io/chainloop-dev/chainloop-cas
--opt repository=ghcr.io/[username or org]/[my-repository] \
--opt username=[username] \
--opt password=[personal access token]
DockerHub
Create a personal access token at https://hub.docker.com/settings/security
$ chainloop integration registered add oci-registry \
--opt repository=index.docker.io/[username] \
--opt username=[username] \
--opt password=[personal access token]
AWS Container Registry
Not supported at the moment
Registration Input Schema
| Field | Type | Required | Description |
|---|---|---|---|
| password | string | yes | OCI repository password |
| repository | string | yes | OCI repository uri and path |
| username | string | yes | OCI repository username |
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://github.com/chainloop-dev/chainloop/app/controlplane/plugins/core/oci-registry/v1/registration-request",
"properties": {
"repository": {
"type": "string",
"minLength": 1,
"description": "OCI repository uri and path"
},
"username": {
"type": "string",
"minLength": 1,
"description": "OCI repository username"
},
"password": {
"type": "string",
"minLength": 1,
"description": "OCI repository password"
}
},
"additionalProperties": false,
"type": "object",
"required": [
"repository",
"username",
"password"
]
}
Attachment Input Schema
| Field | Type | Required | Description |
|---|---|---|---|
| prefix | string | no | OCI images name prefix (default chainloop) |
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://github.com/chainloop-dev/chainloop/app/controlplane/plugins/core/oci-registry/v1/attachment-request",
"properties": {
"prefix": {
"type": "string",
"minLength": 1,
"description": "OCI images name prefix (default chainloop)"
}
},
"additionalProperties": false,
"type": "object"
}
Documentation
¶
Index ¶
- func New(l log.Logger) (sdk.FanOut, error)
- type Integration
- func (i *Integration) Attach(_ context.Context, req *sdk.AttachmentRequest) (*sdk.AttachmentResponse, error)
- func (i *Integration) Execute(ctx context.Context, req *sdk.ExecutionRequest) error
- func (i *Integration) Register(_ context.Context, req *sdk.RegistrationRequest) (*sdk.RegistrationResponse, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Integration ¶
type Integration struct {
*sdk.FanOutIntegration
}
func (*Integration) Attach ¶
func (i *Integration) Attach(_ context.Context, req *sdk.AttachmentRequest) (*sdk.AttachmentResponse, error)
Attachment is executed when to attach a registered instance of this integration to a specific workflow
Source Files
Click to show internal directories.
Click to hide internal directories.