docs: document dagger module and runner (#607)

Signed-off-by: Miguel Martinez Trivino <[email protected]>

Author: migmartri

docs/docs/guides/dagger/README.md

@@ -0,0 +1,172 @@
+---
+title: Use Dagger With Chainloop
+---
+
+# Chainloop Module for Dagger
+
+![dagger-tested-version](https://img.shields.io/badge/dagger%20version-v0.10.0-green)
+
+Daggerized version of [Chainloop](https://docs.chainloop.dev) that can be used to attest and collect pieces of evidence from your [Dagger](https://dagger.io/) pipelines.
+
+## Prerequisites
+
+- This module requires existing familiarity with Chainloop and its attestation process. Please refer to [this guide](https://docs.chainloop.dev/getting-started/attestation-crafting) to learn more.
+- You need a `token` (aka workflow robot account) [previously generated](https://docs.chainloop.dev/getting-started/workflow-definition#robot-account-creation) by your Chainloop administrator.
+
+## Attestation Crafting
+
+The [attestation process](https://docs.chainloop.dev/getting-started/attestation-crafting) starts with its initialization (`init`) or `resume`, then adding as many materials/pieces of evidence as needed (`add-raw-evidence` or `add-file-evidence`), and finally, signing and pushing the attestation to the Chainloop control plane (`push`).
+
+You can invoke this module in two ways: either from the Dagger CLI `dagger call ...` or from your own Dagger pipeline by importing this module as a dependency.
+
+### Using the Chainloop module in your Dagger pipeline
+
+To use Chainloop in your module, first, you need to add it as a dependency.
+
+```sh
+dagger install github.com/chainloop-dev/chainloop
+```
+
+Once done, you'll have access to the Chainloop client via `dag.Chainloop()` and start the attestation process with Init().
+
+You can find a full example of how to integrate attestation crafting in your `Go` pipeline [here](https://github.com/chainloop-dev/integration-demo/blob/main/chainloop-demo/dagger/src/main.go)
+
+### Using the Dagger CLI
+
+The [attestation process](https://docs.chainloop.dev/getting-started/attestation-crafting) starts with its initialization (`init`) or `resume`, then adding as many materials/pieces of evidence as needed (`add-raw-evidence` or `add-file-evidence`), and finally, signing and pushing the attestation to the Chainloop control plane (`push`).
+
+This module is designed to support function chaining, so after initializing the attestation, you can chain the subcommands to add pieces of evidence and push the attestation. For example
+
+```sh
+dagger call -m github.com/chainloop-dev/chainloop \
+  # Initialize the command
+  init --token env:CHAINLOOP_TOKEN \
+  # we chain subcommands after the initialization
+  # add a raw evidence
+  add-raw-evidence --name my-evidence --value "my-value" \
+  # and push the result
+  push --key file:/path/to/cosign.key --passphrase env:COSIGN_PASSPHRASE
+```
+
+If the attestation process end-to-end is not completed in one go, you can store the attestation-id after init and resume the attestation process using the `resume` method at any time down the line.
+
+```sh
+# Initialize but this time we store the attestation-id
+ATTESTATION_ID=$(dagger call -m github.com/chainloop-dev/chainloop  init --token env:CHAINLOOP_TOKEN attestation-id)
+
+
+# and we use it to resume the attestation process
+dagger call -m github.com/chainloop-dev/chainloop \
+  resume --token env:CHAINLOOP_TOKEN --attestation-id $ATTESTATION_ID \
+  # we chain subcommands after the initialization
+  ....
+```
+
+#### 1 - Init attestation ([docs](https://docs.chainloop.dev/getting-started/attestation-crafting#initialization))
+
+Initialize an attestation using the Chainloop token stored in the `CHAINLOOP_TOKEN` environment variable.
+
+> NOTE: `--token` can be provided only by referencing an environment variable (env:MY_VAR), not by value
+
+```sh
+# Initialize the attestation and get its ID
+dagger call -m github.com/chainloop-dev/chainloop \
+  init \
+  --token env:CHAINLOOP_TOKEN \
+  --repository /path/to/repo \ # optional flag to automatically attest a Git repository
+  --contract-revision 1 # optional flag to specify the revision of the Workflow Contract (default `latest`)
+```
+
+#### 2 - Get the status ([docs](https://docs.chainloop.dev/getting-started/attestation-crafting#inspecting-the-crafting-status))
+
+Resuming a previous attestation
+
+```sh
+dagger call -m github.com/chainloop-dev/chainloop \
+  resume --token env:CHAINLOOP_TOKEN --attestation-id $ATTESTATION_ID \
+  status
+```
+
+or chaining the command right after initialization
+
+```sh
+dagger call -m github.com/chainloop-dev/chainloop \
+  init --token env:CHAINLOOP_TOKEN \
+  status
+```
+
+#### 3 - Add pieces of evidence ([docs](https://docs.chainloop.dev/getting-started/attestation-crafting#adding-materials))
+
+You can attest pieces of evidence by providing its material name and its value, either in the form of a path to a file (`--path`) or a raw value (`--value`).
+
+A path to a file is required for materials derived from artifacts, such as Software Bill Of materials, or any other file-based evidence.
+
+```sh
+# Provide a material of kind artifact through its path
+# Remember, we first resume the attestation or chain the commands
+dagger call -m github.com/chainloop-dev/chainloop \
+  resume --token env:CHAINLOOP_TOKEN --attestation-id $ATTESTATION_ID \
+  add-file-evidence --name my-sbom --path ./path/to/sbom.json
+```
+
+```sh
+# Or one with a raw value such as a container image reference
+dagger call -m github.com/chainloop-dev/chainloop \
+  resume --token env:CHAINLOOP_TOKEN --attestation-id $ATTESTATION_ID \
+  add-raw-evidence --name my-container-image --value ghcr.io/chainloop-dev/chainloop/control-plane
+```
+
+In some cases, you might be providing a private container image as a piece of evidence. In this case, you'll also need to preload the container registry credentials.
+
+```sh
+dagger call -m github.com/chainloop-dev/chainloop \
+  resume --token env:CHAINLOOP_TOKEN --attestation-id $ATTESTATION_ID \
+  # Now load the registry credentials
+  with-registry --address ghcr.io --username my-username --password MY_PAT_TOKEN \
+  # And perform the attestation of the private container image
+  add-raw-evidence --name my-container-image --value ghcr.io/chainloop-dev/chainloop/control-plane
+```
+
+#### 4 - Sign and push attestation ([docs](https://docs.chainloop.dev/getting-started/attestation-crafting#encode-sign-and-push-attestation))
+
+Sign and push the attestation using a cosign **key stored in a file** and a passphrase stored in an environment variable.
+
+> NOTE: neither --signing-key nor --passphrase can be provided by value. You need to provide them either as a file (file:/) or an environment variable (env:/).
+
+```sh
+dagger call -m github.com/chainloop-dev/chainloop \
+  resume --token env:CHAINLOOP_TOKEN --attestation-id $ATTESTATION_ID \
+  push --key file:/path/to/cosign.key --passphrase env:COSIGN_PASSPHRASE
+```
+
+Alternatively, you can also provide the signing key in an environment variable `--key env:MY_COSIGN_KEY`
+
+#### 5 - Cancel/mark attestation as failed
+
+```sh
+dagger call -m github.com/chainloop-dev/chainloop \
+  resume --token env:CHAINLOOP_TOKEN --attestation-id $ATTESTATION_ID \
+  mark-failed --reason "Something went wrong"
+```
+
+or cancel the attestation process
+
+```sh
+dagger call -m github.com/chainloop-dev/chainloop \
+  resume --token env:CHAINLOOP_TOKEN --attestation-id $ATTESTATION_ID \
+  mark-canceled --reason "nothing to see here"
+```
+
+## Documentation
+
+To learn more, please visit the Chainloop project's documentation website, https://docs.chainloop.dev where you will find a getting started guide, FAQ, examples, and more.
+
+## Community / Discussion / Support
+
+Chainloop is developed in the open and is constantly improved by our users, contributors and maintainers. Got a question, comment, or idea? Please don't hesitate to reach out via:
+
+- GitHub [Issues](https://github.com/chainloop-dev/chainloop/issues)
+- Discord [Community Server](https://discord.gg/f7atkaZact)
+- Youtube [Channel](https://www.youtube.com/channel/UCISrWrPyR_AFjIQYmxAyKdg)
+
+ 

