Skip to content

Commit

Permalink
chore: renaming of archivist --> archivista
Browse files Browse the repository at this point in the history
  • Loading branch information
colek42 authored and mikhailswift committed Mar 7, 2023
1 parent a4a0c89 commit 1f459fa
Show file tree
Hide file tree
Showing 103 changed files with 689 additions and 523 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/golangci-lint.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright 2022 The Archivist Contributors
# Copyright 2022 The Archivista Contributors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright 2022 The Archivist Contributors
# Copyright 2022 The Archivista Contributors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/verify-licence.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright 2022 The Archivist Contributors
# Copyright 2022 The Archivista Contributors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand Down
10 changes: 5 additions & 5 deletions .gitlab-ci.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright 2022 The Archivist Contributors
# Copyright 2022 The Archivista Contributors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand All @@ -17,22 +17,22 @@ stages:

build-and-push-server:
variables:
KO_DOCKER_REPO: registry.gitlab.com/testifysec/judge-platform/archivist/archivist
KO_DOCKER_REPO: registry.gitlab.com/testifysec/judge-platform/archivista/archivista
stage: build
image:
name: registry.gitlab.com/testifysec/docker-images/ko:0.11.2-go1.19.2
entrypoint: [""]
script:
- ko auth login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
- ko publish --bare --tags=${CI_COMMIT_SHORT_SHA} ./cmd/archivist
- ko publish --bare --tags=${CI_COMMIT_SHORT_SHA} ./cmd/archivista

build-and-push-client:
variables:
KO_DOCKER_REPO: registry.gitlab.com/testifysec/judge-platform/archivist/archivistctl
KO_DOCKER_REPO: registry.gitlab.com/testifysec/judge-platform/archivista/archivistactl
stage: build
image:
name: registry.gitlab.com/testifysec/docker-images/ko:0.11.2-go1.19.2
entrypoint: [""]
script:
- ko auth login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
- ko publish --bare --tags ${CI_COMMIT_SHORT_SHA} ./cmd/archivistctl
- ko publish --bare --tags ${CI_COMMIT_SHORT_SHA} ./cmd/archivistactl
12 changes: 6 additions & 6 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright 2022 The Archivist Contributors
# Copyright 2022 The Archivista Contributors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand All @@ -17,10 +17,10 @@ WORKDIR /src
RUN apk update && apk add --no-cache file git
ENV GOMODCACHE /root/.cache/gocache
RUN --mount=target=. --mount=target=/root/.cache,type=cache \
CGO_ENABLED=0 go build -o /out/archivist -ldflags '-s -d -w' ./cmd/archivist; \
file /out/archivist | grep "statically linked"
CGO_ENABLED=0 go build -o /out/archivista -ldflags '-s -d -w' ./cmd/archivista; \
file /out/archivista | grep "statically linked"

FROM alpine
COPY --from=build /out/archivist /bin/archivist
RUN mkdir /tmp/archivist
ENTRYPOINT ["/bin/archivist"]
COPY --from=build /out/archivista /bin/archivista
RUN mkdir /tmp/archivista
ENTRYPOINT ["/bin/archivista"]
72 changes: 36 additions & 36 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,19 @@
<img src="docs/assets/logo.png">
</p>

# Archivist
# Archivista

Archivist is a graph and storage service for [in-toto](https://in-toto.io) attestations. Archivist enables the discovery
Archivista is a graph and storage service for [in-toto](https://in-toto.io) attestations. Archivista enables the discovery
and retrieval of attestations for software artifacts.

## How Archivist Works
## How Archivista Works

When an attestation is uploaded to Archivist it will store the entire attestation in a configured object store as well
When an attestation is uploaded to Archivista it will store the entire attestation in a configured object store as well
as scrape some data from the attestation and store it in a queryable metadata store. This metadata is exposed through a
GraphQL API. This enables queries such as finding all attestations related to an artifact with a specified hash or
finding all attestations that recorded the use of a specific dependency.

