Documentation ¶
Index ¶
- func CmdExec(baseCmd, dir string, args ...string) (string, error)
- func FileExists(fpath string) bool
- func GenerateAttestation(provPath, privKeyPath string) (*dsse.Envelope, error)
- func GenerateProvenance(artifactName, digest, kustomizeBase string, startTime, finishTime time.Time, ...) (*intoto.Statement, error)
- func GetDigestOfArtifact(artifactPath string) (string, error)
- func GetImageDigest(imageRef string) (string, error)
- func GitExec(dir string, args ...string) (string, error)
- func IsDir(name string) (bool, error)
- func IsFile(name string) (bool, error)
- func IsFileResource(path string) bool
- func IsRepositoryResource(path string) bool
- func KustomizeExec(dir string, args ...string) (string, error)
- func OverwriteArtifactInProvenance(provPath, overwriteArtifact string) (string, error)
- func Sha256Hash(fpath string) (string, error)
- type FileInfo
- type GitRepoResult
- type IntotoSigner
- type KustomizationResource
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateAttestation ¶
generate a rekor entry data by signing a specified provenance with private key the output data contains a base64 encoded provenance and its signature. it can be used in `rekor-cli upload --artifact xxxxx`.
func GenerateProvenance ¶
func GenerateProvenance(artifactName, digest, kustomizeBase string, startTime, finishTime time.Time, recipeCmd []string) (*intoto.Statement, error)
generate provenance data by checking kustomization.yaml and its sub resources all local files and remote repos are included in `materials` of a generated provenance
func GetDigestOfArtifact ¶
get a digest of artifact by checking artifact type when the artifact is local file --> sha256 file hash
is OCI image --> image digest
func IsFileResource ¶
returns if a resource in kustomization.yaml is a local file/dir or not
func IsRepositoryResource ¶
returns if a resource in kustomization.yaml is a git repo or not
func KustomizeExec ¶
execute kustomize command
func OverwriteArtifactInProvenance ¶
overwrite `subject` in provenance with a specified artifact
Types ¶
type GitRepoResult ¶
type IntotoSigner ¶
type IntotoSigner struct {
// contains filtered or unexported fields
}
func (*IntotoSigner) KeyID ¶ added in v0.2.0
func (es *IntotoSigner) KeyID() (string, error)
func (*IntotoSigner) Public ¶ added in v0.2.0
func (es *IntotoSigner) Public() crypto.PublicKey
func (*IntotoSigner) Sign ¶
func (it *IntotoSigner) Sign(data []byte) ([]byte, error)
sign a provenance data
func (*IntotoSigner) Verify ¶
func (it *IntotoSigner) Verify(data, sig []byte) error
sverify a provenance data and its signature
type KustomizationResource ¶
type KustomizationResource struct { GitRepo *GitRepoResult File *FileInfo }
func LoadKustomization ¶
func LoadKustomization(fpath, baseDir, gitURL, gitRevision string, inRemoteRepo bool) ([]*KustomizationResource, error)
it loads a kustomization.yaml in a specified base dir and its resources and bases even in remote repository. then it returns a list of resources that have file hash info for files and commit digest info for remote repos.