docs/docs/integrations/development/overview.md

@@ -25,6 +25,23 @@ The loading stage is when the plugin gets enabled in the Chainloop Control Plane
 - What kind of input you want your plugin to receive, materials, attestations or both.
 - Available input properties for the registration and attachment phases. These schemas will be shown to the user and will be used to validate the input.
 
+Example, excerpt from the [Dependency-Track plugin](https://github.com/chainloop-dev/chainloop/tree/main/app/controlplane/plugins/core/dependency-track/v1):
+
+```go
+base, err := sdk.NewFanOut(
+    &sdk.NewParams{
+        ID:          "dependency-track",
+        Version:     "1.2",
+        Description: "Send CycloneDX SBOMs to your Dependency-Track instance",
+        // The input schema for both registration and attachment phases
+        InputSchema: &sdk.InputSchema{
+            Registration: registrationRequest{},
+            Attachment:   attachmentRequest{},
+        },
+        // Subscribed to receive CycloneDX SBOMs in json format
+    }, sdk.WithInputMaterial(schemaapi.CraftingSchema_Material_SBOM_CYCLONEDX_JSON))
+```
+
 Once loaded, the plugin will be available to be registered on any organization and will be shown in the list of available plugins.
 
 ```console
@@ -100,9 +117,22 @@ Examples:
 
 This is the actual execution of the plugin. This is where the plugin will do its work. i.e forward the attestation/material data to a third-party API, send a notification and so on.
 
+When an attestation is received, the attestation and any materials that match the list of material types the plugin supports will be sent to the execute handler. For example, if your plugin does not specify any supported material types, it will receive only the attestation information.
+
+![execution](/img/fanout-execute.png)
+
+On another hand, if the plugin is subscribed to for example support SBOM_CYCLONEDX_JSON, and JUNIX_XML it will receive the attestation information and both materials **on a single execution**
+
+![execution](/img/fanout-execute-materials.png)
+
 In addition to the attestation and material data, this handler **will also have access to the outputs from the registration and attachment phases**.
 
-Examples:
+Some important notes about the execution handler:
+
+- If your plugin is subscribed to a specific material type, it will get executed on every attestation, even if such attestation does not contain any material of the supported type.
+- It's up to the plugin developer to make sure the desired material is present and handle the case when it's not.
+
+Some example use-cases:
 
 A Dependency-Track SBOM plugin will
 

docs/docs/integrations/integrations.md

@@ -15,11 +15,11 @@ Below you can find the list of currently available integrations. If you can't fi
 
 | ID | Version | Description | Material Requirement |
 | --- | --- | --- | --- |
-| [dependency-track](https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/plugins/core/dependency-track/v1/README.md) | 1.2 | Send CycloneDX SBOMs to your Dependency-Track instance | SBOM_CYCLONEDX_JSON |
-| [smtp](https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/plugins/core/smtp/v1/README.md) | 1.0 | Send emails with information about a received attestation |  |
-| [oci-registry](https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/plugins/core/oci-registry/v1/README.md) | 1.0 | Send attestations to a compatible OCI registry |  |
+| [dependency-track](https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/plugins/core/dependency-track/v1/README.md) | 1.4 | Send CycloneDX SBOMs to your Dependency-Track instance | SBOM_CYCLONEDX_JSON |
 | [discord-webhook](https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/plugins/core/discord-webhook/v1/README.md) | 1.1 | Send attestations to Discord |  |
 | [guac](https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/plugins/core/guac/v1/README.md) | 1.0 | Export Attestation and SBOMs metadata to a blob storage backend so guacsec/guac can consume it | SBOM_CYCLONEDX_JSON, SBOM_SPDX_JSON |
+| [slack-webhook](https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/plugins/core/slack-webhook/v1/README.md) | 1.0 | Send attestations to Slack |  |
+| [smtp](https://github.com/chainloop-dev/chainloop/blob/main/app/controlplane/plugins/core/smtp/v1/README.md) | 1.0 | Send emails with information about a received attestation |  |
 
 ## How to use integrations
 

docs/docs/reference/operator/contract.mdx

@@ -97,6 +97,39 @@ It has the following effect on the attestation process.
 
 Currently, we support the following runner types
 
+### `AZURE_PIPELINE`
+
+The following environment variables will be automatically added to the attestation. For more information on what they mean, refer to [this link](https://learn.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml).
