feat(cli): automatically discover runner context (#518)

Signed-off-by: Miguel Martinez Trivino <[email protected]>

Author: migmartri

app/cli/internal/action/attestation_init.go

@@ -83,13 +83,14 @@ func (action *AttestationInit) Run(ctx context.Context, contractRevision int) (s
 	action.Logger.Debug().Msg("Retrieving attestation definition")
 	client := pb.NewAttestationServiceClient(action.ActionsOpts.CPConnection)
 	// get information of the workflow
-	resp, err := client.GetContract(ctx, &pb.AttestationServiceGetContractRequest{ContractRevision: int32(contractRevision)})
+	contractResp, err := client.GetContract(ctx, &pb.AttestationServiceGetContractRequest{ContractRevision: int32(contractRevision)})
 	if err != nil {
 		return "", err
 	}
 
-	workflow := resp.GetResult().GetWorkflow()
-	contractVersion := resp.Result.GetContract()
+	workflow := contractResp.GetResult().GetWorkflow()
+	contractVersion := contractResp.Result.GetContract()
+	contract := contractResp.GetResult().GetContract().GetV1()
 
 	workflowMeta := &clientAPI.WorkflowMetadata{
 		WorkflowId:     workflow.GetId(),
@@ -101,12 +102,10 @@ func (action *AttestationInit) Run(ctx context.Context, contractRevision int) (s
 
 	action.Logger.Debug().Msg("workflow contract and metadata retrieved from the control plane")
 
-	// Check that the instantiation is happening in the right runner context
-	// and extract the job URL
-	runnerType := resp.Result.Contract.GetV1().Runner.GetType()
-	runnerContext := crafter.NewRunner(runnerType)
-	if !action.dryRun && !runnerContext.CheckEnv() {
-		return "", ErrRunnerContextNotFound{runnerContext.String()}
+	// Auto discover the runner context and enforce against the one in the contract if needed
+	discoveredRunner, err := crafter.DiscoverAndEnforceRunner(contract.GetRunner().GetType(), action.dryRun, action.Logger)
+	if err != nil {
+		return "", ErrRunnerContextNotFound{err.Error()}
 	}
 
 	// Identifier of this attestation instance
@@ -117,7 +116,7 @@ func (action *AttestationInit) Run(ctx context.Context, contractRevision int) (s
 		runResp, err := client.Init(
 			ctx,
 			&pb.AttestationServiceInitRequest{
-				JobUrl:           runnerContext.RunURI(),
+				JobUrl:           discoveredRunner.RunURI(),
 				ContractRevision: int32(contractRevision),
 			},
 		)
@@ -138,6 +137,7 @@ func (action *AttestationInit) Run(ctx context.Context, contractRevision int) (s
 		WfInfo: workflowMeta, SchemaV1: contractVersion.GetV1(),
 		DryRun:        action.dryRun,
 		AttestationID: attestationID,
+		Runner:        discoveredRunner,
 	}
 
 	if err := action.c.Init(ctx, initOpts); err != nil {

internal/attestation/crafter/crafter.go

@@ -58,7 +58,7 @@ type StateManager interface {
 type Crafter struct {
 	logger        *zerolog.Logger
 	CraftingState *api.CraftingState
-	Runner        supportedRunner
+	Runner        SupportedRunner
 	workingDir    string
 	stateManager  StateManager
 	// Authn is used to authenticate with the OCI registry
@@ -126,6 +126,7 @@ type InitOpts struct {
 	DryRun bool
 	// Identifier of the attestation state
 	AttestationID string
+	Runner        SupportedRunner
 }
 
 // Initialize the crafter with a remote or local schema
@@ -136,14 +137,7 @@ func (c *Crafter) Init(ctx context.Context, opts *InitOpts) error {
 		return errors.New("workflow metadata is nil")
 	}
 
-	// Check that the initialization is happening in the right environment
-	runnerType := opts.SchemaV1.Runner.GetType()
-	runnerContext := NewRunner(runnerType)
-	if !opts.DryRun && !runnerContext.CheckEnv() {
-		return fmt.Errorf("%w, expected %s", ErrRunnerContextNotFound, runnerType)
-	}
-
-	return c.initCraftingStateFile(ctx, opts.AttestationID, opts.SchemaV1, opts.WfInfo, opts.DryRun, runnerType, runnerContext.RunURI())
+	return c.initCraftingStateFile(ctx, opts.AttestationID, opts.SchemaV1, opts.WfInfo, opts.DryRun, opts.Runner.ID(), opts.Runner.RunURI())
 }
 
 func (c *Crafter) AlreadyInitialized(ctx context.Context, stateID string) (bool, error) {
@@ -247,7 +241,7 @@ func (c *Crafter) LoadCraftingState(ctx context.Context, attestationID string) e
 	}
 
