From 6983a397f4be27ad9a049e95a983baa902ce9854 Mon Sep 17 00:00:00 2001
From: CrazyMax <1951866+crazy-max@users.noreply.github.com>
Date: Thu, 13 Jun 2024 11:17:01 +0200
Subject: [PATCH] intoto and provenance types

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
---
 src/types/intoto/intoto.ts                    | 20 ++++++
 .../intoto/slsa_provenance/v0.2/provenance.ts | 69 +++++++++++++++++++
 2 files changed, 89 insertions(+)
 create mode 100644 src/types/intoto/intoto.ts
 create mode 100644 src/types/intoto/slsa_provenance/v0.2/provenance.ts

diff --git a/src/types/intoto/intoto.ts b/src/types/intoto/intoto.ts
new file mode 100644
index 00000000..0bad854e
--- /dev/null
+++ b/src/types/intoto/intoto.ts
@@ -0,0 +1,20 @@
+/**
+ * Copyright 2024 actions-toolkit authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// https://github.com/in-toto/in-toto-golang/blob/dd6278764ab1dae7301609c7510129888e2fd569/in_toto/envelope.go#L17
+export const MEDIATYPE_PAYLOAD = 'application/vnd.in-toto+json';
+
+export const MEDIATYPE_PREDICATE = 'in-toto.io/predicate-type';
diff --git a/src/types/intoto/slsa_provenance/v0.2/provenance.ts b/src/types/intoto/slsa_provenance/v0.2/provenance.ts
new file mode 100644
index 00000000..832fd38b
--- /dev/null
+++ b/src/types/intoto/slsa_provenance/v0.2/provenance.ts
@@ -0,0 +1,69 @@
+/**
+ * Copyright 2024 actions-toolkit authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// https://github.com/in-toto/in-toto-golang/blob/master/in_toto/slsa_provenance/v0.2/provenance.go
+
+export const PREDICATE_SLSA_PROVENANCE = 'https://slsa.dev/provenance/v0.2';
+
+export interface ProvenancePredicate {
+  builder: ProvenanceBuilder;
+  buildType: string;
+  invocation?: ProvenanceInvocation;
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  buildConfig?: any;
+  metadata: ProvenanceMetadata;
+  materials?: Material[];
+}
+
+export interface ProvenanceBuilder {
+  id: string;
+}
+
+export interface ProvenanceInvocation {
+  configSource?: ConfigSource;
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  parameters?: any;
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  environment?: any;
+}
+
+export interface DigestSet {
+  [key: string]: string;
+}
+
+export interface ConfigSource {
+  uri?: string;
+  digest?: DigestSet;
+  entryPoint?: string;
+}
+
+export interface Completeness {
+  parameters?: boolean;
+  environment?: boolean;
+  materials?: boolean;
+}
+
+export interface ProvenanceMetadata {
+  buildInvocationId?: string;
+  buildStartedOn?: string;
+  completeness?: Completeness;
+  reproducible?: boolean;
+}
+
+export interface Material {
+  uri: string;
+  digest: DigestSet;
+}