sigstore_verification/sources/
github.rs

1use crate::Result;
2use crate::api::{Attestation, AttestationClient, FetchParams};
3use crate::sources::{ArtifactRef, AttestationSource};
4use async_trait::async_trait;
5
6/// GitHub attestation source for fetching attestations from GitHub's API
7pub struct GitHubSource {
8    client: AttestationClient,
9    owner: String,
10    repo: String,
11}
12
13impl GitHubSource {
14    pub fn new(
15        owner: impl Into<String>,
16        repo: impl Into<String>,
17        token: Option<&str>,
18    ) -> Result<Self> {
19        Ok(Self {
20            client: AttestationClient::new(token)?,
21            owner: owner.into(),
22            repo: repo.into(),
23        })
24    }
25}
26
27#[async_trait]
28impl AttestationSource for GitHubSource {
29    async fn fetch_attestations(&self, artifact: &ArtifactRef) -> Result<Vec<Attestation>> {
30        let params = FetchParams {
31            owner: self.owner.clone(),
32            repo: Some(format!("{}/{}", self.owner, self.repo)),
33            digest: artifact.digest.clone(),
34            limit: 30,
35            predicate_type: Some("https://slsa.dev/provenance/v1".to_string()),
36        };
37
38        self.client.fetch_attestations(params).await
39    }
40
41    fn source_type(&self) -> &'static str {
42        "GitHub"
43    }
44}
sigstore_verification/sources/github.rs

sigstore_verification/sources/
github.rs
