Add attestation for replace images

errordeveloper · Sep 28, 2023 · 8645b1e · 8645b1e
1 parent 71ae72a
commit 8645b1e
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 1 deletion.
diff --git a/attest/manifest/images.go b/attest/manifest/images.go
@@ -26,6 +26,10 @@ type ResolvedImageRef struct {
 	attestTypes.GenericStatement[ImageRefenceWithLocation]
 }
 
+type ReplacedImageRef struct {
+	attestTypes.GenericStatement[ImageRefenceWithLocation]
+}
+
 type ImageRefenceWithLocation struct {
 	Reference string  `json:"reference"`
 	Line      int     `json:"line"`
@@ -34,7 +38,6 @@ type ImageRefenceWithLocation struct {
 }
 
 // TODO:
-// - replaced
 // - related tags (just the tags)
 // - copy inline atteststations, and reference them
 // - copy sigstore attestations, and reference them
@@ -56,6 +59,22 @@ func MakeOriginalImageRefStatements(images *manifestTypes.ImageList) attestTypes
 	return statements
 }
 
+func MakeReplacedImageRefStatements(images *manifestTypes.ImageList) attestTypes.Statements {
+	statements := attestTypes.Statements{}
+	forEachImage(images, func(subject attestTypes.Subject, ref ImageRefenceWithLocation) {
+		statements = append(statements, &ReplacedImageRef{
+			attestTypes.MakeStatement(
+				ReplacedImageRefPredicateType,
+				struct {
+					ImageRefenceWithLocation `json:"replacedImageReference"`
+				}{ref},
+				subject,
+			),
+		})
+	})
+	return statements
+}
+
 func MakeResovedImageRefStatements(images *manifestTypes.ImageList) attestTypes.Statements {
 	statements := attestTypes.Statements{}
 	forEachImage(images, func(subject attestTypes.Subject, ref ImageRefenceWithLocation) {

diff --git a/manifest/imagescanner/imagescanner.go b/manifest/imagescanner/imagescanner.go
@@ -107,4 +107,5 @@ func (s *DefaultImageScanner) GetImages() *types.ImageList {
 
 func (s *DefaultImageScanner) Reset() {
 	s.trackers = []*Tracker{}
+	s.attestor = nil
 }
diff --git a/tape/app/package.go b/tape/app/package.go
@@ -156,6 +156,17 @@ func (c *TapePackageCommand) Execute(args []string) error {
 		return fmt.Errorf("failed to update manifest files: %w", err)
 	}
 
+	scanner.Reset()
+	if err := scanner.Scan(loader.RelPaths()); err != nil {
+		return fmt.Errorf("failed to scan updated manifest files: %w", err)
+	}
+	replacedImages := scanner.GetImages()
+	replacedImages.Dedup()
+
+	if err := attreg.AssociateStatements(manifest.MakeReplacedImageRefStatements(replacedImages)...); err != nil {
+		return err
+	}
+
 	c.tape.log.DebugFn(func() []interface{} {
 		buf := bytes.NewBuffer(nil)
 		if err := attreg.EncodeAllAttestations(base64.NewEncoder(base64.StdEncoding, buf)); err != nil {