chainloop
Installation
Entrypoint
Types
Chainloop
- init()
- resume()
Attestation

chainloop

Chainloop is an open source project that allows you to collect, attest, and distribute pieces of evidence from your Software Supply Chain.

Installation

dagger install github.com/chainloop-dev/chainloop@v0.92.0

Entrypoint

Return Type

Chainloop

Example

dagger -m github.com/chainloop-dev/chainloop@4f2abde5acfc5cea96ffe44202822ce52586591d call \

func (m *MyModule) Example() *dagger.Chainloop  {
	return dag.
			Chainloop()
}

@function
def example() -> dagger.Chainloop:
	return (
		dag.chainloop()
	)

@func()
example(): Chainloop {
	return dag
		.chainloop()
}

Types

Chainloop 🔗

init() 🔗

Initialize a new attestation

Return Type

Attestation !

Arguments

Name	Type	Default Value	Description
token	Secret !	-	Chainloop API token
contractRevision	String	-	Workflow Contract revision, default is the latest
repository	Directory	-	Path to the source repository to be attested
workflowName	String !	-	Workflow name to be used for the attestation

Example

dagger -m github.com/chainloop-dev/chainloop@4f2abde5acfc5cea96ffe44202822ce52586591d call \
 init --token env:MYSECRET --workflow-name string

func (m *MyModule) Example(token *dagger.Secret, workflowName string) *dagger.ChainloopAttestation  {
	return dag.
			Chainloop().
			Init(token, workflowName)
}

@function
def example(token: dagger.Secret, workflow_name: str) -> dagger.ChainloopAttestation:
	return (
		dag.chainloop()
		.init(token, workflow_name)
	)

@func()
example(token: Secret, workflowName: string): ChainloopAttestation {
	return dag
		.chainloop()
		.init(token, workflowName)
}

resume() 🔗

Resume an attestation from its identifier

Return Type

Attestation !

Arguments

Name	Type	Default Value	Description
attestationId	String !	-	The attestation ID
token	Secret !	-	Chainloop API token

Example

dagger -m github.com/chainloop-dev/chainloop@4f2abde5acfc5cea96ffe44202822ce52586591d call \
 resume --attestation-id string --token env:MYSECRET

func (m *MyModule) Example(attestationId string, token *dagger.Secret) *dagger.ChainloopAttestation  {
	return dag.
			Chainloop().
			Resume(attestationId, token)
}

@function
def example(attestation_id: str, token: dagger.Secret) -> dagger.ChainloopAttestation:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
	)

@func()
example(attestationId: string, token: Secret): ChainloopAttestation {
	return dag
		.chainloop()
		.resume(attestationId, token)
}

Attestation 🔗

A Chainloop attestation https://docs.chainloop.dev/how-does-it-work/#contract-based-attestation

attestationId() 🔗

Return Type

String !

Example

dagger -m github.com/chainloop-dev/chainloop@4f2abde5acfc5cea96ffe44202822ce52586591d call \
 resume --attestation-id string --token env:MYSECRET \
 attestation-id

func (m *MyModule) Example(ctx context.Context, attestationId string, token *dagger.Secret) string  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			AttestationId(ctx)
}

@function
async def example(attestation_id: str, token: dagger.Secret) -> str:
	return await (
		dag.chainloop()
		.resume(attestation_id, token)
		.attestation_id()
	)

@func()
async example(attestationId: string, token: Secret): Promise<string> {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.attestationId()
}

status() 🔗

Check the attestation status

Return Type

String !

