Dagger
Search

chainloop

Chainloop is an open source project that allows you to collect, attest, and distribute pieces of evidence from your Software Supply Chain.

Installation

dagger install github.com/chainloop-dev/chainloop@v0.91.8

Entrypoint

Return Type
Chainloop
Example
dagger -m github.com/chainloop-dev/chainloop@a751c71499d3901ac9576659b3120260a5da6d81 call \
func (m *myModule) example() *Chainloop  {
	return dag.
			Chainloop()
}
@function
def example() -> dag.Chainloop:
	return (
		dag.chainloop()
	)
@func()
example(): Chainloop {
	return dag
		.chainloop()
}

Types

Chainloop 🔗

init() 🔗

Initialize a new attestation

Return Type
Attestation !
Arguments
NameTypeDefault ValueDescription
tokenSecret !-Chainloop API token
contractRevisionString -Workflow Contract revision, default is the latest
repositoryDirectory -Path to the source repository to be attested
workflowNameString !-Workflow name to be used for the attestation
Example
dagger -m github.com/chainloop-dev/chainloop@a751c71499d3901ac9576659b3120260a5da6d81 call \
 init --token env:MYSECRET --workflow-name string
func (m *myModule) example(token *Secret, workflowName string) *ChainloopAttestation  {
	return dag.
			Chainloop().
			Init(token, workflowName)
}
@function
def example(token: dagger.Secret, workflow_name: str) -> dag.ChainloopAttestation:
	return (
		dag.chainloop()
		.init(token, workflow_name)
	)
@func()
example(token: Secret, workflowName: string): ChainloopAttestation {
	return dag
		.chainloop()
		.init(token, workflowName)
}

resume() 🔗

Resume an attestation from its identifier

Return Type
Attestation !
Arguments
NameTypeDefault ValueDescription
attestationIdString !-The attestation ID
tokenSecret !-Chainloop API token
Example
dagger -m github.com/chainloop-dev/chainloop@a751c71499d3901ac9576659b3120260a5da6d81 call \
 resume --attestation-id string --token env:MYSECRET
func (m *myModule) example(attestationId string, token *Secret) *ChainloopAttestation  {
	return dag.
			Chainloop().
			Resume(attestationId, token)
}
@function
def example(attestation_id: str, token: dagger.Secret) -> dag.ChainloopAttestation:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
	)
@func()
example(attestationId: string, token: Secret): ChainloopAttestation {
	return dag
		.chainloop()
		.resume(attestationId, token)
}

Attestation 🔗

A Chainloop attestation https://docs.chainloop.dev/how-does-it-work/#contract-based-attestation

attestationId() 🔗

Return Type
String !
Example
dagger -m github.com/chainloop-dev/chainloop@a751c71499d3901ac9576659b3120260a5da6d81 call \
 resume --attestation-id string --token env:MYSECRET \
 attestation-id
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) string  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			AttestationId(ctx)
}
@function
async def example(attestation_id: str, token: dagger.Secret) -> str:
	return await (
		dag.chainloop()
		.resume(attestation_id, token)
		.attestation_id()
	)
@func()
async example(attestationId: string, token: Secret): Promise<string> {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.attestationId()
}

status() 🔗

Check the attestation status

Return Type
String !
Example
dagger -m github.com/chainloop-dev/chainloop@a751c71499d3901ac9576659b3120260a5da6d81 call \
 resume --attestation-id string --token env:MYSECRET \
 status
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) string  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			Status(ctx)
}
@function
async def example(attestation_id: str, token: dagger.Secret) -> str:
	return await (
		dag.chainloop()
		.resume(attestation_id, token)
		.status()
	)
@func()
async example(attestationId: string, token: Secret): Promise<string> {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.status()
}

sync() 🔗

Sync will force the client to send an actual query to the chainloop control plane This is specially important to be run right after Init for example

att := chainloop.Init(ctx, token, "main")

if err := att.Sync(ctx); err != nil {
	return nil, err
}
Return Type
Void !
Example
dagger -m github.com/chainloop-dev/chainloop@a751c71499d3901ac9576659b3120260a5da6d81 call \
 resume --attestation-id string --token env:MYSECRET \
 sync
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret)   {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			Sync(ctx)
}
@function
async def example(attestation_id: str, token: dagger.Secret) -> None:
	return await (
		dag.chainloop()
		.resume(attestation_id, token)
		.sync()
	)
@func()
async example(attestationId: string, token: Secret): Promise<void> {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.sync()
}

withRegistryAuth() 🔗

Attach credentials for a container registry. Chainloop will use them to query the registry for container image pieces of evidences

Return Type
Attestation !
Arguments
NameTypeDefault ValueDescription
addressString !-Registry address. Example: "index.docker.io"
usernameString !-Registry username
passwordSecret !-Registry password
Example
dagger -m github.com/chainloop-dev/chainloop@a751c71499d3901ac9576659b3120260a5da6d81 call \
 resume --attestation-id string --token env:MYSECRET \
 with-registry-auth --address string --username string --password env:MYSECRET
func (m *myModule) example(attestationId string, token *Secret, address string, username string, password *Secret) *ChainloopAttestation  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			WithRegistryAuth(address, username, password)
}
@function
def example(attestation_id: str, token: dagger.Secret, address: str, username: str, password: dagger.Secret) -> dag.ChainloopAttestation:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
		.with_registry_auth(address, username, password)
	)
@func()
example(attestationId: string, token: Secret, address: string, username: string, password: Secret): ChainloopAttestation {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.withRegistryAuth(address, username, password)
}