Archivist uses Subjects on the [in-toto
Archivista uses Subjects on the [in-toto
Statement](https://github.com/in-toto/attestation/blob/main/spec/README.md#statement) as edges on this graph. Producers
of attestations (such as [Witness](https://github.com/testifysec/witness) can use these subjects as a way to expose
relationships between attestations.
Expand All @@ -23,66 +23,66 @@ For example when attesting that an artifact was compiled the compiled artifact m
commit hash the artifact was built from. This would allow traversing the graph by the commit hash to find other relevant
attestations such as those describing code reviews, testing, and scanning that happened on that git commit.

## Running Archivist
## Running Archivista

A public instance of Archivist is running [here](https://archivist.testifysec.io) for testing purposes. The data in this
A public instance of Archivista is running [here](https://archivista.testifysec.io) for testing purposes. The data in this
instance is open to the world and there are currently no SLAs defined for this instance.

Archivist requires a MySQL database as well as a compatible file store. Compatible file stores include a local directory
Archivista requires a MySQL database as well as a compatible file store. Compatible file stores include a local directory
or any S3 compatible store.

A docker compose file is included in the repository that will run a local instance of Archivist along with the necessary
A docker compose file is included in the repository that will run a local instance of Archivista along with the necessary
services for it to operate. These include Minio and MySQL. Simply cloning the repo and running

```
docker compose up --build -d
```

is enough to get a local instance of Archivist up and running. Archivist will be listening at `http://localhost:8082` by
is enough to get a local instance of Archivista up and running. Archivista will be listening at `http://localhost:8082` by
default with this docker compose file.

### Configuration

Archivist is configured through environment variables currently.
Archivista is configured through environment variables currently.

| Variable | Default Value | Description |
| -------- | ------------- | ----------- |
| ARCHIVIST_LISTEN_ON | tcp://127.0.0.1:8082 | URL endpoint for Archivist to listen on |
| ARCHIVIST_LOG_LEVEL | INFO | Log level. Options are DEBUG, INFO, WARN, ERROR |
| ARCHIVIST_CORS_ALLOW_ORIGINS | | Comma separated list of origins to allow CORS requests from |
| ARCHIVIST_SQL_STORE_CONNECTION_STRING | root:example@tcp(db)/testify | SQL store connection string |
| ARCHIVIST_STORAGE_BACKEND | | Backend to use for attestation storage. Options are FILE, BLOB, or empty string for disabled. |
| ARCHIVIST_FILE_SERVE_ON | | What address to serve files on. Only valid when using FILE storage backend. |
| ARCHIVIST_FILE_DIR | /tmp/archivist/ | Directory to store and serve files. Only valid when using FILE storage backend. |
| ARCHIVIST_BLOB_STORE_ENDPOINT | 127.0.0.1:9000 | URL endpoint for blob storage. Only valid when using BLOB storage backend. |
| ARCHIVIST_BLOB_STORE_ACCESS_KEY_ID | | Blob store access key id. Only valid when using BLOB storage backend. |
| ARCHIVIST_BLOB_STORE_SECRET_ACCESS_KEY_ID | | Blob store secret access key id. Only valid when using BLOB storage backend. |
| ARCHIVIST_BLOB_STORE_USE_TLS | TRUE | Use TLS for BLOB storage backend. Only valid when using BLOB storage backend. |
| ARCHIVIST_BLOB_STORE_BUCKET_NAME | | Bucket to use for storage. Only valid when using BLOB storage backend. |
| ARCHIVIST_ENABLE_GRAPHQL | TRUE | Enable GraphQL Endpoint |
| ARCHIVIST_GRAPHQL_WEB_CLIENT_ENABLE | TRUE | Enable GraphiQL, the GraphQL web client |