Example

dagger -m github.com/chainloop-dev/chainloop@4f2abde5acfc5cea96ffe44202822ce52586591d call \
 resume --attestation-id string --token env:MYSECRET \
 status

func (m *MyModule) Example(ctx context.Context, attestationId string, token *dagger.Secret) string  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			Status(ctx)
}

@function
async def example(attestation_id: str, token: dagger.Secret) -> str:
	return await (
		dag.chainloop()
		.resume(attestation_id, token)
		.status()
	)

@func()
async example(attestationId: string, token: Secret): Promise<string> {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.status()
}

sync() 🔗

Sync will force the client to send an actual query to the chainloop control plane This is specially important to be run right after Init for example

att := chainloop.Init(ctx, token, "main")

if err := att.Sync(ctx); err != nil {
	return nil, err
}

Return Type

Void !

Example

dagger -m github.com/chainloop-dev/chainloop@4f2abde5acfc5cea96ffe44202822ce52586591d call \
 resume --attestation-id string --token env:MYSECRET \
 sync

func (m *MyModule) Example(ctx context.Context, attestationId string, token *dagger.Secret)   {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			Sync(ctx)
}

@function
async def example(attestation_id: str, token: dagger.Secret) -> None:
	return await (
		dag.chainloop()
		.resume(attestation_id, token)
		.sync()
	)

@func()
async example(attestationId: string, token: Secret): Promise<void> {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.sync()
}

withRegistryAuth() 🔗

Attach credentials for a container registry. Chainloop will use them to query the registry for container image pieces of evidences

Return Type

Attestation !

Arguments

Name	Type	Default Value	Description
address	String !	-	Registry address. Example: "index.docker.io"
username	String !	-	Registry username
password	Secret !	-	Registry password

Example

dagger -m github.com/chainloop-dev/chainloop@4f2abde5acfc5cea96ffe44202822ce52586591d call \
 resume --attestation-id string --token env:MYSECRET \
 with-registry-auth --address string --username string --password env:MYSECRET

func (m *MyModule) Example(attestationId string, token *dagger.Secret, address string, username string, password *dagger.Secret) *dagger.ChainloopAttestation  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			WithRegistryAuth(address, username, password)
}

@function
def example(attestation_id: str, token: dagger.Secret, address: str, username: str, password: dagger.Secret) -> dagger.ChainloopAttestation:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
		.with_registry_auth(address, username, password)
	)

@func()
example(attestationId: string, token: Secret, address: string, username: string, password: Secret): ChainloopAttestation {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.withRegistryAuth(address, username, password)
}

addRawEvidence() 🔗

Add a raw string piece of evidence to the attestation

Return Type

Attestation !

Arguments

Name	Type	Default Value	Description
name	String	-	Evidence name. Don't pass a name if the material being attested is not part of the contract Example: "my-blob"
value	String !	-	The contents of the blob

Example

dagger -m github.com/chainloop-dev/chainloop@4f2abde5acfc5cea96ffe44202822ce52586591d call \
 resume --attestation-id string --token env:MYSECRET \
 add-raw-evidence --value string

func (m *MyModule) Example(attestationId string, token *dagger.Secret, value string) *dagger.ChainloopAttestation  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			AddRawEvidence(value)
}

@function
def example(attestation_id: str, token: dagger.Secret, value: str) -> dagger.ChainloopAttestation:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
		.add_raw_evidence(value)
	)

@func()
example(attestationId: string, token: Secret, value: string): ChainloopAttestation {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.addRawEvidence(value)
}

addFileEvidence() 🔗

Add a file type piece of evidence to the attestation

Return Type

Attestation !

Arguments

Name	Type	Default Value	Description
name	String	-	Evidence name. Don't pass a name if the material being attested is not part of the contract Example: "my-binary"
path	File !	-	The file to add

Example

dagger -m github.com/chainloop-dev/chainloop@4f2abde5acfc5cea96ffe44202822ce52586591d call \
 resume --attestation-id string --token env:MYSECRET \
 add-file-evidence --path file:path

func (m *MyModule) Example(attestationId string, token *dagger.Secret, path *dagger.File) *dagger.ChainloopAttestation  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			AddFileEvidence(path)
}

@function
def example(attestation_id: str, token: dagger.Secret, path: dagger.File) -> dagger.ChainloopAttestation:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
		.add_file_evidence(path)
	)

@func()
example(attestationId: string, token: Secret, path: File): ChainloopAttestation {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.addFileEvidence(path)
}

debug() 🔗

Return Type

Terminal !

