From c99227e6b8518748ce71e4722ad2a2507f9e23e4 Mon Sep 17 00:00:00 2001 From: Kris Coleman Date: Wed, 5 Jun 2024 02:37:24 -0400 Subject: [PATCH] feat: add git refs to go witness git attestor this enables witness to track git refs Co-authored-by: Nick Kane --- archivista/store.go | 2 +- attestation/git/git.go | 10 ++++++++++ go.mod | 1 + go.sum | 4 ++-- 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/archivista/store.go b/archivista/store.go index f4ed58e2..ccba927a 100644 --- a/archivista/store.go +++ b/archivista/store.go @@ -22,7 +22,7 @@ import ( ) func (c *Client) Store(ctx context.Context, env dsse.Envelope) (string, error) { - resp, err := archivistaapi.Upload(ctx, c.url, env) + resp, err := archivistaapi.Store(ctx, c.url, env) if err != nil { return "", err } diff --git a/attestation/git/git.go b/attestation/git/git.go index 68a0c564..7f41d5b7 100644 --- a/attestation/git/git.go +++ b/attestation/git/git.go @@ -94,6 +94,7 @@ type Attestor struct { Refs []string `json:"refs,omitempty"` Remotes []string `json:"remotes,omitempty"` Tags []Tag `json:"tags,omitempty"` + RefNameShort string `json:"branch,omitempty"` } func New() *Attestor { @@ -184,6 +185,7 @@ func (a *Attestor) Attest(ctx *attestation.AttestationContext) error { a.CommitDate = commit.Author.When.String() a.CommitMessage = commit.Message a.Signature = commit.PGPSignature + a.RefNameShort = head.Name().Short() for _, parent := range commit.ParentHashes { a.ParentHashes = append(a.ParentHashes, parent.String()) @@ -289,6 +291,14 @@ func (a *Attestor) Subjects() map[string]cryptoutil.DigestSet { subjects[subjectName] = ds } + // add refname short + subjectName = fmt.Sprintf("refnameshort:%v", a.RefNameShort) + ds, err = cryptoutil.CalculateDigestSetFromBytes([]byte(a.RefNameShort), hashes) + if err != nil { + return nil + } + subjects[subjectName] = ds + return subjects } diff --git a/go.mod b/go.mod index a7053b1d..e1216bae 100644 --- a/go.mod +++ b/go.mod @@ -77,6 +77,7 @@ require ( github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/json-iterator/go v1.1.12 // indirect + github.com/klauspost/compress v1.17.6 // indirect github.com/letsencrypt/boulder v0.0.0-20240226214708-a97e074b5a3e // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect diff --git a/go.sum b/go.sum index df2a380c..852f51a1 100644 --- a/go.sum +++ b/go.sum @@ -225,8 +225,8 @@ github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4= -github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= +github.com/klauspost/compress v1.17.6 h1:60eq2E/jlfwQXtvZEeBUYADs+BwKBWURIY+Gj2eRGjI= +github.com/klauspost/compress v1.17.6/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=