Dagger
Search

chainloop

Chainloop is an open source project that allows you to collect, attest, and distribute pieces of evidence from your Software Supply Chain.

Installation

dagger install github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02

Entrypoint

Return Type
Chainloop
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
func (m *myModule) example() *Chainloop  {
	return dag.
			Chainloop()
}
@function
def example() -> dag.Chainloop:
	return (
		dag.chainloop()
	)
@func()
example(): Chainloop {
	return dag
		.chainloop()
}

Types

Chainloop 🔗

init() 🔗

Initialize a new attestation

Return Type
Attestation !
Arguments
NameTypeDefault ValueDescription
tokenSecret !-Chainloop API token
contractRevisionString -Workflow Contract revision, default is the latest
repositoryDirectory -Path to the source repository to be attested
workflowNameString !-Workflow name to be used for the attestation
projectNameString !-Project name to be used for the attestation
contractNameString -name of an existing contract to attach it to the auto-created workflow
projectVersionString -Version of the project to be used for the attestation
releaseBoolean -mark the version as release
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
 init --token env:MYSECRET --workflow-name string --project-name string
func (m *myModule) example(token *Secret, workflowName string, projectName string) *ChainloopAttestation  {
	return dag.
			Chainloop().
			Init(token, workflowName, projectName)
}
@function
def example(token: dagger.Secret, workflow_name: str, project_name: str) -> dag.ChainloopAttestation:
	return (
		dag.chainloop()
		.init(token, workflow_name, project_name)
	)
@func()
example(token: Secret, workflowName: string, projectName: string): ChainloopAttestation {
	return dag
		.chainloop()
		.init(token, workflowName, projectName)
}

resume() 🔗

Resume an attestation from its identifier

Return Type
Attestation !
Arguments
NameTypeDefault ValueDescription
attestationIdString !-The attestation ID
tokenSecret !-Chainloop API token
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
 resume --attestation-id string --token env:MYSECRET
func (m *myModule) example(attestationId string, token *Secret) *ChainloopAttestation  {
	return dag.
			Chainloop().
			Resume(attestationId, token)
}
@function
def example(attestation_id: str, token: dagger.Secret) -> dag.ChainloopAttestation:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
	)
@func()
example(attestationId: string, token: Secret): ChainloopAttestation {
	return dag
		.chainloop()
		.resume(attestationId, token)
}

withInstance() 🔗

Configure the Chainloop instance to use

Return Type
Chainloop !
Arguments
NameTypeDefault ValueDescription
controlplaneApiString !-Example: "api.controlplane.company.com:443"
casApiString !-Example: "api.cas.company.com:443"
casCaFile -Path to custom CA certificate for the CAS API
controlplaneCaFile -Path to custom CA certificate for the Control Plane API
insecureBoolean -Whether to skip TLS verification
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
 with-instance --controlplane-api string --cas-api string
func (m *myModule) example(controlplaneApi string, casApi string) *Chainloop  {
	return dag.
			Chainloop().
			WithInstance(controlplaneApi, casApi)
}
@function
def example(controlplane_api: str, cas_api: str) -> dag.Chainloop:
	return (
		dag.chainloop()
		.with_instance(controlplane_api, cas_api)
	)
@func()
example(controlplaneApi: string, casApi: string): Chainloop {
	return dag
		.chainloop()
		.withInstance(controlplaneApi, casApi)
}

workflowCreate() 🔗

Create a new workflow

Return Type
String !
Arguments
NameTypeDefault ValueDescription
tokenSecret !-Chainloop API token
nameString !-Workflow name
projectString !-Workflow project
teamString -No description provided
descriptionString -No description provided
contractNameString -name of an existing contract
publicBoolean -Set workflow as public so other organizations can see it
skipIfExistsBoolean -If the workflow already exists, skip the creation and return success
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
 workflow-create --token env:MYSECRET --name string --project string
func (m *myModule) example(ctx context.Context, token *Secret, name string, project string) string  {
	return dag.
			Chainloop().
			WorkflowCreate(ctx, token, name, project)
}
@function
async def example(token: dagger.Secret, name: str, project: str) -> str:
	return await (
		dag.chainloop()
		.workflow_create(token, name, project)
	)
@func()
async example(token: Secret, name: string, project: string): Promise<string> {
	return dag
		.chainloop()
		.workflowCreate(token, name, project)
}

