chainloop
Chainloop is an open source project that allows you to collect, attest, and distribute pieces of evidence from your Software Supply Chain.
Installation
dagger install github.com/chainloop-dev/chainloop@7581865775f5d3020cd3564c99244e83262de088Entrypoint
Return Type
ChainloopExample
func (m *myModule) example() *Chainloop {
return dag.
Chainloop()
}Types
Chainloop 🔗
init() 🔗
Initialize a new attestation
Return Type
Attestation !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| token | Secret ! | - | Chainloop API token |
| contractRevision | String | - | Workflow Contract revision, default is the latest |
| repository | Directory | - | Path to the source repository to be attested |
| workflowName | String ! | - | Workflow name to be used for the attestation |
| projectName | String ! | - | Project name to be used for the attestation |
| contractName | String | - | name of an existing contract to attach it to the auto-created workflow |
| projectVersion | String | - | Version of the project to be used for the attestation |
| release | Boolean | - | mark the version as release |
Example
func (m *myModule) example(token *Secret, workflowName string, projectName string) *ChainloopAttestation {
return dag.
Chainloop().
Init(token, workflowName, projectName)
}resume() 🔗
Resume an attestation from its identifier
Return Type
Attestation !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| attestationId | String ! | - | The attestation ID |
| token | Secret ! | - | Chainloop API token |
Example
func (m *myModule) example(attestationId string, token *Secret) *ChainloopAttestation {
return dag.
Chainloop().
Resume(attestationId, token)
}withInstance() 🔗
Configure the Chainloop instance to use
Return Type
Chainloop !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| controlplaneApi | String ! | - | Example: "api.controlplane.company.com:443" |
| casApi | String ! | - | Example: "api.cas.company.com:443" |
| casCa | File | - | Path to custom CA certificate for the CAS API |
| controlplaneCa | File | - | Path to custom CA certificate for the Control Plane API |
| insecure | Boolean | - | Whether to skip TLS verification |
Example
func (m *myModule) example(controlplaneApi string, casApi string) *Chainloop {
return dag.
Chainloop().
WithInstance(controlplaneApi, casApi)
}workflowCreate() 🔗
Create a new workflow
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| token | Secret ! | - | Chainloop API token |
| name | String ! | - | Workflow name |
| project | String ! | - | Workflow project |
| team | String | - | No description provided |
| description | String | - | No description provided |
| contractName | String | - | name of an existing contract |
| public | Boolean | - | Set workflow as public so other organizations can see it |
| skipIfExists | Boolean | - | If the workflow already exists, skip the creation and return success |
Example
func (m *myModule) example(ctx context.Context, token *Secret, name string, project string) string {
return dag.
Chainloop().
WorkflowCreate(ctx, token, name, project)
}Attestation 🔗
A Chainloop attestation https://docs.chainloop.dev/how-does-it-work/#contract-based-attestation
attestationId() 🔗
Return Type
String !Example
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) string {
return dag.
Chainloop().
Resume(attestationId, token).
AttestationId(ctx)
}client() 🔗
Return Type
Chainloop !Example
func (m *myModule) example(attestationId string, token *Secret) *Chainloop {
return dag.
Chainloop().
Resume(attestationId, token).
Client()
}status() 🔗
Check the attestation status
Return Type
String !Example
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) string {
return dag.
Chainloop().
Resume(attestationId, token).
Status(ctx)
}sync() 🔗
Sync will force the client to send an actual query to the chainloop control plane This is specially important to be run right after Init for example
att := chainloop.Init(ctx, token, "main")
if err := att.Sync(ctx); err != nil {
return nil, err
}
Return Type
Void !Example
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) {
return dag.
Chainloop().
Resume(attestationId, token).
Sync(ctx)
}withRegistryAuth() 🔗
Attach credentials for a container registry. Chainloop will use them to query the registry for container image pieces of evidences
Return Type
Attestation !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| address | String ! | - | Registry address. Example: "index.docker.io" |
| username | String ! | - | Registry username |
| password | Secret ! | - | Registry password |
Example
func (m *myModule) example(attestationId string, token *Secret, address string, username string, password *Secret) *ChainloopAttestation {
return dag.
Chainloop().
Resume(attestationId, token).
WithRegistryAuth(address, username, password)
}addRawEvidence() 🔗
Add a raw string piece of evidence to the attestation
Return Type
Attestation !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| name | String | - | Evidence name. Don't pass a name if the material being attested is not part of the contract Example: "my-blob" |
| value | String ! | - | The contents of the blob |
Example
func (m *myModule) example(attestationId string, token *Secret, value string) *ChainloopAttestation {
return dag.
Chainloop().
Resume(attestationId, token).
AddRawEvidence(value)
}addFileEvidence() 🔗
Add a file type piece of evidence to the attestation
Return Type
Attestation !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| name | String | - | Evidence name. Don't pass a name if the material being attested is not part of the contract Example: "my-binary" |
| path | File ! | - | The file to add |
Example
func (m *myModule) example(attestationId string, token *Secret, path *File) *ChainloopAttestation {
return dag.
Chainloop().
Resume(attestationId, token).
AddFileEvidence(path)
}debug() 🔗
Return Type
Container !Example
func (m *myModule) example(attestationId string, token *Secret) *Container {
return dag.
Chainloop().
Resume(attestationId, token).
Debug()
}container() 🔗
Build an ephemeral container with everything needed to process the attestation
Return Type
Container !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| ttl | Integer | 0 | Cache TTL for chainloop commands, in seconds Defaults to 0: no caching |
Example
func (m *myModule) example(attestationId string, token *Secret) *Container {
return dag.
Chainloop().
Resume(attestationId, token).
Container()
}push() 🔗
Generate, sign and push the attestation to the chainloop control plane
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| key | Secret | - | The private key to sign the attestation |
| passphrase | Secret | - | The passphrase to decrypt the private key |
| exceptionBypassPolicyCheck | Boolean | - | Whether not fail if the policy check fails |
Example
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) string {
return dag.
Chainloop().
Resume(attestationId, token).
Push(ctx)
}markFailed() 🔗
Mark the attestation as failed
Return Type
Void !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| reason | String | - | The reason for canceling, in human-readable form |
Example
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) {
return dag.
Chainloop().
Resume(attestationId, token).
MarkFailed(ctx)
}markCanceled() 🔗
Mark the attestation as canceled
Return Type
Void !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| reason | String | - | The reason for canceling, in human-readable form |
Example
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) {
return dag.
Chainloop().
Resume(attestationId, token).
MarkCanceled(ctx)
}