diff options
Diffstat (limited to 'google/devtools/containeranalysis/v1alpha1/provenance.proto')
-rw-r--r-- | google/devtools/containeranalysis/v1alpha1/provenance.proto | 223 |
1 files changed, 223 insertions, 0 deletions
diff --git a/google/devtools/containeranalysis/v1alpha1/provenance.proto b/google/devtools/containeranalysis/v1alpha1/provenance.proto new file mode 100644 index 000000000..ce2b53202 --- /dev/null +++ b/google/devtools/containeranalysis/v1alpha1/provenance.proto @@ -0,0 +1,223 @@ +// Copyright 2018 Google Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.devtools.containeranalysis.v1alpha1; + +import "google/api/annotations.proto"; +import "google/devtools/containeranalysis/v1alpha1/source_context.proto"; +import "google/protobuf/timestamp.proto"; + +option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1alpha1;containeranalysis"; +option java_multiple_files = true; +option java_package = "com.google.containeranalysis.v1alpha1"; +option objc_class_prefix = "GCA"; + +// Provenance of a build. Contains all information needed to verify the full +// details about the build from source to completion. +message BuildProvenance { + // Unique identifier of the build. + string id = 1; + + // ID of the project. + string project_id = 2; + + // Commands requested by the build. + repeated Command commands = 5; + + // Output of the build. + repeated Artifact built_artifacts = 6; + + // Time at which the build was created. + google.protobuf.Timestamp create_time = 7; + + // Time at which execution of the build was started. + google.protobuf.Timestamp start_time = 8; + + // Time at which execution of the build was finished. + google.protobuf.Timestamp finish_time = 9; + + // E-mail address of the user who initiated this build. Note that this was the + // user's e-mail address at the time the build was initiated; this address may + // not represent the same end-user for all time. + string creator = 11; + + // Google Cloud Storage bucket where logs were written. + string logs_bucket = 13; + + // Details of the Source input to the build. + Source source_provenance = 14; + + // Trigger identifier if the build was triggered automatically; empty if not. + string trigger_id = 15; + + // Special options applied to this build. This is a catch-all field where + // build providers can enter any desired additional details. + map<string, string> build_options = 16; + + // Version string of the builder at the time this build was executed. + string builder_version = 17; +} + +// Source describes the location of the source used for the build. +message Source { + // Source location information. + oneof source { + // If provided, get the source from this location in in Google Cloud + // Storage. + StorageSource storage_source = 1; + + // If provided, get source from this location in a Cloud Repo. + RepoSource repo_source = 2; + } + + // If provided, the input binary artifacts for the build came from this + // location. + StorageSource artifact_storage_source = 4; + + // Hash(es) of the build source, which can be used to verify that the original + // source integrity was maintained in the build. + // + // The keys to this map are file paths used as build source and the values + // contain the hash values for those files. + // + // If the build source came in a single package such as a gzipped tarfile + // (.tar.gz), the FileHash will be for the single path to that file. + map<string, FileHashes> file_hashes = 3; + + // If provided, the source code used for the build came from this location. + SourceContext context = 7; + + // If provided, some of the source code used for the build may be found in + // these locations, in the case where the source repository had multiple + // remotes or submodules. This list will not include the context specified in + // the context field. + repeated SourceContext additional_contexts = 8; +} + +// Container message for hashes of byte content of files, used in Source +// messages to verify integrity of source input to the build. +message FileHashes { + // Collection of file hashes. + repeated Hash file_hash = 1; +} + +// Container message for hash values. +message Hash { + // Specifies the hash algorithm, if any. + enum HashType { + // No hash requested. + NONE = 0; + + // A sha256 hash. + SHA256 = 1; + } + + // The type of hash that was performed. + HashType type = 1; + + // The hash value. + bytes value = 2; +} + +// StorageSource describes the location of the source in an archive file in +// Google Cloud Storage. +message StorageSource { + // Google Cloud Storage bucket containing source (see [Bucket Name + // Requirements] + // (https://cloud.google.com/storage/docs/bucket-naming#requirements)). + string bucket = 1; + + // Google Cloud Storage object containing source. + string object = 2; + + // Google Cloud Storage generation for the object. + int64 generation = 3; +} + +// RepoSource describes the location of the source in a Google Cloud Source +// Repository. +message RepoSource { + // ID of the project that owns the repo. + string project_id = 1; + + // Name of the repo. + string repo_name = 2; + + // A revision within the source repository must be specified in + // one of these ways. + oneof revision { + // Name of the branch to build. + string branch_name = 3; + + // Name of the tag to build. + string tag_name = 4; + + // Explicit commit SHA to build. + string commit_sha = 5; + } +} + +// Command describes a step performed as part of the build pipeline. +message Command { + // Name of the command, as presented on the command line, or if the command is + // packaged as a Docker container, as presented to `docker pull`. + string name = 1; + + // Environment variables set before running this Command. + repeated string env = 2; + + // Command-line arguments used when executing this Command. + repeated string args = 3; + + // Working directory (relative to project source root) used when running + // this Command. + string dir = 4; + + // Optional unique identifier for this Command, used in wait_for to reference + // this Command as a dependency. + string id = 5; + + // The ID(s) of the Command(s) that this Command depends on. + repeated string wait_for = 6; +} + +// Artifact describes a build product. +message Artifact { + // Name of the artifact. This may be the path to a binary or jar file, or in + // the case of a container build, the name used to push the container image to + // Google Container Registry, as presented to `docker push`. + // + // This field is deprecated in favor of the plural `names` field; it continues + // to exist here to allow existing BuildProvenance serialized to json in + // google.devtools.containeranalysis.v1alpha1.BuildDetails.provenance_bytes to + // deserialize back into proto. + string name = 1; + + // Hash or checksum value of a binary, or Docker Registry 2.0 digest of a + // container. + string checksum = 2; + + // Artifact ID, if any; for container images, this will be a URL by digest + // like gcr.io/projectID/imagename@sha256:123456 + string id = 3; + + // Related artifact names. This may be the path to a binary or jar file, or in + // the case of a container build, the name used to push the container image to + // Google Container Registry, as presented to `docker push`. Note that a + // single Artifact ID can have multiple names, for example if two tags are + // applied to one image. + repeated string names = 4; +} |