chainloop

Chainloop is an open source project that allows you to collect, attest, and distribute pieces of evidence from your Software Supply Chain.

Installation

dagger install github.com/chainloop-dev/chainloop@5e1fc8426c0ca5382f89dfdd706aad8bec4c6b58

Entrypoint

Return Type

Chainloop

Example

dagger -m github.com/chainloop-dev/chainloop@5e1fc8426c0ca5382f89dfdd706aad8bec4c6b58 call \

func (m *myModule) example() *Chainloop  {
	return dag.
			Chainloop()
}

@function
def example() -> dag.Chainloop:
	return (
		dag.chainloop()
	)

@func()
example(): Chainloop {
	return dag
		.chainloop()
}

Types

Chainloop 🔗

init() 🔗

Initialize a new attestation

Return Type

Attestation !

Arguments

Name	Type	Default Value	Description
token	Secret !	-	Chainloop API token
contractRevision	String	-	Workflow Contract revision, default is the latest
repository	Directory	-	Path to the source repository to be attested
workflowName	String !	-	Workflow name to be used for the attestation
projectName	String !	-	Project name to be used for the attestation
contractName	String	-	name of an existing contract to attach it to the auto-created workflow
projectVersion	String	-	Version of the project to be used for the attestation
release	Boolean	-	mark the version as release

Example

dagger -m github.com/chainloop-dev/chainloop@5e1fc8426c0ca5382f89dfdd706aad8bec4c6b58 call \
 init --token env:MYSECRET --workflow-name string --project-name string

func (m *myModule) example(token *Secret, workflowName string, projectName string) *ChainloopAttestation  {
	return dag.
			Chainloop().
			Init(token, workflowName, projectName)
}

@function
def example(token: dagger.Secret, workflow_name: str, project_name: str) -> dag.ChainloopAttestation:
	return (
		dag.chainloop()
		.init(token, workflow_name, project_name)
	)

@func()
example(token: Secret, workflowName: string, projectName: string): ChainloopAttestation {
	return dag
		.chainloop()
		.init(token, workflowName, projectName)
}

resume() 🔗

Resume an attestation from its identifier

Return Type

Attestation !

Arguments

Name	Type	Default Value	Description
attestationId	String !	-	The attestation ID
token	Secret !	-	Chainloop API token

Example

dagger -m github.com/chainloop-dev/chainloop@5e1fc8426c0ca5382f89dfdd706aad8bec4c6b58 call \
 resume --attestation-id string --token env:MYSECRET

func (m *myModule) example(attestationId string, token *Secret) *ChainloopAttestation  {
	return dag.
			Chainloop().
			Resume(attestationId, token)
}

@function
def example(attestation_id: str, token: dagger.Secret) -> dag.ChainloopAttestation:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
	)

@func()
example(attestationId: string, token: Secret): ChainloopAttestation {
	return dag
		.chainloop()
		.resume(attestationId, token)
}

withInstance() 🔗

Configure the Chainloop instance to use

Return Type

Chainloop !

Arguments

Name	Type	Default Value	Description
controlplaneApi	String !	-	Example: "api.controlplane.company.com:443"
casApi	String !	-	Example: "api.cas.company.com:443"
casCa	File	-	Path to custom CA certificate for the CAS API
controlplaneCa	File	-	Path to custom CA certificate for the Control Plane API
insecure	Boolean	-	Whether to skip TLS verification

Example

dagger -m github.com/chainloop-dev/chainloop@5e1fc8426c0ca5382f89dfdd706aad8bec4c6b58 call \
 with-instance --controlplane-api string --cas-api string

func (m *myModule) example(controlplaneApi string, casApi string) *Chainloop  {
	return dag.
			Chainloop().
			WithInstance(controlplaneApi, casApi)
}

@function
def example(controlplane_api: str, cas_api: str) -> dag.Chainloop:
	return (
		dag.chainloop()
		.with_instance(controlplane_api, cas_api)
	)

@func()
example(controlplaneApi: string, casApi: string): Chainloop {
	return dag
		.chainloop()
		.withInstance(controlplaneApi, casApi)
}

workflowCreate() 🔗

Create a new workflow

Return Type

String !

Arguments

Name	Type	Default Value	Description
token	Secret !	-	Chainloop API token
name	String !	-	Workflow name
project	String !	-	Workflow project
team	String	-	No description provided
description	String	-	No description provided
contractName	String	-	name of an existing contract
public	Boolean	-	Set workflow as public so other organizations can see it
skipIfExists	Boolean	-	If the workflow already exists, skip the creation and return success

Example

dagger -m github.com/chainloop-dev/chainloop@5e1fc8426c0ca5382f89dfdd706aad8bec4c6b58 call \
 workflow-create --token env:MYSECRET --name string --project string

func (m *myModule) example(ctx context.Context, token *Secret, name string, project string) string  {
	return dag.
			Chainloop().
			WorkflowCreate(ctx, token, name, project)
}

@function
async def example(token: dagger.Secret, name: str, project: str) -> str:
	return await (
		dag.chainloop()
		.workflow_create(token, name, project)
	)

@func()
async example(token: Secret, name: string, project: string): Promise<string> {
	return dag
		.chainloop()
		.workflowCreate(token, name, project)
}

Attestation 🔗

A Chainloop attestation https://docs.chainloop.dev/how-does-it-work/#contract-based-attestation

attestationId() 🔗

Return Type

String !

