attestations

package

v0.4.0 Latest Latest Go to latest Published: May 7, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/gittuf/gittuf

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func GitHubPullRequestAttestationPath(refName, commitID string) string
func InitializeNamespace(repo *git.Repository) error
func NewGitHubPullRequestAttestation(owner, repository string, pullRequestNumber int, commitID string, ...) (*ita.Statement, error)
func NewReferenceAuthorization(targetRef, fromRevisionID, targetTreeID string) (*ita.Statement, error)
func ReferenceAuthorizationPath(refName, fromID, toID string) string
type Attestations
- func LoadAttestationsForEntry(repo *git.Repository, entry *rsl.ReferenceEntry) (*Attestations, error)
- func LoadCurrentAttestations(repo *git.Repository) (*Attestations, error)
type ReferenceAuthorization

Constants ¶

View Source

const (
	GitHubPullRequestPredicateType = "https://gittuf.dev/github-pull-request/v0.1"
)

View Source

const (
	Ref = "refs/gittuf/attestations"
)

View Source

const (
	ReferenceAuthorizationPredicateType = "https://gittuf.dev/reference-authorization/v0.1"
)

Variables ¶

View Source

var (
	ErrInvalidAuthorization  = errors.New("authorization attestation does not match expected details")
	ErrAuthorizationNotFound = errors.New("requested authorization not found")
)

View Source

var ErrAttestationsExist = errors.New("cannot initialize attestations namespace as it exists already")

Functions ¶

func GitHubPullRequestAttestationPath ¶ added in v0.4.0

func GitHubPullRequestAttestationPath(refName, commitID string) string

GitHubPullRequestAttestationPath constructs the expected path on-disk for the GitHub pull request attestation.

func InitializeNamespace ¶

func InitializeNamespace(repo *git.Repository) error

InitializeNamespace creates a namespace to store attestations for verification with gittuf. The ref is created with an initial, unsigned commit that is unsigned.

func NewGitHubPullRequestAttestation ¶ added in v0.4.0

func NewGitHubPullRequestAttestation(owner, repository string, pullRequestNumber int, commitID string, pullRequest *github.PullRequest) (*ita.Statement, error)

func NewReferenceAuthorization ¶

func NewReferenceAuthorization(targetRef, fromRevisionID, targetTreeID string) (*ita.Statement, error)

NewReferenceAuthorization creates a new reference authorization for the provided information. The authorization is embedded in an in-toto "statement" and returned with the appropriate "predicate type" set. The `fromTargetID` and `toTargetID` specify the change to `targetRef` that is to be authorized by invoking this function.

func ReferenceAuthorizationPath ¶

func ReferenceAuthorizationPath(refName, fromID, toID string) string

ReferenceAuthorizationPath constructs the expected path on-disk for the reference authorization attestation.

Types ¶

type Attestations ¶

type Attestations struct {
	// contains filtered or unexported fields
}

Attestations tracks all the attestations in a gittuf repository.

func LoadAttestationsForEntry ¶

func LoadAttestationsForEntry(repo *git.Repository, entry *rsl.ReferenceEntry) (*Attestations, error)

LoadAttestationsForEntry loads the repository's attestations for a particular RSL entry for the attestations namespace.

func LoadCurrentAttestations ¶

func LoadCurrentAttestations(repo *git.Repository) (*Attestations, error)

LoadCurrentAttestations inspects the repository's attestations namespace and loads the current attestations.

func (*Attestations) Commit ¶

func (a *Attestations) Commit(repo *git.Repository, commitMessage string, signCommit bool) error

Commit writes the state of the attestations to the repository, creating a new commit with the changes made. An RSL entry is also recorded for the namespace.

func (*Attestations) GetReferenceAuthorizationFor ¶

func (a *Attestations) GetReferenceAuthorizationFor(repo *git.Repository, refName, fromRevisionID, targetTreeID string) (*sslibdsse.Envelope, error)

GetReferenceAuthorizationFor returns the requested reference authorization attestation (with its signatures).

func (*Attestations) RemoveReferenceAuthorization ¶

func (a *Attestations) RemoveReferenceAuthorization(refName, fromRevisionID, targetTreeID string) error

RemoveReferenceAuthorization removes a set reference authorization attestation entirely. The object, however, isn't removed from the object store as prior states may still need it.

func (*Attestations) SetGitHubPullRequestAuthorization ¶ added in v0.4.0

func (a *Attestations) SetGitHubPullRequestAuthorization(repo *git.Repository, env *sslibdsse.Envelope, targetRefName, commitID string) error

func (*Attestations) SetReferenceAuthorization ¶

func (a *Attestations) SetReferenceAuthorization(repo *git.Repository, env *sslibdsse.Envelope, refName, fromRevisionID, targetTreeID string) error

SetReferenceAuthorization writes the new reference authorization attestation to the object store and tracks it in the current attestations state.

type ReferenceAuthorization ¶

type ReferenceAuthorization struct {
	TargetRef      string `json:"targetRef"`
	FromRevisionID string `json:"fromRevisionID"`
	TargetTreeID   string `json:"targetTreeID"`
}

ReferenceAuthorization is a lightweight record of a detached authorization in a gittuf repository. It is meant to be used as a "predicate" in an in-toto attestation.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL