Skip to content

Commit 3237c26

Browse files
authored
chore(gates): store whether the attestation was gated (#2660)
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
1 parent 09023f8 commit 3237c26

13 files changed

Lines changed: 82 additions & 27 deletions

app/cli/cmd/workflow_workflow_run_describe.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -165,6 +165,9 @@ func workflowRunDescribeTableOutput(run *action.WorkflowRunItemFull) error {
165165
if att.PolicyEvaluationStatus.Blocked {
166166
gt.AppendRow(table.Row{"Run Blocked", att.PolicyEvaluationStatus.Blocked})
167167
}
168+
if att.PolicyEvaluationStatus.HasGatedViolations {
169+
gt.AppendRow(table.Row{"Run Gated", text.Colors{text.FgHiRed}.Sprint(att.PolicyEvaluationStatus.HasGatedViolations)})
170+
}
168171
if att.PolicyEvaluationStatus.Strategy == action.PolicyViolationBlockingStrategyEnforced {
169172
gt.AppendRow(table.Row{"Policy enforcement bypassed", att.PolicyEvaluationStatus.Bypassed})
170173
}

app/cli/pkg/action/workflow_run_describe.go

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -64,10 +64,11 @@ type WorkflowRunAttestationItem struct {
6464
}
6565

6666
type PolicyEvaluationStatus struct {
67-
Strategy string `json:"strategy"`
68-
Bypassed bool `json:"bypassed"`
69-
Blocked bool `json:"blocked"`
70-
HasViolations bool `json:"has_violations"`
67+
Strategy string `json:"strategy"`
68+
Bypassed bool `json:"bypassed"`
69+
Blocked bool `json:"blocked"`
70+
HasViolations bool `json:"has_violations"`
71+
HasGatedViolations bool `json:"has_gated_violations"`
7172
}
7273

7374
type Material struct {
@@ -236,10 +237,11 @@ func (action *WorkflowRunDescribe) Run(ctx context.Context, opts *WorkflowRunDes
236237
Digest: att.DigestInCasBackend,
237238
PolicyEvaluations: evaluations,
238239
PolicyEvaluationStatus: &PolicyEvaluationStatus{
239-
Strategy: policyEvaluationStatus.Strategy,
240-
Bypassed: policyEvaluationStatus.Bypassed,
241-
Blocked: policyEvaluationStatus.Blocked,
242-
HasViolations: policyEvaluationStatus.HasViolations,
240+
Strategy: policyEvaluationStatus.Strategy,
241+
Bypassed: policyEvaluationStatus.Bypassed,
242+
Blocked: policyEvaluationStatus.Blocked,
243+
HasViolations: policyEvaluationStatus.HasViolations,
244+
HasGatedViolations: policyEvaluationStatus.HasGatedViolations,
243245
},
244246
}
245247

app/controlplane/api/controlplane/v1/response_messages.pb.go

Lines changed: 19 additions & 10 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

app/controlplane/api/controlplane/v1/response_messages.proto

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -116,6 +116,7 @@ message AttestationItem {
116116
bool bypassed = 2;
117117
bool blocked = 3;
118118
bool has_violations = 4;
119+
bool has_gated_violations = 5;
119120
}
120121

121122
message EnvVariable {

app/controlplane/api/gen/frontend/controlplane/v1/response_messages.ts

Lines changed: 15 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

app/controlplane/api/gen/jsonschema/controlplane.v1.AttestationItem.PolicyEvaluationStatus.jsonschema.json

Lines changed: 6 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

app/controlplane/api/gen/jsonschema/controlplane.v1.AttestationItem.PolicyEvaluationStatus.schema.json

Lines changed: 6 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

app/controlplane/internal/service/attestation.go

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -553,10 +553,11 @@ func bizAttestationToPb(att *biz.Attestation) (*cpAPI.AttestationItem, error) {
553553
Annotations: predicate.GetAnnotations(),
554554
PolicyEvaluations: extractPolicyEvaluations(predicate.GetPolicyEvaluations()),
555555
PolicyEvaluationStatus: &cpAPI.AttestationItem_PolicyEvaluationStatus{
556-
Strategy: string(policyEvaluationStatus.Strategy),
557-
Bypassed: policyEvaluationStatus.Bypassed,
558-
Blocked: policyEvaluationStatus.Blocked,
559-
HasViolations: policyEvaluationStatus.HasViolations,
556+
Strategy: string(policyEvaluationStatus.Strategy),
557+
Bypassed: policyEvaluationStatus.Bypassed,
558+
Blocked: policyEvaluationStatus.Blocked,
559+
HasViolations: policyEvaluationStatus.HasViolations,
560+
HasGatedViolations: policyEvaluationStatus.HasGatedViolations,
560561
},
561562
Bundle: att.Bundle,
562563
}, nil

app/controlplane/pkg/biz/referrer.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -300,12 +300,14 @@ func extractReferrers(att *dsse.Envelope, digest cr_v1.Hash, repo ReferrerRepo)
300300
// We add both annotations and workflow metadata
301301
attestationReferrer.Annotations = predicate.GetAnnotations()
302302
hasViolations := predicate.GetPolicyEvaluationStatus().HasViolations
303+
hasGatedViolations := predicate.GetPolicyEvaluationStatus().HasGatedViolations
303304
attestationReferrer.Metadata = map[string]string{
304305
// workflow name, team and project
305306
"name": predicate.GetMetadata().Name,
306307
"team": predicate.GetMetadata().Team,
307308
"project": predicate.GetMetadata().Project,
308309
"hasPolicyViolations": fmt.Sprintf("%t", hasViolations),
310+
"hasGatedPolicyViolations": fmt.Sprintf("%t", hasGatedViolations),
309311
"projectVersion": predicate.GetMetadata().ProjectVersion,
310312
"projectVersionPrerelease": fmt.Sprintf("%t", predicate.GetMetadata().ProjectVersionPrerelease),
311313
"organization": predicate.GetMetadata().Organization,

app/controlplane/pkg/biz/referrer_integration_test.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -257,6 +257,7 @@ func (s *referrerIntegrationTestSuite) TestExtractAndPersists() {
257257
"project": "test",
258258
"team": "my-team",
259259
"organization": "my-org",
260+
"hasGatedPolicyViolations": "false",
260261
"hasPolicyViolations": "false",
261262
"projectVersion": "",
262263
"projectVersionPrerelease": "false",

0 commit comments

Comments
 (0)