Name | Required | Description |
---|---|---|
schemaVersion | yes | Version of the schema, it needs to be v1 |
materials | no | List of materials to be added to the attestation |
envAllowList | no | List of environment variables that will be resolved and injected in the attestation |
runner | no | Specific runner type associated with this contract. If not set, this contract will be valid to be run anywhere but you’ll miss out some of its benefits |
annotations | no | Name/Value pairs of arbitrary annotations that will be added to the attestation. If the value is not provided, it will be required during the attestation process. |
policies | no | Attachments to existing Chainloop policies. See policies reference guide for more information |
Name | Required | Default | Description |
---|---|---|---|
name | yes | unique identifier of the material | |
type | yes | Refer to material-types for the list of supported material types. | |
output | no | false | If set to true the material will get injected in the subject section of the in-toto statement. |
optional | no | false | if set to true , providing this material during attestation will be optional. This is useful for soft rollouts of new requirements |
annotations | no | Name/Value pairs of arbitrary annotations that will be added to the attestation. If the value is not provided, it will be required during the attestation process. |
policies
section can be specified. Policies can be applied to any material, but also to the attestation statement as a whole.
--dry-run
flag is set during initialization.envAllowList
.AZURE_PIPELINE
BUILD_REQUESTEDFOREMAIL
BUILD_REQUESTEDFOR
BUILD_REPOSITORY_URI
BUILD_REPOSITORY_NAME
BUILD_BUILDID
BUILD_BUILDNUMBER
BUILD_BUILDURI
BUILD_REASON
AGENT_VERSION
TF_BUILD
CIRCLECI_BUILD
CIRCLE_BUILD_URL
CIRCLE_JOB
CIRCLE_BRANCH
(optional)CIRCLE_NODE_TOTAL
CIRCLE_NODE_INDEX
DAGGER_PIPELINE
GITHUB_ACTION
GITHUB_ACTOR
GITHUB_REF
GITHUB_REPOSITORY
GITHUB_REPOSITORY_OWNER
GITHUB_RUN_ID
GITHUB_SHA
RUNNER_NAME
RUNNER_OS
GITLAB_PIPELINE
GITLAB_USER_EMAIL
GITLAB_USER_LOGIN
CI_PROJECT_URL
CI_COMMIT_SHA
CI_JOB_URL
CI_PIPELINE_URL
CI_RUNNER_VERSION
CI_RUNNER_DESCRIPTION
CI_COMMIT_REF_NAME
JENKINS_JOB
JOB_NAME
BUILD_URL
GIT_BRANCH
(optional)GIT_COMMIT
(optional)AGENT_WORKDIR
NODE_NAME
TEAMCITY_PIPELINE
BUILD_URL
TEAMCITY_PROJECT_NAME
TEAMCITY_VERSION
BUILD_NUMBER
USER
TEAMCITY_GIT_VERSION
BUILD_VCS_NUMBER
HOME
envAllowList
option.