generated from oracle/template-repo
-
Notifications
You must be signed in to change notification settings - Fork 29
feat: add support for JFrog Artifactory and witness provenances produced on GitLab CI #349
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
42 commits
Select commit
Hold shift + click to select a range
9475994
feat: add JFrog Maven package registry
nathanwn 61c90aa
chore: add package registry entry to the analyze context of a softwar…
nathanwn 7530c2d
chore: take git service into account when detect ci services
nathanwn 248a3c4
chore: improve docstrings of GitHub Actions CI service
nathanwn 63a6a27
chore: move provenance download to provenance_available_check and imp…
nathanwn cc528da
chore: add expectation verification for provenances downloaded from p…
nathanwn 3c411d1
chore: add check for witness provenances
nathanwn 4b4ef52
chore: update integration test expected output files
nathanwn fc4f0c8
chore: add max valid provenance size check before downloading
nathanwn ed304b5
chore: fix docstring for JFrogMavenAsset
nathanwn 3c6bd35
chore: fix docstring for the JFrogMavenAsset url property
nathanwn e00dbdf
chore: remove redundant timeout attribute in package_registry.jfrog.m…
nathanwn 6db186b
chore: fix type annotations of provenance payload
nathanwn 5709a7f
chore: add provenances discovered from package registries to the html…
nathanwn b6275cd
chore: fix docstring of the JFrogMavenRegistry::construct_maven_repos…
nathanwn 8a9f82b
chore: re-implement the logic to get group ids of a Gradle repo based…
nathanwn 02f055b
chore: clarify some docstrings in Gradle class
nathanwn 78a4c3b
chore: rename the Asset Protocol to IsAsset
nathanwn 3d57c7b
chore: add download method to the IsAsset Protocol
nathanwn 4de00af
chore: add missing docstring for raised exception in the find_provena…
nathanwn 74c860c
chore: adjust log messages in case a provenance exceeds max valid fil…
nathanwn d2dda6a
chore: move witness-related logic to a separate module
nathanwn 93beee3
chore: adjust how provenances are stored in the PackageRegistryData c…
nathanwn efaef7f
chore: reimplement logic to determine which provenances are produced …
nathanwn 4e6bd58
chore: rename the PackageRegistryData class to PackageRegistryInfo
nathanwn 6fbea90
chore: add docstring for attributes of the JFrogMavenRegistry class
nathanwn 558ccbc
chore: rename the package_registry_info module to package_registry_spec
nathanwn 2f79de9
chore: rename asset and provenance interfaces and remove type cast on…
nathanwn 5511ed3
chore: fix typo
nathanwn 7b292b1
chore: adjust docstring for the asset module
nathanwn a0fbeaa
chore: fix typo
nathanwn e519b9a
chore: refactor provenance loading & validation, and the extract_repo…
nathanwn d234c27
chore: fix the result of witness_provenance_l1_check in case no witne…
nathanwn 07ad8f5
chore: rename 'domain' to 'hostname' in witness ini config
nathanwn 7ceb8b6
chore: improve docstrings for in-toto payload
nathanwn 72854d6
chore: add note for frozen dataclass
nathanwn d2b1f22
chore: add TODO comment about potentially using the in-toto-attestati…
nathanwn 3a6ea89
chore: adjust docstring of provenance module
nathanwn d3e3ace
chore: rename variable to use trailing underscore
nathanwn 65a8347
chore: adjust comment on the check status of witness_provenance_l1_check
nathanwn 1a6d6ca
chore: adjust docstring of the `validate_intoto_statement` function
nathanwn 842f756
chore: bug fix for witness check
nathanwn File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
# Copyright (c) 2023 - 2023, Oracle and/or its affiliates. All rights reserved. | ||
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. | ||
|
||
"""This module defines classes and interfaces related to assets. | ||
|
||
Assets are files published from some build. | ||
""" | ||
|
||
from typing import Protocol | ||
|
||
|
||
class AssetLocator(Protocol): | ||
"""Interface of an asset locator.""" | ||
|
||
@property | ||
def name(self) -> str: | ||
"""Get the name (file name) of the asset.""" | ||
|
||
@property | ||
def url(self) -> str: | ||
"""Get the url to the asset.""" | ||
|
||
@property | ||
def size_in_bytes(self) -> int: | ||
"""Get the size of the asset in bytes.""" | ||
|
||
def download(self, dest: str) -> bool: | ||
"""Download the asset. | ||
|
||
Parameters | ||
---------- | ||
dest : str | ||
The local destination where the asset is downloaded to. | ||
Note that this must include the file name. | ||
|
||
Returns | ||
------- | ||
bool | ||
``True`` if the asset is downloaded successfully; ``False`` if not. | ||
""" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.