Example

dagger -m github.com/chainloop-dev/chainloop@4f2abde5acfc5cea96ffe44202822ce52586591d call \
 resume --attestation-id string --token env:MYSECRET \
 debug

func (m *MyModule) Example(attestationId string, token *dagger.Secret) *dagger.Terminal  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			Debug()
}

@function
def example(attestation_id: str, token: dagger.Secret) -> dagger.Terminal:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
		.debug()
	)

@func()
example(attestationId: string, token: Secret): Terminal {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.debug()
}

container() 🔗

Build an ephemeral container with everything needed to process the attestation

Return Type

Container !

Arguments

Name	Type	Default Value	Description
ttl	Integer	0	Cache TTL for chainloop commands, in seconds Defaults to 0: no caching

Example

dagger -m github.com/chainloop-dev/chainloop@4f2abde5acfc5cea96ffe44202822ce52586591d call \
 resume --attestation-id string --token env:MYSECRET \
 container

func (m *MyModule) Example(attestationId string, token *dagger.Secret) *dagger.Container  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			Container()
}

@function
def example(attestation_id: str, token: dagger.Secret) -> dagger.Container:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
		.container()
	)

@func()
example(attestationId: string, token: Secret): Container {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.container()
}

push() 🔗

Generate, sign and push the attestation to the chainloop control plane

Return Type

String !

Arguments

Name	Type	Default Value	Description
key	Secret	-	The private key to sign the attestation
passphrase	Secret	-	The passphrase to decrypt the private key

Example

dagger -m github.com/chainloop-dev/chainloop@4f2abde5acfc5cea96ffe44202822ce52586591d call \
 resume --attestation-id string --token env:MYSECRET \
 push

func (m *MyModule) Example(ctx context.Context, attestationId string, token *dagger.Secret) string  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			Push(ctx)
}

@function
async def example(attestation_id: str, token: dagger.Secret) -> str:
	return await (
		dag.chainloop()
		.resume(attestation_id, token)
		.push()
	)

@func()
async example(attestationId: string, token: Secret): Promise<string> {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.push()
}

markFailed() 🔗

Mark the attestation as failed

Return Type

Void !

Arguments

Name	Type	Default Value	Description
reason	String	-	The reason for canceling, in human-readable form

Example

dagger -m github.com/chainloop-dev/chainloop@4f2abde5acfc5cea96ffe44202822ce52586591d call \
 resume --attestation-id string --token env:MYSECRET \
 mark-failed

func (m *MyModule) Example(ctx context.Context, attestationId string, token *dagger.Secret)   {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			MarkFailed(ctx)
}

@function
async def example(attestation_id: str, token: dagger.Secret) -> None:
	return await (
		dag.chainloop()
		.resume(attestation_id, token)
		.mark_failed()
	)

@func()
async example(attestationId: string, token: Secret): Promise<void> {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.markFailed()
}

markCanceled() 🔗

Mark the attestation as canceled

Return Type

Void !

Arguments

Name	Type	Default Value	Description
reason	String	-	The reason for canceling, in human-readable form

Example

dagger -m github.com/chainloop-dev/chainloop@4f2abde5acfc5cea96ffe44202822ce52586591d call \
 resume --attestation-id string --token env:MYSECRET \
 mark-canceled

func (m *MyModule) Example(ctx context.Context, attestationId string, token *dagger.Secret)   {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			MarkCanceled(ctx)
}

@function
async def example(attestation_id: str, token: dagger.Secret) -> None:
	return await (
		dag.chainloop()
		.resume(attestation_id, token)
		.mark_canceled()
	)

@func()
async example(attestationId: string, token: Secret): Promise<void> {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.markCanceled()
}