This feature is a proprietary feature and is of Chainloop platform.
The following functionality is considered experimental and subject to change.
Chainloop allows you to gather optional runner context information and add it to your workflow contract. This information will include the basic information about your CI/CD environment. The experimental platform plugin enables Chainloop CLI to automatically gather more detailed runner context by collecting repository security configuration data directly from your CI/CD environment. This feature captures:
  • Branch protection settings: required status checks, push restrictions, review dismissal policies, and admin enforcement rules
  • Pull request configurations: required reviewers, review dismissal rules, and branch update requirements
  • Commit protection details: signing requirements, status check policies, and custom protection rules
The collected context becomes part of your attestation data, providing auditable evidence of security controls during build and deployment and can be used with various policies related to it.

Gathering Runner Context

Gathering the CI/CD runner context requires a few steps:

Installing Chainloop CLI with the Experimental Platform Plugin

The first step is to install Chainloop CLI with the experimental platform plugin. You can learn more about installing Chainloop CLI here or just run the following command: 
curl -sfL https://dl.chainloop.dev/cli/install.sh | bash -s -- --with-platform-plugin
The above command will install the latest version of Chainloop CLI with the latest version of the experimental platform plugin.

Create the Access Token

The second step is to create an access token for Chainloop. In order to gather the comprehensive runner context, Chainloop platform plugin requires an access token with the appropriate access level. Depending on the CI/CD platform of your choice, the access token will have different requirements.
For GitHub create the fine-grained token with the Administration permission set to read.
Once generated, store the personal access token in the CI/CD secrets, we’ve used the ADMIN_PERSONAL_ACCESS_TOKEN secret name.

Request Runner Context During Build

The third step is to request the runner context during the build process. This can be done by adding the following command to your CI/CD pipeline: 
chainloop gather-runner-context --runner-token ${{ secrets.ADMIN_PERSONAL_ACCESS_TOKEN }}
The above command with request the runner context data and store it in the file called runner-context.json.

Add the Runner Context to the Attestation

The fourth step is to add the runner context to the attestation. This can be done by adding the following command to your CI/CD pipeline: 
chainloop att add --value ./runner-context.json --kind CHAINLOOP_RUNNER_CONTEXT
And that’s it, you are ready. You can now use the gathered runner context with the branch protection policies.