leeway

package
v0.10.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 9, 2025 License: MIT Imports: 78 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// EnvvarCacheDir names the environment variable we take the cache dir location from
	EnvvarCacheDir = "LEEWAY_CACHE_DIR"

	// EnvvarBuildDir names the environment variable we take the build dir location from
	EnvvarBuildDir = "LEEWAY_BUILD_DIR"

	// EnvvarYarnMutex configures the mutex flag leeway will pass to yarn.
	// See https://yarnpkg.com/lang/en/docs/cli/#toc-concurrency-and-mutex for possible values.
	// Defaults to "network".
	EnvvarYarnMutex = "LEEWAY_YARN_MUTEX"
)
View Source 
const (
	// BuiltinArgPackageVersion is a builtin argument/variable which contains the version of the package currently building
	BuiltinArgPackageVersion = "__pkg_version"

	// BuildinArgGitCommit is a builtin argument/variable which contains the current Git commit if the build is executed from within a Git working copy.
	// If this variable is used and the build is not executed from within a Git working copy the variable resolution will fail.
	BuildinArgGitCommit = "__git_commit"

	// BuildinArgGitCommitShort is the shortened version of BuildinArgGitCommit to the first 7 characters
	BuildinArgGitCommitShort = "__git_commit_short"
)
View Source 
const (

	// EnvvarVulnReportsDir names the environment variable we take the vulnerability reports directory location from
	EnvvarVulnReportsDir = "LEEWAY_VULN_REPORTS_DIR"
)

Constants for SBOM and vulnerability scanning

View Source 
const (

	// ProvenanceBuilderID is the prefix we use as Builder ID when issuing provenance
	ProvenanceBuilderID = "github.com/gitpod-io/leeway"
)

Variables

View Source 
var ErrNoAttestationBundle error = fmt.Errorf("no attestation bundle found")
View Source 
var ErrNoSBOMFile = fmt.Errorf("no SBOM file found")

ErrNoSBOMFile is returned when no SBOM file is found in a cached archive

View Source 
var Version string = "unknown"

Version is the version of this leeway build

Functions

func AccessAttestationBundleInCachedArchive added in v0.2.12 

func AccessAttestationBundleInCachedArchive(fn string, handler func(bundle io.Reader) error) (err error)

AccessAttestationBundleInCachedArchive provides access to the attestation bundle in a cached build artifact. If no such bundle exists, ErrNoAttestationBundle is returned.

func AccessSBOMInCachedArchive added in v0.10.4 

func AccessSBOMInCachedArchive(fn string, format string, handler func(sbomFile io.Reader) error) (err error)

AccessSBOMInCachedArchive extracts an SBOM file from a cached build artifact. It supports different SBOM formats (cyclonedx, spdx, syft) and applies the provided handler function to the extracted SBOM content. If no SBOM file is found, it returns ErrNoSBOMFile. This function is used by the sbom export and scan commands.

func Build 

func Build(pkg *Package, opts ...BuildOption) (err error)

Build builds the packages in the order they're given. It's the callers responsibility to ensure the dependencies are built in order.

func BuildTarCommand added in v0.10.0 

func BuildTarCommand(options ...func(*TarOptions)) []string

BuildTarCommand creates a platform-optimized tar command with the given options

func BuildUnTarCommand added in v0.10.0 

func BuildUnTarCommand(options ...func(*UnTarOptions)) ([]string, error)

BuildUnTarCommand creates a command to extract tar archives

func CopyWorkspace 

func CopyWorkspace(dst string, workspace *Workspace, strict bool) error

CopyWorkspace copies all folders/files from a workspace to a destination. If strict is true we'll only copy the files that leeway actully knows are source files. Otherwise we'll copy all files that are not excluded by the variant.

func DeleteNonWorkspaceFiles 

func DeleteNonWorkspaceFiles(dst string, workspace *Workspace, strict bool) (err error)

DeleteNonWorkspaceFiles removes all files that do not belong to a workspace. If strict is true this function deletes all files that are not listed as source in a package. If strict is fales this function deletes files excluded by a variant.

func DiscoverWorkspaceRoot added in v0.8.3 

func DiscoverWorkspaceRoot() (string, error)

func FilesystemSafeName added in v0.8.3 

func FilesystemSafeName(fn string) string

func FindUnresolvedArguments 

func FindUnresolvedArguments(pkg *Package) ([]string, error)

FindUnresolvedArguments finds any still unresolved build arguments in a set of packages

func FormatBUILDyaml 

func FormatBUILDyaml(out io.Writer, in io.Reader, fixIssues bool) error

FormatBUILDyaml formats a component's build.yaml file

func GetDefaultVulnerabilityReportsDir added in v0.10.4 

func GetDefaultVulnerabilityReportsDir(ctx *buildContext) string

GetDefaultVulnerabilityReportsDir returns the default directory for vulnerability reports. It checks the EnvvarVulnReportsDir environment variable first, and if not set, uses a directory in the build context's build directory.

func GetSBOMFileExtension added in v0.10.4 

func GetSBOMFileExtension(format string) string

GetSBOMFileExtension returns the file extension for the given SBOM format. This is used to construct filenames for SBOM files in different formats.

func ScanAllPackagesForVulnerabilities added in v0.10.4 

func ScanAllPackagesForVulnerabilities(localCache cache.LocalCache, packages []*Package, customOutputDir ...string) error

ScanAllPackagesForVulnerabilities provides a public API for scanning packages for vulnerabilities. It creates a build context with the provided local cache and reporter, then calls the internal scanAllPackagesForVulnerabilities function to perform the actual scanning.

func TopologicalSort 

func TopologicalSort(pkgs []*Package)

TopologicalSort sorts the list of packages by its build order according to the dependency tree

func ValidateSBOMFormat added in v0.10.4 

func ValidateSBOMFormat(format string) (bool, []string)

ValidateSBOMFormat checks if the provided format is supported. It returns a boolean indicating if the format is valid and a list of valid formats.

func WatchSources 

func WatchSources(ctx context.Context, pkgs []*Package, debounceDuration time.Duration) (changed <-chan struct{}, errs <-chan error)

WatchSources watches the source files of the packages until the context is done

func WithAutoDetectCompression added in v0.10.0 

func WithAutoDetectCompression(detect bool) func(*UnTarOptions)

WithAutoDetectCompression enables automatic detection of file compression

func WithCompression added in v0.10.0 

func WithCompression(enabled bool) func(*TarOptions)

WithCompression enables compression for the tar archive

func WithCompressionAlgorithm added in v0.10.0 

func WithCompressionAlgorithm(algo CompressionAlgorithm) func(*TarOptions)

WithCompressionAlgorithm specifies which compression algorithm to use

func WithCompressionLevel added in v0.10.0 

func WithCompressionLevel(level int) func(*TarOptions)

WithCompressionLevel sets the compression level

func WithExcludePatterns added in v0.10.0 

func WithExcludePatterns(patterns ...string) func(*TarOptions)

WithExcludePatterns specifies patterns to exclude from the archive

func WithFilesFrom added in v0.10.0 

func WithFilesFrom(filePath string) func(*TarOptions)

WithFilesFrom specifies a file containing the list of files to archive

func WithIncludePatterns added in v0.10.0 

func WithIncludePatterns(patterns ...string) func(*UnTarOptions)

WithIncludePatterns specifies patterns to include during extraction

func WithInputFile added in v0.10.0 

func WithInputFile(path string) func(*UnTarOptions)

WithInputFile sets the input archive file path

func WithOutputFile added in v0.10.0 

func WithOutputFile(path string) func(*TarOptions)

WithOutputFile sets the output file path for the tar archive

func WithPreserveSameOwner added in v0.10.0 

func WithPreserveSameOwner(preserve bool) func(*UnTarOptions)

WithPreserveSameOwner enables preserving file ownership

func WithSourcePaths added in v0.10.0 

func WithSourcePaths(paths ...string) func(*TarOptions)

WithSourcePaths adds files or directories to include in the archive

func WithTargetDir added in v0.10.0 

func WithTargetDir(dir string) func(*UnTarOptions)

WithTargetDir sets the directory where files will be extracted

func WithVerboseExtraction added in v0.10.0 

func WithVerboseExtraction(verbose bool) func(*UnTarOptions)

WithVerboseExtraction enables verbose output during extraction

func WithWorkingDir added in v0.10.0 

func WithWorkingDir(dir string) func(*TarOptions)

WithWorkingDir sets the working directory for the tar command

func WritePackageVulnerabilityMarkdown added in v0.10.4 

func WritePackageVulnerabilityMarkdown(outputDir string, stats []*PackageVulnerabilityStats) error

WritePackageVulnerabilityMarkdown generates a Markdown report with vulnerability statistics. This provides a human-readable summary with tables and emoji indicators for severity levels.

func WritePackageVulnerabilityStats added in v0.10.4 

func WritePackageVulnerabilityStats(outputDir string, stats []*PackageVulnerabilityStats) error

WritePackageVulnerabilityStats generates a JSON file with vulnerability statistics. This provides a machine-readable summary of vulnerabilities across all packages.

Types

type Arguments 

type Arguments map[string]string

Arguments can be passed to components/packages introducing variation points

type AttestationBundle added in v0.2.12 

type AttestationBundle struct {
	// contains filtered or unexported fields
}

AttestationBundle represents an in-toto attestation bundle. See https://github.com/in-toto/attestation/blob/main/spec/bundle.md for more details.

func (*AttestationBundle) Add added in v0.2.12 

func (a *AttestationBundle) Add(env *provenance.Envelope) error

Add adds an entry to the bundle and writes it directly to the out writer. This function ensures an envelope is added only once. This function is not synchronised.

func (*AttestationBundle) AddFromBundle added in v0.2.12 

func (a *AttestationBundle) AddFromBundle(other io.Reader) error

Adds the entries from another bundle to this one, writing them directly to the out writer. This function ensures entries are unique. This function is not synchronised.

func (*AttestationBundle) Len added in v0.2.12 

func (a *AttestationBundle) Len() int

type BuildOption 

type BuildOption func(*buildOptions) error

BuildOption configures the build behaviour

func WithBuildPlan 

func WithBuildPlan(out io.Writer) BuildOption

WithBuildPlan writes the build plan as JSON to the writer

func WithCompressionDisabled added in v0.8.9 

func WithCompressionDisabled(dontCompress bool) BuildOption

func WithCoverageOutputPath 

func WithCoverageOutputPath(output string) BuildOption

WithCoverageOutputPath configures coverage output directory

func WithDisableCoverage added in v0.10.2 

func WithDisableCoverage(disableCoverage bool) BuildOption

func WithDockerBuildOptions added in v0.2.7 

func WithDockerBuildOptions(dockerBuildOpts *DockerBuildOptions) BuildOption

WithDockerBuildOptions are passed to "docker build"