Example

dagger -m github.com/chainloop-dev/chainloop@5e1fc8426c0ca5382f89dfdd706aad8bec4c6b58 call \
 resume --attestation-id string --token env:MYSECRET \
 attestation-id

func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) string  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			AttestationId(ctx)
}

@function
async def example(attestation_id: str, token: dagger.Secret) -> str:
	return await (
		dag.chainloop()
		.resume(attestation_id, token)
		.attestation_id()
	)

@func()
async example(attestationId: string, token: Secret): Promise<string> {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.attestationId()
}

client() 🔗

Return Type

Chainloop !

Example

dagger -m github.com/chainloop-dev/chainloop@5e1fc8426c0ca5382f89dfdd706aad8bec4c6b58 call \
 resume --attestation-id string --token env:MYSECRET \
 client

func (m *myModule) example(attestationId string, token *Secret) *Chainloop  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			Client()
}

@function
def example(attestation_id: str, token: dagger.Secret) -> dag.Chainloop:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
		.client()
	)

@func()
example(attestationId: string, token: Secret): Chainloop {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.client()
}

status() 🔗

Check the attestation status

Return Type

String !

Example

dagger -m github.com/chainloop-dev/chainloop@5e1fc8426c0ca5382f89dfdd706aad8bec4c6b58 call \
 resume --attestation-id string --token env:MYSECRET \
 status

func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) string  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			Status(ctx)
}

@function
async def example(attestation_id: str, token: dagger.Secret) -> str:
	return await (
		dag.chainloop()
		.resume(attestation_id, token)
		.status()
	)

@func()
async example(attestationId: string, token: Secret): Promise<string> {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.status()
}

sync() 🔗

Sync will force the client to send an actual query to the chainloop control plane This is specially important to be run right after Init for example

att := chainloop.Init(ctx, token, "main")

if err := att.Sync(ctx); err != nil {
	return nil, err
}

Return Type

Void !

Example

dagger -m github.com/chainloop-dev/chainloop@5e1fc8426c0ca5382f89dfdd706aad8bec4c6b58 call \
 resume --attestation-id string --token env:MYSECRET \
 sync

func (m *myModule) example(ctx context.Context, attestationId string, token *Secret)   {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			Sync(ctx)
}

@function
async def example(attestation_id: str, token: dagger.Secret) -> None:
	return await (
		dag.chainloop()
		.resume(attestation_id, token)
		.sync()
	)

@func()
async example(attestationId: string, token: Secret): Promise<void> {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.sync()
}

withRegistryAuth() 🔗

Attach credentials for a container registry. Chainloop will use them to query the registry for container image pieces of evidences

Return Type

Attestation !

Arguments

Name	Type	Default Value	Description
address	String !	-	Registry address. Example: "index.docker.io"
username	String !	-	Registry username
password	Secret !	-	Registry password

Example

dagger -m github.com/chainloop-dev/chainloop@5e1fc8426c0ca5382f89dfdd706aad8bec4c6b58 call \
 resume --attestation-id string --token env:MYSECRET \
 with-registry-auth --address string --username string --password env:MYSECRET

func (m *myModule) example(attestationId string, token *Secret, address string, username string, password *Secret) *ChainloopAttestation  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			WithRegistryAuth(address, username, password)
}

@function
def example(attestation_id: str, token: dagger.Secret, address: str, username: str, password: dagger.Secret) -> dag.ChainloopAttestation:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
		.with_registry_auth(address, username, password)
	)

@func()
example(attestationId: string, token: Secret, address: string, username: string, password: Secret): ChainloopAttestation {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.withRegistryAuth(address, username, password)
}

addRawEvidence() 🔗

Add a raw string piece of evidence to the attestation

Return Type

Attestation !

Arguments

Name	Type	Default Value	Description
name	String	-	Evidence name. Don't pass a name if the material being attested is not part of the contract Example: "my-blob"
value	String !	-	The contents of the blob

Example

dagger -m github.com/chainloop-dev/chainloop@5e1fc8426c0ca5382f89dfdd706aad8bec4c6b58 call \
 resume --attestation-id string --token env:MYSECRET \
 add-raw-evidence --value string

func (m *myModule) example(attestationId string, token *Secret, value string) *ChainloopAttestation  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			AddRawEvidence(value)
}

@function
def example(attestation_id: str, token: dagger.Secret, value: str) -> dag.ChainloopAttestation:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
		.add_raw_evidence(value)
	)

@func()
example(attestationId: string, token: Secret, value: string): ChainloopAttestation {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.addRawEvidence(value)
}

addFileEvidence() 🔗

Add a file type piece of evidence to the attestation

Return Type

Attestation !

