1// Copyright 2019 The Grafeas Authors. All rights reserved. 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package grafeas.v1; 18 19import "google/protobuf/timestamp.proto"; 20 21option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas"; 22option java_multiple_files = true; 23option java_package = "io.grafeas.v1"; 24option objc_class_prefix = "GRA"; 25 26// Provenance of a build. Contains all information needed to verify the full 27// details about the build from source to completion. 28message BuildProvenance { 29 // Required. Unique identifier of the build. 30 string id = 1; 31 32 // ID of the project. 33 string project_id = 2; 34 35 // Commands requested by the build. 36 repeated Command commands = 3; 37 38 // Output of the build. 39 repeated Artifact built_artifacts = 4; 40 41 // Time at which the build was created. 42 google.protobuf.Timestamp create_time = 5; 43 44 // Time at which execution of the build was started. 45 google.protobuf.Timestamp start_time = 6; 46 47 // Time at which execution of the build was finished. 48 google.protobuf.Timestamp end_time = 7; 49 50 // E-mail address of the user who initiated this build. Note that this was the 51 // user's e-mail address at the time the build was initiated; this address may 52 // not represent the same end-user for all time. 53 string creator = 8; 54 55 // URI where any logs for this provenance were written. 56 string logs_uri = 9; 57 58 // Details of the Source input to the build. 59 Source source_provenance = 10; 60 61 // Trigger identifier if the build was triggered automatically; empty if not. 62 string trigger_id = 11; 63 64 // Special options applied to this build. This is a catch-all field where 65 // build providers can enter any desired additional details. 66 map<string, string> build_options = 12; 67 68 // Version string of the builder at the time this build was executed. 69 string builder_version = 13; 70} 71 72// Source describes the location of the source used for the build. 73message Source { 74 // If provided, the input binary artifacts for the build came from this 75 // location. 76 string artifact_storage_source_uri = 1; 77 78 // Hash(es) of the build source, which can be used to verify that the original 79 // source integrity was maintained in the build. 80 // 81 // The keys to this map are file paths used as build source and the values 82 // contain the hash values for those files. 83 // 84 // If the build source came in a single package such as a gzipped tarfile 85 // (.tar.gz), the FileHash will be for the single path to that file. 86 map<string, FileHashes> file_hashes = 2; 87 88 // If provided, the source code used for the build came from this location. 89 SourceContext context = 3; 90 91 // If provided, some of the source code used for the build may be found in 92 // these locations, in the case where the source repository had multiple 93 // remotes or submodules. This list will not include the context specified in 94 // the context field. 95 repeated SourceContext additional_contexts = 4; 96} 97 98// Container message for hashes of byte content of files, used in source 99// messages to verify integrity of source input to the build. 100message FileHashes { 101 // Required. Collection of file hashes. 102 repeated Hash file_hash = 1; 103} 104 105// Container message for hash values. 106message Hash { 107 // Required. The type of hash that was performed, e.g. "SHA-256". 108 string type = 1; 109 // Required. The hash value. 110 bytes value = 2; 111} 112 113// Command describes a step performed as part of the build pipeline. 114message Command { 115 // Required. Name of the command, as presented on the command line, or if the 116 // command is packaged as a Docker container, as presented to `docker pull`. 117 string name = 1; 118 119 // Environment variables set before running this command. 120 repeated string env = 2; 121 122 // Command-line arguments used when executing this command. 123 repeated string args = 3; 124 125 // Working directory (relative to project source root) used when running this 126 // command. 127 string dir = 4; 128 129 // Optional unique identifier for this command, used in wait_for to reference 130 // this command as a dependency. 