Attestation 🔗

A Chainloop attestation https://docs.chainloop.dev/how-does-it-work/#contract-based-attestation

attestationId() 🔗

Return Type
String !
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
 resume --attestation-id string --token env:MYSECRET \
 attestation-id
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) string  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			AttestationId(ctx)
}
@function
async def example(attestation_id: str, token: dagger.Secret) -> str:
	return await (
		dag.chainloop()
		.resume(attestation_id, token)
		.attestation_id()
	)
@func()
async example(attestationId: string, token: Secret): Promise<string> {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.attestationId()
}

client() 🔗

Return Type
Chainloop !
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
 resume --attestation-id string --token env:MYSECRET \
 client
func (m *myModule) example(attestationId string, token *Secret) *Chainloop  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			Client()
}
@function
def example(attestation_id: str, token: dagger.Secret) -> dag.Chainloop:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
		.client()
	)
@func()
example(attestationId: string, token: Secret): Chainloop {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.client()
}

status() 🔗

Check the attestation status

Return Type
String !
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
 resume --attestation-id string --token env:MYSECRET \
 status
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) string  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			Status(ctx)
}
@function
async def example(attestation_id: str, token: dagger.Secret) -> str:
	return await (
		dag.chainloop()
		.resume(attestation_id, token)
		.status()
	)
@func()
async example(attestationId: string, token: Secret): Promise<string> {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.status()
}

sync() 🔗

Sync will force the client to send an actual query to the chainloop control plane This is specially important to be run right after Init for example

att := chainloop.Init(ctx, token, "main")

if err := att.Sync(ctx); err != nil {
	return nil, err
}
Return Type
Void !
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
 resume --attestation-id string --token env:MYSECRET \
 sync
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret)   {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			Sync(ctx)
}
@function
async def example(attestation_id: str, token: dagger.Secret) -> None:
	return await (
		dag.chainloop()
		.resume(attestation_id, token)
		.sync()
	)
@func()
async example(attestationId: string, token: Secret): Promise<void> {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.sync()
}

withRegistryAuth() 🔗

Attach credentials for a container registry. Chainloop will use them to query the registry for container image pieces of evidences

Return Type
Attestation !
Arguments
NameTypeDefault ValueDescription
addressString !-Registry address. Example: "index.docker.io"
usernameString !-Registry username
passwordSecret !-Registry password
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
 resume --attestation-id string --token env:MYSECRET \
 with-registry-auth --address string --username string --password env:MYSECRET
func (m *myModule) example(attestationId string, token *Secret, address string, username string, password *Secret) *ChainloopAttestation  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			WithRegistryAuth(address, username, password)
}
@function
def example(attestation_id: str, token: dagger.Secret, address: str, username: str, password: dagger.Secret) -> dag.ChainloopAttestation:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
		.with_registry_auth(address, username, password)
	)
@func()
example(attestationId: string, token: Secret, address: string, username: string, password: Secret): ChainloopAttestation {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.withRegistryAuth(address, username, password)
}

addRawEvidence() 🔗

Add a raw string piece of evidence to the attestation

Return Type
Attestation !
Arguments
NameTypeDefault ValueDescription
nameString -Evidence name. Don't pass a name if the material being attested is not part of the contract Example: "my-blob"
valueString !-The contents of the blob
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
 resume --attestation-id string --token env:MYSECRET \
 add-raw-evidence --value string
func (m *myModule) example(attestationId string, token *Secret, value string) *ChainloopAttestation  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			AddRawEvidence(value)
}
@function
def example(attestation_id: str, token: dagger.Secret, value: str) -> dag.ChainloopAttestation:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
		.add_raw_evidence(value)
	)
@func()
example(attestationId: string, token: Secret, value: string): ChainloopAttestation {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.addRawEvidence(value)
}

