intoto and provenance types

crazy-max · crazy-max · commit 6983a397f4be · 2024-06-13T11:17:01.000+02:00
Signed-off-by: CrazyMax &lt;1951866+crazy-max@users.noreply.github.com&gt;
diff --git a/src/types/intoto/intoto.ts b/src/types/intoto/intoto.ts
@@ -0,0 +1,20 @@
+/**
+ * Copyright 2024 actions-toolkit authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// https://github.com/in-toto/in-toto-golang/blob/dd6278764ab1dae7301609c7510129888e2fd569/in_toto/envelope.go#L17
+export const MEDIATYPE_PAYLOAD = 'application/vnd.in-toto+json';
+
+export const MEDIATYPE_PREDICATE = 'in-toto.io/predicate-type';
diff --git a/src/types/intoto/slsa_provenance/v0.2/provenance.ts b/src/types/intoto/slsa_provenance/v0.2/provenance.ts
@@ -0,0 +1,69 @@
+/**
+ * Copyright 2024 actions-toolkit authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// https://github.com/in-toto/in-toto-golang/blob/master/in_toto/slsa_provenance/v0.2/provenance.go
+
+export const PREDICATE_SLSA_PROVENANCE = 'https://slsa.dev/provenance/v0.2';
+
+export interface ProvenancePredicate {
+  builder: ProvenanceBuilder;
+  buildType: string;
+  invocation?: ProvenanceInvocation;
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  buildConfig?: any;
+  metadata: ProvenanceMetadata;
+  materials?: Material[];
+}
+
+export interface ProvenanceBuilder {
+  id: string;
+}
+
+export interface ProvenanceInvocation {
+  configSource?: ConfigSource;
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  parameters?: any;
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  environment?: any;
+}
+
+export interface DigestSet {
+  [key: string]: string;
+}
+
+export interface ConfigSource {
+  uri?: string;
+  digest?: DigestSet;
+  entryPoint?: string;
+}
+
+export interface Completeness {
+  parameters?: boolean;
+  environment?: boolean;
+  materials?: boolean;
+}
+
+export interface ProvenanceMetadata {
+  buildInvocationId?: string;
+  buildStartedOn?: string;
+  completeness?: Completeness;
+  reproducible?: boolean;
+}
+
+export interface Material {
+  uri: string;
+  digest: DigestSet;
+}
