chainloop
Chainloop is an open source project that allows you to collect, attest, and distribute pieces of evidence from your Software Supply Chain.
Installation
dagger install github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02
Entrypoint
Return Type
Chainloop
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
func (m *myModule) example() *Chainloop {
return dag.
Chainloop()
}
@function
def example() -> dag.Chainloop:
return (
dag.chainloop()
)
@func()
example(): Chainloop {
return dag
.chainloop()
}
Types
Chainloop 🔗
init() 🔗
Initialize a new attestation
Return Type
Attestation !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
token | Secret ! | - | Chainloop API token |
contractRevision | String | - | Workflow Contract revision, default is the latest |
repository | Directory | - | Path to the source repository to be attested |
workflowName | String ! | - | Workflow name to be used for the attestation |
projectName | String ! | - | Project name to be used for the attestation |
contractName | String | - | name of an existing contract to attach it to the auto-created workflow |
projectVersion | String | - | Version of the project to be used for the attestation |
release | Boolean | - | mark the version as release |
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
init --token env:MYSECRET --workflow-name string --project-name string
func (m *myModule) example(token *Secret, workflowName string, projectName string) *ChainloopAttestation {
return dag.
Chainloop().
Init(token, workflowName, projectName)
}
@function
def example(token: dagger.Secret, workflow_name: str, project_name: str) -> dag.ChainloopAttestation:
return (
dag.chainloop()
.init(token, workflow_name, project_name)
)
@func()
example(token: Secret, workflowName: string, projectName: string): ChainloopAttestation {
return dag
.chainloop()
.init(token, workflowName, projectName)
}
resume() 🔗
Resume an attestation from its identifier
Return Type
Attestation !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
attestationId | String ! | - | The attestation ID |
token | Secret ! | - | Chainloop API token |
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
resume --attestation-id string --token env:MYSECRET
func (m *myModule) example(attestationId string, token *Secret) *ChainloopAttestation {
return dag.
Chainloop().
Resume(attestationId, token)
}
@function
def example(attestation_id: str, token: dagger.Secret) -> dag.ChainloopAttestation:
return (
dag.chainloop()
.resume(attestation_id, token)
)
@func()
example(attestationId: string, token: Secret): ChainloopAttestation {
return dag
.chainloop()
.resume(attestationId, token)
}
withInstance() 🔗
Configure the Chainloop instance to use
Return Type
Chainloop !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
controlplaneApi | String ! | - | Example: "api.controlplane.company.com:443" |
casApi | String ! | - | Example: "api.cas.company.com:443" |
casCa | File | - | Path to custom CA certificate for the CAS API |
controlplaneCa | File | - | Path to custom CA certificate for the Control Plane API |
insecure | Boolean | - | Whether to skip TLS verification |
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
with-instance --controlplane-api string --cas-api string
func (m *myModule) example(controlplaneApi string, casApi string) *Chainloop {
return dag.
Chainloop().
WithInstance(controlplaneApi, casApi)
}
@function
def example(controlplane_api: str, cas_api: str) -> dag.Chainloop:
return (
dag.chainloop()
.with_instance(controlplane_api, cas_api)
)
@func()
example(controlplaneApi: string, casApi: string): Chainloop {
return dag
.chainloop()
.withInstance(controlplaneApi, casApi)
}
workflowCreate() 🔗
Create a new workflow
Return Type
String !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
token | Secret ! | - | Chainloop API token |
name | String ! | - | Workflow name |
project | String ! | - | Workflow project |
team | String | - | No description provided |
description | String | - | No description provided |
contractName | String | - | name of an existing contract |
public | Boolean | - | Set workflow as public so other organizations can see it |
skipIfExists | Boolean | - | If the workflow already exists, skip the creation and return success |
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
workflow-create --token env:MYSECRET --name string --project string
func (m *myModule) example(ctx context.Context, token *Secret, name string, project string) string {
return dag.
Chainloop().
WorkflowCreate(ctx, token, name, project)
}
@function
async def example(token: dagger.Secret, name: str, project: str) -> str:
return await (
dag.chainloop()
.workflow_create(token, name, project)
)
@func()
async example(token: Secret, name: string, project: string): Promise<string> {
return dag
.chainloop()
.workflowCreate(token, name, project)
}
Attestation 🔗
A Chainloop attestation https://docs.chainloop.dev/how-does-it-work/#contract-based-attestation
attestationId() 🔗
Return Type
String !
