slsa

package

v0.0.0-...-1ba91b8 Latest Latest Go to latest Published: Jul 25, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/zktx-io/slsa-github-generator-test

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type BuildType
type ClientProvider
type DefaultClientProvider
- func (p *DefaultClientProvider) GithubClient(ctx context.Context) (*githubapi.Client, error)
- func (p *DefaultClientProvider) OIDCClient() (*github.OIDCClient, error)
type GithubActionsBuild
- func NewGithubActionsBuild(s []intoto.Subject, c *github.WorkflowContext, v github.VarsContext) *GithubActionsBuild
type HostedActionsGenerator
- func NewHostedActionsGenerator(bt BuildType) *HostedActionsGenerator
- func (g *HostedActionsGenerator) Generate(ctx context.Context) (*intoto.ProvenanceStatement, error)
- func (g *HostedActionsGenerator) WithClients(c ClientProvider) *HostedActionsGenerator
type NilClientProvider
- func (p *NilClientProvider) GithubClient(context.Context) (*githubapi.Client, error)
- func (p *NilClientProvider) OIDCClient() (*github.OIDCClient, error)
type WorkflowParameters

Constants ¶

View Source

const (
	// GithubHostedActionsBuilderID is a default builder ID for Github hosted actions.
	GithubHostedActionsBuilderID = "https://github.com/Attestations/GitHubHostedActions@v1"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type BuildType ¶

type BuildType interface {
	// URI returns the build type's URI.
	URI() string

	// Subject returns a set of artifacts created by the build.
	Subject(context.Context) ([]intoto.Subject, error)

	// BuildConfig returns the buildConfig for this build type.
	BuildConfig(context.Context) (any, error)

	// Invocation returns an invocation for this build type.
	Invocation(context.Context) (slsa02.ProvenanceInvocation, error)

	// Materials returns materials as defined by this build type.
	Materials(context.Context) ([]slsacommon.ProvenanceMaterial, error)

	// Metadata returns a metadata about the build.
	Metadata(context.Context) (*slsa02.ProvenanceMetadata, error)
}

BuildType implements generation of buildType specific elements of SLSA provenance. Each BuildType instance represents a specific build.

type ClientProvider ¶

type ClientProvider interface {
	OIDCClient() (*github.OIDCClient, error)
	GithubClient(context.Context) (*githubapi.Client, error)
}

ClientProvider creates Github API clients.

type DefaultClientProvider ¶

type DefaultClientProvider struct {
	// contains filtered or unexported fields
}

DefaultClientProvider provides a default set of clients based on the Github Actions environment.

func (*DefaultClientProvider) GithubClient ¶

func (p *DefaultClientProvider) GithubClient(ctx context.Context) (*githubapi.Client, error)

GithubClient returns a Github API client authenticated with the token provided in the github context.

func (*DefaultClientProvider) OIDCClient ¶

func (p *DefaultClientProvider) OIDCClient() (*github.OIDCClient, error)

OIDCClient returns a default OIDC client.

type GithubActionsBuild ¶

type GithubActionsBuild struct {
	// Context is the build's `github` context.
	Context github.WorkflowContext
	// Vars is the build's `vars` context.
	Vars github.VarsContext
	// Clients are the GitHub OIDC and API clients.
	Clients ClientProvider
	// Subjects are the build subjects.
	Subjects []intoto.Subject
}

GithubActionsBuild is a basic build type for builders running in GitHub Actions.

func NewGithubActionsBuild ¶

func NewGithubActionsBuild(s []intoto.Subject, c *github.WorkflowContext, v github.VarsContext) *GithubActionsBuild

NewGithubActionsBuild returns a new GithubActionsBuild that uses the GitHub context to generate information.

func (*GithubActionsBuild) BuildConfig ¶

func (b *GithubActionsBuild) BuildConfig(context.Context) (any, error)

BuildConfig implements BuildType.BuildConfig.

func (*GithubActionsBuild) Invocation ¶

func (b *GithubActionsBuild) Invocation(ctx context.Context) (slsa.ProvenanceInvocation, error)

Invocation implements BuildType.Invocation. An invocation is returned that describes the workflow run. TODO: Document the basic invocation format.

func (*GithubActionsBuild) Materials ¶

func (b *GithubActionsBuild) Materials(context.Context) ([]slsacommon.ProvenanceMaterial, error)

Materials implements BuildType.Materials. It returns a list of materials that includes the repository that triggered the GitHub Actions workflow.

func (*GithubActionsBuild) Metadata ¶

func (b *GithubActionsBuild) Metadata(context.Context) (*slsa.ProvenanceMetadata, error)

Metadata implements BuildType.Metadata. It specifies that parameters are complete.

func (*GithubActionsBuild) Subject ¶

func (b *GithubActionsBuild) Subject(context.Context) ([]intoto.Subject, error)

Subject implements BuildType.Subject.

func (*GithubActionsBuild) WithClients ¶

func (b *GithubActionsBuild) WithClients(p ClientProvider) *GithubActionsBuild

WithClients overrides the build type's default client provider. This is useful for tests where APIs are not available.

type HostedActionsGenerator ¶

type HostedActionsGenerator struct {
	// contains filtered or unexported fields
}

HostedActionsGenerator is a SLSA provenance generator for Github Hosted Actions. Provenance is generated based on a "build type" which defines the format for many of the fields in the provenance metadata. Builders for different ecosystems (languages etc.) can implement a build type from scratch or by extending GithubActionsBuild.

func NewHostedActionsGenerator ¶

func NewHostedActionsGenerator(bt BuildType) *HostedActionsGenerator

NewHostedActionsGenerator returns a SLSA provenance generator for the given build type.

func (*HostedActionsGenerator) Generate ¶

func (g *HostedActionsGenerator) Generate(ctx context.Context) (*intoto.ProvenanceStatement, error)

Generate generates an in-toto provenance statement in SLSA v0.2 format.

func (*HostedActionsGenerator) WithClients ¶

func (g *HostedActionsGenerator) WithClients(c ClientProvider) *HostedActionsGenerator

WithClients overrides the default ClientProvider. Useful for tests where clients are not available.

type NilClientProvider ¶

type NilClientProvider struct{}

NilClientProvider does not provide clients. It is useful for testing where APIs are not available.

func (*NilClientProvider) GithubClient ¶

func (p *NilClientProvider) GithubClient(context.Context) (*githubapi.Client, error)

GithubClient returns nil for the client.

func (*NilClientProvider) OIDCClient ¶

func (p *NilClientProvider) OIDCClient() (*github.OIDCClient, error)

OIDCClient returns nil for the client.

type WorkflowParameters ¶

type WorkflowParameters struct {
	// EventInputs is the inputs for the event that triggered the workflow.
	EventInputs any `json:"event_inputs,omitempty"`

	// VarsContext includes the input parameters provided as part of the `vars`
	// context. This includes environment and repository variables.
	VarsContext any `json:"vars"`
}

WorkflowParameters contains parameters given to the workflow invocation.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL