You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: api-flow/consumer.md
+33-16Lines changed: 33 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,16 +6,23 @@ described in the [discovery document](/discovery/readme.md).
6
6
7
7
## API usage
8
8
9
-
The standard TEI points to a product.
10
-
11
-
-__TEA Product__: This is the delivered goods, an open source software, library or a product sold. It consists of one or multiple TEA Components.
12
-
-__TEA Components__: Components are components of something sold. Each Component has it's own versioning and it's own set of artefacts. Note that a single artefact can belong to multiple versions of a Component and multiple Components.
13
-
-__TEA Component index__: A list of all the versions available for a TEA Component
14
-
-__TEA Collection__: For each Component version, there is TEA collection as indicated by release date and a version string. The TEA API has no requirements of type of version string (semantic or any other scheme) - it's just an identifier set by the manufacturer. It's sorted by release date as a default.
15
-
-__List of TEA artefacts__: The TEA Collection is unique for a version and contains a list of artefacts. This can be SBOM files, VEX, SCITT, IN-TOTO or other documents.
16
-
-__List of artefact formats__: An artefact can be published in multiple formats.
17
-
18
-
The user has to know product TEI and version of each component (TEA Component) to find the list of artefacts for the used version.
9
+
The standard TEI points to a product. A product is something sold, downloaded as an opensource project or aquired
10
+
by other means. It contains one or multiple components.
11
+
12
+
-__List of TEA Components__: Components are components of something that is part of a product.
13
+
Each Component has it's own versioning and it's own set of artifacts.
14
+
-__List of TEA releases__: Each component has a list of releases where each release has a timestamp and
15
+
a lifecycle enumeration. They are normally sorted by timestamps. The TEA API has no requirements of
16
+
type of version string (semantic or any other scheme) - it's just an identifier set by the manufacturer.
17
+
-__List of TEA collections__: For each release, there is a list of TEA collections as indicated
18
+
by release date and a version integer starting with collection version 1.
19
+
-__List of TEA artifacts__: The collection is unique for a version and contains a list of artifacts.
20
+
This can be SBOM files, VEX, SCITT, IN-TOTO or other documents. Note that a single artifact
21
+
can belong to multiple versionsof a Component and multiple Components.
22
+
-__List of artifact formats__: An artifact can be published in multiple formats.
23
+
24
+
The user has to know product TEI and version of each component (TEA Component) to find the list of
25
+
artifacts for the used version.
19
26
20
27
## API flow based on TEI discovery
21
28
@@ -32,6 +39,7 @@ sequenceDiagram
32
39
33
40
participant tea_product as TEA Product
34
41
participant tea_component as TEA Component
42
+
participant tea_release as TEA Release
35
43
participant tea_collection as TEA Collection
36
44
participant tea_artifact as TEA Artefact
37
45
@@ -42,13 +50,17 @@ sequenceDiagram
42
50
user ->> tea_product: Finding all product parts (TEA Components) and facts about the product
43
51
tea_product ->> user: List of product parts
44
52
45
-
user ->> tea_component: Finding all versions of a TEA Component
46
-
tea_component ->> user: List of all available versions (paginated)
53
+
user ->> tea_component: Finding information of a component
54
+
tea_component ->> user: List of component metadata
55
+
56
+
user ->> tea_release: Finding a specific version/release
57
+
tea_release ->> user: List of releases and collection id for each release
47
58
48
59
user ->> tea_collection: Finding all artefacts for version in scope
49
60
tea_collection ->> user: List of artefacts and formats available for each artefact
50
61
51
-
user ->> tea_artifact: Download artefact
62
+
user ->> tea_artifact: Request to download artifact
63
+
tea_artifact ->> user: Artifact
52
64
53
65
54
66
@@ -70,6 +82,7 @@ sequenceDiagram
70
82
71
83
participant tea_product as TEA Product
72
84
participant tea_component as TEA Component
85
+
participant tea_release as TEA Release
73
86
participant tea_collection as TEA Collection
74
87
participant tea_artifact as TEA Artefact
75
88
@@ -80,13 +93,17 @@ sequenceDiagram
80
93
user ->> tea_product: Finding all product parts (TEA Components) and facts about choosen product
81
94
tea_product ->> user: List of product parts
82
95
83
-
user ->> tea_component: Finding all versions of a TEA Component
84
-
tea_component ->> user: List of all available versions (paginated)
96
+
user ->> tea_component: Finding information of a component
97
+
tea_component ->> user: List of component metadata
98
+
99
+
user ->> tea_release: Finding a specific version/release
100
+
tea_release ->> user: List of releases and collection id for each release
85
101
86
102
user ->> tea_collection: Finding all artefacts for version in scope
87
103
tea_collection ->> user: List of artefacts and formats available for each artefact
88
104
89
-
user ->> tea_artifact: Download artefact
105
+
user ->> tea_artifact: Request to download artifact
0 commit comments