include/msg/sign: Add repository, branch, and ref to sign messages

Sign messages do not contain information about the sources that the
artifacts were built from.
This commit adds the repository, branch, and ref fields for tracking
the sources that signed artifacts were built from.

diff --git a/include/msg/sign.sh b/include/msg/sign.sh
index c25001eff1e6ea4e5f94893b58d29c05007e76de..a9e75d019cda382ccc19db5571487177d9e29e7c 100644 (file)
--- a/include/msg/sign.sh
+++ b/include/msg/sign.sh
@@ -13,7 +13,10 @@ __init() {
 foundry_msg_sign_new() {
        local context="$1"
        local key="$2"
-       local artifacts=("${@:3}")
+       local repository="$3"
+       local branch="$4"
+       local ref="$5"
+       local artifacts=("${@:6}")
 
        local artifacts_json
        local json
@@ -23,9 +26,12 @@ foundry_msg_sign_new() {
                return 1
        fi
 
-       if ! json=$(json_object "context"   "$context"       \
-                               "key"       "$key"           \
-                               "artifacts" "$artifacts_json"); then
+       if ! json=$(json_object "context"    "$context"      \
+                               "key"        "$key"          \
+                               "repository" "$repository"   \
+                               "branch"     "$branch"       \
+                               "ref"        "$ref"          \
+                               "artifacts"  "$artifacts_json"); then
                return 1
        fi
 
@@ -63,6 +69,45 @@ foundry_msg_sign_get_key() {
        return 0
 }
 
+foundry_msg_sign_get_repository() {
+       local msg="$1"
+
+       local repository
+
+       if ! repository=$(foundry_msg_get_data_field "$msg" "repository"); then
+               return 1
+       fi
+
+       echo "$repository"
+       return 0
+}
+
+foundry_msg_sign_get_branch() {
+       local msg="$1"
+
+       local branch
+
+       if ! branch=$(foundry_msg_get_data_field "$msg" "branch"); then
+               return 1
+       fi
+
+       echo "$branch"
+       return 0
+}
+
+foundry_msg_sign_get_ref() {
+       local msg="$1"
+
+       local ref
+
+       if ! ref=$(foundry_msg_get_data_field "$msg" "ref"); then
+               return 1
+       fi
+
+       echo "$ref"
+       return 0
+}
+
 foundry_msg_sign_get_artifacts() {
        local msg="$1"
 

diff --git a/spec/sign.json b/spec/sign.json
index e4bacaf434c6fe98bfd45b12aab4051866926dc6..dc2a2a83ef4f8687911d3271af22b5a7ee9d0e2a 100644 (file)
--- a/spec/sign.json
+++ b/spec/sign.json
@@ -10,6 +10,23 @@
            "type": "string"
        },
 
+        "repository": {
+            "description": "The URL of the repository that the artifacts were built from",
+            "type": "string",
+            "pattern": "^(https|file)://.*$"
+        },
+
+        "branch": {
+            "description": "The name of the branch the artifacts were built from",
+            "type": "string"
+        },
+
+        "ref": {
+            "description": "Identifier of the source code version",
+            "type": "string",
+            "pattern": "^[0-9a-fA-F]+$"
+        },
+
        "artifacts": {
            "description": "The files that have been signed",
            "type": "array",
@@ -27,6 +44,9 @@
 
     "required": [
        "context",
+       "repository",
+       "branch",
+       "ref",
        "artifacts",
        "key"
     ],