+
+- `BUILD_REQUESTEDFOREMAIL`
+- `BUILD_REQUESTEDFOR`
+- `BUILD_REPOSITORY_URI`
+- `BUILD_REPOSITORY_NAME`
+- `BUILD_BUILDID`
+- `BUILD_BUILDNUMBER`
+- `BUILD_BUILDURI`
+- `BUILD_REASON`
+- `AGENT_VERSION`
+- `TF_BUILD`
+
+A link to the Azure Pipeline build will be recorded in the control plane too during initialization.
+
+### `CIRCLECI_BUILD`
+
+The following environment variables will be automatically added to the attestation. For more information on their meaning, refer to [the official CircleCI documentation](https://circleci.com/docs/variables/).
+
+- `CIRCLE_BUILD_URL`
+- `CIRCLE_JOB`
+- `CIRCLE_BRANCH` (optional)
+- `CIRCLE_NODE_TOTAL`
+- `CIRCLE_NODE_INDEX`
+
+A link to the CircleCI build will be recorded in the control plane too, during initialization.
+
+### `DAGGER_PIPELINE`
+
+To use Chainloop With Dagger you can use [this Dagger module](https://github.com/chainloop-dev/chainloop/tree/main/extras/dagger) 
+
 ### `GITHUB_ACTION`
 
 The following environment variables will be automatically added to the attestation. For more information on what they do refer to [this link](https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables).
@@ -128,22 +161,6 @@ The following environment variables will be automatically added to the attestati
 
 A link to the Gitlab CI job will be recorded in the control plane too, during initialization.
 
-### `AZURE_PIPELINE`
-
-The following environment variables will be automatically added to the attestation. For more information on what they mean, refer to [this link](https://learn.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml).
-
-- `BUILD_REQUESTEDFOREMAIL`
-- `BUILD_REQUESTEDFOR`
-- `BUILD_REPOSITORY_URI`
-- `BUILD_REPOSITORY_NAME`
-- `BUILD_BUILDID`
-- `BUILD_BUILDNUMBER`
-- `BUILD_BUILDURI`
-- `BUILD_REASON`
-- `AGENT_VERSION`
-- `TF_BUILD`
-
-A link to the Azure Pipeline build will be recorded in the control plane too during initialization.
 
 ### `JENKINS_JOB`
 
@@ -158,18 +175,6 @@ The following environment variables will be automatically added to the attestati
 
 A link to the build will be recorded in the control plane too, during initialization.
 
-### `CIRCLECI_BUILD`
-
-The following environment variables will be automatically added to the attestation. For more information on their meaning, refer to [the official CircleCI documentation](https://circleci.com/docs/variables/).
-
-- `CIRCLE_BUILD_URL`
-- `CIRCLE_JOB`
-- `CIRCLE_BRANCH` (optional)
-- `CIRCLE_NODE_TOTAL`
-- `CIRCLE_NODE_INDEX`
-
-A link to the CircleCI build will be recorded in the control plane too, during initialization.
-
 :::tip
 Remember, if all the **env variables** that you need are not defined in the context, you can extend such list via the `envAllowList` option.
 :::

docs/docusaurus.config.js

@@ -72,7 +72,12 @@ ${content.replaceAll("../../../docs/img/", "/img/")}`,
         sourceBaseUrl:
           "https://raw.githubusercontent.com/chainloop-dev/chainloop/main/docs/img",
         outDir: "static/img",
-        documents: ["fanout.png", "fanout-sdk.png"],
+        documents: [
+          "fanout.png",
+          "fanout-sdk.png",
+          "fanout-execute-materials.png",
+          "fanout-execute.png",
+        ],
         requestConfig: { responseType: "arraybuffer" },
       },
     ],
@@ -85,7 +90,7 @@ ${content.replaceAll("../../../docs/img/", "/img/")}`,
         noRuntimeDownloads: true,
         performCleanup: false,
         sourceBaseUrl:
-          "https://raw.githubusercontent.com/chainloop-dev/chainloop/main/docs",
+          "https://raw.githubusercontent.com/chainloop-dev/chainloop/main/devel",
         outDir: "docs/integrations",
         documents: ["integrations.md"],
         modifyContent: (filename, content) => {
@@ -104,6 +109,34 @@ ${content.replaceAll("./img/fanout.png", "/img/fanout.png")}`,
         },
       },
     ],
+    // Dagger module guide
+    // yarn run docusaurus download-remote-dagger-module
+    [
+      "docusaurus-plugin-remote-content",
+      {
+        name: "dagger-module",
+        noRuntimeDownloads: true,
+        performCleanup: false,
+        sourceBaseUrl:
+          "https://raw.githubusercontent.com/chainloop-dev/chainloop/main/extras/dagger",
+        outDir: "docs/guides/dagger", // the base directory to output to.
+        documents: ["README.md"], // the file names to download
+        modifyContent: (filename, content) => {
+          if (filename.includes("README")) {
+            return {
+              content: `---
+title: Use Dagger With Chainloop
+---
+
+${content}
+ `,
+            };
+          }
+
+          return undefined;
+        },
+      },
+    ],
     // Helm Chart readme
     // yarn run docusaurus download-remote-deployment-readme
     [