func WithDontTest 

func WithDontTest(dontTest bool) BuildOption

WithDontTest disables package-level tests

func WithDryRun 

func WithDryRun(dryrun bool) BuildOption

WithDryRun marks this build as dry run

func WithFixedBuildDir added in v0.10.2 

func WithFixedBuildDir(fixedBuildDir bool) BuildOption

func WithJailedExecution added in v0.2.18 

func WithJailedExecution(jailedExecution bool) BuildOption

WithJailedExecution runs all commands in a runc jail

func WithLocalCache 

func WithLocalCache(cache cache.LocalCache) BuildOption

WithLocalCache configures the local cache

func WithMaxConcurrentTasks 

func WithMaxConcurrentTasks(n int64) BuildOption

WithMaxConcurrentTasks limits the number of concurrent tasks during the build

func WithRemoteCache 

func WithRemoteCache(cache cache.RemoteCache) BuildOption

WithRemoteCache configures the remote cache

func WithReporter 

func WithReporter(reporter Reporter) BuildOption

WithReporter sets the reporter which is notified about the build progress

type CacheLevel 

type CacheLevel string

CacheLevel describes a level of package cache 

const (
	// CacheUnspecified allows all downloads/uploads/caching operations
	CacheUnspecified CacheLevel = ""

	// CacheNone means no caching happens at all
	CacheNone CacheLevel = "none"

	// CacheLocal means a package is only cached locally
	CacheLocal CacheLevel = "local"

	// CacheRemote means a package is downloaded from and uploaded to a remote cache
	CacheRemote CacheLevel = "remote"

	// CacheRemotePush means a package is cached locally and possibly uploaded to a remote cache,
	// but it will never be downloaded from a remote cache.
	CacheRemotePush CacheLevel = "remote-push"

	// CacheRemotePull means a package is cached locally and possibly downloaded from a remote cache,
	// but it will never be uploaded to a remote cache.
	CacheRemotePull CacheLevel = "remote-pull"
)

func (CacheLevel) RemoteDownload 

func (c CacheLevel) RemoteDownload() bool

RemoteDownload returns true if this cache level permitts local download

func (CacheLevel) RemoteUpload 

func (c CacheLevel) RemoteUpload() bool

RemoteUpload retruns true if the cache level permitts remote upload

func (*CacheLevel) UnmarshalYAML 

func (c *CacheLevel) UnmarshalYAML(unmarshal func(interface{}) error) (err error)

UnmarshalYAML unmarshals and validates a package type

type Component 

type Component struct {
	// W is the workspace this component belongs to
	W *Workspace
	// Origin is the absolute location of this Component in the filepath
	Origin string
	// Name is the name of the Component as computed from its location in the workspace
	Name string

	Constants Arguments  `yaml:"const"`
	Packages  []*Package `yaml:"packages"`
	Scripts   []*Script  `yaml:"scripts"`
	// contains filtered or unexported fields
}

Component contains a single component that we wish to build

func (*Component) Git added in v0.2.10 

func (c *Component) Git() *GitInfo

GitCommit returns the git commit of this component or the workspace. Returns an empty string if neither the component, nor the workspace are part of a working copy.

type CompositeReporter added in v0.7.5 

type CompositeReporter []Reporter

func (CompositeReporter) BuildFinished added in v0.7.5 

func (cr CompositeReporter) BuildFinished(pkg *Package, err error)

BuildFinished implements Reporter

func (CompositeReporter) BuildStarted added in v0.7.5 

func (cr CompositeReporter) BuildStarted(pkg *Package, status map[*Package]PackageBuildStatus)

BuildStarted implements Reporter

func (CompositeReporter) PackageBuildFinished added in v0.7.5 

func (cr CompositeReporter) PackageBuildFinished(pkg *Package, rep *PackageBuildReport)

PackageBuildFinished implements Reporter

func (CompositeReporter) PackageBuildLog added in v0.7.5 

func (cr CompositeReporter) PackageBuildLog(pkg *Package, isErr bool, buf []byte)

PackageBuildLog implements Reporter

func (CompositeReporter) PackageBuildStarted added in v0.7.5 

func (cr CompositeReporter) PackageBuildStarted(pkg *Package)

PackageBuildStarted implements Reporter

type CompressionAlgorithm added in v0.10.0 

type CompressionAlgorithm string

CompressionAlgorithm represents supported compression algorithms 

const (
	Gzip    CompressionAlgorithm = "gzip"
	Zstd    CompressionAlgorithm = "zstd"
	NoCompr CompressionAlgorithm = "none"
)

type ConsoleReporter 

type ConsoleReporter struct {
	// contains filtered or unexported fields
}

ConsoleReporter reports build progress by printing to stdout/stderr

func NewConsoleReporter 

func NewConsoleReporter() *ConsoleReporter

NewConsoleReporter produces a new console logger

func (*ConsoleReporter) BuildFinished 

func (r *ConsoleReporter) BuildFinished(pkg *Package, err error)

BuildFinished is called when the build of a package which was started by the user has finished.

func (*ConsoleReporter) BuildStarted 

func (r *ConsoleReporter) BuildStarted(pkg *Package, status map[*Package]PackageBuildStatus)

BuildStarted is called when the build of a package is started by the user.

func (*ConsoleReporter) PackageBuildFinished 

func (r *ConsoleReporter) PackageBuildFinished(pkg *Package, rep *PackageBuildReport)

PackageBuildFinished is called when the package build has finished.

func (*ConsoleReporter) PackageBuildLog 

func (r *ConsoleReporter) PackageBuildLog(pkg *Package, isErr bool, buf []byte)

PackageBuildLog is called during a package build whenever a build command produced some output.

func (*ConsoleReporter) PackageBuildStarted 

func (r *ConsoleReporter) PackageBuildStarted(pkg *Package)

PackageBuildStarted is called when a package build actually gets underway.

