### Initialize Development Environment with Make Source: https://github.com/chainloop-dev/chainloop/blob/main/devel/README.md Executes the `make init` command to download and install necessary CLI tools required for working with the Chainloop codebase. ```sh make init ``` -------------------------------- ### Install Chainloop CLI (Shell) Source: https://github.com/chainloop-dev/chainloop/blob/main/devel/README.md Downloads and executes the Chainloop CLI installation script from the official documentation website using curl and bash. ```sh curl -sfL https://docs.chainloop.dev/install.sh | bash -s ``` -------------------------------- ### Run Labs Environment with Docker Compose Source: https://github.com/chainloop-dev/chainloop/blob/main/devel/README.md Starts the Chainloop components and auxiliary services using the `compose.labs.yml` file for quick testing in a containerized environment. ```sh docker compose -f compose.labs.yml up ``` -------------------------------- ### Run Auxiliary Services with Docker Compose Source: https://github.com/chainloop-dev/chainloop/blob/main/devel/README.md Navigates to the `devel` directory and starts the pre-required auxiliary services (Dex, PostgreSQL, Vault) using the provided Docker Compose file. ```sh cd devel docker compose up ``` -------------------------------- ### Run Control Plane Component with Make Source: https://github.com/chainloop-dev/chainloop/blob/main/devel/README.md Executes the `make run` target within the `app/controlplane` directory to start the Chainloop Control Plane server-side component. ```sh make -C app/controlplane run ``` -------------------------------- ### Chainloop Integration Registered Add Example (Shell) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Provides a concrete example of registering a Dependency-Track integration instance named 'send-to-prod' with specific instance URL, API key, and username options. ```Shell chainloop integration registered add dependencytrack --name send-to-prod --opt instance=https://deptrack.company.com,apiKey=1234567890 --opt username=chainloop ``` -------------------------------- ### Start Development Dependencies (Docker Compose) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/README.md Launches the required external services for local development, including Dex (OIDC), PostgreSQL, and Vault, using the specified Docker Compose file located in the `devel` directory. ```Shell docker compose -f devel/compose.yml up ``` -------------------------------- ### Install Chainloop Dagger Module Source: https://github.com/chainloop-dev/chainloop/blob/main/extras/dagger/README.md This command installs the Chainloop Dagger module from its GitHub repository, making its functions available for use in Dagger pipelines or via the Dagger CLI. ```Shell dagger install github.com/chainloop-dev/chainloop ``` -------------------------------- ### Example: Add Integration Attachment (CLI) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Provides a concrete example of how to use the `chainloop integration attached add` command. It demonstrates specifying the workflow, project, integration name, and integration-specific options. ```Shell chainloop integration attached add --workflow deadbeef --project my-project --integration beefdoingwell --opt projectName=MyProject --opt projectVersion=1.0.0 ``` -------------------------------- ### Run Artifact CAS Component with Make Source: https://github.com/chainloop-dev/chainloop/blob/main/devel/README.md Executes the `make run` target within the `app/artifact-cas` directory to start the Chainloop Artifact Content Addressable Storage (CAS) Proxy server-side component. ```sh make -C app/artifact-cas run ``` -------------------------------- ### Example: Verify local chainloop attestation Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Demonstrates how to verify a local attestation file using the --bundle flag with the chainloop attestation verify command. ```shell chainloop attestation verify --bundle attestation.json ``` -------------------------------- ### Generate API Code from Proto (Makefile) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/README.md Uses buf.io via a Makefile target to generate Go code for the gRPC API from the protocol buffer definitions (`.proto` files) located in `./api/`. Requires buf to be installed. ```Shell make api ``` -------------------------------- ### Get Help for Chainloop Organization Commands (CLI) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Provides help documentation for chainloop organization commands. Users can specify a command path to get detailed information about its usage and flags. ```shell chainloop organization help [command] [flags] ``` -------------------------------- ### Get help for Chainloop registered integration commands Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Provides detailed help information for specific commands within the `chainloop integration registered` namespace. Use this command followed by the command path to get usage details and available options. ```Chainloop CLI chainloop integration registered help [command] [flags] ``` -------------------------------- ### Get Help for Add Command - chainloop Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Provides help information for any subcommand under `chainloop cas-backend add`. Use this command followed by the specific command path to get detailed usage and options. ```bash chainloop cas-backend add help [command] [flags] ``` -------------------------------- ### Install Chainloop CLI with Forced Verification (Bash) Source: https://github.com/chainloop-dev/chainloop/blob/main/README.md Installs the Chainloop CLI and enforces signature verification using cosign, in addition to the default checksum check, via the --force-verification flag. ```bash curl -sfL https://raw.githubusercontent.com/chainloop-dev/chainloop/main/docs/static/install.sh | bash -s -- --force-verification ``` -------------------------------- ### Install Specific Chainloop CLI Version (Bash) Source: https://github.com/chainloop-dev/chainloop/blob/main/README.md Installs a specific version of the Chainloop CLI by providing the version tag as an argument to the installation script. ```bash curl -sfL https://raw.githubusercontent.com/chainloop-dev/chainloop/main/docs/static/install.sh | bash -s -- --version v0.8.95 ``` -------------------------------- ### Syntax: Get Help for Integration Attached (CLI) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Describes the basic syntax for getting help information about the `chainloop integration attached` command or its subcommands using the `chainloop` CLI. ```Shell chainloop integration attached help [command] [flags] ``` -------------------------------- ### Chainloop CLI: Add Workflow Attachment Example (Shell) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx An example command demonstrating how to attach a registered integration (`beefdoingwell`) to a specific workflow (`deadbeef`) within a project (`my-project`), including passing integration-specific options (`projectName`, `projectVersion`). ```Shell chainloop integration attached add --workflow deadbeef --project my-project --integration beefdoingwell --opt projectName=MyProject --opt projectVersion=1.0.0 ``` -------------------------------- ### Getting Help for Chainloop API Token Commands (CLI) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx This command provides help information for any command within the `chainloop organization api-token` context. Users can specify a command path to get detailed usage information. It inherits global options for configuration, API endpoints, organization name, output format, and authentication. ```Shell chainloop organization api-token help [command] [flags] ``` -------------------------------- ### Install Chainloop CLI to Custom Path (Bash) Source: https://github.com/chainloop-dev/chainloop/blob/main/README.md Installs the Chainloop CLI to a directory other than the default (/usr/local/bin) by specifying the desired path using the --path flag. ```bash curl -sfL https://raw.githubusercontent.com/chainloop-dev/chainloop/main/docs/static/install.sh | bash -s -- --path /my-path ``` -------------------------------- ### Building guacone CLI from Source Source: https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/plugins/core/guac/v1/README.md Provides the necessary commands to clone the GUAC repository and build the `guacone` command-line interface tool from source code. This tool is used for interacting with GUAC, including data collection. ```bash git clone https://github.com/guacsec/guac.git cd guac && make build ``` -------------------------------- ### Initialize Chainloop Attestation (CLI) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Starts the process of crafting a Chainloop attestation. Use this command followed by relevant flags to configure the attestation based on project, workflow, contract, and other parameters. ```cli chainloop attestation init [flags] ``` -------------------------------- ### Install Latest Chainloop CLI (Bash) Source: https://github.com/chainloop-dev/chainloop/blob/main/README.md Installs the latest version of the Chainloop CLI using a curl script. This method is suitable for macOS, Linux, and Windows with WSL. ```bash curl -sfL https://raw.githubusercontent.com/chainloop-dev/chainloop/main/docs/static/install.sh | bash -s ``` -------------------------------- ### Run Control Plane Locally (Makefile) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/README.md Executes the Makefile target within the `app/controlplane` directory to build and run the control plane service for local development after the dependencies are started. ```Shell make -C app/controlplane run ``` -------------------------------- ### Get Help for Chainloop Organization Member Invitation Commands (shell) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Provides usage information for the `chainloop organization member invitation help` command, allowing users to get detailed help for specific subcommands by providing the command path. ```shell chainloop organization member invitation help [command] [flags] ``` -------------------------------- ### chainloop integration available help Command (Shell) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Provides detailed help for specific commands within the `chainloop integration available` namespace. Specify the command path to get its full details. Supports the standard `-h, --help` flag and inherited global options for configuring API connections, organization, token, config file path, debug mode, and output format. ```Shell chainloop integration available help [command] [flags] ``` -------------------------------- ### Usage for chainloop config help Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Provides the command-line syntax for getting help on a specific command using chainloop config help. ```bash chainloop config help [command] [flags] ``` -------------------------------- ### Get Help for Chainloop Workflow Contract Commands - CLI Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Provides help documentation for any chainloop workflow contract command. Use this to get detailed information about a specific command's usage and options. ```cli chainloop workflow contract help [command] [flags] ``` ```cli Options -h, --help help for help Options inherited from parent commands --artifact-cas string URL for the Artifacts Content Addressable Storage API ($CHAINLOOP_ARTIFACT_CAS_API) (default "api.cas.chainloop.dev:443") --artifact-cas-ca string CUSTOM CA file for the Artifacts CAS API (optional) ($CHAINLOOP_ARTIFACT_CAS_API_CA) -c, --config string Path to an existing config file (default is $HOME/.config/chainloop/config.toml) --control-plane string URL for the Control Plane API ($CHAINLOOP_CONTROL_PLANE_API) (default "api.cp.chainloop.dev:443") --control-plane-ca string CUSTOM CA file for the Control Plane API (optional) ($CHAINLOOP_CONTROL_PLANE_API_CA) --debug Enable debug/verbose logging mode -i, --insecure Skip TLS transport during connection to the control plane ($CHAINLOOP_API_INSECURE) -n, --org string organization name -o, --output string Output format, valid options are json and table (default "table") -t, --token string API token. NOTE: Alternatively use the env variable CHAINLOOP_TOKEN -y, --yes Skip confirmation ``` -------------------------------- ### Example: Setting Current Chainloop Organization by Name Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx A practical example showing the basic usage of the chainloop organization set command. It demonstrates how to switch the current CLI context to an organization named "my-org". ```shell $ chainloop org set --name my-org ``` -------------------------------- ### Usage for chainloop auth help command Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Provides the command syntax for getting help on Chainloop CLI commands, specifically within the `auth` context. ```shell chainloop auth help [command] [flags] ``` -------------------------------- ### Get Help for Chainloop CAS Backend Commands Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx This command provides detailed help information for any chainloop cas-backend subcommand. Simply append the command path after 'help'. ```shell chainloop cas-backend help [command] [flags] ``` -------------------------------- ### Chainloop Attestation Help Command Usage - CLI Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Shows the basic syntax for the `chainloop attestation help` command, used to get detailed help information about any command within the `attestation` context. ```cli chainloop attestation help [command] [flags] ``` -------------------------------- ### chainloop integration help Command (Shell) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Provides detailed help for specific commands within the `chainloop integration` namespace. Specify