feat: expose container image tag (#798)

Signed-off-by: Miguel Martinez Trivino <[email protected]>

Author: migmartri

app/cli/cmd/attestation_status.go

@@ -1,5 +1,5 @@
 //
-// Copyright 2023 The Chainloop Authors.
+// Copyright 2024 The Chainloop Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -157,7 +157,11 @@ func materialsTable(status *action.AttestationStatusResult) error {
 
 		if full {
 			if m.Value != "" {
-				mt.AppendRow(table.Row{"Value", wrap.String(m.Value, 100)})
+				v := m.Value
+				if m.Tag != "" {
+					v = fmt.Sprintf("%s:%s", v, m.Tag)
+				}
+				mt.AppendRow(table.Row{"Value", wrap.String(v, 100)})
 			}
 
 			if m.Hash != "" {

app/cli/cmd/workflow_workflow_run_describe.go

@@ -1,5 +1,5 @@
 //
-// Copyright 2023 The Chainloop Authors.
+// Copyright 2024 The Chainloop Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -155,8 +155,12 @@ func predicateV1Table(att *action.WorkflowRunAttestationItem) {
 			}
 
 			// We do not want to show the value if it is a file
-			if !m.EmbeddedInline && m.UploadedToCAS {
-				mt.AppendRow(table.Row{"Value", wrap.String(m.Value, 100)})
+			if !m.EmbeddedInline && m.UploadedToCAS || m.Type == "CONTAINER_IMAGE" {
+				v := m.Value
+				if m.Tag != "" {
+					v = fmt.Sprintf("%s:%s", v, m.Tag)
+				}
+				mt.AppendRow(table.Row{"Value", wrap.String(v, 100)})
 			}
 
 			if m.Hash != "" {

app/cli/internal/action/attestation_status.go

@@ -1,5 +1,5 @@
 //
-// Copyright 2023 The Chainloop Authors.
+// Copyright 2024 The Chainloop Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -115,6 +115,7 @@ func (action *AttestationStatus) Run(ctx context.Context, attestationID string)
 				return nil, err
 			}
 			materialResult.Set = true
+			materialResult.Tag = cm.GetContainerImage().GetTag()
 		}
 
 		res.Materials = append(res.Materials, *materialResult)

app/cli/internal/action/workflow_run_describe.go

@@ -1,5 +1,5 @@
 //
-// Copyright 2023 The Chainloop Authors.
+// Copyright 2024 The Chainloop Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -55,6 +55,7 @@ type Material struct {
 	Name           string        `json:"name"`
 	Value          string        `json:"value"`
 	Hash           string        `json:"hash"`
+	Tag            string        `json:"tag"`
 	Filename       string        `json:"filename"`
 	Type           string        `json:"type"`
 	Annotations    []*Annotation `json:"annotations,omitempty"`
@@ -173,6 +174,7 @@ func materialPBToAction(in *pb.AttestationItem_Material) *Material {
 		Value:          in.Value,
 		Type:           in.Type,
 		Hash:           in.Hash,
+		Tag:            in.Tag,
 		UploadedToCAS:  in.UploadedToCas,
 		Filename:       in.Filename,
 		EmbeddedInline: in.EmbeddedInline,

app/controlplane/api/controlplane/v1/response_messages.pb.go

@@ -97,6 +97,8 @@ message AttestationItem {
     // Material type, i.e ARTIFACT
     string type = 3;
     map<string, string> annotations = 4;
+    // in the case of a container image, the tag of the attested image
+    string tag = 9;
     string hash = 5;
     // it's been uploaded to an actual CAS backend
     bool uploaded_to_cas = 6;

app/controlplane/api/controlplane/v1/response_messages.proto

@@ -417,6 +417,7 @@ func extractMaterials(in []*chainloop.NormalizedMaterial) ([]*cpAPI.AttestationI
 			Value:          m.Value,
 			UploadedToCas:  m.UploadedToCAS,
 			EmbeddedInline: m.EmbeddedInline,
+			Tag:            m.Tag,
 		}
 
 		if m.Hash != nil {

app/controlplane/api/gen/frontend/controlplane/v1/response_messages.ts

@@ -53,6 +53,8 @@ type NormalizedMaterial struct {
 	Value string
 	// Hash of the Material
 	Hash *crv1.Hash
+	// Tag of the container image
+	Tag string
 	// Whether the Material was uploaded and available for download from CAS
 	UploadedToCAS bool
 	// Whether the Material was embedded inline in the attestation

app/controlplane/internal/service/attestation.go

@@ -329,6 +329,11 @@ func normalizeMaterial(material *intoto.ResourceDescriptor) (*NormalizedMaterial
 		m.EmbeddedInline = true
 	}
 
+	// Extract the container image tag if it's set in the annotations
+	if v, ok := mAnnotationsMap[annotationContainerTag]; ok && v.GetStringValue() != "" {
+		m.Tag = v.GetStringValue()
+	}
+
 	// In the case of an artifact type or derivative the filename is set and the inline content if any
 	if m.EmbeddedInline || m.UploadedToCAS {
 		m.Filename = material.Name