Merge pull request #149 from simonbaird/rhtap-multici-gitlab-github

Configs for rhtap multi-ci gitlab and github

README.md

@@ -85,6 +85,22 @@ Includes rules for levels 1, 2 & 3 of SLSA v0.1. For use with ec version v0.4
 * Source: [default-v0.4/policy.yaml](https://github.com/enterprise-contract/config/blob/main/default-v0.4/policy.yaml)
 * Collections: [@slsa3](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#slsa3)
 
+### RHTAP GitHub
+
+Includes rules suitable for use with the attestations created by RHTAP GitHub build pipelines.
+
+* URL for Enterprise Contract: `github.com/enterprise-contract/config//rhtap-github`
+* Source: [rhtap-github/policy.yaml](https://github.com/enterprise-contract/config/blob/main/rhtap-github/policy.yaml)
+* Collections: [@rhtap-github](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#rhtap-github)
+
+### RHTAP GitLab
+
+Includes rules suitable for use with the attestations created by RHTAP GitLab build pipelines.
+
+* URL for Enterprise Contract: `github.com/enterprise-contract/config//rhtap-gitlab`
+* Source: [rhtap-gitlab/policy.yaml](https://github.com/enterprise-contract/config/blob/main/rhtap-gitlab/policy.yaml)
+* Collections: [@rhtap-gitlab](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#rhtap-gitlab)
+
 ### RHTAP Jenkins
 
 Includes rules suitable for use with the attestations created by RHTAP Jenkins build pipelines.

rhtap-github/policy.yaml

@@ -0,0 +1,21 @@
+#
+# To use this policy with the ec command line:
+#   ec validate image \
+#     --image $IMAGE \
+#     --public-key key.pub \
+#     --policy github.com/enterprise-contract/config//rhtap-github
+#
+name: RHTAP GitHub
+description: >-
+  Includes rules suitable for use with the attestations created by RHTAP GitHub build pipelines.
+
+sources:
+  - name: Default
+    policy:
+      - github.com/enterprise-contract/ec-policies//policy/lib?ref=main
+      - github.com/enterprise-contract/ec-policies//policy/release?ref=main
+    data: []
+    config:
+      include:
+        - '@rhtap-github'
+      exclude: []

rhtap-gitlab/policy.yaml

@@ -0,0 +1,21 @@
+#
+# To use this policy with the ec command line:
+#   ec validate image \
+#     --image $IMAGE \
+#     --public-key key.pub \
+#     --policy github.com/enterprise-contract/config//rhtap-gitlab
+#
+name: RHTAP GitLab
+description: >-
+  Includes rules suitable for use with the attestations created by RHTAP GitLab build pipelines.
+
+sources:
+  - name: Default
+    policy:
+      - github.com/enterprise-contract/ec-policies//policy/lib?ref=main
+      - github.com/enterprise-contract/ec-policies//policy/release?ref=main
+    data: []
+    config:
+      include:
+        - '@rhtap-gitlab'
+      exclude: []

src/data.yaml

@@ -9,8 +9,8 @@ default:
     - '@slsa3'
   exclude: []
 
-# In future we might want to maintain multiple versioned configs for
-# rhtap-jenkins also, but for now there is just one of them
+# In future we might want to maintain multiple versioned configs
+# for rhtap, but for now there is just one of them per ci-type
 rhtap-jenkins:
   name: RHTAP Jenkins
   description: >-
@@ -22,6 +22,30 @@ rhtap-jenkins:
     - '@rhtap-jenkins'
   exclude: []
 
+rhtap-gitlab:
+  name: RHTAP GitLab
+  description: >-
+    Includes rules suitable for use with the attestations created by RHTAP
+    GitLab build pipelines.
+  environment: versioned
+  # Pin to a release branch in future
+  ecPoliciesRef: main
+  include:
+    - '@rhtap-gitlab'
+  exclude: []
+
+rhtap-github:
+  name: RHTAP GitHub
+  description: >-
+    Includes rules suitable for use with the attestations created by RHTAP
+    GitHub build pipelines.
+  environment: versioned
+  # Pin to a release branch in future
+  ecPoliciesRef: main
+  include:
+    - '@rhtap-github'
+  exclude: []
+
 default-v0.1-alpha:
   name: Default (v0.1-alpha)
   description: >-