-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Discussion on the various fields of provenance metadata and ways to fill them #3
Comments
I was looking at materials and I think we already have a function for link metadata that collects Artifacts URI and creates a sha256 hash for them. We can extracts data from the output of this function and put it into provenance metadata. |
@adityasaky we should update the description with provenance v02 changes What feature do you want to see added?This issue is to discuss how to fill data in the provenance metadata. These are more elaborately described here https://slsa.dev/provenance/v0.2 Builderbuilder(object, required): This identifies the trusted entity that will run all the steps and fill the details in the provenance. buildTypeURI indicating what type of build was performed. It determines the meaning of invocation, buildConfig and materials. Invocationinvocation(object): Identifies the event that kicked off the build. When combined with materials, this SHOULD fully describe the build, such that re-running this invocation results in bit-for-bit identical output Metadatametadata(object): This object will contain properties of the build. buildConfig (object)Lists the steps in the build. If invocation.configSource is not available, buildConfig can be used to verify information about the build. Materials:materials(array of objects): This array of objects includes the artifacts that are part of the build. These include dependencies, images, tools. Upstream changesNo response |
Moved from jenkinsci#32, cc @lakshya8066
What feature do you want to see added?
This issue is to discuss how to fill data in the provenance metadata. These are more elaborately described here https://slsa.dev/provenance/v0.1
The fields that need attention are listed below:
Builder
builder(object, required): This identifies the trusted entity that will run all the steps and fill the details in the provenance.
builder.id(string, required): This will indicate the builder’s identity.
Recipe
recipe(object): This will denote the steps and configuration used for the build. Along with the materials, this will completely describe the build.
recipe.type(string): This will describe the type of the recipe that was performed. This will also determine recipe.entryPoint, recipe.argument, recipe.environment and materials.
recipe.defineInMaterials(integer): If the recipe comes from material this will contain the index containing the recipe steps.
recipe.entrypoint(string): This will be a string identifying the entry point into the build. The syntax and meaning will be defined by recipe.type.
recipe.arguments(object): This will be a JSON object containing all the external inputs that were used in the build along with recipe.definedInMaterials and recipe.entryPoint. This will be considered complete only when metadata.completeness.arguments is set to true.
recipe.environments(object): This will be an arbitrary JSON object which contains any other controls that are needed by the builder to execute the recipe. This is generally needed for reproducing the build.
Metadata
metadata(object): This object will contain properties of the build.
metadata.buildInvocationId(string): This is a globally unique value that identifies that particular build invocation. This is treated as opaque and case-sensitive by default.
metadata.buildStartedOn(string): This gives the timestamp of when the build started.
metadata.buildFinishedOn(string): This gives the timestamp of when the build is completed.
metadata.completeness(object): This is an object that indicates that the builder claims certain fields in this message to be complete.
metadata.completeness.arguments(boolean): This states whether the builder claims whether all the external inputs are properly captured in the recipe or not.
metadata.completeness.environment(boolean): If the value of this is true then the builder claims that recipe.environment is complete.
metadata.completeness.materials(boolean): If the value of this is true then the builder claims that materials is complete.
metadata.reproducible(boolean): If this is true then the builder claims that if the user runs all the steps in the recipe on materials then the output produced will be identical.
Materials:
materials(array of objects): This array of objects includes the artifacts that are part of the build. These include dependencies, images, tools.
materials[*].uri(string): This is the method that will be used to reference the artifact during the build.
materials[*].digest(object): This is the set of cryptographic digest expressed as a JSON map from algorithm name to lowercase hex-encoded value.
Upstream changes
No response
The text was updated successfully, but these errors were encountered: