canic_host/build_provenance/
model.rs1use std::path::PathBuf;
2
3use serde::{Deserialize, Serialize};
4
5use crate::{
6 canister_build::{CanisterArtifactBuildOutput, CanisterBuildProfile},
7 evidence_envelope::{
8 CommandProvenanceV1, EvidenceMessageV1, InputFingerprintV1, InputPathDisplayV1,
9 },
10};
11
12pub const BUILD_PROVENANCE_SCHEMA_ID: &str = "canic.build_provenance.v1";
13pub(super) const WASM_TARGET: &str = "wasm32-unknown-unknown";
14pub(super) const DIRTY_SUMMARY_ALGORITHM: &str = "git-status-porcelain-v1-z-sha256";
15
16#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
20pub struct BuildProvenanceV1 {
21 pub schema_version: u8,
22 pub generated_at: String,
23 pub canic_version: String,
24 pub command: CommandProvenanceV1,
25 pub build_status: BuildProvenanceStatusV1,
26 pub source: SourceProvenanceV1,
27 pub cargo: CargoProvenanceV1,
28 pub artifacts: Vec<ArtifactProvenanceV1>,
29 pub warnings: Vec<EvidenceMessageV1>,
30}
31
32#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
36#[serde(rename_all = "snake_case")]
37pub enum BuildProvenanceStatusV1 {
38 Success,
39 Failed,
40 NotRecorded,
41}
42
43#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
47pub struct SourceProvenanceV1 {
48 pub schema_version: u8,
49 pub vcs: SourceVcsV1,
50 pub revision: Option<String>,
51 pub branch: Option<String>,
52 pub dirty: Option<bool>,
53 pub dirty_policy: SourceDirtyPolicyV1,
54 pub dirty_summary_digest: Option<String>,
55 pub dirty_summary_algorithm: Option<String>,
56}
57
58#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
62#[serde(rename_all = "snake_case")]
63pub enum SourceVcsV1 {
64 Git,
65 Unknown,
66}
67
68#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
72#[serde(rename_all = "snake_case")]
73pub enum SourceDirtyPolicyV1 {
74 Clean,
75 DirtyRecorded,
76 Unknown,
77}
78
79#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
83pub struct CargoProvenanceV1 {
84 pub cargo_lock_sha256: Option<String>,
85 pub package_manifest_sha256: Option<String>,
86 pub package_name: String,
87 pub package_manifest: String,
88 pub package_metadata_fleet: String,
89 pub package_metadata_role: String,
90 pub rustc_version: Option<String>,
91 pub cargo_version: Option<String>,
92 pub target: Option<String>,
93 pub profile: String,
94 pub features: Vec<String>,
95 pub default_features: Option<bool>,
96 pub rustflags_digest: Option<String>,
97 pub rustflags_digest_algorithm: Option<String>,
98 pub cargo_config_fingerprints: Vec<InputFingerprintV1>,
99 pub build_script_inputs: BuildScriptInputStateV1,
100}
101
102#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
106#[serde(rename_all = "snake_case")]
107pub enum BuildScriptInputStateV1 {
108 NotRecorded,
109 Recorded,
110 Unknown,
111}
112
113#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
117pub struct ArtifactProvenanceV1 {
118 pub role: String,
119 pub fleet: String,
120 pub artifact_kind: ArtifactProvenanceKindV1,
121 pub path: Option<String>,
122 pub path_display: InputPathDisplayV1,
123 pub hash_algorithm: String,
124 pub sha256: String,
125 pub size_bytes: u64,
126 pub produced_by: String,
127}
128
129#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
133#[serde(rename_all = "snake_case")]
134pub enum ArtifactProvenanceKindV1 {
135 Wasm,
136 WasmGzip,
137 Candid,
138 Metadata,
139 Other,
140}
141
142#[derive(Clone, Debug)]
146pub struct BuildProvenanceRequest {
147 pub fleet: String,
148 pub role: String,
149 pub network: String,
150 pub profile: CanisterBuildProfile,
151 pub workspace_root: PathBuf,
152 pub config_path: PathBuf,
153 pub output: CanisterArtifactBuildOutput,
154 pub command: CommandProvenanceV1,
155 pub generated_at: String,
156 pub canic_version: String,
157}