grafeas 0.0.1 → 0.1.0

data/lib/grafeas/v1/doc/grafeas/v1/image.rb

@@ -0,0 +1,79 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+module Grafeas
+  module V1
+    # Layer holds metadata specific to a layer of a Docker image.
+    # @!attribute [rw] directive
+    #   @return [String]
+    #     Required. The recovered Dockerfile directive used to construct this layer.
+    #     See https://docs.docker.com/engine/reference/builder/ for more information.
+    # @!attribute [rw] arguments
+    #   @return [String]
+    #     The recovered arguments to the Dockerfile directive.
+    class Layer; end
+
+    # A set of properties that uniquely identify a given Docker image.
+    # @!attribute [rw] v1_name
+    #   @return [String]
+    #     Required. The layer ID of the final layer in the Docker image's v1
+    #     representation.
+    # @!attribute [rw] v2_blob
+    #   @return [Array<String>]
+    #     Required. The ordered list of v2 blobs that represent a given image.
+    # @!attribute [rw] v2_name
+    #   @return [String]
+    #     Output only. The name of the image's v2 blobs computed via:
+    #       [bottom] := v2_blob[bottom]
+    #       [N] := sha256(v2_blob[N] + " " + v2_name[N+1])
+    #     Only the name of the final blob is kept.
+    class Fingerprint; end
+
+    # Basis describes the base image portion (Note) of the DockerImage
+    # relationship. Linked occurrences are derived from this or an equivalent image
+    # via:
+    #   FROM <Basis.resource_url>
+    # Or an equivalent reference, e.g., a tag of the resource_url.
+    # @!attribute [rw] resource_url
+    #   @return [String]
+    #     Required. Immutable. The resource_url for the resource representing the
+    #     basis of associated occurrence images.
+    # @!attribute [rw] fingerprint
+    #   @return [Grafeas::V1::Fingerprint]
+    #     Required. Immutable. The fingerprint of the base image.
+    class ImageNote; end
+
+    # Details of the derived image portion of the DockerImage relationship. This
+    # image would be produced from a Dockerfile with FROM <DockerImage.Basis in
+    # attached Note>.
+    # @!attribute [rw] fingerprint
+    #   @return [Grafeas::V1::Fingerprint]
+    #     Required. The fingerprint of the derived image.
+    # @!attribute [rw] distance
+    #   @return [Integer]
+    #     Output only. The number of layers by which this image differs from the
+    #     associated image basis.
+    # @!attribute [rw] layer_info
+    #   @return [Array<Grafeas::V1::Layer>]
+    #     This contains layer-specific metadata, if populated it has length
+    #     "distance" and is ordered with [distance] being the layer immediately
+    #     following the base image and [1] being the final layer.
+    # @!attribute [rw] base_resource_url
+    #   @return [String]
+    #     Output only. This contains the base image URL for the derived image
+    #     occurrence.
+    class ImageOccurrence; end
+  end
+end

data/lib/grafeas/v1/doc/grafeas/v1/package.rb

@@ -0,0 +1,125 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+module Grafeas
+  module V1
+    # This represents a particular channel of distribution for a given package.
+    # E.g., Debian's jessie-backports dpkg mirror.
+    # @!attribute [rw] cpe_uri
+    #   @return [String]
+    #     Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
+    #     denoting the package manager version distributing a package.
+    # @!attribute [rw] architecture
+    #   @return [Grafeas::V1::Architecture]
+    #     The CPU architecture for which packages in this distribution channel were
+    #     built.
+    # @!attribute [rw] latest_version
+    #   @return [Grafeas::V1::Version]
+    #     The latest available version of this package in this distribution channel.
+    # @!attribute [rw] maintainer
+    #   @return [String]
+    #     A freeform string denoting the maintainer of this package.
+    # @!attribute [rw] url
+    #   @return [String]
+    #     The distribution channel-specific homepage for this package.
+    # @!attribute [rw] description
+    #   @return [String]
+    #     The distribution channel-specific description of this package.
+    class Distribution; end
+
+    # An occurrence of a particular package installation found within a system's
+    # filesystem. E.g., glibc was found in `/var/lib/dpkg/status`.
