Generate artifacts metadata
What does this MR do?
Generates SLSA artifact metadata that is included beside each artifacts archive in the form of ${BUILD-ID}-artifacts-metadata.json
:
{
"_type": "https://in-toto.io/Statement/v0.1",
"subject": [
{
"name": "script.sh",
"digest": {
"sha256": "f5ae5ced234922eebe6461d32228ba8ab9c3d0c0f3983a3bef707e6e1a1ab52a"
}
}
],
"predicateType": "https://slsa.dev/provenance/v0.2",
"predicate": {
"buildType": "https://gitlab.com/gitlab-org/gitlab-runner/-/blob/v15.1.0/PROVENANCE.md",
"builder": {
"id": "https://gitlab.com/ggeorgiev_gitlab/playground/-/runners/14811533"
},
"invocation": {
"configSource": {
"uri": "https://gitlab.com/ggeorgiev_gitlab/playground",
"digest": {
"sha256": "f0582e2c9a16b5cc2cde90e8be8f1b50fd67c631"
},
"entryPoint": "whoami shell"
},
"environment": {
"name": "local",
"executor": "shell",
"architecture": "amd64"
},
"parameters": {
"CI": "",
"CI_API_V4_URL": "",
"CI_BUILD_BEFORE_SHA": "",
"CI_BUILD_ID": "",
"CI_BUILD_NAME": "",
"CI_BUILD_REF": "",
"CI_BUILD_REF_NAME": "",
"CI_BUILD_REF_SLUG": "",
"CI_BUILD_STAGE": "",
"CI_BUILD_TOKEN": "",
"CI_COMMIT_AUTHOR": "",
"CI_COMMIT_BEFORE_SHA": "",
"CI_COMMIT_BRANCH": "",
"CI_COMMIT_DESCRIPTION": "",
"CI_COMMIT_MESSAGE": "",
"CI_COMMIT_REF_NAME": "",
"CI_COMMIT_REF_PROTECTED": "",
"CI_COMMIT_REF_SLUG": "",
"CI_COMMIT_SHA": "",
"CI_COMMIT_SHORT_SHA": "",
"CI_COMMIT_TIMESTAMP": "",
"CI_COMMIT_TITLE": "",
"CI_CONFIG_PATH": "",
"CI_DEBUG_TRACE_": "",
"CI_DEFAULT_BRANCH": "",
"CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX": "",
"CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX": "",
"CI_DEPENDENCY_PROXY_PASSWORD": "",
"CI_DEPENDENCY_PROXY_SERVER": "",
"CI_DEPENDENCY_PROXY_USER": "",
"CI_JOB_ID": "",
"CI_JOB_JWT": "",
"CI_JOB_JWT_V1": "",
"CI_JOB_JWT_V2": "",
"CI_JOB_NAME": "",
"CI_JOB_STAGE": "",
"CI_JOB_STARTED_AT": "",
"CI_JOB_TOKEN": "",
"CI_JOB_URL": "",
"CI_KUBERNETES_ACTIVE": "",
"CI_NODE_TOTAL": "",
"CI_PAGES_DOMAIN": "",
"CI_PAGES_URL": "",
"CI_PIPELINE_CREATED_AT": "",
"CI_PIPELINE_ID": "",
"CI_PIPELINE_IID": "",
"CI_PIPELINE_SOURCE": "",
"CI_PIPELINE_URL": "",
"CI_PROJECT_CLASSIFICATION_LABEL": "",
"CI_PROJECT_DESCRIPTION": "",
"CI_PROJECT_ID": "",
"CI_PROJECT_NAME": "",
"CI_PROJECT_NAMESPACE": "",
"CI_PROJECT_PATH": "",
"CI_PROJECT_PATH_SLUG": "",
"CI_PROJECT_REPOSITORY_LANGUAGES": "",
"CI_PROJECT_ROOT_NAMESPACE": "",
"CI_PROJECT_TITLE": "",
"CI_PROJECT_URL": "",
"CI_PROJECT_VISIBILITY": "",
"CI_REGISTRY": "",
"CI_REGISTRY_IMAGE": "",
"CI_REGISTRY_PASSWORD": "",
"CI_REGISTRY_USER": "",
"CI_REPOSITORY_URL": "",
"CI_RUNNER_DESCRIPTION": "",
"CI_RUNNER_ID": "",
"CI_RUNNER_TAGS": "",
"CI_SERVER_HOST": "",
"CI_SERVER_NAME": "",
"CI_SERVER_PORT": "",
"CI_SERVER_PROTOCOL": "",
"CI_SERVER_REVISION": "",
"CI_SERVER_URL": "",
"CI_SERVER_VERSION": "",
"CI_SERVER_VERSION_MAJOR": "",
"CI_SERVER_VERSION_MINOR": "",
"CI_SERVER_VERSION_PATCH": "",
"FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY": "",
"GITLAB_CI": "",
"GITLAB_FEATURES": "",
"GITLAB_USER_EMAIL": "",
"GITLAB_USER_ID": "",
"GITLAB_USER_LOGIN": "",
"GITLAB_USER_NAME": "",
"MASK_ME": ""
}
}
},
"metadata": {
"buildStartedOn": "2022-06-17T00:47:27+03:00",
"BuildFinishedOn": "2022-06-17T00:47:28+03:00",
"reproducible": false,
"completeness": {
"parameters": true,
"environment": true,
"materials": false
}
},
"materials": []
}
Why was this MR needed?
What's the best way to test this MR?
A simple job with artifacts will work:
job:
script:
- whoami
tags:
- local
artifacts:
paths:
- script.sh
If the runners.generate_cache_metadata = true
field is set in the config.toml
it will generate a json file inside the artifacts zip.
What are the relevant issue numbers?
Closes #28940 (closed)
Edited by Georgi N. Georgiev