kpt-grpc-demo/google/devtools/containeranalysis/v1beta1/provenance/provenance.proto

// Copyright 2018 The Grafeas Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//    http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package grafeas.v1beta1.provenance;

import "google/devtools/containeranalysis/v1beta1/source/source.proto";
import "google/protobuf/timestamp.proto";

option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1/provenance;provenance";
option java_multiple_files = true;
option java_package = "io.grafeas.v1beta1.provenance";
option objc_class_prefix = "GRA";

// Provenance of a build. Contains all information needed to verify the full
// details about the build from source to completion.
message BuildProvenance {
  // Required. Unique identifier of the build.
  string id = 1;

  // ID of the project.
  string project_id = 2;

  // Commands requested by the build.
  repeated Command commands = 3;

  // Output of the build.
  repeated Artifact built_artifacts = 4;

  // Time at which the build was created.
  google.protobuf.Timestamp create_time = 5;

  // Time at which execution of the build was started.
  google.protobuf.Timestamp start_time = 6;

  // Time at which execution of the build was finished.
  google.protobuf.Timestamp end_time = 7;

  // E-mail address of the user who initiated this build. Note that this was the
  // user's e-mail address at the time the build was initiated; this address may
  // not represent the same end-user for all time.
  string creator = 8;

  // URI where any logs for this provenance were written.
  string logs_uri = 9;

  // Details of the Source input to the build.
  Source source_provenance = 10;

  // Trigger identifier if the build was triggered automatically; empty if not.
  string trigger_id = 11;

  // Special options applied to this build. This is a catch-all field where
  // build providers can enter any desired additional details.
  map<string, string> build_options = 12;

  // Version string of the builder at the time this build was executed.
  string builder_version = 13;

  // next_id = 14
}

// Source describes the location of the source used for the build.
message Source {
  // If provided, the input binary artifacts for the build came from this
  // location.
  string artifact_storage_source_uri = 1;

  // Hash(es) of the build source, which can be used to verify that the original
  // source integrity was maintained in the build.
  //
  // The keys to this map are file paths used as build source and the values
  // contain the hash values for those files.
  //
  // If the build source came in a single package such as a gzipped tarfile
  // (.tar.gz), the FileHash will be for the single path to that file.
  map<string, FileHashes> file_hashes = 2;

  // If provided, the source code used for the build came from this location.
  grafeas.v1beta1.source.SourceContext context = 3;

  // If provided, some of the source code used for the build may be found in
  // these locations, in the case where the source repository had multiple
  // remotes or submodules. This list will not include the context specified in
  // the context field.
  repeated grafeas.v1beta1.source.SourceContext additional_contexts = 4;
}

// Container message for hashes of byte content of files, used in source
// messages to verify integrity of source input to the build.
message FileHashes {
  // Required. Collection of file hashes.
  repeated Hash file_hash = 1;
}

// Container message for hash values.
message Hash {
  // Specifies the hash algorithm.
  enum HashType {
    // Unknown.
    HASH_TYPE_UNSPECIFIED = 0;
    // A SHA-256 hash.
    SHA256 = 1;
  }

  // Required. The type of hash that was performed.
  HashType type = 1;
  // Required. The hash value.
  bytes value = 2;
}

// Command describes a step performed as part of the build pipeline.
message Command {
  // Required. Name of the command, as presented on the command line, or if the
  // command is packaged as a Docker container, as presented to `docker pull`.
  string name = 1;

  // Environment variables set before running this command.
  repeated string env = 2;

  // Command-line arguments used when executing this command.
  repeated string args = 3;

  // Working directory (relative to project source root) used when running this
  // command.
  string dir = 4;

  // Optional unique identifier for this command, used in wait_for to reference
  // this command as a dependency.
  string id = 5;

  // The ID(s) of the command(s) that this command depends on.
  repeated string wait_for = 6;
}

// Artifact describes a build product.
message Artifact {
  // Hash or checksum value of a binary, or Docker Registry 2.0 digest of a
  // container.
  string checksum = 1;

  // Artifact ID, if any; for container images, this will be a URL by digest
  // like `gcr.io/projectID/imagename@sha256:123456`.
  string id = 2;

  // Related artifact names. This may be the path to a binary or jar file, or in
  // the case of a container build, the name used to push the container image to
  // Google Container Registry, as presented to `docker push`. Note that a
  // single Artifact ID can have multiple names, for example if two tags are
  // applied to one image.
  repeated string names = 3;
}