 	// Set runner too
-	runnerType := c.CraftingState.GetInputSchema().GetRunner().GetType()
+	runnerType := c.CraftingState.GetAttestation().GetRunnerType()
 	if runnerType.String() == "" {
 		return errors.New("runner type not set in the crafting state")
 	}
@@ -389,9 +383,9 @@ func (c *Crafter) ResolveEnvVars(ctx context.Context, attestationID string) erro
 	}
 
 	// Runner specific environment variables
-	c.logger.Debug().Str("runnerType", c.Runner.String()).Msg("loading runner specific env variables")
+	c.logger.Debug().Str("runnerType", c.Runner.ID().String()).Msg("loading runner specific env variables")
 	if !c.Runner.CheckEnv() {
-		errorStr := fmt.Sprintf("couldn't detect the environment %q. Is the crafting process happening in the target env?", c.Runner.String())
+		errorStr := fmt.Sprintf("couldn't detect the environment %q. Is the crafting process happening in the target env?", c.Runner.ID().String())
 		return fmt.Errorf("%s - %w", errorStr, ErrRunnerContextNotFound)
 	}
 
@@ -400,7 +394,7 @@ func (c *Crafter) ResolveEnvVars(ctx context.Context, attestationID string) erro
 	for index, envVarDef := range c.Runner.ListEnvVars() {
 		varNames[index] = envVarDef.Name
 	}
-	c.logger.Debug().Str("runnerType", c.Runner.String()).Strs("variables", varNames).Msg("list of env variables to automatically extract")
+	c.logger.Debug().Str("runnerType", c.Runner.ID().String()).Strs("variables", varNames).Msg("list of env variables to automatically extract")
 
 	outputEnvVars, errors := c.Runner.ResolveEnvVars()
 	if len(errors) > 0 {

internal/attestation/crafter/crafter_test.go

@@ -26,6 +26,7 @@ import (
 	schemaapi "github.com/chainloop-dev/chainloop/app/controlplane/api/workflowcontract/v1"
 	"github.com/chainloop-dev/chainloop/internal/attestation/crafter"
 	v1 "github.com/chainloop-dev/chainloop/internal/attestation/crafter/api/attestation/v1"
+	"github.com/chainloop-dev/chainloop/internal/attestation/crafter/runners"
 	"github.com/chainloop-dev/chainloop/internal/attestation/crafter/statemanager/filesystem"
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing/object"
@@ -74,12 +75,6 @@ func (s *crafterSuite) TestInit() {
 			workflowMetadata: nil,
 			wantErr:          true,
 		},
-		{
-			name:             "required github action environment, can't run",
-			contractPath:     "testdata/contracts/empty_github.yaml",
-			workflowMetadata: s.workflowMetadata,
-			wantErr:          true,
-		},
 		{
 			name:             "required github action env (dry run)",
 			contractPath:     "testdata/contracts/empty_github.yaml",
@@ -102,9 +97,10 @@ func (s *crafterSuite) TestInit() {
 			contract, err := crafter.LoadSchema(tc.contractPath)
 			require.NoError(s.T(), err)
 
+			runner := crafter.NewRunner(contract.GetRunner().GetType())
 			// Make sure that the tests context indicate that we are not in a CI
 			// this makes the github action runner context to fail
-			c, err := newInitializedCrafter(s.T(), tc.contractPath, tc.workflowMetadata, tc.dryRun, tc.workingDir)
+			c, err := newInitializedCrafter(s.T(), tc.contractPath, tc.workflowMetadata, tc.dryRun, tc.workingDir, runner)
 			if tc.wantErr {
 				s.Error(err)
 				return
@@ -149,12 +145,20 @@ func testingStateManager(t *testing.T, statePath string) crafter.StateManager {
 	return stateManager
 }
 
-func newInitializedCrafter(t *testing.T, contractPath string, wfMeta *v1.WorkflowMetadata, dryRun bool, workingDir string) (*testingCrafter, error) {
+func newInitializedCrafter(t *testing.T, contractPath string, wfMeta *v1.WorkflowMetadata,
+	dryRun bool,
+	workingDir string,
+	runner crafter.SupportedRunner,
+) (*testingCrafter, error) {
 	opts := []crafter.NewOpt{}
 	if workingDir != "" {
 		opts = append(opts, crafter.WithWorkingDirPath(workingDir))
 	}
 