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
resume --attestation-id string --token env:MYSECRET \
attestation-id
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) string {
return dag.
Chainloop().
Resume(attestationId, token).
AttestationId(ctx)
}
@function
async def example(attestation_id: str, token: dagger.Secret) -> str:
return await (
dag.chainloop()
.resume(attestation_id, token)
.attestation_id()
)
@func()
async example(attestationId: string, token: Secret): Promise<string> {
return dag
.chainloop()
.resume(attestationId, token)
.attestationId()
}
client() 🔗
Return Type
Chainloop !
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
resume --attestation-id string --token env:MYSECRET \
client
func (m *myModule) example(attestationId string, token *Secret) *Chainloop {
return dag.
Chainloop().
Resume(attestationId, token).
Client()
}
@function
def example(attestation_id: str, token: dagger.Secret) -> dag.Chainloop:
return (
dag.chainloop()
.resume(attestation_id, token)
.client()
)
@func()
example(attestationId: string, token: Secret): Chainloop {
return dag
.chainloop()
.resume(attestationId, token)
.client()
}
status() 🔗
Check the attestation status
Return Type
String !
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
resume --attestation-id string --token env:MYSECRET \
status
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) string {
return dag.
Chainloop().
Resume(attestationId, token).
Status(ctx)
}
@function
async def example(attestation_id: str, token: dagger.Secret) -> str:
return await (
dag.chainloop()
.resume(attestation_id, token)
.status()
)
@func()
async example(attestationId: string, token: Secret): Promise<string> {
return dag
.chainloop()
.resume(attestationId, token)
.status()
}
sync() 🔗
Sync will force the client to send an actual query to the chainloop control plane This is specially important to be run right after Init for example
att := chainloop.Init(ctx, token, "main")
if err := att.Sync(ctx); err != nil {
return nil, err
}
Return Type
Void !
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
resume --attestation-id string --token env:MYSECRET \
sync
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) {
return dag.
Chainloop().
Resume(attestationId, token).
Sync(ctx)
}
@function
async def example(attestation_id: str, token: dagger.Secret) -> None:
return await (
dag.chainloop()
.resume(attestation_id, token)
.sync()
)
@func()
async example(attestationId: string, token: Secret): Promise<void> {
return dag
.chainloop()
.resume(attestationId, token)
.sync()
}
withRegistryAuth() 🔗
Attach credentials for a container registry. Chainloop will use them to query the registry for container image pieces of evidences
Return Type
Attestation !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
address | String ! | - | Registry address. Example: "index.docker.io" |
username | String ! | - | Registry username |
password | Secret ! | - | Registry password |
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
resume --attestation-id string --token env:MYSECRET \
with-registry-auth --address string --username string --password env:MYSECRET
func (m *myModule) example(attestationId string, token *Secret, address string, username string, password *Secret) *ChainloopAttestation {
return dag.
Chainloop().
Resume(attestationId, token).
WithRegistryAuth(address, username, password)
}
@function
def example(attestation_id: str, token: dagger.Secret, address: str, username: str, password: dagger.Secret) -> dag.ChainloopAttestation:
return (
dag.chainloop()
.resume(attestation_id, token)
.with_registry_auth(address, username, password)
)
@func()
example(attestationId: string, token: Secret, address: string, username: string, password: Secret): ChainloopAttestation {
return dag
.chainloop()
.resume(attestationId, token)
.withRegistryAuth(address, username, password)
}
addRawEvidence() 🔗
Add a raw string piece of evidence to the attestation
Return Type
Attestation !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
name | String | - | Evidence name. Don't pass a name if the material being attested is not part of the contract Example: "my-blob" |
value | String ! | - | The contents of the blob |
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
resume --attestation-id string --token env:MYSECRET \
add-raw-evidence --value string
func (m *myModule) example(attestationId string, token *Secret, value string) *ChainloopAttestation {
return dag.
Chainloop().
Resume(attestationId, token).
