chainloop
Chainloop is an open source project that allows you to collect, attest, and distribute pieces of evidence from your Software Supply Chain.
Installation
dagger install github.com/chainloop-dev/chainloop@v0.81.2
Entrypoint
Return Type
Chainloop
Example
dagger -m github.com/chainloop-dev/chainloop@66b5dae226d94f2697734327650c02f529be33e5 call \
func (m *myModule) example() *Chainloop {
return dag.
Chainloop()
}
@function
def example() -> dag.Chainloop:
return (
dag.chainloop()
)
@func()
example(): Chainloop {
return dag
.chainloop()
}
Types
Chainloop 🔗
init() 🔗
Initialize a new attestation
Return Type
Attestation !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
token | Secret ! | - | Chainloop API token |
contractRevision | String | - | Workflow Contract revision, default is the latest |
repository | Directory | - | Path to the source repository to be attested |
Example
dagger -m github.com/chainloop-dev/chainloop@66b5dae226d94f2697734327650c02f529be33e5 call \
init --token env:MYSECRET
func (m *myModule) example(token *Secret) *ChainloopAttestation {
return dag.
Chainloop().
Init(token)
}
@function
def example(token: dagger.Secret) -> dag.ChainloopAttestation:
return (
dag.chainloop()
.init(token)
)
@func()
example(token: Secret): ChainloopAttestation {
return dag
.chainloop()
.init(token)
}
resume() 🔗
Resume an attestation from its identifier
Return Type
Attestation !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
attestationId | String ! | - | The attestation ID |
token | Secret ! | - | Chainloop API token |
Example
dagger -m github.com/chainloop-dev/chainloop@66b5dae226d94f2697734327650c02f529be33e5 call \
resume --attestation-id string --token env:MYSECRET
func (m *myModule) example(attestationId string, token *Secret) *ChainloopAttestation {
return dag.
Chainloop().
Resume(attestationId, token)
}
@function
def example(attestation_id: str, token: dagger.Secret) -> dag.ChainloopAttestation:
return (
dag.chainloop()
.resume(attestation_id, token)
)
@func()
example(attestationId: string, token: Secret): ChainloopAttestation {
return dag
.chainloop()
.resume(attestationId, token)
}
Attestation 🔗
A Chainloop attestation https://docs.chainloop.dev/how-does-it-work/#contract-based-attestation
attestationId() 🔗
Return Type
String !
Example
dagger -m github.com/chainloop-dev/chainloop@66b5dae226d94f2697734327650c02f529be33e5 call \
resume --attestation-id string --token env:MYSECRET \
attestation-id
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) string {
return dag.
Chainloop().
Resume(attestationId, token).
AttestationId(ctx)
}
@function
async def example(attestation_id: str, token: dagger.Secret) -> str:
return await (
dag.chainloop()
.resume(attestation_id, token)
.attestation_id()
)
@func()
async example(attestationId: string, token: Secret): Promise<string> {
return dag
.chainloop()
.resume(attestationId, token)
.attestationId()
}
status() 🔗
Check the attestation status
Return Type
String !
Example
dagger -m github.com/chainloop-dev/chainloop@66b5dae226d94f2697734327650c02f529be33e5 call \
resume --attestation-id string --token env:MYSECRET \
status
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) string {
return dag.
Chainloop().
Resume(attestationId, token).
Status(ctx)
}
@function
async def example(attestation_id: str, token: dagger.Secret) -> str:
return await (
dag.chainloop()
.resume(attestation_id, token)
.status()
)
@func()
async example(attestationId: string, token: Secret): Promise<string> {
return dag
.chainloop()
.resume(attestationId, token)
.status()
}
sync() 🔗
Sync will force the client to send an actual query to the chainloop control plane This is specially important to be run right after Init for example
att := chainloop.Init(ctx, token, "main")
if err := att.Sync(ctx); err != nil {
return nil, err
}
Return Type
Void !