+    # @!attribute [rw] cpe_uri
+    #   @return [String]
+    #     Required. The CPE URI in [CPE format](https://cpe.mitre.org/specification/)
+    #     denoting the package manager version distributing a package.
+    # @!attribute [rw] version
+    #   @return [Grafeas::V1::Version]
+    #     The version installed at this location.
+    # @!attribute [rw] path
+    #   @return [String]
+    #     The path from which we gathered that this package/version is installed.
+    class Location; end
+
+    # This represents a particular package that is distributed over various
+    # channels. E.g., glibc (aka libc6) is distributed by many, at various
+    # versions.
+    # @!attribute [rw] name
+    #   @return [String]
+    #     Required. Immutable. The name of the package.
+    # @!attribute [rw] distribution
+    #   @return [Array<Grafeas::V1::Distribution>]
+    #     The various channels by which a package is distributed.
+    class PackageNote; end
+
+    # Details on how a particular software package was installed on a system.
+    # @!attribute [rw] name
+    #   @return [String]
+    #     Output only. The name of the installed package.
+    # @!attribute [rw] location
+    #   @return [Array<Grafeas::V1::Location>]
+    #     Required. All of the places within the filesystem versions of this package
+    #     have been found.
+    class PackageOccurrence; end
+
+    # Version contains structured information about the version of a package.
+    # @!attribute [rw] epoch
+    #   @return [Integer]
+    #     Used to correct mistakes in the version numbering scheme.
+    # @!attribute [rw] name
+    #   @return [String]
+    #     Required only when version kind is NORMAL. The main part of the version
+    #     name.
+    # @!attribute [rw] revision
+    #   @return [String]
+    #     The iteration of the package build from the above version.
+    # @!attribute [rw] kind
+    #   @return [Grafeas::V1::Version::VersionKind]
+    #     Required. Distinguishes between sentinel MIN/MAX versions and normal
+    #     versions.
+    # @!attribute [rw] full_name
+    #   @return [String]
+    #     Human readable version string. This string is of the form
+    #     <epoch>:<name>-<revision> and is only set when kind is NORMAL.
+    class Version
+      # Whether this is an ordinary package version or a sentinel MIN/MAX version.
+      module VersionKind
+        # Unknown.
+        VERSION_KIND_UNSPECIFIED = 0
+
+        # A standard package version.
+        NORMAL = 1
+
+        # A special version representing negative infinity.
+        MINIMUM = 2
+
+        # A special version representing positive infinity.
+        MAXIMUM = 3
+      end
+    end
+
+    # Instruction set architectures supported by various package managers.
+    module Architecture
+      # Unknown architecture.
+      ARCHITECTURE_UNSPECIFIED = 0
+
+      # X86 architecture.
+      X86 = 1
+
+      # X64 architecture.
+      X64 = 2
+    end
+  end
+end

data/lib/grafeas/v1/doc/grafeas/v1/provenance.rb

@@ -0,0 +1,248 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+module Grafeas
+  module V1
+    # Provenance of a build. Contains all information needed to verify the full
+    # details about the build from source to completion.
+    # @!attribute [rw] id
+    #   @return [String]
+    #     Required. Unique identifier of the build.
+    # @!attribute [rw] project_id
+    #   @return [String]
+    #     ID of the project.
+    # @!attribute [rw] commands
+    #   @return [Array<Grafeas::V1::Command>]
+    #     Commands requested by the build.
+    # @!attribute [rw] built_artifacts
+    #   @return [Array<Grafeas::V1::Artifact>]
+    #     Output of the build.
+    # @!attribute [rw] create_time
+    #   @return [Google::Protobuf::Timestamp]
+    #     Time at which the build was created.
+    # @!attribute [rw] start_time
+    #   @return [Google::Protobuf::Timestamp]
+    #     Time at which execution of the build was started.
+    # @!attribute [rw] end_time
+    #   @return [Google::Protobuf::Timestamp]
+    #     Time at which execution of the build was finished.