the command path to get its full details. Supports the standard `-h, --help` flag and inherited global options for configuring API connections, organization, token, config file path, debug mode, and output format. ```Shell chainloop integration help [command] [flags] ``` -------------------------------- ### Install Chainloop with Vault Secrets Backend (Console) Source: https://github.com/chainloop-dev/chainloop/blob/main/deployment/chainloop/README.md Installs Chainloop using the Helm chart, configuring it to use HashiCorp Vault for secrets management, an external OIDC provider for authentication, and bundled PostgreSQL. Requires providing Vault address, token, OIDC details, and server key pairs. ```console helm install [RELEASE_NAME] oci://ghcr.io/chainloop-dev/charts/chainloop \ # Open ID Connect (OIDC) --set controlplane.auth.oidc.url=[OIDC URL] \ --set controlplane.auth.oidc.clientID=[clientID] \ --set controlplane.auth.oidc.clientSecret=[clientSecret] \ # Secrets backend --set secretsBackend.vault.address="https://[vault address]:8200" \ --set secretsBackend.vault.token=[token] \ # Server Auth KeyPair --set casJWTPrivateKey="$(cat private.ec.key)" \ --set casJWTPublicKey="$(cat public.pem)" ``` -------------------------------- ### Getting Help for Chainloop Workflow Commands (CLI) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Provides help information for any Chainloop workflow command. Use this command followed by the target command path to view its synopsis, options, and inherited flags. ```Shell chainloop workflow help [command] [flags] ``` -------------------------------- ### Install Chainloop in Development Mode (Console) Source: https://github.com/chainloop-dev/chainloop/blob/main/deployment/chainloop/README.md Installs Chainloop using the Helm chart with the development mode enabled. This mode includes bundled PostgreSQL, a development Vault instance, and a Dex OIDC instance for easy testing. **Not recommended for production use.** ```console helm install [RELEASE_NAME] oci://ghcr.io/chainloop-dev/charts/chainloop --set development=true ``` -------------------------------- ### Run Development Dependencies (Vault) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/artifact-cas/README.md Starts the external dependency, Hashicorp Vault, using Docker Compose. Vault is required for secret management to retrieve OCI repository credentials during development. ```Shell docker compose -f devel/compose.yml up ``` -------------------------------- ### Authenticate Local CLI Login Source: https://github.com/chainloop-dev/chainloop/blob/main/devel/README.md Initiates the authentication process for the Chainloop CLI against the local Control Plane, requiring the `--insecure` flag for development environments. ```sh go run app/cli/main.go --insecure auth login ``` -------------------------------- ### Install Chainloop Development Mode with Helm Source: https://github.com/chainloop-dev/chainloop/blob/main/deployment/chainloop/README.md This command uses Helm to install the Chainloop chart from the OCI registry in development mode. This mode is intended for testing and development purposes only and should not be used in production environments. ```console helm install [RELEASE_NAME] oci://ghcr.io/chainloop-dev/charts/chainloop --set development=true ``` -------------------------------- ### Install Chainloop with External PostgreSQL (Console) Source: https://github.com/chainloop-dev/chainloop/blob/main/deployment/chainloop/README.md Installs Chainloop using the Helm chart, disabling the bundled PostgreSQL and configuring it to connect to an external PostgreSQL database. Requires providing the external database host, user, password, and database name. Assumes OIDC, secrets backend, and key pair settings are handled separately or use defaults/other configurations. ```console helm install [RELEASE_NAME] oci://ghcr.io/chainloop-dev/charts/chainloop \ # Open ID Connect (OIDC) # ... # Secrets backend # ... # Server Auth KeyPair # ... # External DB setup --set postgresql.enabled=false \ --set controlplane.externalDatabase.host=[DB_HOST] \ --set controlplane.externalDatabase.user=[DB_USER] \ --set controlplane.externalDatabase.password=[DB_PASSWORD] \ --set controlplane.externalDatabase.database=[DB_NAME] ``` -------------------------------- ### Generate API Code from Proto Definitions Source: https://github.com/chainloop-dev/chainloop/blob/main/app/artifact-cas/README.md Runs the `api` target in the Makefile, which uses `buf.io` to lint and generate Go code from the Protocol Buffer definitions located in `./api/`. Requires `buf` to be installed. ```Shell make api ``` -------------------------------- ### Example: Verify remote chainloop attestation Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Shows how to verify an attestation stored at a remote HTTPS endpoint using the -b flag with the chainloop attestation verify command. ```shell chainloop attestation verify -b https://myrepository/attestation.json ``` -------------------------------- ### Run Artifact CAS Service in Development Source: https://github.com/chainloop-dev/chainloop/blob/main/app/artifact-cas/README.md Executes the `run` target in the `app/artifact-cas` Makefile to start the Artifact CAS service. This command is used after starting the required external dependencies like Vault. ```Shell make -C app/artifact-cas run ``` -------------------------------- ### Example: Setting Default Chainloop Organization Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx An example illustrating how to set the current organization context and simultaneously configure it as the default organization for all future Chainloop CLI sessions. This is achieved by adding the --default flag along with the organization name. ```shell $ chainloop org set --name my-org --default ``` -------------------------------- ### Get Help for Chainloop Organization Member Commands (CLI) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Help provides help for any command in the application. Simply type member help [path to command] for full details. ```CLI chainloop organization member help [command] [flags] ``` -------------------------------- ### Install Chainloop with Azure KeyVault (Console) Source: https://github.com/chainloop-dev/chainloop/blob/main/deployment/chainloop/README.md Installs Chainloop using the Helm chart, configuring it to use Azure KeyVault for secrets management. Requires providing Azure AD tenant ID, Service Principal ID, Service Principal secret, and KeyVault URI. Assumes OIDC and key pair settings are handled separately or use defaults/other configurations. ```console helm install [RELEASE_NAME] oci://ghcr.io/chainloop-dev/charts/chainloop \ # Open ID Connect (OIDC) # ... # Secrets backend --set secretsBackend.backend=azureKeyVault \ --set secretsBackend.azureKeyVault.tenantID=[AD tenant ID] \ --set secretsBackend.azureKeyVault.clientID=[Service Principal ID] \ --set secretsBackend.azureKeyVault.clientSecret=[Service