addFileEvidence() 🔗

Add a file type piece of evidence to the attestation

Return Type
Attestation !
Arguments
NameTypeDefault ValueDescription
nameString -Evidence name. Don't pass a name if the material being attested is not part of the contract Example: "my-binary"
pathFile !-The file to add
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
 resume --attestation-id string --token env:MYSECRET \
 add-file-evidence --path file:path
func (m *myModule) example(attestationId string, token *Secret, path *File) *ChainloopAttestation  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			AddFileEvidence(path)
}
@function
def example(attestation_id: str, token: dagger.Secret, path: dagger.File) -> dag.ChainloopAttestation:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
		.add_file_evidence(path)
	)
@func()
example(attestationId: string, token: Secret, path: File): ChainloopAttestation {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.addFileEvidence(path)
}

debug() 🔗

Return Type
Container !
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
 resume --attestation-id string --token env:MYSECRET \
 debug
func (m *myModule) example(attestationId string, token *Secret) *Container  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			Debug()
}
@function
def example(attestation_id: str, token: dagger.Secret) -> dagger.Container:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
		.debug()
	)
@func()
example(attestationId: string, token: Secret): Container {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.debug()
}

container() 🔗

Build an ephemeral container with everything needed to process the attestation

Return Type
Container !
Arguments
NameTypeDefault ValueDescription
ttlInteger 0Cache TTL for chainloop commands, in seconds Defaults to 0: no caching
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
 resume --attestation-id string --token env:MYSECRET \
 container
func (m *myModule) example(attestationId string, token *Secret) *Container  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			Container()
}
@function
def example(attestation_id: str, token: dagger.Secret) -> dagger.Container:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
		.container()
	)
@func()
example(attestationId: string, token: Secret): Container {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.container()
}

push() 🔗

Generate, sign and push the attestation to the chainloop control plane

Return Type
String !
Arguments
NameTypeDefault ValueDescription
keySecret -The private key to sign the attestation
passphraseSecret -The passphrase to decrypt the private key
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
 resume --attestation-id string --token env:MYSECRET \
 push
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) string  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			Push(ctx)
}
@function
async def example(attestation_id: str, token: dagger.Secret) -> str:
	return await (
		dag.chainloop()
		.resume(attestation_id, token)
		.push()
	)
@func()
async example(attestationId: string, token: Secret): Promise<string> {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.push()
}

markFailed() 🔗

Mark the attestation as failed

Return Type
Void !
Arguments
NameTypeDefault ValueDescription
reasonString -The reason for canceling, in human-readable form
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
 resume --attestation-id string --token env:MYSECRET \
 mark-failed
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret)   {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			MarkFailed(ctx)
}
@function
async def example(attestation_id: str, token: dagger.Secret) -> None:
	return await (
		dag.chainloop()
		.resume(attestation_id, token)
		.mark_failed()
	)
@func()
async example(attestationId: string, token: Secret): Promise<void> {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.markFailed()
}

markCanceled() 🔗

Mark the attestation as canceled

Return Type
Void !
Arguments
NameTypeDefault ValueDescription
reasonString -The reason for canceling, in human-readable form
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
 resume --attestation-id string --token env:MYSECRET \
 mark-canceled
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret)   {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			MarkCanceled(ctx)
}
@function
async def example(attestation_id: str, token: dagger.Secret) -> None:
	return await (
		dag.chainloop()
		.resume(attestation_id, token)
		.mark_canceled()
	)
@func()
async example(attestationId: string, token: Secret): Promise<void> {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.markCanceled()
}