Skip to content

Latest commit

 

History

History
274 lines (224 loc) · 15.1 KB

EiffelArtifactCreatedEvent.md

File metadata and controls

274 lines (224 loc) · 15.1 KB

EiffelArtifactCreatedEvent (ArtC)

The EiffelArtifactCreatedEvent declares that a software artifact has been created, what its coordinates are, what it contains and how it was created.

Data Members

data.identity

Type: String
Format: purl specification
Required: Yes
Description: The identity of the created artifact, in purl format.

data.fileInformation

Type: Object[]
Required: No
Description: A list of the artifact file contents. This information is optional and, when included, MAY include a complete or incomplete list of contents. In other words, it may be used to highlight only particular files of interest, such as launcher binaries or other entry-points.

data.fileInformation.name

Type: String
Required: Yes
Description: The name (including relative path from the root of the artifact) on syntax appropriate for the artifact packaging type.

data.fileInformation.tags

Type: String[]
Required: No
Description: Any tags associated with the file, to support navigation and identification of items of interest.

data.fileInformation.integrityProtection

Type: Object
Required: No
Description: An optional object containing a digest of the file's contents, i.e. a checksum, computed using the specified algorithm.

data.fileInformation.integrityProtection.alg

Type: String
Format: One of the hash algorithms listed in section 1 of NIST FIPS 180-4, excluding "SHA-1".
Required: Yes
Legal values: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256
Description: The cryptographic algorithm used to compute the digest of the file's contents.

data.fileInformation.integrityProtection.digest

Type: String
Format: A lowercase string of hexadecimal digits.
Required: Yes
Description: The digest of the file contents.

data.buildCommand

Type: String
Required: No
Description: The command used to build the artifact within the identified environment. Used for reproducability purposes.

data.requiresImplementation

Type: String
Required: No
Legal values: NONE, ANY, EXACTLY_ONE, AT_LEAST_ONE
Description: Defines whether this artifact requires an implementing artifact. This is typically used for interfaces requiring some backend implementation, although the interface does not presume to define which implementation. Implicitly interpreted as "ANY" if undefined. NONE signifies that there SHALL no implementations of this artifact. In other words, a composition containing another artifact identifying it in data.implements would be illegal.
ANY signifies that there may or may not be implementations of this artifact.
EXACTLY_ONE signifies that a legal composition must contain one and only one implementation of this artifact.
AT_LEAST_ONE signifies that a legal composition must contain one or more implementations of this artifact.

data.dependsOn

Type: String[]
Format: purl specification
Required: No
Description: An array of purl identified entities this artifact depends on. While not included in the purl specification itself, the Eiffel protocol allows version range notation according to Maven syntax to be used for the version component of the package identity. Note that the purl specification always requires the version component to be percent-encoded.

data.implements

Type: String[]
Format: purl specification
Required: No
Description: An array of purl identified entities this artifact implements. The typical use case of this is to identify interfaces implemented by this artifact. While not included in the purl specification itself, the Eiffel protocol allows version range notation according to Maven syntax to be used for the version component of the package identity. Note that the purl specification always requires the version component to be percent-encoded.

data.name

Type: String
Required: No
Description: Any (colloquial) name of the artifact. Unlike data.identity, this is not intended as an unambiguous identifier of the artifact, but as a descriptive and human readable name.

Links

This section describes which link types are valid for this event type. For details on how to express the link objects themselves see The Links Object.

CAUSE

Required: No
Legal targets: Any
Multiple allowed: Yes
Description: Identifies a cause of the event occurring. SHOULD not be used in conjunction with CONTEXT: individual events providing CAUSE within a larger context gives rise to ambiguity. It is instead recommended to let the root event of the context declare CAUSE.

COMPOSITION

Required: No
Legal targets: EiffelCompositionDefinedEvent
Multiple allowed: No
Description: Identifies the composition from which this artifact was built.

CONTEXT

Required: No
Legal targets: EiffelActivityTriggeredEvent, EiffelTestSuiteStartedEvent
Multiple allowed: No
Description: Identifies the activity or test suite of which this event constitutes a part.

ENVIRONMENT

Required: No
Legal targets: EiffelEnvironmentDefinedEvent
Multiple allowed: No
Description: Identifies the environment in which this artifact was built.

FLOW_CONTEXT

Required: No
Legal targets: EiffelFlowContextDefinedEvent
Multiple allowed: Yes
Description: Identifies the flow context of the event: which is the continuous integration and delivery flow in which this occurred – e.g. which product, project, track or version this is applicable to.

PREVIOUS_VERSION

Required: No
Legal targets: EiffelArtifactCreatedEvent
Multiple allowed: Yes
Description: Identifies a latest previous version (there may be more than one in case of merges) of the artifact the event represents.

