1// Copyright 2018 The Grafeas Authors. All rights reserved. 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package grafeas.v1beta1.provenance; 18 19import "google/devtools/containeranalysis/v1beta1/source/source.proto"; 20import "google/protobuf/timestamp.proto"; 21 22option go_package = "cloud.google.com/go/containeranalysis/apiv1beta1/containeranalysispb;containeranalysispb"; 23option java_multiple_files = true; 24option java_package = "io.grafeas.v1beta1.provenance"; 25option objc_class_prefix = "GRA"; 26 27// Provenance of a build. Contains all information needed to verify the full 28// details about the build from source to completion. 29message BuildProvenance { 30 // Required. Unique identifier of the build. 31 string id = 1; 32 33 // ID of the project. 34 string project_id = 2; 35 36 // Commands requested by the build. 37 repeated Command commands = 3; 38 39 // Output of the build. 40 repeated Artifact built_artifacts = 4; 41 42 // Time at which the build was created. 43 google.protobuf.Timestamp create_time = 5; 44 45 // Time at which execution of the build was started. 46 google.protobuf.Timestamp start_time = 6; 47 48 // Time at which execution of the build was finished. 49 google.protobuf.Timestamp end_time = 7; 50 51 // E-mail address of the user who initiated this build. Note that this was the 52 // user's e-mail address at the time the build was initiated; this address may 53 // not represent the same end-user for all time. 54 string creator = 8; 55 56 // URI where any logs for this provenance were written. 57 string logs_uri = 9; 58 59 // Details of the Source input to the build. 60 Source source_provenance = 10; 61 62 // Trigger identifier if the build was triggered automatically; empty if not. 63 string trigger_id = 11; 64 65 // Special options applied to this build. This is a catch-all field where 66 // build providers can enter any desired additional details. 67 map<string, string> build_options = 12; 68 69 // Version string of the builder at the time this build was executed. 70 string builder_version = 13; 71 72 // next_id = 14 73} 74 75// Source describes the location of the source used for the build. 76message Source { 77 // If provided, the input binary artifacts for the build came from this 78 // location. 79 string artifact_storage_source_uri = 1; 80 81 // Hash(es) of the build source, which can be used to verify that the original 82 // source integrity was maintained in the build. 83 // 84 // The keys to this map are file paths used as build source and the values 85 // contain the hash values for those files. 86 // 87 // If the build source came in a single package such as a gzipped tarfile 88 // (.tar.gz), the FileHash will be for the single path to that file. 89 map<string, FileHashes> file_hashes = 2; 90 91 // If provided, the source code used for the build came from this location. 92 grafeas.v1beta1.source.SourceContext context = 3; 93 94 // If provided, some of the source code used for the build may be found in 95 // these locations, in the case where the source repository had multiple 96 // remotes or submodules. This list will not include the context specified in 97 // the context field. 98 repeated grafeas.v1beta1.source.SourceContext additional_contexts = 4; 99} 100 101// Container message for hashes of byte content of files, used in source 102// messages to verify integrity of source input to the build. 103message FileHashes { 104 // Required. Collection of file hashes. 105 repeated Hash file_hash = 1; 106} 107 108// Container message for hash values. 109message Hash { 110 // Specifies the hash algorithm. 111 enum HashType { 112 // Unknown. 113 HASH_TYPE_UNSPECIFIED = 0; 114 // A SHA-256 hash. 115 SHA256 = 1; 116 } 117 118 // Required. The type of hash that was performed. 119 HashType type = 1; 120 // Required. The hash value. 121 bytes value = 2; 122} 123 124// Command describes a step performed as part of the build pipeline. 125message Command { 126 // Required. Name of the command, as presented on the command line, or if the 127 // command is packaged as a Docker container, as presented to `docker pull`. 128 string name = 1; 129 130 // Environment variables set before running this command. 131 repeated string env = 2; 132 133 // Command-line arguments used when executing this command. 134 repeated string args = 3; 135 136 // Working directory (relative to project source root) used when running this 137 // command. 138 string dir = 4; 139 140 // Optional unique identifier for this command, used in wait_for to reference 141 // this command as a dependency. 142 string id = 5; 143 144 // The ID(s) of the command(s) that this command depends on. 145 repeated string wait_for = 6; 146} 147 148// Artifact describes a build product. 149message Artifact { 150 // Hash or checksum value of a binary, or Docker Registry 2.0 digest of a 151 // container. 152 string checksum = 1; 153 154 // Artifact ID, if any; for container images, this will be a URL by digest 155 // like `gcr.io/projectID/imagename@sha256:123456`. 156 string id = 2; 157 158 // Related artifact names. This may be the path to a binary or jar file, or in 159 // the case of a container build, the name used to push the container image to 160 // Google Container Registry, as presented to `docker push`. Note that a 161 // single Artifact ID can have multiple names, for example if two tags are 162 // applied to one image. 163 repeated string names = 3; 164} 165