Documentation ¶
Index ¶
- Constants
- Variables
- func GitHubPullRequestAttestationPath(refName, commitID string) string
- func InitializeNamespace(repo *git.Repository) error
- func NewGitHubPullRequestAttestation(owner, repository string, pullRequestNumber int, commitID string, ...) (*ita.Statement, error)
- func NewReferenceAuthorization(targetRef, fromRevisionID, targetTreeID string) (*ita.Statement, error)
- func ReferenceAuthorizationPath(refName, fromID, toID string) string
- type Attestations
- func (a *Attestations) Commit(repo *git.Repository, commitMessage string, signCommit bool) error
- func (a *Attestations) GetReferenceAuthorizationFor(repo *git.Repository, refName, fromRevisionID, targetTreeID string) (*sslibdsse.Envelope, error)
- func (a *Attestations) RemoveReferenceAuthorization(refName, fromRevisionID, targetTreeID string) error
- func (a *Attestations) SetGitHubPullRequestAuthorization(repo *git.Repository, env *sslibdsse.Envelope, targetRefName, commitID string) error
- func (a *Attestations) SetReferenceAuthorization(repo *git.Repository, env *sslibdsse.Envelope, ...) error
- type ReferenceAuthorization
Constants ¶
const (
GitHubPullRequestPredicateType = "https://gittuf.dev/github-pull-request/v0.1"
)
const (
Ref = "refs/gittuf/attestations"
)
const (
ReferenceAuthorizationPredicateType = "https://gittuf.dev/reference-authorization/v0.1"
)
Variables ¶
var ( ErrInvalidAuthorization = errors.New("authorization attestation does not match expected details") ErrAuthorizationNotFound = errors.New("requested authorization not found") )
var ErrAttestationsExist = errors.New("cannot initialize attestations namespace as it exists already")
Functions ¶
func GitHubPullRequestAttestationPath ¶ added in v0.4.0
GitHubPullRequestAttestationPath constructs the expected path on-disk for the GitHub pull request attestation.
func InitializeNamespace ¶
func InitializeNamespace(repo *git.Repository) error
InitializeNamespace creates a namespace to store attestations for verification with gittuf. The ref is created with an initial, unsigned commit that is unsigned.
func NewGitHubPullRequestAttestation ¶ added in v0.4.0
func NewReferenceAuthorization ¶
func NewReferenceAuthorization(targetRef, fromRevisionID, targetTreeID string) (*ita.Statement, error)
NewReferenceAuthorization creates a new reference authorization for the provided information. The authorization is embedded in an in-toto "statement" and returned with the appropriate "predicate type" set. The `fromTargetID` and `toTargetID` specify the change to `targetRef` that is to be authorized by invoking this function.
func ReferenceAuthorizationPath ¶
ReferenceAuthorizationPath constructs the expected path on-disk for the reference authorization attestation.
Types ¶
type Attestations ¶
type Attestations struct {
// contains filtered or unexported fields
}
Attestations tracks all the attestations in a gittuf repository.
func LoadAttestationsForEntry ¶
func LoadAttestationsForEntry(repo *git.Repository, entry *rsl.ReferenceEntry) (*Attestations, error)
LoadAttestationsForEntry loads the repository's attestations for a particular RSL entry for the attestations namespace.
func LoadCurrentAttestations ¶
func LoadCurrentAttestations(repo *git.Repository) (*Attestations, error)
LoadCurrentAttestations inspects the repository's attestations namespace and loads the current attestations.
func (*Attestations) Commit ¶
func (a *Attestations) Commit(repo *git.Repository, commitMessage string, signCommit bool) error
Commit writes the state of the attestations to the repository, creating a new commit with the changes made. An RSL entry is also recorded for the namespace.
func (*Attestations) GetReferenceAuthorizationFor ¶
func (a *Attestations) GetReferenceAuthorizationFor(repo *git.Repository, refName, fromRevisionID, targetTreeID string) (*sslibdsse.Envelope, error)
GetReferenceAuthorizationFor returns the requested reference authorization attestation (with its signatures).
func (*Attestations) RemoveReferenceAuthorization ¶
func (a *Attestations) RemoveReferenceAuthorization(refName, fromRevisionID, targetTreeID string) error
RemoveReferenceAuthorization removes a set reference authorization attestation entirely. The object, however, isn't removed from the object store as prior states may still need it.
func (*Attestations) SetGitHubPullRequestAuthorization ¶ added in v0.4.0
func (a *Attestations) SetGitHubPullRequestAuthorization(repo *git.Repository, env *sslibdsse.Envelope, targetRefName, commitID string) error
func (*Attestations) SetReferenceAuthorization ¶
func (a *Attestations) SetReferenceAuthorization(repo *git.Repository, env *sslibdsse.Envelope, refName, fromRevisionID, targetTreeID string) error
SetReferenceAuthorization writes the new reference authorization attestation to the object store and tracks it in the current attestations state.
type ReferenceAuthorization ¶
type ReferenceAuthorization struct { TargetRef string `json:"targetRef"` FromRevisionID string `json:"fromRevisionID"` TargetTreeID string `json:"targetTreeID"` }
ReferenceAuthorization is a lightweight record of a detached authorization in a gittuf repository. It is meant to be used as a "predicate" in an in-toto attestation.