chore(attestations): Include attestation links on att push (#2670)

Signed-off-by: Javier Rodriguez <javier@chainloop.dev>

Author: javirln

app/cli/cmd/attestation_status.go

@@ -140,6 +140,12 @@ func attestationStatusTableOutput(status *action.AttestationStatusResult, w io.W
 		gt.AppendRow(table.Row{"Policies", "------"})
 		policiesTable(evs, gt)
 	}
+
+	// Add the Attestation View URL if available
+	if status.AttestationViewURL != "" {
+		gt.AppendRow(table.Row{"Attestation View URL", status.AttestationViewURL})
+	}
+
 	gt.Render()
 
 	if err := materialsTable(status, w, full); err != nil {

app/cli/cmd/workflow_workflow_run_describe.go

@@ -177,6 +177,11 @@ func workflowRunDescribeTableOutput(run *action.WorkflowRunItemFull) error {
 		gt.AppendRow(table.Row{"Policies", "------"})
 		policiesTable(evs, gt)
 	}
+
+	if run.Attestation.AttestationViewURL != "" {
+		gt.AppendRow(table.Row{"Attestation View URL", run.Attestation.AttestationViewURL})
+	}
+
 	gt.Render()
 
 	predicateV1Table(att)

app/cli/pkg/action/action.go

@@ -20,6 +20,7 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	"strings"
 	"time"
 
 	pb "github.com/chainloop-dev/chainloop/app/controlplane/api/controlplane/v1"
@@ -153,3 +154,34 @@ func getCASBackend(ctx context.Context, client pb.AttestationServiceClient, work
 	casBackend.Uploader = casclient.New(artifactCASConn, casclient.WithLogger(logger))
 	return casBackendInfo, artifactCASConn.Close, nil
 }
+
+// fetchUIDashboardURL retrieves the UI Dashboard URL from the control plane
+// Returns empty string if not configured or if fetch fails
+func fetchUIDashboardURL(ctx context.Context, cpConnection *grpc.ClientConn) string {
+	if cpConnection == nil {
+		return ""
+	}
+
+	tmoutCtx, cancel := context.WithTimeout(ctx, 5*time.Second)
+	defer cancel()
+
+	client := pb.NewStatusServiceClient(cpConnection)
+	resp, err := client.Infoz(tmoutCtx, &pb.InfozRequest{})
+	if err != nil {
+		return ""
+	}
+
+	return resp.UiDashboardUrl
+}
+
+// buildAttestationViewURL constructs the attestation view URL
+// Returns empty string if platformURL is not configured
+func buildAttestationViewURL(uiDashboardURL, digest string) string {
+	if uiDashboardURL == "" || digest == "" {
+		return ""
+	}
+
+	// Trim trailing slash from platform URL if present
+	uiDashboardURL = strings.TrimRight(uiDashboardURL, "/")
+	return fmt.Sprintf("%s/attestation/%s?tab=summary", uiDashboardURL, digest)
+}

app/cli/pkg/action/attestation_init.go

@@ -190,6 +190,7 @@ func (action *AttestationInit) Run(ctx context.Context, opts *AttestationInitRun
 		policiesAllowedHostnames []string
 		// Timestamp Authority URL for new attestations
 		timestampAuthorityURL, signingCAName string
+		uiDashboardURL                       string
 	)
 
 	// Init in the control plane if needed including the runner context
@@ -220,6 +221,7 @@ func (action *AttestationInit) Run(ctx context.Context, opts *AttestationInitRun
 		signingOpts := result.GetSigningOptions()
 		timestampAuthorityURL = signingOpts.GetTimestampAuthorityUrl()
 		signingCAName = signingOpts.GetSigningCa()
+		uiDashboardURL = result.GetUiDashboardUrl()
 
 		if v := workflowMeta.Version; v != nil && workflowRun.GetVersion() != nil {
 			v.Prerelease = workflowRun.GetVersion().GetPrerelease()
@@ -277,9 +279,10 @@ func (action *AttestationInit) Run(ctx context.Context, opts *AttestationInitRun
 			TimestampAuthorityURL: timestampAuthorityURL,
 			SigningCAName:         signingCAName,
 		},
-		Auth:       authInfo,
-		CASBackend: casBackendInfo,
-		Logger:     &action.Logger,
+		Auth:           authInfo,
+		CASBackend:     casBackendInfo,
+		Logger:         &action.Logger,
+		UIDashboardURL: uiDashboardURL,
 	}
 
 	if err := action.c.Init(ctx, initOpts); err != nil {

app/cli/pkg/action/attestation_push.go

@@ -226,6 +226,9 @@ func (action *AttestationPush) Run(ctx context.Context, attestationID string, ru
 		return nil, fmt.Errorf("pushing to control plane: %w", err)
 	}
 
+	// Build attestation view URL
+	attestationResult.Status.AttestationViewURL = buildAttestationViewURL(crafter.CraftingState.UiDashboardUrl, attestationResult.Digest)
+
 	action.Logger.Info().Msg("push completed")
 
 	// Save bundle to disk

app/cli/pkg/action/attestation_status.go

@@ -57,6 +57,7 @@ type AttestationStatusResult struct {
 	HasPolicyViolations         bool                            `json:"has_policy_violations"`
 	MustBlockOnPolicyViolations bool                            `json:"must_block_on_policy_violations"`
 	TimestampAuthority          string                          `json:"timestamp_authority"`
+	AttestationViewURL          string                          `json:"attestation_view_url"`
 	// This might only be set if the attestation is pushed
 	Digest string `json:"digest"`
 	// This is the human readable output of the attestation status

app/cli/pkg/action/workflow_run_describe.go

@@ -61,6 +61,8 @@ type WorkflowRunAttestationItem struct {
 	PolicyEvaluations map[string][]*PolicyEvaluation `json:"policy_evaluations,omitempty"`
 	// Policy evaluation status
 	PolicyEvaluationStatus *PolicyEvaluationStatus `json:"policy_evaluation_status,omitempty"`
+	// URL to view the attestation in the UI
+	AttestationViewURL string `json:"attestation_view_url"`
 }
 
 type PolicyEvaluationStatus struct {
@@ -227,6 +229,12 @@ func (action *WorkflowRunDescribe) Run(ctx context.Context, opts *WorkflowRunDes
 
 	policyEvaluationStatus := att.GetPolicyEvaluationStatus()
 
+	var attestationViewURL string
+	baseUIDashboardURL := fetchUIDashboardURL(ctx, action.cfg.CPConnection)
+	if baseUIDashboardURL != "" {
+		attestationViewURL = buildAttestationViewURL(baseUIDashboardURL, att.DigestInCasBackend)
+	}
+
 	item.Attestation = &WorkflowRunAttestationItem{
 		Envelope:          envelope,
 		Bundle:            att.GetBundle(),
@@ -243,6 +251,7 @@ func (action *WorkflowRunDescribe) Run(ctx context.Context, opts *WorkflowRunDes
 			HasViolations:      policyEvaluationStatus.HasViolations,
 			HasGatedViolations: policyEvaluationStatus.HasGatedViolations,
 		},
+		AttestationViewURL: attestationViewURL,
 	}
 
 	return item, nil

app/controlplane/api/controlplane/v1/status.pb.go

@@ -46,6 +46,8 @@ message InfozResponse {
   string chart_version = 3;
   // Whether organization creation is restricted to admins
   bool restricted_org_creation = 4;
+  // Link to the platform UI, if available
+  string ui_dashboard_url = 5;
 }
 
 message StatuszResponse {}