chainloop
Chainloop is an open source project that allows you to collect, attest, and distribute pieces of evidence from your Software Supply Chain.
Installation
dagger install github.com/chainloop-dev/chainloop@v0.91.8Entrypoint
Return Type
ChainloopExample
func (m *myModule) example() *Chainloop {
return dag.
Chainloop()
}Types
Chainloop 🔗
init() 🔗
Initialize a new attestation
Return Type
Attestation !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| token | Secret ! | - | Chainloop API token |
| contractRevision | String | - | Workflow Contract revision, default is the latest |
| repository | Directory | - | Path to the source repository to be attested |
| workflowName | String ! | - | Workflow name to be used for the attestation |
Example
func (m *myModule) example(token *Secret, workflowName string) *ChainloopAttestation {
return dag.
Chainloop().
Init(token, workflowName)
}resume() 🔗
Resume an attestation from its identifier
Return Type
Attestation !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| attestationId | String ! | - | The attestation ID |
| token | Secret ! | - | Chainloop API token |
Example
func (m *myModule) example(attestationId string, token *Secret) *ChainloopAttestation {
return dag.
Chainloop().
Resume(attestationId, token)
}Attestation 🔗
A Chainloop attestation https://docs.chainloop.dev/how-does-it-work/#contract-based-attestation
attestationId() 🔗
Return Type
String !Example
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) string {
return dag.
Chainloop().
Resume(attestationId, token).
AttestationId(ctx)
}status() 🔗
Check the attestation status
Return Type
String !Example
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) string {
return dag.
Chainloop().
Resume(attestationId, token).
Status(ctx)
}sync() 🔗
Sync will force the client to send an actual query to the chainloop control plane This is specially important to be run right after Init for example
att := chainloop.Init(ctx, token, "main")
if err := att.Sync(ctx); err != nil {
return nil, err
}
Return Type
Void !Example
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) {
return dag.
Chainloop().
Resume(attestationId, token).
Sync(ctx)
}withRegistryAuth() 🔗
Attach credentials for a container registry. Chainloop will use them to query the registry for container image pieces of evidences
Return Type
Attestation !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| address | String ! | - | Registry address. Example: "index.docker.io" |
| username | String ! | - | Registry username |
| password | Secret ! | - | Registry password |
Example
func (m *myModule) example(attestationId string, token *Secret, address string, username string, password *Secret) *ChainloopAttestation {
return dag.
Chainloop().
Resume(attestationId, token).
WithRegistryAuth(address, username, password)
}addRawEvidence() 🔗
Add a raw string piece of evidence to the attestation
Return Type
Attestation !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| name | String | - | Evidence name. Don't pass a name if the material being attested is not part of the contract Example: "my-blob" |
| value | String ! | - | The contents of the blob |
Example
func (m *myModule) example(attestationId string, token *Secret, value string) *ChainloopAttestation {
return dag.
Chainloop().
Resume(attestationId, token).
AddRawEvidence(value)
}addFileEvidence() 🔗
Add a file type piece of evidence to the attestation
Return Type
Attestation !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| name | String | - | Evidence name. Don't pass a name if the material being attested is not part of the contract Example: "my-binary" |
| path | File ! | - | The file to add |
Example
func (m *myModule) example(attestationId string, token *Secret, path *File) *ChainloopAttestation {
return dag.
Chainloop().
Resume(attestationId, token).
AddFileEvidence(path)
}debug() 🔗
Return Type
Terminal !Example
func (m *myModule) example(attestationId string, token *Secret) *Terminal {
return dag.
Chainloop().
Resume(attestationId, token).
Debug()
}container() 🔗
Build an ephemeral container with everything needed to process the attestation
Return Type
Container !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| ttl | Integer | 0 | Cache TTL for chainloop commands, in seconds Defaults to 0: no caching |
Example
func (m *myModule) example(attestationId string, token *Secret) *Container {
return dag.
Chainloop().
Resume(attestationId, token).
Container()
}push() 🔗
Generate, sign and push the attestation to the chainloop control plane
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| key | Secret | - | The private key to sign the attestation |
| passphrase | Secret | - | The passphrase to decrypt the private key |
Example
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) string {
return dag.
Chainloop().
Resume(attestationId, token).
Push(ctx)
}markFailed() 🔗
Mark the attestation as failed
Return Type
Void !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| reason | String | - | The reason for canceling, in human-readable form |
Example
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) {
return dag.
Chainloop().
Resume(attestationId, token).
MarkFailed(ctx)
}markCanceled() 🔗
Mark the attestation as canceled
Return Type
Void !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| reason | String | - | The reason for canceling, in human-readable form |
Example
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) {
return dag.
Chainloop().
Resume(attestationId, token).
MarkCanceled(ctx)
}