gitverify

package

v0.0.0-...-097aa87 Latest Latest Go to latest Published: May 8, 2026 License: Apache-2.0 Imports: 25 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/supply-chain-tools/gitverify

Links

Open Source Insights

Documentation ¶

Index ¶

func BranchName(ref string) (string, bool)
func GetConfigPath(forge string, org string) (string, error)
func GetLocalStatePath(forge string, org string, repoName string) (string, error)
func InferForgeOrgAndRepo(repo *git.Repository) (forge string, org string, repoName string)
func SaveLocalState(repo *git.Repository, state *gitkit.RepoState, repoConfig *RepoConfig, ...) error
func Verify(repo *git.Repository, state *gitkit.RepoState, repoConfig *RepoConfig, ...) error
func VerifyLocalState(repo *git.Repository, state *gitkit.RepoState, repoConfig *RepoConfig, ...) error
type After
- func AfterCandidates(repo *git.Repository, repoConfig *RepoConfig, useSHA512 bool) ([]After, error)
type CommitData
type Config
type Digests
type ExemptTag
- func ComputeExemptTags(repo *git.Repository, state *gitkit.RepoState, gitHashSHA1 githash.GitHash, ...) ([]ExemptTag, error)
type Identity
type LocalState
type ParsedConfig
- func LoadConfig(configPath string) (*ParsedConfig, error)
type ParsedRepository
type ParsedRules
type RepoConfig
- func LoadRepoConfig(config *ParsedConfig, repoUri string) (*RepoConfig, error)
type Repository
type Rules
type SSHPublicKey
type SSHSig
type SignatureType
type SshSig
type U2FSignature
type ValidateOptions

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func BranchName ¶

func BranchName(ref string) (string, bool)

func GetConfigPath ¶

func GetConfigPath(forge string, org string) (string, error)

func GetLocalStatePath ¶

func GetLocalStatePath(forge string, org string, repoName string) (string, error)

func InferForgeOrgAndRepo ¶

func InferForgeOrgAndRepo(repo *git.Repository) (forge string, org string, repoName string)

func SaveLocalState ¶

func SaveLocalState(repo *git.Repository, state *gitkit.RepoState, repoConfig *RepoConfig, repoUri string, localPath string, gitHashSHA1 githash.GitHash, gitHashSHA512 githash.GitHash) error

func Verify ¶

func Verify(repo *git.Repository, state *gitkit.RepoState, repoConfig *RepoConfig, gitHashSHA1 githash.GitHash, gitHashSHA512 githash.GitHash, opts *ValidateOptions) error

func VerifyLocalState ¶

func VerifyLocalState(repo *git.Repository, state *gitkit.RepoState, repoConfig *RepoConfig, repoUri string, localPath string, gitHashSHA1 githash.GitHash, gitHashSHA512 githash.GitHash) error

Types ¶

type After ¶

type After struct {
	SHA1   *string `json:"sha1,omitempty"`
	SHA512 *string `json:"sha512,omitempty"`
	Branch *string `json:"branch,omitempty"`
}

func AfterCandidates ¶

func AfterCandidates(repo *git.Repository, repoConfig *RepoConfig, useSHA512 bool) ([]After, error)

type CommitData ¶

type CommitData struct {
	SignatureType     SignatureType
	Ignore            bool
	SignatureVerified bool
	MergeTag          *object.Tag
}

type Config ¶

type Config struct {
	Type              string     `json:"_type"`
	Identities        []Identity `json:"identities"`
	Maintainers       []string   `json:"maintainers"`
	Contributors      []string   `json:"contributors"`
	Rules             *Rules     `json:"rules"`
	ProtectedBranches []string   `json:"protectedBranches"`