AddRawEvidence(value)
}
@function
def example(attestation_id: str, token: dagger.Secret, value: str) -> dag.ChainloopAttestation:
return (
dag.chainloop()
.resume(attestation_id, token)
.add_raw_evidence(value)
)
@func()
example(attestationId: string, token: Secret, value: string): ChainloopAttestation {
return dag
.chainloop()
.resume(attestationId, token)
.addRawEvidence(value)
}
addFileEvidence() 🔗
Add a file type piece of evidence to the attestation
Return Type
Attestation !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
name | String | - | Evidence name. Don't pass a name if the material being attested is not part of the contract Example: "my-binary" |
path | File ! | - | The file to add |
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
resume --attestation-id string --token env:MYSECRET \
add-file-evidence --path file:path
func (m *myModule) example(attestationId string, token *Secret, path *File) *ChainloopAttestation {
return dag.
Chainloop().
Resume(attestationId, token).
AddFileEvidence(path)
}
@function
def example(attestation_id: str, token: dagger.Secret, path: dagger.File) -> dag.ChainloopAttestation:
return (
dag.chainloop()
.resume(attestation_id, token)
.add_file_evidence(path)
)
@func()
example(attestationId: string, token: Secret, path: File): ChainloopAttestation {
return dag
.chainloop()
.resume(attestationId, token)
.addFileEvidence(path)
}
debug() 🔗
Return Type
Container !
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
resume --attestation-id string --token env:MYSECRET \
debug
func (m *myModule) example(attestationId string, token *Secret) *Container {
return dag.
Chainloop().
Resume(attestationId, token).
Debug()
}
@function
def example(attestation_id: str, token: dagger.Secret) -> dagger.Container:
return (
dag.chainloop()
.resume(attestation_id, token)
.debug()
)
@func()
example(attestationId: string, token: Secret): Container {
return dag
.chainloop()
.resume(attestationId, token)
.debug()
}
container() 🔗
Build an ephemeral container with everything needed to process the attestation
Return Type
Container !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
ttl | Integer | 0 | Cache TTL for chainloop commands, in seconds Defaults to 0: no caching |
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
resume --attestation-id string --token env:MYSECRET \
container
func (m *myModule) example(attestationId string, token *Secret) *Container {
return dag.
Chainloop().
Resume(attestationId, token).
Container()
}
@function
def example(attestation_id: str, token: dagger.Secret) -> dagger.Container:
return (
dag.chainloop()
.resume(attestation_id, token)
.container()
)
@func()
example(attestationId: string, token: Secret): Container {
return dag
.chainloop()
.resume(attestationId, token)
.container()
}
push() 🔗
Generate, sign and push the attestation to the chainloop control plane
Return Type
String !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
key | Secret | - | The private key to sign the attestation |
passphrase | Secret | - | The passphrase to decrypt the private key |
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
resume --attestation-id string --token env:MYSECRET \
push
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) string {
return dag.
Chainloop().
Resume(attestationId, token).
Push(ctx)
}
@function
async def example(attestation_id: str, token: dagger.Secret) -> str:
return await (
dag.chainloop()
.resume(attestation_id, token)
.push()
)
@func()
async example(attestationId: string, token: Secret): Promise<string> {
return dag
.chainloop()
.resume(attestationId, token)
.push()
}
markFailed() 🔗
Mark the attestation as failed
Return Type
Void !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
reason | String | - | The reason for canceling, in human-readable form |
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
resume --attestation-id string --token env:MYSECRET \
mark-failed
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) {
return dag.
Chainloop().
Resume(attestationId, token).
MarkFailed(ctx)
}
@function
async def example(attestation_id: str, token: dagger.Secret) -> None:
return await (
dag.chainloop()
.resume(attestation_id, token)
.mark_failed()
)
@func()
async example(attestationId: string, token: Secret): Promise<void> {
return dag
.chainloop()
.resume(attestationId, token)
.markFailed()
}
markCanceled() 🔗
Mark the attestation as canceled
Return Type
Void !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
reason | String | - | The reason for canceling, in human-readable form |
Example
dagger -m github.com/chainloop-dev/chainloop@2209cd26ce7e2b0e7ab4a36d5de5566e3d6c5a02 call \
resume --attestation-id string --token env:MYSECRET \
mark-canceled
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) {
return dag.
Chainloop().
Resume(attestationId, token).
MarkCanceled(ctx)
}
@function
async def example(attestation_id: str, token: dagger.Secret) -> None:
return await (
dag.chainloop()
.resume(attestation_id, token)
.mark_canceled()
)
@func()
async example(attestationId: string, token: Secret): Promise<void> {
return dag
.chainloop()
.resume(attestationId, token)
.markCanceled()
}