Example
dagger -m github.com/chainloop-dev/chainloop@66b5dae226d94f2697734327650c02f529be33e5 call \
resume --attestation-id string --token env:MYSECRET \
sync
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) {
return dag.
Chainloop().
Resume(attestationId, token).
Sync(ctx)
}
@function
async def example(attestation_id: str, token: dagger.Secret) -> None:
return await (
dag.chainloop()
.resume(attestation_id, token)
.sync()
)
@func()
async example(attestationId: string, token: Secret): Promise<void> {
return dag
.chainloop()
.resume(attestationId, token)
.sync()
}
withRegistryAuth() 🔗
Attach credentials for a container registry. Chainloop will use them to query the registry for container image pieces of evidences
Return Type
Attestation !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
address | String ! | - | Registry address. Example: "index.docker.io" |
username | String ! | - | Registry username |
password | Secret ! | - | Registry password |
Example
dagger -m github.com/chainloop-dev/chainloop@66b5dae226d94f2697734327650c02f529be33e5 call \
resume --attestation-id string --token env:MYSECRET \
with-registry-auth --address string --username string --password env:MYSECRET
func (m *myModule) example(attestationId string, token *Secret, address string, username string, password *Secret) *ChainloopAttestation {
return dag.
Chainloop().
Resume(attestationId, token).
WithRegistryAuth(address, username, password)
}
@function
def example(attestation_id: str, token: dagger.Secret, address: str, username: str, password: dagger.Secret) -> dag.ChainloopAttestation:
return (
dag.chainloop()
.resume(attestation_id, token)
.with_registry_auth(address, username, password)
)
@func()
example(attestationId: string, token: Secret, address: string, username: string, password: Secret): ChainloopAttestation {
return dag
.chainloop()
.resume(attestationId, token)
.withRegistryAuth(address, username, password)
}
addRawEvidence() 🔗
Add a raw string piece of evidence to the attestation
Return Type
Attestation !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
name | String ! | - | Material name. Example: "my-blob" |
value | String ! | - | The contents of the blob |
Example
dagger -m github.com/chainloop-dev/chainloop@66b5dae226d94f2697734327650c02f529be33e5 call \
resume --attestation-id string --token env:MYSECRET \
add-raw-evidence --name string --value string
func (m *myModule) example(attestationId string, token *Secret, name string, value string) *ChainloopAttestation {
return dag.
Chainloop().
Resume(attestationId, token).
AddRawEvidence(name, value)
}
@function
def example(attestation_id: str, token: dagger.Secret, name: str, value: str) -> dag.ChainloopAttestation:
return (
dag.chainloop()
.resume(attestation_id, token)
.add_raw_evidence(name, value)
)
@func()
example(attestationId: string, token: Secret, name: string, value: string): ChainloopAttestation {
return dag
.chainloop()
.resume(attestationId, token)
.addRawEvidence(name, value)
}
addFileEvidence() 🔗
Add a file type piece of evidence to the attestation
Return Type
Attestation !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
name | String ! | - | Evidence name. Example: "my-binary" |
path | File ! | - | The file to add |
Example
dagger -m github.com/chainloop-dev/chainloop@66b5dae226d94f2697734327650c02f529be33e5 call \
resume --attestation-id string --token env:MYSECRET \
add-file-evidence --name string --path file:path
func (m *myModule) example(attestationId string, token *Secret, name string, path *File) *ChainloopAttestation {
return dag.
Chainloop().
Resume(attestationId, token).
AddFileEvidence(name, path)
}
@function
def example(attestation_id: str, token: dagger.Secret, name: str, path: dagger.File) -> dag.ChainloopAttestation:
return (
dag.chainloop()
.resume(attestation_id, token)
.add_file_evidence(name, path)
)
@func()
example(attestationId: string, token: Secret, name: string, path: File): ChainloopAttestation {
return dag
.chainloop()
.resume(attestationId, token)
.addFileEvidence(name, path)
}
debug() 🔗
Return Type
Terminal !
