sigstore_verification/sources/
mod.rs

1pub mod file;
2pub mod github;
3pub mod oci;
4
5use crate::Result;
6use async_trait::async_trait;
7use std::path::Path;
8
9/// Reference to an artifact that needs verification
10#[derive(Debug, Clone)]
11pub struct ArtifactRef {
12    /// SHA256 digest of the artifact
13    pub digest: String,
14    /// Optional path to the artifact file
15    pub path: Option<String>,
16    /// Optional additional metadata
17    pub metadata: Option<serde_json::Value>,
18}
19
20impl ArtifactRef {
21    pub fn from_path(path: &Path) -> Result<Self> {
22        let digest = crate::calculate_file_digest(path)?;
23        Ok(Self {
24            digest: format!("sha256:{}", digest),
25            path: Some(path.to_string_lossy().to_string()),
26            metadata: None,
27        })
28    }
29
30    pub fn from_digest(digest: &str) -> Self {
31        Self {
32            digest: digest.to_string(),
33            path: None,
34            metadata: None,
35        }
36    }
37}
38
39/// Trait for different sources of attestations
40#[async_trait]
41pub trait AttestationSource: Send + Sync {
42    /// Fetch attestations for a given artifact
43    async fn fetch_attestations(
44        &self,
45        artifact: &ArtifactRef,
46    ) -> Result<Vec<crate::api::Attestation>>;
47
48    /// Get the source type name for logging
49    fn source_type(&self) -> &'static str;
50}
sigstore_verification/sources/mod.rs

sigstore_verification/sources/
mod.rs
