chore(attestations): store contract name and version in attestation and referrer API (#1679)

Signed-off-by: Jose I. Paris <[email protected]>

Author: jiparis

app/cli/internal/action/attestation_init.go

@@ -126,6 +126,7 @@ func (action *AttestationInit) Run(ctx context.Context, opts *AttestationInitRun
 		Project:        workflow.GetProject(),
 		Team:           workflow.GetTeam(),
 		SchemaRevision: strconv.Itoa(int(contractVersion.GetRevision())),
+		ContractName:   workflow.ContractName,
 	}
 
 	if opts.ProjectVersion != "" {

app/controlplane/api/gen/frontend/attestation/v1/crafting_state.ts

@@ -239,6 +239,7 @@ func bizWorkflowToPb(wf *biz.Workflow) *pb.WorkflowItem {
 		Id: wf.ID.String(), Name: wf.Name, CreatedAt: timestamppb.New(*wf.CreatedAt),
 		Project: wf.Project, Team: wf.Team, RunsCount: int32(wf.RunsCounter), Public: wf.Public,
 		Description: wf.Description, ContractRevisionLatest: int32(wf.ContractRevisionLatest),
+		ContractName: wf.ContractName,
 	}
 
 	if wf.ContractID != uuid.Nil {

app/controlplane/api/gen/jsonschema/attestation.v1.WorkflowMetadata.jsonschema.json

@@ -280,10 +280,12 @@ func extractReferrers(att *dsse.Envelope, repo ReferrerRepo) ([]*Referrer, error
 	attestationReferrer.Annotations = predicate.GetAnnotations()
 	attestationReferrer.Metadata = map[string]string{
 		// workflow name, team and project
-		"name":         predicate.GetMetadata().Name,
-		"team":         predicate.GetMetadata().Team,
-		"project":      predicate.GetMetadata().Project,
-		"organization": predicate.GetMetadata().Organization,
+		"name":            predicate.GetMetadata().Name,
+		"team":            predicate.GetMetadata().Team,
+		"project":         predicate.GetMetadata().Project,
+		"organization":    predicate.GetMetadata().Organization,
+		"contractName":    predicate.GetMetadata().ContractName,
+		"contractVersion": predicate.GetMetadata().ContractVersion,
 	}
 
 	// Create new referrers for each material

app/controlplane/api/gen/jsonschema/attestation.v1.WorkflowMetadata.schema.json

@@ -243,6 +243,7 @@ func (s *referrerIntegrationTestSuite) TestExtractAndPersists() {
 		s.Equal(wantReferrerAtt.Kind, got.Kind)
 		// It has metadata
 		s.Equal(map[string]string{
+			"contractName": "", "contractVersion": "",
 			"name":         "test-new-types",
 			"project":      "test",
 			"team":         "my-team",

app/controlplane/internal/service/workflow.go

@@ -109,10 +109,12 @@ func (s *referrerTestSuite) TestExtractReferrers() {
 					Kind:         "ATTESTATION",
 					Downloadable: true,
 					Metadata: map[string]string{
-						"name":         "only-sbom",
-						"organization": "",
-						"team":         "",
-						"project":      "foo",
+						"contractName":    "",
+						"contractVersion": "",
+						"name":            "only-sbom",
+						"organization":    "",
+						"team":            "",
+						"project":         "foo",
 					},
 					Annotations: map[string]string{
 						"branch":   "stable",
@@ -158,10 +160,12 @@ func (s *referrerTestSuite) TestExtractReferrers() {
 						},
 					},
 					Metadata: map[string]string{
-						"name":         "test",
-						"organization": "",
-						"team":         "",
-						"project":      "bar",
+						"contractName":    "",
+						"contractVersion": "",
+						"name":            "test",
+						"organization":    "",
+						"team":            "",
+						"project":         "bar",
 					},
 					Annotations: map[string]string{
 						"version": "oss",
@@ -189,10 +193,12 @@ func (s *referrerTestSuite) TestExtractReferrers() {
 					Kind:         "ATTESTATION",
 					Downloadable: true,
 					Metadata: map[string]string{
-						"name":         "only-sbom",
-						"organization": "",
-						"team":         "",
-						"project":      "foo",
+						"contractName":    "",
+						"contractVersion": "",
+						"name":            "only-sbom",
+						"organization":    "",
+						"team":            "",
+						"project":         "foo",
 					},
 					Annotations: map[string]string{
 						"branch":   "stable",
@@ -248,10 +254,12 @@ func (s *referrerTestSuite) TestExtractReferrers() {
 					Kind:         "ATTESTATION",
 					Downloadable: true,
 					Metadata: map[string]string{
-						"name":         "test-new-types",
-						"organization": "my-org",
-						"team":         "my-team",
-						"project":      "test",
+						"contractName":    "",
+						"contractVersion": "",
+						"name":            "test-new-types",
+						"organization":    "my-org",
+						"team":            "my-team",
+						"project":         "test",
 					},
 					References: []*Referrer{
 						{

app/controlplane/pkg/biz/referrer.go

@@ -230,6 +230,8 @@ message WorkflowMetadata {
   string workflow_id = 5 [(buf.validate.field).string.min_len = 1];
   string workflow_run_id = 6; // Not required since we might be doing a dry-run
   string schema_revision = 7 [(buf.validate.field).string.min_len = 1];
+  // contract name (contract version is "schema_revision")
+  string contract_name = 11 [(buf.validate.field).string.min_len = 1];
   // organization name
   string organization = 8 [(buf.validate.field).string.min_len = 1];
 }