17 lines
909 B
Go
17 lines
909 B
Go
package models
|
|
|
|
import "time"
|
|
|
|
// ArtifactSignature stores the Cosign-compatible signature bundle produced
|
|
// when an artifact is uploaded. The BundleJSON field is the full self-contained
|
|
// bundle so consumers can verify without hitting the API again.
|
|
type ArtifactSignature struct {
|
|
ID int64 `xorm:"'id' pk autoincr" json:"id"`
|
|
ArtifactID int64 `xorm:"'artifact_id' notnull unique" json:"artifactId"`
|
|
KeyID string `xorm:"'key_id' varchar(32)" json:"keyId"`
|
|
Algorithm string `xorm:"'algorithm' varchar(50)" json:"algorithm"` // "ecdsa-p256-sha256"
|
|
Digest string `xorm:"'digest' varchar(80)" json:"digest"` // "sha256:<hex>"
|
|
BundleJSON string `xorm:"'bundle_json' text" json:"-"` // full bundle, not surfaced directly
|
|
SignedAt time.Time `xorm:"'signed_at'" json:"signedAt"`
|
|
}
|