+    # @!attribute [rw] creator
+    #   @return [String]
+    #     E-mail address of the user who initiated this build. Note that this was the
+    #     user's e-mail address at the time the build was initiated; this address may
+    #     not represent the same end-user for all time.
+    # @!attribute [rw] logs_uri
+    #   @return [String]
+    #     URI where any logs for this provenance were written.
+    # @!attribute [rw] source_provenance
+    #   @return [Grafeas::V1::Source]
+    #     Details of the Source input to the build.
+    # @!attribute [rw] trigger_id
+    #   @return [String]
+    #     Trigger identifier if the build was triggered automatically; empty if not.
+    # @!attribute [rw] build_options
+    #   @return [Hash{String => String}]
+    #     Special options applied to this build. This is a catch-all field where
+    #     build providers can enter any desired additional details.
+    # @!attribute [rw] builder_version
+    #   @return [String]
+    #     Version string of the builder at the time this build was executed.
+    class BuildProvenance; end
+
+    # Source describes the location of the source used for the build.
+    # @!attribute [rw] artifact_storage_source_uri
+    #   @return [String]
+    #     If provided, the input binary artifacts for the build came from this
+    #     location.
+    # @!attribute [rw] file_hashes
+    #   @return [Hash{String => Grafeas::V1::FileHashes}]
+    #     Hash(es) of the build source, which can be used to verify that the original
+    #     source integrity was maintained in the build.
+    #
+    #     The keys to this map are file paths used as build source and the values
+    #     contain the hash values for those files.
+    #
+    #     If the build source came in a single package such as a gzipped tarfile
+    #     (.tar.gz), the FileHash will be for the single path to that file.
+    # @!attribute [rw] context
+    #   @return [Grafeas::V1::SourceContext]
+    #     If provided, the source code used for the build came from this location.
+    # @!attribute [rw] additional_contexts
+    #   @return [Array<Grafeas::V1::SourceContext>]
+    #     If provided, some of the source code used for the build may be found in
+    #     these locations, in the case where the source repository had multiple
+    #     remotes or submodules. This list will not include the context specified in
+    #     the context field.
+    class Source; end
+
+    # Container message for hashes of byte content of files, used in source
+    # messages to verify integrity of source input to the build.
+    # @!attribute [rw] file_hash
+    #   @return [Array<Grafeas::V1::Hash>]
+    #     Required. Collection of file hashes.
+    class FileHashes; end
+
+    # Container message for hash values.
+    # @!attribute [rw] type
+    #   @return [String]
+    #     Required. The type of hash that was performed, e.g. "SHA-256".
+    # @!attribute [rw] value
+    #   @return [String]
+    #     Required. The hash value.
+    class Hash; end
+
+    # Command describes a step performed as part of the build pipeline.
+    # @!attribute [rw] name
+    #   @return [String]
+    #     Required. Name of the command, as presented on the command line, or if the
+    #     command is packaged as a Docker container, as presented to `docker pull`.
+    # @!attribute [rw] env
+    #   @return [Array<String>]
+    #     Environment variables set before running this command.
+    # @!attribute [rw] args
+    #   @return [Array<String>]
+    #     Command-line arguments used when executing this command.
+    # @!attribute [rw] dir
+    #   @return [String]
+    #     Working directory (relative to project source root) used when running this
+    #     command.
+    # @!attribute [rw] id
+    #   @return [String]
+    #     Optional unique identifier for this command, used in wait_for to reference
+    #     this command as a dependency.
+    # @!attribute [rw] wait_for
+    #   @return [Array<String>]
+    #     The ID(s) of the command(s) that this command depends on.
+    class Command; end
+
+    # Artifact describes a build product.
+    # @!attribute [rw] checksum
+    #   @return [String]
+    #     Hash or checksum value of a binary, or Docker Registry 2.0 digest of a
+    #     container.
+    # @!attribute [rw] id
+    #   @return [String]
+    #     Artifact ID, if any; for container images, this will be a URL by digest
+    #     like `gcr.io/projectID/imagename@sha256:123456`.