Meta Members

meta.id

Type: String
Format: UUID
Required: Yes
Description: The unique identity of the event, generated at event creation.

meta.type

Type: String
Format: An event type name
Required: Yes
Description: The type of event. This field is required by the recipient of the event, as each event type has a specific meaning and a specific set of members in the data and links objects.

meta.version

Type: String
Format: Semantic Versioning 2.0.0
Required: Yes
Description: The version of the event type. This field is required by the recipient of the event to interpret the contents. Please see Versioning for more information.

meta.time

Type: Integer
Format: UNIX Epoch time, in milliseconds.
Required: Yes
Description: The event creation timestamp.

meta.tags

Type: String[]
Format: Free text
Required: No
Description: Any tags or keywords associated with the events, for searchability purposes.

meta.source

Type: Object
Required: No
Description: A description of the source of the event. This object is primarily for traceability purposes, and while optional, some form of identification of the source is HIGHLY RECOMMENDED. It offers multiple methods of identifying the source of the event, techniques which may be select from based on the technology domain and needs in any particular use case.

meta.source.domainId

Type: String
Format: Free text
Required: No
Description: Identifies the domain that produced an event.

meta.source.host

Type: String
Format: Hostname
Required: No
Description: The hostname of the event sender.

meta.source.name

Type: String
Format: Free text
Required: No
Description: The name of the event sender.

meta.source.serializer

Type: String
Format: purl specification
Required: No
Description: The identity of the serializer software used to construct the event, in purl format.

meta.source.uri

Type: String
Format: URI
Required: No
Description: The URI of, related to or describing the event sender.

meta.security

Type: Object
Required: No
Description: An optional object for enclosing security related information, particularly supporting data integrity. See Security for further information.

meta.security.authorIdentity

Type: String
Format: Distinguished Name
Required: Yes
Description: The identity of the author of the event. This property is intended to enable the recipient to identify the author of the event contents and/or look up the appropriate public key for decrypting the meta.security.integrityProtection.signature value and thereby verifying author identity and data integrity.

meta.security.integrityProtection

Type: Object
Required: No
Description: An optional object for enabling information integrity protection via cryptographic signing. To generate a correct meta.security.integrityProtection object:

  1. Generate the entire event, but with the meta.security.integrityProtection.signature value set to an empty string.
  2. Serialize the event on Canonical JSON Form.
  3. Generate the signature using the meta.security.integrityProtection.alg algorithm.
  4. Set the meta.security.integrityProtection.signature value to the resulting signature while maintaining Canonical JSON Form. To verify the integrity of the event, the consumer then resets meta.security.integrityProtection.signature to an empty string and ensures Canonical JSON Form before verifying the signature.
meta.security.integrityProtection.signature

Type: String
Required: Yes
Description: The signature produced by the signing algorithm.

meta.security.integrityProtection.alg

Type: String
Format: A valid JWA RFC 7518 alg parameter value, excluding "none"
Required: Yes
Description: The cryptographic algorithm used to digitally sign the event. If no signing is performed, the meta.security.integrityProtection SHALL be omitted rather than setting meta.security.integrityProtection.alg to "none".

meta.security.integrityProtection.publicKey

Type: String
Required: No
Description: The producer of the event may include the relevant public key for convenience, rather than relying a separate key distribution mechanism. Note that this property, along with the rest of the event, is encompassed by the integrity protection offered via meta.security.integrityProtection.

meta.security.sequenceProtection

Type: Object[]
Required: No
Description: An optional object for enabling verification of intact event sequences in a distributed environment, thereby protecting against data loss, race conditions and replay attacks. It allows event publishers to state the order in which they produce a certain set of events. In other words, it cannot provide any global guarantees as to event sequencing, but rather per-publisher guarantees. Every object in the array represents a named sequence of which this event forms a part. For every event including a given named sequence, the publisher SHALL increment meta.security.sequenceProtection.position by 1. The first event produced in a given named sequence SHALL numbered 1.

meta.security.sequenceProtection.sequenceName

Type: String
Required: Yes
Description: The name of the sequence. There MUST not be two identical meta.security.sequenceProtection.sequenceName values in the same event.

meta.security.sequenceProtection.position

Type: Integer
Required: Yes
Description: The number of the event within the named sequence.

meta.schemaUri

Type: String
Format: URI
Required: No
Description: A URI pointing at a location from where the schema used when creating this event can be retrieved. It can be used to parse event data for validation and extraction purposes, for example. Note, that the schema on that URI should be considered immutable.

Version History

Version Introduced in Changes
4.0.1 Not yet released in an edition Use common fragment for Integrity Protection.
4.0.0 Not yet released in an edition Update meta schema to Draft 2020-12 and add link validation.
3.3.0 edition-arica Added data.fileInformation.integrityProtection member (see Issue 290).
3.2.0 edition-arica Add schema URL to the meta object (see Issue 280).
3.1.0 edition-lyon Add links.domainId member (see Issue 233).
3.0.0 edition-agen Improved information integrity protection (see Issue 185).
2.0.0 edition-agen Introduced purl identifiers instead of GAVs (see Issue 182)
1.1.0 edition-toulouse Multiple links of type FLOW_CONTEXT allowed.
1.0.0 edition-bordeaux Initial version.

Examples