131 string id = 5; 132 133 // The ID(s) of the command(s) that this command depends on. 134 repeated string wait_for = 6; 135} 136 137// Artifact describes a build product. 138message Artifact { 139 // Hash or checksum value of a binary, or Docker Registry 2.0 digest of a 140 // container. 141 string checksum = 1; 142 143 // Artifact ID, if any; for container images, this will be a URL by digest 144 // like `gcr.io/projectID/imagename@sha256:123456`. 145 string id = 2; 146 147 // Related artifact names. This may be the path to a binary or jar file, or in 148 // the case of a container build, the name used to push the container image to 149 // Google Container Registry, as presented to `docker push`. Note that a 150 // single Artifact ID can have multiple names, for example if two tags are 151 // applied to one image. 152 repeated string names = 3; 153} 154 155// A SourceContext is a reference to a tree of files. A SourceContext together 156// with a path point to a unique revision of a single file or directory. 157message SourceContext { 158 // A SourceContext can refer any one of the following types of repositories. 159 oneof context { 160 // A SourceContext referring to a revision in a Google Cloud Source Repo. 161 CloudRepoSourceContext cloud_repo = 1; 162 163 // A SourceContext referring to a Gerrit project. 164 GerritSourceContext gerrit = 2; 165 166 // A SourceContext referring to any third party Git repo (e.g., GitHub). 167 GitSourceContext git = 3; 168 } 169 170 // Labels with user defined metadata. 171 map<string, string> labels = 4; 172} 173 174// An alias to a repo revision. 175message AliasContext { 176 // The type of an alias. 177 enum Kind { 178 // Unknown. 179 KIND_UNSPECIFIED = 0; 180 // Git tag. 181 FIXED = 1; 182 // Git branch. 183 MOVABLE = 2; 184 // Used to specify non-standard aliases. For example, if a Git repo has a 185 // ref named "refs/foo/bar". 186 OTHER = 4; 187 } 188 189 // The alias kind. 190 Kind kind = 1; 191 192 // The alias name. 193 string name = 2; 194} 195 196// A CloudRepoSourceContext denotes a particular revision in a Google Cloud 197// Source Repo. 198message CloudRepoSourceContext { 199 // The ID of the repo. 200 RepoId repo_id = 1; 201 202 // A revision in a Cloud Repo can be identified by either its revision ID or 203 // its alias. 204 oneof revision { 205 // A revision ID. 206 string revision_id = 2; 207 208 // An alias, which may be a branch or tag. 209 AliasContext alias_context = 3; 210 } 211} 212 213// A SourceContext referring to a Gerrit project. 214message GerritSourceContext { 215 // The URI of a running Gerrit instance. 216 string host_uri = 1; 217 218 // The full project name within the host. Projects may be nested, so 219 // "project/subproject" is a valid project name. The "repo name" is the 220 // hostURI/project. 221 string gerrit_project = 2; 222 223 // A revision in a Gerrit project can be identified by either its revision ID 224 // or its alias. 225 oneof revision { 226 // A revision (commit) ID. 227 string revision_id = 3; 228 229 // An alias, which may be a branch or tag. 230 AliasContext alias_context = 4; 231 } 232} 233 234// A GitSourceContext denotes a particular revision in a third party Git 235// repository (e.g., GitHub). 236message GitSourceContext { 237 // Git repository URL. 238 string url = 1; 239 240 // Git commit hash. 241 string revision_id = 2; 242} 243 244// A unique identifier for a Cloud Repo. 245message RepoId { 246 // A cloud repo can be identified by either its project ID and repository name 247 // combination, or its globally unique identifier. 248 oneof id { 249 // A combination of a project ID and a repo name. 250 ProjectRepoId project_repo_id = 1; 251 252 // A server-assigned, globally unique identifier. 253 string uid = 2; 254 } 255} 256 257// Selects a repo using a Google Cloud Platform project ID (e.g., 258// winged-cargo-31) and a repo name within that project. 259message ProjectRepoId { 260 // The ID of the project. 261 string project_id = 1; 262 263 // The name of the repo. Leave empty for the default repo. 264 string repo_name = 2; 265} 266