type DockerBuildOptions added in v0.2.7 

type DockerBuildOptions map[string]string

DockerBuildOptions are options passed to "docker build"

type DockerPkgConfig 

type DockerPkgConfig struct {
	Dockerfile string            `yaml:"dockerfile,omitempty"`
	Image      []string          `yaml:"image,omitempty"`
	BuildArgs  map[string]string `yaml:"buildArgs,omitempty"`
	Squash     bool              `yaml:"squash,omitempty"`
	Metadata   map[string]string `yaml:"metadata,omitempty"`
}

DockerPkgConfig configures a Docker package

func (DockerPkgConfig) AdditionalSources 

func (cfg DockerPkgConfig) AdditionalSources(workspaceOrigin string) []string

AdditionalSources returns a list of unresolved sources coming in through this configuration

type EnvironmentManifest 

type EnvironmentManifest []EnvironmentManifestEntry

EnvironmentManifest is a collection of environment manifest entries

func (EnvironmentManifest) Hash 

func (mf EnvironmentManifest) Hash() (string, error)

Hash produces the hash of this manifest

func (EnvironmentManifest) MarshalJSON added in v0.2.12 

func (mf EnvironmentManifest) MarshalJSON() ([]byte, error)

MarshalJSON marshals a built-up environment manifest into JSON

func (EnvironmentManifest) Write 

func (mf EnvironmentManifest) Write(out io.Writer) error

Write writes the manifest to the writer

type EnvironmentManifestEntry 

type EnvironmentManifestEntry struct {
	Name    string   `yaml:"name"`
	Command []string `yaml:"command"`

	Value   string `yaml:"-"`
	Builtin bool   `yaml:"-"`
}

EnvironmentManifestEntry represents an entry in the environment manifest

type ExtractImageFunc added in v0.10.0 

type ExtractImageFunc func(destDir, imgTag string) error

ExtractImageFunc is the type for the image extraction function 

var ExtractImageWithOCILibs ExtractImageFunc = extractImageWithOCILibsImpl

ExtractImageWithOCILibs is the function used to extract Docker images It can be replaced in tests for mocking

type GenericPkgConfig 

type GenericPkgConfig struct {
	Commands [][]string `yaml:"commands"`
	Test     [][]string `yaml:"test,omitempty"`
	DontTest bool       `yaml:"dontTest,omitempty"`
}

GenericPkgConfig configures a generic package

func (GenericPkgConfig) AdditionalSources 

func (cfg GenericPkgConfig) AdditionalSources(workspaceOrigin string) []string

AdditionalSources returns a list of unresolved sources coming in through this configuration

type GitError added in v0.9.3 

type GitError struct {
	Op  string
	Err error
}

GitError represents an error that occurred during a Git operation

func (*GitError) Error added in v0.9.3 

func (e *GitError) Error() string

type GitHubActionReporter added in v0.8.3 

type GitHubActionReporter struct {
	NoopReporter
	// contains filtered or unexported fields
}

func NewGitHubReporter added in v0.8.3 

func NewGitHubReporter() *GitHubActionReporter

func (*GitHubActionReporter) PackageBuildFinished added in v0.8.3 

func (sr *GitHubActionReporter) PackageBuildFinished(pkg *Package, rep *PackageBuildReport)

type GitInfo added in v0.2.10 

type GitInfo struct {
	// WorkingCopyLoc is the absolute path to the Git working copy
	WorkingCopyLoc string
	// Commit is the current HEAD commit hash
	Commit string
	// Origin is the remote origin URL
	Origin string
	// contains filtered or unexported fields
}

GitInfo represents the state of a Git working copy including commit information, origin URL, and dirty state tracking.

func GetGitInfo added in v0.2.12 

func GetGitInfo(loc string) (*GitInfo, error)

GetGitInfo returns the git status required during a leeway build

func (*GitInfo) DirtyFiles added in v0.2.17 

func (info *GitInfo) DirtyFiles(files []string) bool

DirtyFiles returns true if a single file of the file list is dirty

func (*GitInfo) HasDirtyFile added in v0.9.3 

func (info *GitInfo) HasDirtyFile(file string) bool

HasDirtyFile checks if a specific file is dirty

func (*GitInfo) IsDirty added in v0.9.3 

func (info *GitInfo) IsDirty() bool

IsDirty returns whether the working copy has any modifications

type GoPackaging 

type GoPackaging string

GoPackaging configures the packaging method of a Go package 

const (
	// GoLibrary means the package can be imported in another package
	GoLibrary GoPackaging = "library"
	// GoApp runs go build and tars the build directory
	GoApp GoPackaging = "app"
)

type GoPkgConfig 

type GoPkgConfig struct {
	Packaging      GoPackaging `yaml:"packaging,omitempty"`
	Generate       bool        `yaml:"generate,omitempty"`
	DontTest       bool        `yaml:"dontTest,omitempty"`
	DontCheckGoFmt bool        `yaml:"dontCheckGoFmt,omitempty"`
	DontLint       bool        `yaml:"dontLint,omitempty"`
	BuildFlags     []string    `yaml:"buildFlags,omitempty"`
	BuildCommand   []string    `yaml:"buildCommand,omitempty"`
	LintCommand    []string    `yaml:"lintCommand,omitempty"`
	GoVersion      string      `yaml:"goVersion,omitempty"`
	GoMod          string      `yaml:"goMod,omitempty"`
}

GoPkgConfig configures a Go package

func (GoPkgConfig) AdditionalSources 

func (cfg GoPkgConfig) AdditionalSources(workspaceOrigin string) []string

AdditionalSources returns a list of unresolved sources coming in through this configuration

func (GoPkgConfig) Validate 

func (cfg GoPkgConfig) Validate() error

Validate ensures this config can be acted upon/is valid

type HTMLPackageReport added in v0.7.5 

type HTMLPackageReport struct {
	ID string
	// contains filtered or unexported fields
}

func (*HTMLPackageReport) DurationInSeconds added in v0.7.5 

func (r *HTMLPackageReport) DurationInSeconds() string

func (*HTMLPackageReport) Error added in v0.7.5 

func (r *HTMLPackageReport) Error() string

func (*HTMLPackageReport) HasError added in v0.7.5 

func (r *HTMLPackageReport) HasError() bool

func (*HTMLPackageReport) HasLogs added in v0.7.5 

func (r *HTMLPackageReport) HasLogs() bool

func (*HTMLPackageReport) HasResults added in v0.7.5 

func (r *HTMLPackageReport) HasResults() bool

func (*HTMLPackageReport) Logs added in v0.7.5 

func (r *HTMLPackageReport) Logs() string

func (*HTMLPackageReport) Results added in v0.7.5 

func (r *HTMLPackageReport) Results() []string

func (*HTMLPackageReport) StatusIcon added in v0.7.5 

func (r *HTMLPackageReport) StatusIcon() string

type HTMLReporter added in v0.4.0 

type HTMLReporter struct {
	// contains filtered or unexported fields
}

func NewHTMLReporter added in v0.4.0 

func NewHTMLReporter(filename string) *HTMLReporter

func (*HTMLReporter) BuildFinished added in v0.4.0 

func (r *HTMLReporter) BuildFinished(pkg *Package, err error)

func (*HTMLReporter) BuildStarted added in v0.4.0 

func (r *HTMLReporter) BuildStarted(pkg *Package, status map[*Package]PackageBuildStatus)

func (*HTMLReporter) PackageBuildFinished added in v0.4.0 

func (r *HTMLReporter) PackageBuildFinished(pkg *Package, rep *PackageBuildReport)

func (*HTMLReporter) PackageBuildLog added in v0.4.0 

func (r *HTMLReporter) PackageBuildLog(pkg *Package, isErr bool, buf []byte)

func (*HTMLReporter) PackageBuildStarted added in v0.4.0 

func (r *HTMLReporter) PackageBuildStarted(pkg *Package)

func (*HTMLReporter) Report added in v0.4.0 

func (r *HTMLReporter) Report()

type IgnoreRule added in v0.10.4 

type IgnoreRule = match.IgnoreRule

IgnoreRule is an alias for match.IgnoreRule It allows specifying criteria for ignoring vulnerabilities during SBOM scanning. Available fields: - vulnerability: The vulnerability ID to ignore (e.g., "CVE-2023-1234") - reason: The reason for ignoring this vulnerability - namespace: The vulnerability namespace (e.g., "github:golang") - fix-state: The fix state to match (e.g., "fixed", "not-fixed", "unknown") - package: Package-specific criteria (see IgnoreRulePackage) - vex-status: VEX status (e.g., "affected", "fixed", "not_affected") - vex-justification: Justification for the VEX status - match-type: The type of match to ignore (e.g., "exact-direct-dependency")

type IgnoreRulePackage added in v0.10.4 

type IgnoreRulePackage = match.IgnoreRulePackage

IgnoreRulePackage is an alias for match.IgnoreRulePackage It describes package-specific fields for ignore rules: - name: Package name (supports regex) - version: Package version - language: Package language - type: Package type - location: Package location (supports glob patterns) - upstream-name: Upstream package name (supports regex)

type NoopReporter added in v0.7.5 

type NoopReporter struct{}

func (*NoopReporter) BuildFinished added in v0.7.5 

func (*NoopReporter) BuildFinished(pkg *Package, err error)

BuildFinished implements Reporter

func (*NoopReporter) BuildStarted added in v0.7.5 

func (*NoopReporter) BuildStarted(pkg *Package, status map[*Package]PackageBuildStatus)

BuildStarted implements Reporter

func (*NoopReporter) PackageBuildFinished added in v0.7.5 

func (*NoopReporter) PackageBuildFinished(pkg *Package, rep *PackageBuildReport)

PackageBuildFinished implements Reporter

func (*NoopReporter) PackageBuildLog added in v0.7.5 

func (*NoopReporter) PackageBuildLog(pkg *Package, isErr bool, buf []byte)

PackageBuildLog implements Reporter

func (*NoopReporter) PackageBuildStarted added in v0.7.5 

func (*NoopReporter) PackageBuildStarted(pkg *Package)

PackageBuildStarted implements Reporter

type Package 

type Package struct {
	C *Component `yaml:"-"`

	PackageInternal `yaml:"_,inline"`
	Config          PackageConfig `yaml:"config,omitempty"`
	// Definition is the raw package definition YAML
	Definition []byte `yaml:"-"`
	// contains filtered or unexported fields
}

Package represents a package in a workspace

func (*Package) BuildLayoutLocation 

func (p *Package) BuildLayoutLocation(dependency *Package) (loc string)

BuildLayoutLocation returns the filesystem path a dependency is expected at during the build. This path will always be relative. If the provided package is not a depedency of this package, we'll still return a valid path.

func (*Package) ContentManifest 

func (p *Package) ContentManifest() ([]string, error)

ContentManifest produces an ordered list of content hashes (<filename>:<hash>) for each source file. Expects the sources to be resolved.

func (*Package) DefinitionHash 

func (p *Package) DefinitionHash() (string, error)

DefinitionHash hashes the package definition

func (*Package) Dependants added in v0.2.19 

func (p *Package) Dependants() []*Package

Dependants() returns a list of packages directly dependant on this package

func (*Package) FilesystemSafeName 

func (p *Package) FilesystemSafeName() string

FilesystemSafeName returns a string that is safe to use in a Unix filesystem as directory or filename

func (*Package) FullName 

func (p *Package) FullName() string

FullName returns the packages fully qualified name (component:package)

func (*Package) GetDependencies 

func (p *Package) GetDependencies() []*Package

GetDependencies returns the linked package dependencies or nil if not linked yet

func (*Package) GetTransitiveDependencies 

func (p *Package) GetTransitiveDependencies() []*Package

GetTransitiveDependencies returns all transitive dependencies of a package.

func (*Package) TransitiveDependants added in v0.2.19 

func (p *Package) TransitiveDependants() []*Package

Dependants() returns a list of packages directly dependant on this package

func (*Package) UnmarshalYAML 

func (p *Package) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML unmarshals the package definition

func (*Package) Version 

func (p *Package) Version() (string, error)

Version returns a unique identifier for the package

func (*Package) WriteVersionManifest 

func (p *Package) WriteVersionManifest(out io.Writer) error

WriteVersionManifest writes the manifest whoose hash is the version of this package (see Version())

type PackageBuildPhase added in v0.7.5 

type PackageBuildPhase string
const (
	PackageBuildPhasePrep    PackageBuildPhase = "prep"
	PackageBuildPhasePull    PackageBuildPhase = "pull"
	PackageBuildPhaseLint    PackageBuildPhase = "lint"
	PackageBuildPhaseTest    PackageBuildPhase = "test"
	PackageBuildPhaseBuild   PackageBuildPhase = "build"
	PackageBuildPhasePackage PackageBuildPhase = "package"
)

type PackageBuildReport added in v0.7.5 

type PackageBuildReport struct {
	Phases []PackageBuildPhase
	Error  error

	TestCoverageAvailable  bool
	TestCoveragePercentage int
	FunctionsWithoutTest   int
	FunctionsWithTest      int
	// contains filtered or unexported fields
}

func (*PackageBuildReport) LastPhase added in v0.7.5 

func (rep *PackageBuildReport) LastPhase() PackageBuildPhase

LastPhase returns the phase the package build last entered

func (*PackageBuildReport) PhaseDuration added in v0.7.5 

func (rep *PackageBuildReport) PhaseDuration(phase PackageBuildPhase) (dt time.Duration)

PhaseDuration returns the time it took to execute the phases commands

func (*PackageBuildReport) TotalTime added in v0.7.5 

func (rep *PackageBuildReport) TotalTime() time.Duration

TotalTime is the total time spent on building this package

type PackageBuildStatus 

type PackageBuildStatus string

PackageBuildStatus denotes the status of a package during build 

const (
	// PackageNotBuiltYet means that the package has not been built yet
	PackageNotBuiltYet PackageBuildStatus = "not-built-yet"
	// PackageBuilding means we're building this package at the moment
	PackageBuilding PackageBuildStatus = "building"
	// PackageBuilt means the package has been built and exists in the local cache already
	PackageBuilt PackageBuildStatus = "built-locally"
	// PackageDownloaded means the package was downloaded from the remote cache as part of this build
	PackageDownloaded PackageBuildStatus = "downloaded"
	// PackageInRemoteCache means the package has been built but currently only exists in the remote cache
	PackageInRemoteCache PackageBuildStatus = "built-remotely"
)

type PackageConfig 

type PackageConfig interface {
	AdditionalSources(workspaceOrigin string) []string
}

PackageConfig is the YAML unmarshalling config type of packages. This is one of YarnPkgConfig, GoPkgConfig, DockerPkgConfig or GenericPkgConfig.

type PackageInternal added in v0.6.0 

type PackageInternal struct {
	Name                 string            `yaml:"name"`
	Type                 PackageType       `yaml:"type"`
	Sources              []string          `yaml:"srcs,omitempty"`
	Dependencies         []string          `yaml:"deps,omitempty"`
	Layout               map[string]string `yaml:"layout,omitempty"`
	ArgumentDependencies []string          `yaml:"argdeps,omitempty"`
	Environment          []string          `yaml:"env,omitempty"`
	Ephemeral            bool              `yaml:"ephemeral,omitempty"`
	PreparationCommands  [][]string        `yaml:"prep,omitempty"`
	SBOM                 PackageSBOM       `yaml:"sbom,omitempty"`
}

PackageInternal is the YAML serialised content of a package

type PackageNotFoundErr 

type PackageNotFoundErr struct {
	Package string
}

PackageNotFoundErr is used when something references a package we don't know about

func (PackageNotFoundErr) Error 

func (n PackageNotFoundErr) Error() string

type PackageSBOM added in v0.10.4 

type PackageSBOM struct {
	IgnoreVulnerabilities []IgnoreRule `yaml:"ignoreVulnerabilities,omitempty"` // Package-level ignore rules
}

PackageSBOM configures SBOM generation for a package

type PackageType 

type PackageType string

PackageType describes the way a package is built and what it produces 

const (
	// YarnPackage uses the yarn package manager to download dependencies and build the package
	YarnPackage PackageType = "yarn"

	// GoPackage runs go build and produces a binary file
	GoPackage PackageType = "go"

	// DockerPackage runs docker build
	DockerPackage PackageType = "docker"

	// GenericPackage runs an arbitary shell command
	GenericPackage PackageType = "generic"
)

func (*PackageType) UnmarshalYAML 

func (p *PackageType) UnmarshalYAML(unmarshal func(interface{}) error) (err error)

UnmarshalYAML unmarshals and validates a package type

type PackageVariant 

type PackageVariant struct {
	// contains filtered or unexported fields
}

PackageVariant provides a variation point for a package's sources, environment variables and config.

func (*PackageVariant) Config 

func (v *PackageVariant) Config(t PackageType) (cfg PackageConfig, ok bool)

Config returns this package variants configuration

func (*PackageVariant) ExcludeComponent 

func (v *PackageVariant) ExcludeComponent(name string) bool

ExcludeComponent returns true if this variants excludes the component

func (*PackageVariant) ResolveSources 

func (v *PackageVariant) ResolveSources(workspace *Workspace, loc string) (incl []string, excl []string, err error)

ResolveSources lists all files which are explicitely included or excluded by this variant. Inclusion takes precedence over exclusion.

func (*PackageVariant) UnmarshalYAML 

func (v *PackageVariant) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML unmarshals a package variant

type PackageVulnerabilityStats added in v0.10.4 

type PackageVulnerabilityStats struct {
	Name       string `json:"name"`
	Critical   int    `json:"critical"`
	High       int    `json:"high"`
	Medium     int    `json:"medium"`
	Low        int    `json:"low"`
	Negligible int    `json:"negligible"`
	Unknown    int    `json:"unknown"`
	Total      int    `json:"total"`
	Ignored    int    `json:"ignored"`
}

PackageVulnerabilityStats represents vulnerability statistics for a package

type PkgNotBuiltErr 

type PkgNotBuiltErr struct {
	Package *Package
}

PkgNotBuiltErr is used when a package's dependency hasn't been built yet

func (PkgNotBuiltErr) Error 

func (p PkgNotBuiltErr) Error() string

type Reporter 

type Reporter interface {
	// BuildStarted is called when the build of a package is started by the user.
	// This is not the same as a dependency beeing built (see PackageBuildStarted for that).
	// The root package will also be passed into PackageBuildStarted once all its depepdencies
	// have been built.
	BuildStarted(pkg *Package, status map[*Package]PackageBuildStatus)

	// BuildFinished is called when the build of a package which was started by the user has finished.
	// This is not the same as a dependency build finished (see PackageBuildFinished for that).
	// The root package will also be passed into PackageBuildFinished once it's been built.
	BuildFinished(pkg *Package, err error)

	// PackageBuildStarted is called when a package build actually gets underway. At this point
	// all transitive dependencies of the package have been built.
	PackageBuildStarted(pkg *Package)

	// PackageBuildLog is called during a package build whenever a build command produced some output.
	PackageBuildLog(pkg *Package, isErr bool, buf []byte)

	// PackageBuildFinished is called when the package build has finished. If an error is passed in
	// the package build was not succesfull.
	PackageBuildFinished(pkg *Package, rep *PackageBuildReport)
}

Reporter provides feedback about the build progress to the user.

Implementers beware: all these functions will be called in the hotpath of the build system. That means that blocking in those functions will block the actual build.

type Script 

type Script struct {
	C *Component

	Name          string        `yaml:"name"`
	Description   string        `yaml:"description"`
	Dependencies  []string      `yaml:"deps"`
	Environment   []string      `yaml:"env"`
	WorkdirLayout WorkdirLayout `yaml:"workdir"`
	Type          ScriptType    `yaml:"type"`
	Script        string        `yaml:"script"`
	// contains filtered or unexported fields
}

Script is an executable, uncacheable unit that does not result in build artefacts

func (*Script) FilesystemSafeName 

func (p *Script) FilesystemSafeName() string

FilesystemSafeName returns a string that is safe to use in a Unix filesystem as directory or filename

func (*Script) FullName 

func (p *Script) FullName() string

FullName returns the packages fully qualified name (component:package)

func (*Script) GetDependencies 

func (p *Script) GetDependencies() []*Package

GetDependencies returns the linked package dependencies or nil if not linked yet

func (*Script) Run 

func (p *Script) Run(opts ...BuildOption) error

Run executes the script

type ScriptType 

type ScriptType string

ScriptType defines the type a script is of 

const (
	// BashScript means the script is executed by bash.
	// The shebang is added automatically.
	BashScript ScriptType = "bash"
)

type SegmentReporter added in v0.7.5 

type SegmentReporter struct {
	NoopReporter

	AnonymousId string
	// contains filtered or unexported fields
}

func NewSegmentReporter added in v0.7.5 

func NewSegmentReporter(key string) *SegmentReporter

func (*SegmentReporter) BuildFinished added in v0.7.5 

func (sr *SegmentReporter) BuildFinished(pkg *Package, err error)

func (*SegmentReporter) BuildStarted added in v0.7.5 

func (sr *SegmentReporter) BuildStarted(pkg *Package, status map[*Package]PackageBuildStatus)

BuildStarted implements Reporter

func (*SegmentReporter) PackageBuildFinished added in v0.7.5 

func (sr *SegmentReporter) PackageBuildFinished(pkg *Package, rep *PackageBuildReport)

type TarOptions added in v0.10.0 

type TarOptions struct {
	// OutputFile is the path to the output .tar or .tar.gz file
	OutputFile string

	// SourcePaths are the files/directories to include in the archive
	SourcePaths []string

	// WorkingDir changes to this directory before archiving (-C flag)
	WorkingDir string

	// UseCompression determines whether to apply compression
	UseCompression bool

	// CompressionAlgorithm specifies which algorithm to use
	CompressionAlgorithm CompressionAlgorithm

	// CompressionLevel allows setting compression level (1-9 for gzip/pigz)
	CompressionLevel int

	// FilesFrom specifies a file containing a list of files to include
	FilesFrom string

	// ExcludePatterns specifies patterns to exclude
	ExcludePatterns []string
}

TarOptions represents configuration options for creating tar archives

type UnTarOptions added in v0.10.0 

type UnTarOptions struct {
	// InputFile is the path to the .tar or .tar.gz file to extract
	InputFile string

	// TargetDir is the directory where files should be extracted
	TargetDir string

	// PreserveSameOwner determines whether to preserve file ownership
	PreserveSameOwner bool

	// AutoDetectCompression will check if the file is compressed
	AutoDetectCompression bool

	// Verbose enables verbose output
	Verbose bool

	// IncludePatterns specifies patterns to include during extraction
	IncludePatterns []string
}

UnTarOptions represents configuration options for extracting tar archives

type WerftReporter 

type WerftReporter struct {
	NoopReporter
}

WerftReporter works like the console reporter but adds werft output

func NewWerftReporter 

func NewWerftReporter() *WerftReporter

NewWerftReporter craetes a new werft compatible reporter

func (*WerftReporter) BuildStarted 

func (r *WerftReporter) BuildStarted(pkg *Package, status map[*Package]PackageBuildStatus)

BuildStarted is called when the build of a package is started by the user.

func (*WerftReporter) PackageBuildFinished 

func (r *WerftReporter) PackageBuildFinished(pkg *Package, rep *PackageBuildReport)

PackageBuildFinished is called when the package build has finished.

type WorkdirLayout 

type WorkdirLayout string

WorkdirLayout describes the layout of the working dir a script gets executed in 

const (
	// WorkdirOrigin means the script is executed in the original location of the component where it's defined,
	// in the original workspace.
	WorkdirOrigin WorkdirLayout = "origin"

	// WorkdirPackages replicates the structure leeway produces during a package build based on the script's dependencies.
	WorkdirPackages WorkdirLayout = "packages"
)

type Workspace 

type Workspace struct {
	DefaultTarget       string              `yaml:"defaultTarget,omitempty"`
	ArgumentDefaults    map[string]string   `yaml:"defaultArgs,omitempty"`
	DefaultVariant      *PackageVariant     `yaml:"defaultVariant,omitempty"`
	Variants            []*PackageVariant   `yaml:"variants,omitempty"`
	EnvironmentManifest EnvironmentManifest `yaml:"environmentManifest,omitempty"`
	Provenance          WorkspaceProvenance `yaml:"provenance,omitempty"`
	SBOM                WorkspaceSBOM       `yaml:"sbom,omitempty"`

	Origin          string                `yaml:"-"`
	Components      map[string]*Component `yaml:"-"`
	Packages        map[string]*Package   `yaml:"-"`
	Scripts         map[string]*Script    `yaml:"-"`
	SelectedVariant *PackageVariant       `yaml:"-"`
	Git             GitInfo               `yaml:"-"`
	// contains filtered or unexported fields
}

Workspace is the root container of all compoments. All components are named relative to the origin of this workspace.

func FindWorkspace 

func FindWorkspace(path string, args Arguments, variant, provenanceKey string) (Workspace, error)

FindWorkspace looks for a WORKSPACE.yaml file within the path. If multiple such files are found, an error is returned.

func (*Workspace) ShouldIgnoreComponent 

func (ws *Workspace) ShouldIgnoreComponent(path string) bool

ShouldIgnoreComponent returns true if a file should be ignored for a component listing

func (*Workspace) ShouldIgnoreSource 

func (ws *Workspace) ShouldIgnoreSource(path string) bool

ShouldIgnoreSource returns true if a file should be ignored for a source listing

type WorkspaceProvenance added in v0.2.10 

type WorkspaceProvenance struct {
	Enabled bool `yaml:"enabled"`
	SLSA    bool `yaml:"slsa"`

	KeyPath string `yaml:"key"`
	// contains filtered or unexported fields
}

type WorkspaceSBOM added in v0.10.4 

type WorkspaceSBOM struct {
	Enabled               bool         `yaml:"enabled"`
	ScanVulnerabilities   bool         `yaml:"scanVulnerabilities"`
	FailOn                []string     `yaml:"failOn,omitempty"`                // e.g., ["CRITICAL", "HIGH"]
	IgnoreVulnerabilities []IgnoreRule `yaml:"ignoreVulnerabilities,omitempty"` // Workspace-level ignore rules
}

WorkspaceSBOM configures SBOM generation for a workspace

type YarnPackaging 

type YarnPackaging string

YarnPackaging configures the packaging method of a yarn package 

const (
	// YarnLibrary means the package will be created using `yarn pack`
	YarnLibrary YarnPackaging = "library"
	// YarnOfflineMirror means that the package will become a yarn offline mirror
	YarnOfflineMirror YarnPackaging = "offline-mirror"
	// YarnApp installs the package using an empty package.json and tars the resulting node_modules/
	YarnApp YarnPackaging = "app"
	// YarnArchive simply tars the build directory
	YarnArchive YarnPackaging = "archive"
)

type YarnPkgConfig 

type YarnPkgConfig struct {
	YarnLock  string        `yaml:"yarnLock,omitempty"`
	TSConfig  string        `yaml:"tsconfig"`
	Packaging YarnPackaging `yaml:"packaging,omitempty"`
	DontTest  bool          `yaml:"dontTest,omitempty"`
	Commands  struct {
		Install []string `yaml:"install,omitempty"`
		Build   []string `yaml:"build,omitempty"`
		Test    []string `yaml:"test,omitempty"`
	} `yaml:"commands,omitempty"`
}

YarnPkgConfig configures a yarn package

func (YarnPkgConfig) AdditionalSources 

func (cfg YarnPkgConfig) AdditionalSources(workspaceOrigin string) []string

AdditionalSources returns a list of unresolved sources coming in through this configuration

func (YarnPkgConfig) Validate 

func (cfg YarnPkgConfig) Validate() error

Validate ensures this config can be acted upon/is valid

Source Files

View all Source files

Directories

Path Synopsis
local
remote
testing

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.