addRawEvidence() 🔗

Add a raw string piece of evidence to the attestation

Return Type
Attestation !
Arguments
NameTypeDefault ValueDescription
nameString -Evidence name. Don't pass a name if the material being attested is not part of the contract Example: "my-blob"
valueString !-The contents of the blob
Example
dagger -m github.com/chainloop-dev/chainloop@a751c71499d3901ac9576659b3120260a5da6d81 call \
 resume --attestation-id string --token env:MYSECRET \
 add-raw-evidence --value string
func (m *myModule) example(attestationId string, token *Secret, value string) *ChainloopAttestation  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			AddRawEvidence(value)
}
@function
def example(attestation_id: str, token: dagger.Secret, value: str) -> dag.ChainloopAttestation:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
		.add_raw_evidence(value)
	)
@func()
example(attestationId: string, token: Secret, value: string): ChainloopAttestation {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.addRawEvidence(value)
}

addFileEvidence() 🔗

Add a file type piece of evidence to the attestation

Return Type
Attestation !
Arguments
NameTypeDefault ValueDescription
nameString -Evidence name. Don't pass a name if the material being attested is not part of the contract Example: "my-binary"
pathFile !-The file to add
Example
dagger -m github.com/chainloop-dev/chainloop@a751c71499d3901ac9576659b3120260a5da6d81 call \
 resume --attestation-id string --token env:MYSECRET \
 add-file-evidence --path file:path
func (m *myModule) example(attestationId string, token *Secret, path *File) *ChainloopAttestation  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			AddFileEvidence(path)
}
@function
def example(attestation_id: str, token: dagger.Secret, path: dagger.File) -> dag.ChainloopAttestation:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
		.add_file_evidence(path)
	)
@func()
example(attestationId: string, token: Secret, path: File): ChainloopAttestation {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.addFileEvidence(path)
}

debug() 🔗

Return Type
Terminal !
Example
dagger -m github.com/chainloop-dev/chainloop@a751c71499d3901ac9576659b3120260a5da6d81 call \
 resume --attestation-id string --token env:MYSECRET \
 debug
func (m *myModule) example(attestationId string, token *Secret) *Terminal  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			Debug()
}
@function
def example(attestation_id: str, token: dagger.Secret) -> dag.Terminal:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
		.debug()
	)
@func()
example(attestationId: string, token: Secret): Terminal {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.debug()
}

container() 🔗

Build an ephemeral container with everything needed to process the attestation

Return Type
Container !
Arguments
NameTypeDefault ValueDescription
ttlInteger 0Cache TTL for chainloop commands, in seconds Defaults to 0: no caching
Example
dagger -m github.com/chainloop-dev/chainloop@a751c71499d3901ac9576659b3120260a5da6d81 call \
 resume --attestation-id string --token env:MYSECRET \
 container
func (m *myModule) example(attestationId string, token *Secret) *Container  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			Container()
}
@function
def example(attestation_id: str, token: dagger.Secret) -> dagger.Container:
	return (
		dag.chainloop()
		.resume(attestation_id, token)
		.container()
	)
@func()
example(attestationId: string, token: Secret): Container {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.container()
}

push() 🔗

Generate, sign and push the attestation to the chainloop control plane

Return Type
String !
Arguments
NameTypeDefault ValueDescription
keySecret -The private key to sign the attestation
passphraseSecret -The passphrase to decrypt the private key
Example
dagger -m github.com/chainloop-dev/chainloop@a751c71499d3901ac9576659b3120260a5da6d81 call \
 resume --attestation-id string --token env:MYSECRET \
 push
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret) string  {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			Push(ctx)
}
@function
async def example(attestation_id: str, token: dagger.Secret) -> str:
	return await (
		dag.chainloop()
		.resume(attestation_id, token)
		.push()
	)
@func()
async example(attestationId: string, token: Secret): Promise<string> {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.push()
}

markFailed() 🔗

Mark the attestation as failed

Return Type
Void !
Arguments
NameTypeDefault ValueDescription
reasonString -The reason for canceling, in human-readable form
Example
dagger -m github.com/chainloop-dev/chainloop@a751c71499d3901ac9576659b3120260a5da6d81 call \
 resume --attestation-id string --token env:MYSECRET \
 mark-failed
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret)   {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			MarkFailed(ctx)
}
@function
async def example(attestation_id: str, token: dagger.Secret) -> None:
	return await (
		dag.chainloop()
		.resume(attestation_id, token)
		.mark_failed()
	)
@func()
async example(attestationId: string, token: Secret): Promise<void> {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.markFailed()
}

markCanceled() 🔗

Mark the attestation as canceled

Return Type
Void !
Arguments
NameTypeDefault ValueDescription
reasonString -The reason for canceling, in human-readable form
Example
dagger -m github.com/chainloop-dev/chainloop@a751c71499d3901ac9576659b3120260a5da6d81 call \
 resume --attestation-id string --token env:MYSECRET \
 mark-canceled
func (m *myModule) example(ctx context.Context, attestationId string, token *Secret)   {
	return dag.
			Chainloop().
			Resume(attestationId, token).
			MarkCanceled(ctx)
}
@function
async def example(attestation_id: str, token: dagger.Secret) -> None:
	return await (
		dag.chainloop()
		.resume(attestation_id, token)
		.mark_canceled()
	)
@func()
async example(attestationId: string, token: Secret): Promise<void> {
	return dag
		.chainloop()
		.resume(attestationId, token)
		.markCanceled()
}