Principal secret] \ --set secretsBackend.azureKeyVault.vaultURI=[Azure KeyVault URI] # Server Auth KeyPair # ... ``` -------------------------------- ### Get Help for chainloop workflow workflow-run commands - Shell Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Provides detailed help information for a specific 'chainloop workflow workflow-run' command. Simply append the path to the command after 'help'. Includes standard help flag and inherited options. ```shell chainloop workflow workflow-run help [command] [flags] ``` -------------------------------- ### Run All Tests (Makefile) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/README.md Executes the Makefile target to run all tests, including both unit and integration tests. Note that integration tests launch a containerized database and are more resource-intensive. ```Shell make test ``` -------------------------------- ### Authenticate Chainloop CLI Headless (Shell) Source: https://github.com/chainloop-dev/chainloop/blob/main/devel/README.md Initiates a headless authentication flow for the Chainloop CLI in insecure mode, prompting the user to paste a token obtained from the service logs to complete the login. ```sh chainloop --insecure auth login --skip-browser ``` -------------------------------- ### Install Chainloop with GCP Secret Manager (Console) Source: https://github.com/chainloop-dev/chainloop/blob/main/deployment/chainloop/README.md Installs Chainloop using the Helm chart, configuring it to use GCP Secret Manager for secrets management. Requires providing GCP project ID and service account key. Assumes OIDC and key pair settings are handled separately or use defaults/other configurations. ```console helm install [RELEASE_NAME] oci://ghcr.io/chainloop-dev/charts/chainloop \ # Open ID Connect (OIDC) # ... # Secrets backend --set secretsBackend.backend=gcpSecretManager \ --set gcpSecretManager.projectId=[GCP Project ID] \ --set gcpSecretManager.serviceAccountKey=[GCP Auth KEY] \ # Server Auth KeyPair # ... ``` -------------------------------- ### Generate New Database Migration (Makefile) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/README.md Uses the `atlas` tool via a Makefile target to create a new versioned database migration file based on the current `ent` schema. The new file will be placed in `pkg/data/ent/migrate/migrations`. ```Shell make migration_new ``` -------------------------------- ### Retrieve Development User Token from Logs (Shell) Source: https://github.com/chainloop-dev/chainloop/blob/main/devel/README.md Filters the Docker Compose logs for the 'control-plane' service to find and display the development user authentication token, which is needed for authentication. ```sh docker compose -f compose.labs.yml logs control-plane | grep -A 1 "DEVELOPMENT USER TOKEN" ``` -------------------------------- ### Initializing Chainloop Plugin in Go Source: https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/plugins/README.md Demonstrates how to initialize a Chainloop plugin using the `sdk.NewFanOut` constructor. This involves setting the plugin's ID, version, description, defining the input schemas for registration and attachment phases, and specifying the required input material type (CycloneDX JSON SBOM). ```go base, err := sdk.NewFanOut( &sdk.NewParams{ ID: "dependency-track", Version: "1.2", Description: "Send CycloneDX SBOMs to your Dependency-Track instance", // The input schema for both registration and attachment phases InputSchema: &sdk.InputSchema{ Registration: registrationRequest{}, Attachment: attachmentRequest{}, }, // Subscribed to receive CycloneDX SBOMs in json format }, sdk.WithInputMaterial(schemaapi.CraftingSchema_Material_SBOM_CYCLONEDX_JSON)) ``` -------------------------------- ### Get Help for Update Commands - Chainloop CLI Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Provides detailed help information for the `chainloop cas-backend update` command and its subcommands. Use `[command]` to specify the subcommand for which help is needed. ```shell chainloop cas-backend update help [command] [flags] ``` -------------------------------- ### Configure Local CLI Connection Source: https://github.com/chainloop-dev/chainloop/blob/main/devel/README.md Configures the Chainloop CLI to connect to the local Control Plane (localhost:9000) and Artifact CAS (localhost:9001) services, using the `--insecure` flag for development. ```sh go run app/cli/main.go config save --insecure --control-plane localhost:9000 --artifact-cas localhost:9001 ``` -------------------------------- ### Build Control Plane Binary (Makefile) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/README.md Executes the Makefile target to compile and build the executable binary for the control plane service. This command creates the final application binary. ```Shell make build ``` -------------------------------- ### Fix Docker Socket Link for Testcontainers on OSX Source: https://github.com/chainloop-dev/chainloop/blob/main/devel/README.md Creates a symbolic link from the user's Docker socket location to the standard `/var/run/docker.sock` path, resolving a known issue with Testcontainers on OSX Docker Desktop. ```sh sudo ln -s $HOME/.docker/run/docker.sock /var/run/docker.sock ``` -------------------------------- ### Enabling Ingress with TLS, NGINX, and cert-manager (values.yaml) Source: https://github.com/chainloop-dev/chainloop/blob/main/deployment/chainloop/README.md A comprehensive `values.yaml` example for configuring ingress with TLS for custom domains using NGINX and cert-manager. It includes settings for enabling TLS, specifying the ingress class, hostnames, and annotations for backend protocol (GRPC) and proxy body size. ```yaml controlplane: ingress: enabled: true tls: true ingressClassName: nginx hostname: cp.chainloop.dev annotations: # This depends on your configured issuer cert-manager.io/cluster-issuer: "letsencrypt-prod" ingressAPI: enabled: true tls: true ingressClassName: nginx hostname: api.cp.chainloop.dev annotations: nginx.ingress.kubernetes.io/backend-protocol: "GRPC" cert-manager.io/cluster-issuer: "letsencrypt-prod" cas: ingressAPI: enabled: true tls: true ingressClassName: nginx hostname: api.cas.chainloop.dev annotations: nginx.ingress.kubernetes.io/backend-protocol: "GRPC" cert-manager.io/cluster-issuer: "letsencrypt-prod" # limit the size of the files that go through the proxy # 0 means to not check the size of the request so we do not get 413 error. # For now we are going to set a limit on 100MB files # Even though we send data in chunks of 1MB, this size refers to all the data sent in the streaming connection nginx.ingress.kubernetes.io/proxy-body-size: "100m" ``` -------------------------------- ### Specific options for chainloop auth help Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Lists the options available specifically for the `chainloop auth help` command. ```shell -h, --help help for help ``` -------------------------------- ### Generate API Code from Protobuf (Makefile) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/README.md Command to generate API code from protocol buffer definitions (*.proto) using the `make` build tool, leveraging the `buf.io` tool. Requires `buf` to be installed. ```Shell make api ``` -------------------------------- ### Pushing Attestation with Key, Token, and Annotations Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Demonstrates pushing an attestation, specifying a signing key (from path or environment variable), an API token, and providing multiple annotations. ```cli chainloop attestation push --key | --token [chainloop-token] --annotation key=value,key2=val2 ``` -------------------------------- ### Sign and Push Attestation (Dagger/Chainloop) Source: https://github.com/chainloop-dev/chainloop/blob/main/extras/dagger/README.md Signs the completed attestation and pushes it to the Chainloop CAS. This example uses a Cosign key provided via a file path and a passphrase stored in an environment variable. Requires resuming an existing attestation. ```sh dagger call -m github.com/chainloop-dev/chainloop \ resume --token env:CHAINLOOP_TOKEN --attestation-id $ATTESTATION_ID \ push --key file:/path/to/cosign.key --passphrase env:COSIGN_PASSPHRASE ``` -------------------------------- ### Run Unit Tests (Makefile) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/README.md Executes the Makefile target to run only the unit tests for the control plane project. Unit tests are typically faster and do not require external dependencies like a database. ```Shell make run test-unit ``` -------------------------------- ### Apply Database Migrations (Makefile) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/README.md Executes the Makefile target to apply pending database migrations to the development database. This updates the database schema to match the current state defined by the migration files generated by `make migration_new`. ```Shell make migration_apply ``` -------------------------------- ### Regenerate Configuration Schema (Makefile) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/README.md Executes the Makefile target to regenerate the configuration schema code based on the protocol buffer definition at `internal/conf/conf.proto`. This is used by the kratos built-in config module. ```Shell make config ``` -------------------------------- ### Configure Chainloop CLI Endpoints (Shell) Source: https://github.com/chainloop-dev/chainloop/blob/main/devel/README.md Saves the Chainloop CLI configuration to point to local control plane and artifact CAS services, using insecure mode suitable for development environments. ```sh chainloop config save --insecure --control-plane localhost:9000 --artifact-cas localhost:9001 ``` -------------------------------- ### Register OCI Registry Integration in Chainloop (Shell) Source: https://github.com/chainloop-dev/chainloop/blob/main/devel/integrations.md Registers a new instance of the `oci-registry` integration within a Chainloop organization. It requires a unique name, the OCI repository URI, username, and password. The example demonstrates passing the password by reading a service account JSON file. ```Shell $ chainloop integration registered add oci-registry \ --name [unique-registration-name] \ # i.e us-east1-docker.pkg.dev/my-project/chainloop-cas-devel --opt repository=[region]-docker.pkg.dev/[my-project]/[my-repository] \ --opt username=_json_key \ --opt "password=$(cat service-account.json)" ``` -------------------------------- ### Chainloop CLI artifact help command options Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Lists options specific to the `chainloop artifact help` command. ```text -h, --help help for help ``` -------------------------------- ### Get Help for Chainloop Workflow Attached Command - Shell Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Provides the basic command syntax for accessing detailed help information for a specific subcommand under `chainloop workflow attached`. Users replace `[command]` with the desired subcommand name. ```Shell chainloop workflow attached help [command] [flags] ``` -------------------------------- ### Chainloop Integration Registered Help Options (Shell) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Displays the help options specifically available for the `chainloop integration registered` command. ```Shell -h, --help help for registered ``` -------------------------------- ### Chainloop CLI artifact help command usage Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Shows the basic usage syntax for the `chainloop artifact help` command. ```bash chainloop artifact help [command] [flags] ``` -------------------------------- ### Describing a Specific Chainloop Integration via CLI Source: https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/plugins/README.md Illustrates the output of the `chainloop integration available describe --id dependencytrack` command. This command provides detailed information about a specific available plugin, including its general details and the required input fields (with type, requirement status, and description) for both the registration and attachment phases. ```console $ chainloop integration available describe --id dependencytrack ┌─────────────────┬─────────┬──────────────────────┬────────────────────────────────────────────────────────┐ │ ID │ VERSION │ MATERIAL REQUIREMENT │ DESCRIPTION │ ├─────────────────┼─────────┼──────────────────────┼────────────────────────────────────────────────────────┤ │ dependencytrack │ 0.2 │ SBOM_CYCLONEDX_JSON │ Send CycloneDX SBOMs to your Dependency-Track instance │ └─────────────────┴─────────┴──────────────────────┴────────────────────────────────────────────────────────┘ ┌──────────────────────────────────────────────────────────────────────────────────────┐ │ Registration inputs │ ├─────────────────┬──────────────┬──────────┬──────────────────────────────────────────┤ │ FIELD │ TYPE │ REQUIRED │ DESCRIPTION │ ├─────────────────┼──────────────┼──────────┼──────────────────────────────────────────┤ │ allowAutoCreate │ boolean │ no │ Support of creating projects on demand │ │ apiKey │ string │ yes │ The API key to use for authentication │ │ instanceURI │ string (uri) │ yes │ The URL of the Dependency-Track instance │ └─────────────────┴──────────────┴──────────┴──────────────────────────────────────────┘ ┌───────────────────────────────────────────────────────────────────────────────────────────┐ │ Attachment inputs │ ├─────────────┬────────┬──────────┬─────────────────────────────────────────────────────────┤ │ FIELD │ TYPE │ REQUIRED │ DESCRIPTION │ ├─────────────┼────────┼──────────┼─────────────────────────────────────────────────────────┤ │ projectID │ string │ no │ The ID of the existing project to send the SBOMs to │ │ projectName │ string │ no │ The name of the project to create and send the SBOMs to │ └─────────────┴────────┴──────────┴─────────────────────────────────────────────────────────┘ ``` -------------------------------- ### Chainloop CLI artifact download command options Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Lists options specific to the `chainloop artifact download` command. ```text -d, --digest string digest of the file to download -h, --help help for download --output file The file to write a single asset to (use "-" to write to standard output --path string download path, default to current directory ``` -------------------------------- ### Listing Available Chainloop Integrations via CLI Source: https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/plugins/README.md Shows the output of the `chainloop integration available list` command. This command displays a table listing all available plugins (integrations) in the Chainloop Control Plane, including their ID, version, required material type, and a brief description. ```console $ chainloop integration available list ┌─────────────────┬─────────┬──────────────────────┬───────────────────────────────────────────────────────────┐ │ ID │ VERSION │ MATERIAL REQUIREMENT │ DESCRIPTION │ ├─────────────────┼─────────┼──────────────────────┼───────────────────────────────────────────────────────────┤ │ dependencytrack │ 0.2 │ SBOM_CYCLONEDX_JSON │ Send CycloneDX SBOMs to your Dependency-Track instance │ ├─────────────────┼─────────┼──────────────────────┼───────────────────────────────────────────────────────────┤ │ smtp │ 0.1 │ │ Send emails with information about a received attestation │ ├─────────────────┼─────────┼──────────────────────┼───────────────────────────────────────────────────────────┤ │ oci-registry │ 0.1 │ │ Send attestations to a compatible OCI registry │ ├─────────────────┼─────────┼──────────────────────┼───────────────────────────────────────────────────────────┤ │ discord-webhook │ 0.1 │ │ Send attestations to Discord │ └─────────────────┴─────────┴──────────────────────┴─────────────────────────────────────────────────────────── ``` -------------------------------- ### chainloop integration available list Command (Shell) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Lists all available integrations supported by the chainloop CLI. Supports the standard `-h, --help` flag and inherited global options for configuring API connections, organization, token, config file path, debug mode, and output format. ```Shell chainloop integration available list [flags] ``` -------------------------------- ### Signing with Cosign Key from Filesystem Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Illustrates how to push and sign an attestation using a Cosign key file located on the filesystem, which will prompt for the passphrase via stdin. ```cli chainloop attestation push --key cosign.key --token [chainloop-token] ``` -------------------------------- ### Chainloop Integration Registered Add Options (Shell) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Lists the specific options available for the `chainloop integration registered add` command, including description, help, name, and integration arguments. ```Shell --description string integration registration description -h, --help help for add --name string unique registration name, i.e my-registration, sboms-to-prod, etc. --opt stringArray integration arguments ``` -------------------------------- ### Install Chainloop with AWS Secrets Manager (Console) Source: https://github.com/chainloop-dev/chainloop/blob/main/deployment/chainloop/README.md Installs Chainloop using the Helm chart, configuring it to use AWS Secrets Manager for secrets management. Requires providing AWS access key ID, secret key, and region. Assumes OIDC and key pair settings are handled separately or use defaults/other configurations. ```console helm install [RELEASE_NAME] oci://ghcr.io/chainloop-dev/charts/chainloop \ # Open ID Connect (OIDC) # ... # Secrets backend --set secretsBackend.backend=awsSecretManager \ --set secretsBackend.awsSecretManager.accessKey=[AWS ACCESS KEY ID] \ --set secretsBackend.awsSecretManager.secretKey=[AWS SECRET KEY] \ --set secretsBackend.awsSecretManager.region=[AWS region]\ # Server Auth KeyPair # ... ``` -------------------------------- ### Specific options for chainloop auth login Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Lists the options available specifically for the `chainloop auth login` command, including help and skipping the browser-based login. ```shell -h, --help help for login --skip-browser perform a headless login process without opening a browser ``` -------------------------------- ### Build Project Binary Source: https://github.com/chainloop-dev/chainloop/blob/main/app/artifact-cas/README.md Executes the `build` target in the project's Makefile. This command compiles the Go source code and produces the executable binary for the Artifact CAS service. ```Shell make build ``` -------------------------------- ### Chainloop CLI artifact download command usage Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Shows the basic usage syntax for the `chainloop artifact download` command. ```bash chainloop artifact download [flags] ``` -------------------------------- ### Describe Available Chainloop Integration (Shell) Source: https://github.com/chainloop-dev/chainloop/blob/main/devel/integrations.md Uses the `chainloop integration available describe` command to display details about a specific integration, including its version, material requirements, and required registration and attachment inputs. This helps identify necessary configuration parameters before registration. ```Shell $ chainloop integration available describe --id oci-registry ``` -------------------------------- ### Basic Usage of chainloop attestation push Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Shows the fundamental syntax for invoking the `chainloop attestation push` command with placeholder flags. ```cli chainloop attestation push [flags] ``` -------------------------------- ### Perform Chained Attestation with Dagger CLI Source: https://github.com/chainloop-dev/chainloop/blob/main/extras/dagger/README.md Demonstrates a complete attestation process using the Dagger CLI by chaining init, add-raw-evidence, and push commands. It initializes the attestation, adds a piece of raw evidence, and then signs and pushes the final attestation. ```Shell dagger call -m github.com/chainloop-dev/chainloop \ # Initialize the command init --token env:CHAINLOOP_TOKEN \ # we chain subcommands after the initialization # add a raw evidence add-raw-evidence --name my-evidence --value "my-value" \ # and push the result push --key file:/path/to/cosign.key --passphrase env:COSIGN_PASSPHRASE ``` -------------------------------- ### Authenticate to Chainloop Control Plane (Bash) Source: https://github.com/chainloop-dev/chainloop/blob/main/README.md Run this command to initiate the authentication process and log in to the Chainloop Control Plane. ```bash $ chainloop auth login ``` -------------------------------- ### Listing Available Chainloop Integrations (sh) Source: https://github.com/chainloop-dev/chainloop/blob/main/devel/integrations.md This command lists all available third-party integrations configured in the Chainloop instance. It displays the integration ID, version, required material types, and a brief description. ```sh $ chainloop integration available list ``` -------------------------------- ### Inherited Options for chainloop config help Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Details the global options inherited from parent commands that can be used with chainloop config help, such as configuration file path, API endpoints, and output format. ```cli --artifact-cas string URL for the Artifacts Content Addressable Storage API ($CHAINLOOP_ARTIFACT_CAS_API) (default "api.cas.chainloop.dev:443") --artifact-cas-ca string CUSTOM CA file for the Artifacts CAS API (optional) ($CHAINLOOP_ARTIFACT_CAS_API_CA) -c, --config string Path to an existing config file (default is $HOME/.config/chainloop/config.toml) --control-plane string URL for the Control Plane API ($CHAINLOOP_CONTROL_PLANE_API) (default "api.cp.chainloop.dev:443") --control-plane-ca string CUSTOM CA file for the Control Plane API (optional) ($CHAINLOOP_CONTROL_PLANE_API_CA) --debug Enable debug/verbose logging mode -i, --insecure Skip TLS transport during connection to the control plane ($CHAINLOOP_API_INSECURE) -n, --org string organization name -o, --output string Output format, valid options are json and table (default "table") -t, --token string API token. NOTE: Alternatively use the env variable CHAINLOOP_TOKEN -y, --yes Skip confirmation ``` -------------------------------- ### Configure Chainloop CLI Source: https://github.com/chainloop-dev/chainloop/blob/main/deployment/chainloop/README.md Use this command to save the configuration for the Chainloop CLI, specifying the endpoints for the control plane and artifact CAS (Content Addressable Storage). Replace the example hostnames and ports with your actual deployment details. ```bash chainloop config save \ --control-plane my-controlplane.acme.com:443 \ --artifact-cas cas.acme.com:443 ``` -------------------------------- ### Initialize and Resume Attestation with Dagger CLI Source: https://github.com/chainloop-dev/chainloop/blob/main/extras/dagger/README.md Shows how to initialize an attestation, capture its ID, and then resume the attestation process later using the stored ID. This is useful for multi-step or interrupted attestation workflows. ```Shell # Initialize but this time we store the attestation-id ATTESTATION_ID=$(dagger call -m github.com/chainloop-dev/chainloop init --token env:CHAINLOOP_TOKEN attestation-id) # and we use it to resume the attestation process dagger call -m github.com/chainloop-dev/chainloop \ resume --token env:CHAINLOOP_TOKEN --attestation-id $ATTESTATION_ID \ # we chain subcommands after the initialization .... ``` -------------------------------- ### Saving Chainloop CLI Configuration with Custom Endpoints Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx This example demonstrates how to use the `chainloop config save` command to persist configuration settings, specifically setting custom endpoints for the control plane and artifact CAS APIs. ```shell chainloop config save --control-plane localhost:1234 --artifact-cas localhost:1235 ``` -------------------------------- ### Specific options for chainloop cas-backend Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Lists the options available specifically for the `chainloop cas-backend` command, which deals with Artifact CAS backends. ```shell -h, --help help for cas-backend ``` -------------------------------- ### Help Command Specific Options (CLI) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Options specific to the `help` command. ```CLI -h, --help help for help ``` -------------------------------- ### Chainloop CLI artifact help command inherited options Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Lists options inherited by the `chainloop artifact help` command from its parent commands. ```text --artifact-cas string URL for the Artifacts Content Addressable Storage API ($CHAINLOOP_ARTIFACT_CAS_API) (default "api.cas.chainloop.dev:443") --artifact-cas-ca string CUSTOM CA file for the Artifacts CAS API (optional) ($CHAINLOOP_ARTIFACT_CAS_API_CA) -c, --config string Path to an existing config file (default is $HOME/.config/chainloop/config.toml) --control-plane string URL for the Control Plane API ($CHAINLOOP_CONTROL_PLANE_API) (default "api.cp.chainloop.dev:443") --control-plane-ca string CUSTOM CA file for the Control Plane API (optional) ($CHAINLOOP_CONTROL_PLANE_API_CA) --debug Enable debug/verbose logging mode -i, --insecure Skip TLS transport during connection to the control plane ($CHAINLOOP_API_INSECURE) -n, --org string organization name -o, --output string Output format, valid options are json and table (default "table") -t, --token string API token. NOTE: Alternatively use the env variable CHAINLOOP_TOKEN -y, --yes Skip confirmation ``` -------------------------------- ### Chainloop CLI artifact command options Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Lists options specific to the `chainloop artifact` command. ```text -h, --help help for artifact ``` -------------------------------- ### Enabling Ingress for Custom Domain (Basic values.yaml) Source: https://github.com/chainloop-dev/chainloop/blob/main/deployment/chainloop/README.md Provides a basic example of a `values.yaml` override to enable ingress resources for the Chainloop control plane (main and API) and CAS API endpoints. It configures custom hostnames for each endpoint. ```yaml controlplane: ingress: enabled: true hostname: cp.chainloop.dev ingressAPI: enabled: true hostname: api.cp.chainloop.dev cas: ingressAPI: enabled: true hostname: api.cas.chainloop.dev ``` -------------------------------- ### Initialize Attestation with Workflow and Project Details Source: https://github.com/chainloop-dev/chainloop/blob/main/extras/dagger/README.md Initializes a new attestation using the Dagger CLI, specifying the Chainloop API token from an environment variable and optionally providing workflow name, project name, repository path, and a contract name. ```Shell # Initialize the attestation and get its ID dagger call -m github.com/chainloop-dev/chainloop \ init \ --token env:CHAINLOOP_TOKEN \ --workflow-name the-name-of-the-workflow \ --project-name the-name-of-the-project \ --repository /path/to/repo \ --contract-name my-existing-contract ``` -------------------------------- ### Adding Multiple Annotations Separately Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Shows how to provide multiple annotations by repeating the `--annotation` flag for each key-value pair. ```cli chainloop attestation push --annotation key=value --annotation key2=value2 ``` -------------------------------- ### Generate ORM Code (Makefile) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/README.md Executes the Makefile target to generate code based on the `ent` ORM schema definitions located in `pkg/data/ent/schema`. This is a necessary step after updating the data model schema before generating migrations. ```Shell make generate ``` -------------------------------- ### Inherited Options for Chainloop Workflow Run Describe - CLI Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Lists common command-line options inherited by `chainloop workflow workflow-run describe`, primarily related to configuring API endpoints, authentication, output format, and logging. Note that the default output format includes more options for this specific command. ```cli --artifact-cas string URL for the Artifacts Content Addressable Storage API ($CHAINLOOP_ARTIFACT_CAS_API) (default "api.cas.chainloop.dev:443") --artifact-cas-ca string CUSTOM CA file for the Artifacts CAS API (optional) ($CHAINLOOP_ARTIFACT_CAS_API_CA) -c, --config string Path to an existing config file (default is $HOME/.config/chainloop/config.toml) --control-plane string URL for the Control Plane API ($CHAINLOOP_CONTROL_PLANE_API) (default "api.cp.chainloop.dev:443") --control-plane-ca string CUSTOM CA file for the Control Plane API (optional) ($CHAINLOOP_CONTROL_PLANE_API_CA) --debug Enable debug/verbose logging mode -i, --insecure Skip TLS transport during connection to the control plane ($CHAINLOOP_API_INSECURE) -n, --org string organization name -o, --output string output format, valid options are table, json, attestation, statement or payload-pae (default "table") -t, --token string API token. NOTE: Alternatively use the env variable CHAINLOOP_TOKEN -y, --yes Skip confirmation ``` -------------------------------- ### Checking Chainloop Attestation Status (CLI) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx The `chainloop attestation status` command allows you to check the current status of an attestation process. You can specify the attestation ID and use the `--full` flag to get a detailed report including recorded values. ```shell chainloop attestation status [flags] ``` -------------------------------- ### JSON Schema for GUAC Integration Registration Input Source: https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/plugins/core/guac/v1/README.md Defines the expected JSON schema for the input parameters when registering the GUAC integration in Chainloop. It specifies the required fields (`bucket`, `credentials`) and optional fields (`provider`), their data types, and descriptions. ```json { "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://github.com/chainloop-dev/chainloop/app/controlplane/plugins/core/guac/v1/registration-request", "properties": { "provider": { "type": "string", "enum": [ "gcs" ], "minLength": 1, "description": "Blob storage provider: default gcs" }, "bucket": { "type": "string", "minLength": 1, "description": "Bucket name where to store the artifacts" }, "credentials": { "type": "string", "minLength": 2, "description": "Credentials to access the bucket" } }, "additionalProperties": false, "type": "object", "required": [ "bucket", "credentials" ] } ``` -------------------------------- ### Listing Chainloop Workflows (CLI) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Lists existing Chainloop workflows. Supports pagination and different output formats (table or json). The --full flag provides a more detailed report for each workflow. ```Shell chainloop workflow list [flags] ``` ```Shell Let the default pagination apply chainloop workflow list Specify the page and page size chainloop workflow list --page 2 --limit 10 Output in json format to paginate using scripts chainloop workflow list --page 2 --limit 10 --output json Show the full report chainloop workflow list --full ``` -------------------------------- ### Add Material from URL - Chainloop Attestation Add - CLI Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Adds a material to the attestation by providing a URL pointing to the material's location. Chainloop will download the material to a temporary folder before processing it. Requires the `--value` flag with a URL. ```cli chainloop attestation add --value https://example.com/sbom.json ``` -------------------------------- ### Registering GUAC Integration in Chainloop (GCS) Source: https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/plugins/core/guac/v1/README.md Registers the GUAC integration plugin in your Chainloop organization using the command-line interface. This command requires specifying a name for the registration, the GCS bucket name, the content of the service account credentials file, and the provider type (gcs). ```sh $ chainloop integration registered add guac --name [my-registration] --opt bucket=[my-bucket-name] --opt credentials=[credentials-content] --opt provider=gcs # Example $ chainloop integration registered add guac --name [my-registration] --opt bucket=test-guac --opt credentials="$(cat ./service-account-devel.json)" --opt provider=gcs ``` -------------------------------- ### Ingesting GCS Data into GUAC using guacone Source: https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/plugins/core/guac/v1/README.md Demonstrates how to use the `guacone collect` command to ingest data from a specified Google Cloud Storage bucket into a running GUAC instance. This command requires the bucket name and the path to the GCP service account credentials file. ```bash guacone collect gcs test-guac --gcp-credentials-path service-account-devel.json ``` -------------------------------- ### Attaching GUAC Integration to Chainloop Workflow Source: https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/plugins/core/guac/v1/README.md Attaches a previously registered GUAC integration to a specific Chainloop workflow. This command links the integration instance to the workflow, enabling automatic data upload upon workflow completion. It requires the workflow ID ($WID) and the integration registration ID ($ID). ```sh $ chainloop integration attached add --workflow $WID --integration $ID ``` -------------------------------- ### Options for Describing Chainloop Workflow Run - CLI Source: https://github.com/chainloop-dev/chainloop/blob/main/app/cli/documentation/cli-reference.mdx Lists the specific command-line options available for the `chainloop workflow workflow-run describe` command, allowing users to specify the run ID, attestation digest, verification keys/certs, and trigger verification. ```cli --cert string public certificate in PEM format to be used to verify the attestation --cert-chain string certificate chain (intermediates, root) in PEM format to be used to verify the attestation -d, --digest string content digest of the attestation -h, --help help for describe --id string workflow Run ID --key string public key used to verify the attestation. Note: You can also use env variable CHAINLOOP_SIGNING_PUBLIC_KEY --verify verify the attestation ```