Example
dagger -m github.com/chainloop-dev/chainloop@66b5dae226d94f2697734327650c02f529be33e5 call \
resume --attestation-id string --token env:MYSECRET \
debug
func (m *myModule) example(attestationId string, token *Secret) *Terminal {
return dag.
Chainloop().
Resume(attestationId, token).
Debug()
}
@function
def example(attestation_id: str, token: dagger.Secret) -> dag.Terminal:
return (
dag.chainloop()
.resume(attestation_id, token)
.debug()
)
@func()
example(attestationId: string, token: Secret): Terminal {
return dag
.chainloop()
.resume(attestationId, token)
.debug()
}
container() 🔗
Build an ephemeral container with everything needed to process the attestation
Return Type
Container !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
ttl | Integer | 0 | Cache TTL for chainloop commands, in seconds Defaults to 0: no caching |
Example
dagger -m github.com/chainloop-dev/chainloop@66b5dae226d94f2697734327650c02f529be33e5 call \
resume --attestation-id string --token env:MYSECRET \
container
func (m *myModule) example(attestationId string, token *Secret) *Container {
return dag.
Chainloop().
Resume(attestationId, token).
Container()
}
@function
def example(attestation_id: str, token: dagger.Secret) -> dagger.Container:
return (
dag.chainloop()
.resume(attestation_id, token)
.container()
)
@func()
example(attestationId: string, token: Secret): Container {
return dag
.chainloop()
.resume(attestationId, token)
.container()
}
push() 🔗
Generate, sign and push the attestation to the chainloop control plane
Return Type
String !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
key | Secret ! | - | No description provided |
passphrase | Secret ! | - | No description provided |
Example
dagger -m github.com/chainloop-dev/chainloop@66b5dae226d94f2697734327650c02f529be33e5 call \
resume --attestation-id string --token env:MYSECRET \
push --key env:MYSECRET --passphrase env:MYSECRET
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret, key *Secret, passphrase *Secret) string {
return dag.
Chainloop().
Resume(attestationId, token).
Push(ctx, key, passphrase)
}
@function
async def example(attestation_id: str, token: dagger.Secret, key: dagger.Secret, passphrase: dagger.Secret) -> str:
return await (
dag.chainloop()
.resume(attestation_id, token)
.push(key, passphrase)
)
@func()
async example(attestationId: string, token: Secret, key: Secret, passphrase: Secret): Promise<string> {
return dag
.chainloop()
.resume(attestationId, token)
.push(key, passphrase)
}
markFailed() 🔗
Mark the attestation as failed
Return Type
Void !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
reason | String | - | The reason for canceling, in human-readable form |
Example
dagger -m github.com/chainloop-dev/chainloop@66b5dae226d94f2697734327650c02f529be33e5 call \
resume --attestation-id string --token env:MYSECRET \
mark-failed
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) {
return dag.
Chainloop().
Resume(attestationId, token).
MarkFailed(ctx)
}
@function
async def example(attestation_id: str, token: dagger.Secret) -> None:
return await (
dag.chainloop()
.resume(attestation_id, token)
.mark_failed()
)
@func()
async example(attestationId: string, token: Secret): Promise<void> {
return dag
.chainloop()
.resume(attestationId, token)
.markFailed()
}
markCanceled() 🔗
Mark the attestation as canceled
Return Type
Void !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
reason | String | - | The reason for canceling, in human-readable form |
Example
dagger -m github.com/chainloop-dev/chainloop@66b5dae226d94f2697734327650c02f529be33e5 call \
resume --attestation-id string --token env:MYSECRET \
mark-canceled
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) {
return dag.
Chainloop().
Resume(attestationId, token).
MarkCanceled(ctx)
}
@function
async def example(attestation_id: str, token: dagger.Secret) -> None:
return await (
dag.chainloop()
.resume(attestation_id, token)
.mark_canceled()
)
@func()
async example(attestationId: string, token: Secret): Promise<void> {
return dag
.chainloop()
.resume(attestationId, token)
.markCanceled()
}