HomeLab/ForgeBucket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

added signed artifacts and SBOM generation capabilities

Browse Source
This commit is contained in:
erangel1
2026-05-12 21:31:43 +02:00
parent ab94775162
commit 822f723ff1
16 changed files with 1615 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/models/signing.go
+16
View File
@@ -0,0 +1,16 @@
package models
import "time"
// ArtifactSignature stores the Cosign-compatible signature bundle produced
// when an artifact is uploaded. The BundleJSON field is the full self-contained
// bundle so consumers can verify without hitting the API again.
type ArtifactSignature struct {
ID int64 `xorm:"'id' pk autoincr" json:"id"`
ArtifactID int64 `xorm:"'artifact_id' notnull unique" json:"artifactId"`
KeyID string `xorm:"'key_id' varchar(32)" json:"keyId"`
Algorithm string `xorm:"'algorithm' varchar(50)" json:"algorithm"` // "ecdsa-p256-sha256"
Digest string `xorm:"'digest' varchar(80)" json:"digest"` // "sha256:<hex>"
BundleJSON string `xorm:"'bundle_json' text" json:"-"` // full bundle, not surfaced directly
SignedAt time.Time `xorm:"'signed_at'" json:"signedAt"`
}