+    # @!attribute [rw] names
+    #   @return [Array<String>]
+    #     Related artifact names. This may be the path to a binary or jar file, or in
+    #     the case of a container build, the name used to push the container image to
+    #     Google Container Registry, as presented to `docker push`. Note that a
+    #     single Artifact ID can have multiple names, for example if two tags are
+    #     applied to one image.
+    class Artifact; end
+
+    # A SourceContext is a reference to a tree of files. A SourceContext together
+    # with a path point to a unique revision of a single file or directory.
+    # @!attribute [rw] cloud_repo
+    #   @return [Grafeas::V1::CloudRepoSourceContext]
+    #     A SourceContext referring to a revision in a Google Cloud Source Repo.
+    # @!attribute [rw] gerrit
+    #   @return [Grafeas::V1::GerritSourceContext]
+    #     A SourceContext referring to a Gerrit project.
+    # @!attribute [rw] git
+    #   @return [Grafeas::V1::GitSourceContext]
+    #     A SourceContext referring to any third party Git repo (e.g., GitHub).
+    # @!attribute [rw] labels
+    #   @return [Hash{String => String}]
+    #     Labels with user defined metadata.
+    class SourceContext; end
+
+    # An alias to a repo revision.
+    # @!attribute [rw] kind
+    #   @return [Grafeas::V1::AliasContext::Kind]
+    #     The alias kind.
+    # @!attribute [rw] name
+    #   @return [String]
+    #     The alias name.
+    class AliasContext
+      # The type of an alias.
+      module Kind
+        # Unknown.
+        KIND_UNSPECIFIED = 0
+
+        # Git tag.
+        FIXED = 1
+
+        # Git branch.
+        MOVABLE = 2
+
+        # Used to specify non-standard aliases. For example, if a Git repo has a
+        # ref named "refs/foo/bar".
+        OTHER = 4
+      end
+    end
+
+    # A CloudRepoSourceContext denotes a particular revision in a Google Cloud
+    # Source Repo.
+    # @!attribute [rw] repo_id
+    #   @return [Grafeas::V1::RepoId]
+    #     The ID of the repo.
+    # @!attribute [rw] revision_id
+    #   @return [String]
+    #     A revision ID.
+    # @!attribute [rw] alias_context
+    #   @return [Grafeas::V1::AliasContext]
+    #     An alias, which may be a branch or tag.
+    class CloudRepoSourceContext; end
+
+    # A SourceContext referring to a Gerrit project.
+    # @!attribute [rw] host_uri
+    #   @return [String]
+    #     The URI of a running Gerrit instance.
+    # @!attribute [rw] gerrit_project
+    #   @return [String]
+    #     The full project name within the host. Projects may be nested, so
+    #     "project/subproject" is a valid project name. The "repo name" is the
+    #     hostURI/project.
+    # @!attribute [rw] revision_id
+    #   @return [String]
+    #     A revision (commit) ID.
+    # @!attribute [rw] alias_context
+    #   @return [Grafeas::V1::AliasContext]
+    #     An alias, which may be a branch or tag.
+    class GerritSourceContext; end
+
+    # A GitSourceContext denotes a particular revision in a third party Git
+    # repository (e.g., GitHub).
+    # @!attribute [rw] url
+    #   @return [String]
+    #     Git repository URL.
+    # @!attribute [rw] revision_id
+    #   @return [String]
+    #     Git commit hash.
+    class GitSourceContext; end
+
+    # A unique identifier for a Cloud Repo.
+    # @!attribute [rw] project_repo_id
+    #   @return [Grafeas::V1::ProjectRepoId]
+    #     A combination of a project ID and a repo name.
+    # @!attribute [rw] uid
+    #   @return [String]
+    #     A server-assigned, globally unique identifier.
+    class RepoId; end
+
+    # Selects a repo using a Google Cloud Platform project ID (e.g.,
+    # winged-cargo-31) and a repo name within that project.
+    # @!attribute [rw] project_id
+    #   @return [String]
+    #     The ID of the project.
+    # @!attribute [rw] repo_name
+    #   @return [String]
+    #     The name of the repo. Leave empty for the default repo.
+    class ProjectRepoId; end
+  end
+end