+	if runner == nil {
+		runner = runners.NewGeneric()
+	}
+
 	statePath := fmt.Sprintf("%s/attestation.json", t.TempDir())
 	c, err := crafter.NewCrafter(testingStateManager(t, statePath), opts...)
 	require.NoError(t, err)
@@ -163,7 +167,10 @@ func newInitializedCrafter(t *testing.T, contractPath string, wfMeta *v1.Workflo
 		return nil, err
 	}
 
-	if err = c.Init(context.Background(), &crafter.InitOpts{SchemaV1: contract, WfInfo: wfMeta, DryRun: dryRun, AttestationID: ""}); err != nil {
+	if err = c.Init(context.Background(), &crafter.InitOpts{
+		SchemaV1: contract, WfInfo: wfMeta, DryRun: dryRun,
+		AttestationID: "",
+		Runner:        runner}); err != nil {
 		return nil, err
 	}
 
@@ -293,27 +300,30 @@ func (s *crafterSuite) TestResolveEnvVars() {
 
 	for _, tc := range testCases {
 		s.Run(tc.name, func() {
+			var runner crafter.SupportedRunner = runners.NewGeneric()
 			contract := "testdata/contracts/with_env_vars.yaml"
 			if tc.inGithubEnv {
 				s.T().Setenv("CI", "true")
 				for k, v := range gitHubTestingEnvVars {
 					s.T().Setenv(k, v)
 				}
+				runner = runners.NewGithubAction()
 			} else if tc.inJenkinsEnv {
 				contract = "testdata/contracts/jenkins_with_env_vars.yaml"
 				s.T().Setenv("JOB_NAME", "some-job")
 				s.T().Setenv("BUILD_URL", "http://some-url")
 				s.T().Setenv("AGENT_WORKDIR", "/some/home/dir")
 				s.T().Setenv("NODE_NAME", "some-node")
 				s.T().Setenv("JENKINS_HOME", "/some/home/dir")
+				runner = runners.NewJenkinsJob()
 			}
 
 			// Customs env vars
 			for k, v := range tc.envVars {
 				s.T().Setenv(k, v)
 			}
 
-			c, err := newInitializedCrafter(s.T(), contract, &v1.WorkflowMetadata{}, false, "")
+			c, err := newInitializedCrafter(s.T(), contract, &v1.WorkflowMetadata{}, false, "", runner)
 			require.NoError(s.T(), err)
 
 			err = c.ResolveEnvVars(context.Background(), "")

internal/attestation/crafter/runner.go

@@ -17,14 +17,16 @@ package crafter
 
 import (
 	"errors"
+	"fmt"
 
 	schemaapi "github.com/chainloop-dev/chainloop/app/controlplane/api/workflowcontract/v1"
 	"github.com/chainloop-dev/chainloop/internal/attestation/crafter/runners"
+	"github.com/rs/zerolog"
 )
 
 var ErrRunnerContextNotFound = errors.New("the runner environment doesn't match the required runner type")
 
-type supportedRunner interface {
+type SupportedRunner interface {
 	// Whether the attestation is happening in this environment
 	CheckEnv() bool
 
@@ -34,27 +36,80 @@ type supportedRunner interface {
 	// Return the list of env vars associated with this runner already resolved
 	ResolveEnvVars() (map[string]string, []*error)
 
-	String() string
-
 	// uri to the running job/workload
 	RunURI() string
+
+	// ID returns the runner type
+	ID() schemaapi.CraftingSchema_Runner_RunnerType
+}
+
+type RunnerM map[schemaapi.CraftingSchema_Runner_RunnerType]SupportedRunner
+
+var RunnersMap = map[schemaapi.CraftingSchema_Runner_RunnerType]SupportedRunner{
+	schemaapi.CraftingSchema_Runner_GITHUB_ACTION:   runners.NewGithubAction(),
+	schemaapi.CraftingSchema_Runner_GITLAB_PIPELINE: runners.NewGitlabPipeline(),
+	schemaapi.CraftingSchema_Runner_AZURE_PIPELINE:  runners.NewAzurePipeline(),
+	schemaapi.CraftingSchema_Runner_JENKINS_JOB:     runners.NewJenkinsJob(),
+	schemaapi.CraftingSchema_Runner_CIRCLECI_BUILD:  runners.NewCircleCIBuild(),
+	schemaapi.CraftingSchema_Runner_DAGGER_PIPELINE: runners.NewDaggerPipeline(),
+}
+
+// Load a specific runner
+func NewRunner(t schemaapi.CraftingSchema_Runner_RunnerType) SupportedRunner {
+	if r, ok := RunnersMap[t]; ok {
+		return r
+	}
+
+	return runners.NewGeneric()
 }
 
