1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
|
// Copyright 2018 The Grafeas Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package grafeas.v1beta1.provenance;
import "google/devtools/containeranalysis/v1beta1/source/source.proto";
import "google/protobuf/timestamp.proto";
option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/provenance;provenance";
option java_multiple_files = true;
option java_package = "io.grafeas.v1beta1.provenance";
option objc_class_prefix = "GRA";
// Provenance of a build. Contains all information needed to verify the full
// details about the build from source to completion.
message BuildProvenance {
// Required. Unique identifier of the build.
string id = 1;
// ID of the project.
string project_id = 2;
// Commands requested by the build.
repeated Command commands = 3;
// Output of the build.
repeated Artifact built_artifacts = 4;
// Time at which the build was created.
google.protobuf.Timestamp create_time = 5;
// Time at which execution of the build was started.
google.protobuf.Timestamp start_time = 6;
// Time at which execution of the build was finished.
google.protobuf.Timestamp end_time = 7;
// E-mail address of the user who initiated this build. Note that this was the
// user's e-mail address at the time the build was initiated; this address may
// not represent the same end-user for all time.
string creator = 8;
// URI where any logs for this provenance were written.
string logs_uri = 9;
// Details of the Source input to the build.
Source source_provenance = 10;
// Trigger identifier if the build was triggered automatically; empty if not.
string trigger_id = 11;
// Special options applied to this build. This is a catch-all field where
// build providers can enter any desired additional details.
map<string, string> build_options = 12;
// Version string of the builder at the time this build was executed.
string builder_version = 13;
// next_id = 14
}
// Source describes the location of the source used for the build.
message Source {
// If provided, the input binary artifacts for the build came from this
// location.
string artifact_storage_source_uri = 1;
// Hash(es) of the build source, which can be used to verify that the original
// source integrity was maintained in the build.
//
// The keys to this map are file paths used as build source and the values
// contain the hash values for those files.
//
// If the build source came in a single package such as a gzipped tarfile
// (.tar.gz), the FileHash will be for the single path to that file.
map<string, FileHashes> file_hashes = 2;
// If provided, the source code used for the build came from this location.
grafeas.v1beta1.source.SourceContext context = 3;
// If provided, some of the source code used for the build may be found in
// these locations, in the case where the source repository had multiple
// remotes or submodules. This list will not include the context specified in
// the context field.
repeated grafeas.v1beta1.source.SourceContext additional_contexts = 4;
}
// Container message for hashes of byte content of files, used in source
// messages to verify integrity of source input to the build.
message FileHashes {
// Required. Collection of file hashes.
repeated Hash file_hash = 1;
}
// Container message for hash values.
message Hash {
// Specifies the hash algorithm.
enum HashType {
// Unknown.
HASH_TYPE_UNSPECIFIED = 0;
// A SHA-256 hash.
SHA256 = 1;
}
// Required. The type of hash that was performed.
HashType type = 1;
// Required. The hash value.
bytes value = 2;
}
// Command describes a step performed as part of the build pipeline.
message Command {
// Required. Name of the command, as presented on the command line, or if the
// command is packaged as a Docker container, as presented to `docker pull`.
string name = 1;
// Environment variables set before running this command.
repeated string env = 2;
// Command-line arguments used when executing this command.
repeated string args = 3;
// Working directory (relative to project source root) used when running this
// command.
string dir = 4;
// Optional unique identifier for this command, used in wait_for to reference
// this command as a dependency.
string id = 5;
// The ID(s) of the command(s) that this command depends on.
repeated string wait_for = 6;
}
// Artifact describes a build product.
message Artifact {
// Hash or checksum value of a binary, or Docker Registry 2.0 digest of a
// container.
string checksum = 1;
// Artifact ID, if any; for container images, this will be a URL by digest
// like `gcr.io/projectID/imagename@sha256:123456`.
string id = 2;
// Related artifact names. This may be the path to a binary or jar file, or in
// the case of a container build, the name used to push the container image to
// Google Container Registry, as presented to `docker push`. Note that a
// single Artifact ID can have multiple names, for example if two tags are
// applied to one image.
repeated string names = 3;
}
|