Arguments

Name	Type	Default Value	Description
name	String	-	Evidence name. Don't pass a name if the material being attested is not part of the contract Example: "my-binary"
path	File !	-	The file to add

Example

dagger -m github.com/chainloop-dev/chainloop@5e1fc8426c0ca5382f89dfdd706aad8bec4c6b58 call \
 resume --attestation-id string --token env:MYSECRET \
 add-file-evidence --path file:path

func (m *myModule) example(attestationId string, token *Secret, path *File) *ChainloopAttestation  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			AddFileEvidence(path)
}

@function
def example(attestation_id: str, token: dagger.Secret, path: dagger.File) -> dag.ChainloopAttestation:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
		.add_file_evidence(path)
	)

@func()
example(attestationId: string, token: Secret, path: File): ChainloopAttestation {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.addFileEvidence(path)
}

debug() 🔗

Return Type

Container !

Example

dagger -m github.com/chainloop-dev/chainloop@5e1fc8426c0ca5382f89dfdd706aad8bec4c6b58 call \
 resume --attestation-id string --token env:MYSECRET \
 debug

func (m *myModule) example(attestationId string, token *Secret) *Container  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			Debug()
}

@function
def example(attestation_id: str, token: dagger.Secret) -> dagger.Container:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
		.debug()
	)

@func()
example(attestationId: string, token: Secret): Container {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.debug()
}

container() 🔗

Build an ephemeral container with everything needed to process the attestation

Return Type

Container !

Arguments

Name	Type	Default Value	Description
ttl	Integer	0	Cache TTL for chainloop commands, in seconds Defaults to 0: no caching

Example

dagger -m github.com/chainloop-dev/chainloop@5e1fc8426c0ca5382f89dfdd706aad8bec4c6b58 call \
 resume --attestation-id string --token env:MYSECRET \
 container

func (m *myModule) example(attestationId string, token *Secret) *Container  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			Container()
}

@function
def example(attestation_id: str, token: dagger.Secret) -> dagger.Container:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
		.container()
	)

@func()
example(attestationId: string, token: Secret): Container {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.container()
}

push() 🔗

Generate, sign and push the attestation to the chainloop control plane

Return Type

String !

Arguments

Name	Type	Default Value	Description
key	Secret	-	The private key to sign the attestation
passphrase	Secret	-	The passphrase to decrypt the private key

Example

dagger -m github.com/chainloop-dev/chainloop@5e1fc8426c0ca5382f89dfdd706aad8bec4c6b58 call \
 resume --attestation-id string --token env:MYSECRET \
 push

func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) string  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			Push(ctx)
}

@function
async def example(attestation_id: str, token: dagger.Secret) -> str:
	return await (
		dag.chainloop()
		.resume(attestation_id, token)
		.push()
	)

@func()
async example(attestationId: string, token: Secret): Promise<string> {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.push()
}

markFailed() 🔗

Mark the attestation as failed

Return Type

Void !

Arguments

Name	Type	Default Value	Description
reason	String	-	The reason for canceling, in human-readable form

Example

dagger -m github.com/chainloop-dev/chainloop@5e1fc8426c0ca5382f89dfdd706aad8bec4c6b58 call \
 resume --attestation-id string --token env:MYSECRET \
 mark-failed

func (m *myModule) example(ctx context.Context, attestationId string, token *Secret)   {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			MarkFailed(ctx)
}

@function
async def example(attestation_id: str, token: dagger.Secret) -> None:
	return await (
		dag.chainloop()
		.resume(attestation_id, token)
		.mark_failed()
	)

@func()
async example(attestationId: string, token: Secret): Promise<void> {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.markFailed()
}

markCanceled() 🔗

Mark the attestation as canceled

Return Type

Void !

Arguments

Name	Type	Default Value	Description
reason	String	-	The reason for canceling, in human-readable form

Example

dagger -m github.com/chainloop-dev/chainloop@5e1fc8426c0ca5382f89dfdd706aad8bec4c6b58 call \
 resume --attestation-id string --token env:MYSECRET \
 mark-canceled

func (m *myModule) example(ctx context.Context, attestationId string, token *Secret)   {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			MarkCanceled(ctx)
}

@function
async def example(attestation_id: str, token: dagger.Secret) -> None:
	return await (
		dag.chainloop()
		.resume(attestation_id, token)
		.mark_canceled()
	)

@func()
async example(attestationId: string, token: Secret): Promise<void> {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.markCanceled()
}