-func NewRunner(t schemaapi.CraftingSchema_Runner_RunnerType) supportedRunner {
-	switch t {
-	case schemaapi.CraftingSchema_Runner_GITHUB_ACTION:
-		return runners.NewGithubAction()
-	case schemaapi.CraftingSchema_Runner_GITLAB_PIPELINE:
-		return runners.NewGitlabPipeline()
-	case schemaapi.CraftingSchema_Runner_AZURE_PIPELINE:
-		return runners.NewAzurePipeline()
-	case schemaapi.CraftingSchema_Runner_JENKINS_JOB:
-		return runners.NewJenkinsJob()
-	case schemaapi.CraftingSchema_Runner_CIRCLECI_BUILD:
-		return runners.NewCircleCIBuild()
-	case schemaapi.CraftingSchema_Runner_DAGGER_PIPELINE:
-		return runners.NewDaggerPipeline()
-	default:
+// Discover the runner environment
+// This method does a simple check to see which runner is available in the environment
+// by iterating over the different runners and performing duck-typing checks
+// If more than one runner is detected, we default to generic since its an incongruent result
+func discoverRunner(logger zerolog.Logger) SupportedRunner {
+	detected := []SupportedRunner{}
+	for _, r := range RunnersMap {
+		if r.CheckEnv() {
+			detected = append(detected, r)
+		}
+	}
+
+	// if we don't detect any runner or more than one, we default to generic
+	if len(detected) == 0 {
+		return runners.NewGeneric()
+	}
+
+	if len(detected) > 1 {
+		var detectedStr []string
+		for _, d := range detected {
+			detectedStr = append(detectedStr, d.ID().String())
+		}
+
+		logger.Warn().Strs("detected", detectedStr).Msg("multiple runners detected, incongruent environment")
 		return runners.NewGeneric()
 	}
+
+	return detected[0]
+}
+
+func DiscoverAndEnforceRunner(enforcedRunnerType schemaapi.CraftingSchema_Runner_RunnerType, dryRun bool, logger zerolog.Logger) (SupportedRunner, error) {
+	discoveredRunner := discoverRunner(logger)
+
+	logger.Debug().
+		Str("discovered", discoveredRunner.ID().String()).
+		Str("enforced", enforcedRunnerType.String()).
+		Msg("checking runner context")
+
+	// If the runner type is not specified and it's a dry run, we don't enforce it
+	if enforcedRunnerType == schemaapi.CraftingSchema_Runner_RUNNER_TYPE_UNSPECIFIED || dryRun {
+		return discoveredRunner, nil
+	}
+
+	// Otherwise we enforce the runner type
+	if enforcedRunnerType != discoveredRunner.ID() {
+		return nil, fmt.Errorf("runner not found %s", enforcedRunnerType)
+	}
+
+	return discoveredRunner, nil
 }

internal/attestation/crafter/runners/azurepipeline.go

@@ -19,16 +19,20 @@ import (
 	neturl "net/url"
 	"os"
 	"path"
+
+	schemaapi "github.com/chainloop-dev/chainloop/app/controlplane/api/workflowcontract/v1"
 )
 
 type AzurePipeline struct{}
 
-const AzurePipelineID = "azure-pipeline"
-
 func NewAzurePipeline() *AzurePipeline {
 	return &AzurePipeline{}
 }
 
+func (r *AzurePipeline) ID() schemaapi.CraftingSchema_Runner_RunnerType {
+	return schemaapi.CraftingSchema_Runner_AZURE_PIPELINE
+}
+
 // Figure out if we are in a Azure Pipeline job or not
 func (r *AzurePipeline) CheckEnv() bool {
 	for _, varName := range []string{"TF_BUILD", "BUILD_BUILDURI"} {
@@ -55,10 +59,6 @@ func (r *AzurePipeline) ListEnvVars() []*EnvVarDefinition {
 	}
 }
 
-func (r *AzurePipeline) String() string {
-	return AzurePipelineID
-}
-
 func (r *AzurePipeline) RunURI() (url string) {
 	teamFoundationServerURI := os.Getenv("SYSTEM_TEAMFOUNDATIONSERVERURI")
 	definitionName := os.Getenv("SYSTEM_TEAMPROJECT")

internal/attestation/crafter/runners/azurepipeline_test.go

@@ -115,7 +115,7 @@ func (s *azurePipelineSuite) TestRunURI() {
 }
 
 func (s *azurePipelineSuite) TestRunnerName() {
-	s.Equal("azure-pipeline", s.runner.String())
+	s.Equal("AZURE_PIPELINE", s.runner.ID().String())
 }
 
 // Run before each test