	TrustedForge *string `json:"trustedForge"`

	Repositories []Repository `json:"repositories"`
}

type Digests ¶

type Digests struct {
	SHA1   *string `json:"sha1,omitempty"`
	SHA512 *string `json:"sha512,omitempty"`
}

type ExemptTag ¶

type ExemptTag struct {
	Ref  string  `json:"ref"`
	Hash Digests `json:"hash"`
}

func ComputeExemptTags ¶

func ComputeExemptTags(repo *git.Repository, state *gitkit.RepoState, gitHashSHA1 githash.GitHash, gitHashSHA512 githash.GitHash, useSHA512 bool) ([]ExemptTag, error)

type Identity ¶

type Identity struct {
	Email         string   `json:"email"`
	GPGPublicKeys []string `json:"gpgPublicKeys"`
	SSHPublicKeys []string `json:"sshPublicKeys"`
	ForgeUsername *string  `json:"forgeUsername"`
	ForgeUserId   *string  `json:"forgeUserId"`
}

type LocalState ¶

type LocalState struct {
	Tags     []ExemptTag `json:"tags"`
	Branches []ExemptTag `json:"branches"`
}

type ParsedConfig ¶

type ParsedConfig struct {
	Repositories []ParsedRepository
}

func LoadConfig ¶

func LoadConfig(configPath string) (*ParsedConfig, error)

type ParsedRepository ¶

type ParsedRepository struct {
	Uri   string
	After []After

	Identities        []Identity
	Maintainers       []string
	Contributors      []string
	Rules             ParsedRules
	ProtectedBranches []string

	TrustedForge *string

	ExemptedTags []ExemptTag
}

type ParsedRules ¶

type ParsedRules struct {
	AllowSSHSignatures     bool
	RequireSSHUserPresent  bool
	RequireSSHUserVerified bool
	AllowSSHSHA256         bool

	AllowGPGSignatures bool

	RequireSignedTags     bool
	RequireMergeCommits   bool
	RequireCountersigning bool

	RequireSHA512 bool
}

type RepoConfig ¶

type RepoConfig struct {
	// contains filtered or unexported fields
}

func LoadRepoConfig ¶

func LoadRepoConfig(config *ParsedConfig, repoUri string) (*RepoConfig, error)

type Repository ¶

type Repository struct {
	Uri   string  `json:"uri"`
	After []After `json:"after"`

	Identities        []Identity `json:"identities"`
	Maintainers       []string   `json:"maintainers"`
	Contributors      []string   `json:"contributors"`
	Rules             *Rules     `json:"rules"`
	ProtectedBranches []string   `json:"protectedBranches"`

	TrustedForge *string `json:"trustedForge"`

	ExemptTags []ExemptTag `json:"exemptTags"`
}

type Rules ¶

type Rules struct {
	AllowSSHSignatures     *bool `json:"allowSshSignatures"`
	RequireSSHUserPresent  *bool `json:"requireSshUserPresent"`
	RequireSSHUserVerified *bool `json:"requireSshUserVerified"`
	AllowSSHSHA256         *bool `json:"allowSshSha256"`

	AllowGPGSignatures *bool `json:"allowGpgSignatures"`

	RequireSignedTags     *bool `json:"requireSignedTags"`
	RequireMergeCommits   *bool `json:"requireMergeCommits"`
	RequireCountersigning *bool `json:"requireCountersigning"`

	RequireSHA512 *bool `json:"requireSha512"`
}

type SSHPublicKey ¶

type SSHPublicKey struct {
	KeyType string
	Key     string
	Scope   string
}

type SSHSig ¶

type SSHSig struct {
	MagicPreamble [6]byte
	SigVersion    uint32
	PublicKey     string
	Namespace     string
	Reserved      string
	HashAlgorithm string
	Signature     string
}

type SignatureType ¶

type SignatureType string

const (
	SignatureTypeGPG     SignatureType = "gpg"
	SignatureTypeSSH     SignatureType = "ssh"
	SignatureTypeNone    SignatureType = "none"
	SignatureTypeSMime   SignatureType = "smime"
	SignatureTypeUnknown SignatureType = "unknown"
)

type SshSig ¶

type SshSig struct {
	Namespace     string
	Reserved      string
	HashAlgorithm string
	Hash          string
}

type U2FSignature ¶

type U2FSignature struct {
	// https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.u2f
	Type      string
	Signature []byte
	Flags     byte
	Counter   uint32
}

type ValidateOptions ¶

type ValidateOptions struct {
	Commit       string
	Tag          string
	Branch       string
	VerifyOnHEAD bool
	VerifyOnTip  bool
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL