From b6935f0bcfd5cbe716dc0430f6589946ca89859f Mon Sep 17 00:00:00 2001
From: Matthias Kruk <m@m10k.eu>
Date: Fri, 26 Nov 2021 23:26:24 +0900
Subject: [PATCH] include/msg/sign: Add repository, branch, and ref to sign
 messages

Sign messages do not contain information about the sources that the
artifacts were built from.
This commit adds the repository, branch, and ref fields for tracking
the sources that signed artifacts were built from.
---
 include/msg/sign.sh | 53 +++++++++++++++++++++++++++++++++++++++++----
 spec/sign.json      | 20 +++++++++++++++++
 2 files changed, 69 insertions(+), 4 deletions(-)

diff --git a/include/msg/sign.sh b/include/msg/sign.sh
index c25001e..a9e75d0 100644
--- a/include/msg/sign.sh
+++ b/include/msg/sign.sh
@@ -13,7 +13,10 @@ __init() {
 foundry_msg_sign_new() {
 	local context="$1"
 	local key="$2"
-	local artifacts=("${@:3}")
+	local repository="$3"
+	local branch="$4"
+	local ref="$5"
+	local artifacts=("${@:6}")
 
 	local artifacts_json
 	local json
@@ -23,9 +26,12 @@ foundry_msg_sign_new() {
 		return 1
 	fi
 
-	if ! json=$(json_object "context"   "$context"       \
-				"key"       "$key"           \
-				"artifacts" "$artifacts_json"); then
+	if ! json=$(json_object "context"    "$context"      \
+				"key"        "$key"          \
+				"repository" "$repository"   \
+				"branch"     "$branch"       \
+				"ref"        "$ref"          \
+				"artifacts"  "$artifacts_json"); then
 		return 1
 	fi
 
@@ -63,6 +69,45 @@ foundry_msg_sign_get_key() {
 	return 0
 }
 
+foundry_msg_sign_get_repository() {
+	local msg="$1"
+
+	local repository
+
+	if ! repository=$(foundry_msg_get_data_field "$msg" "repository"); then
+		return 1
+	fi
+
+	echo "$repository"
+	return 0
+}
+
+foundry_msg_sign_get_branch() {
+	local msg="$1"
+
+	local branch
+
+	if ! branch=$(foundry_msg_get_data_field "$msg" "branch"); then
+		return 1
+	fi
+
+	echo "$branch"
+	return 0
+}
+
+foundry_msg_sign_get_ref() {
+	local msg="$1"
+
+	local ref
+
+	if ! ref=$(foundry_msg_get_data_field "$msg" "ref"); then
+		return 1
+	fi
+
+	echo "$ref"
+	return 0
+}
+
 foundry_msg_sign_get_artifacts() {
 	local msg="$1"
 
diff --git a/spec/sign.json b/spec/sign.json
index e4bacaf..dc2a2a8 100644
--- a/spec/sign.json
+++ b/spec/sign.json
@@ -10,6 +10,23 @@
 	    "type": "string"
 	},
 
+        "repository": {
+            "description": "The URL of the repository that the artifacts were built from",
+            "type": "string",
+            "pattern": "^(https|file)://.*$"
+        },
+
+        "branch": {
+            "description": "The name of the branch the artifacts were built from",
+            "type": "string"
+        },
+
+        "ref": {
+            "description": "Identifier of the source code version",
+            "type": "string",
+            "pattern": "^[0-9a-fA-F]+$"
+        },
+
 	"artifacts": {
 	    "description": "The files that have been signed",
 	    "type": "array",
@@ -27,6 +44,9 @@
 
     "required": [
 	"context",
+	"repository",
+	"branch",
+	"ref",
 	"artifacts",
 	"key"
     ],
-- 
2.47.3