## Using Archivist

Archivist exposes two HTTP endpoints to upload or download attestations:
| ARCHIVISTA_LISTEN_ON | tcp://127.0.0.1:8082 | URL endpoint for Archivista to listen on |
| ARCHIVISTA_LOG_LEVEL | INFO | Log level. Options are DEBUG, INFO, WARN, ERROR |
| ARCHIVISTA_CORS_ALLOW_ORIGINS | | Comma separated list of origins to allow CORS requests from |
| ARCHIVISTA_SQL_STORE_CONNECTION_STRING | root:example@tcp(db)/testify | SQL store connection string |
| ARCHIVISTA_STORAGE_BACKEND | | Backend to use for attestation storage. Options are FILE, BLOB, or empty string for disabled. |
| ARCHIVISTA_FILE_SERVE_ON | | What address to serve files on. Only valid when using FILE storage backend. |
| ARCHIVISTA_FILE_DIR | /tmp/archivist/ | Directory to store and serve files. Only valid when using FILE storage backend. |
| ARCHIVISTA_BLOB_STORE_ENDPOINT | 127.0.0.1:9000 | URL endpoint for blob storage. Only valid when using BLOB storage backend. |
| ARCHIVISTA_BLOB_STORE_ACCESS_KEY_ID | | Blob store access key id. Only valid when using BLOB storage backend. |
| ARCHIVISTA_BLOB_STORE_SECRET_ACCESS_KEY_ID | | Blob store secret access key id. Only valid when using BLOB storage backend. |
| ARCHIVISTA_BLOB_STORE_USE_TLS | TRUE | Use TLS for BLOB storage backend. Only valid when using BLOB storage backend. |
| ARCHIVISTA_BLOB_STORE_BUCKET_NAME | | Bucket to use for storage. Only valid when using BLOB storage backend. |
| ARCHIVISTA_ENABLE_GRAPHQL | TRUE | Enable GraphQL Endpoint |
| ARCHIVISTA_GRAPHQL_WEB_CLIENT_ENABLE | TRUE | Enable GraphiQL, the GraphQL web client |


## Using Archivista

Archivista exposes two HTTP endpoints to upload or download attestations:

```
POST /upload - Uploads an attestation to Archivist. The attestation is to be in the request's body
POST /upload - Uploads an attestation to Archivista. The attestation is to be in the request's body
```

```
GET /download/:gitoid: - Downloads an attestation with provided gitoid from Archivist
GET /download/:gitoid: - Downloads an attestation with provided gitoid from Archivista
```

Additionally Archivist exposes a GraphQL API. By default the GraphQL playground is enabled and available at root.
Additionally Archivista exposes a GraphQL API. By default the GraphQL playground is enabled and available at root.

`archivistctl` is a CLI tool in this repository that is available to interact with an Archivist instance. `archivistctl`
`archivistactl` is a CLI tool in this repository that is available to interact with an Archivista instance. `archivistctl`
is capable of uploading and downloading attestations as well as doing some basic queries such as finding all
attestations with a specified subject and retrieving all subjects for a specified attestation.

## What's Next

We would like to expand the types of data Archivist can ingest as well as expand the metadata Archivist collected about
ingested data. If you have ideas or use cases for Archivist, feel free to [contact us](mailto:info@testifysec.io) or
We would like to expand the types of data Archivista can ingest as well as expand the metadata Archivista collected about
ingested data. If you have ideas or use cases for Archivista, feel free to [contact us](mailto:info@testifysec.io) or
create an issue!
1 change: 0 additions & 1 deletion archivist.graphql

This file was deleted.

19 changes: 10 additions & 9 deletions cmd/archivist/main.go → cmd/archivista/main.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2022 The Archivist Contributors
// Copyright 2022 The Archivista Contributors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -40,12 +40,13 @@ import (
"github.com/networkservicemesh/sdk/pkg/tools/log"
"github.com/networkservicemesh/sdk/pkg/tools/log/logruslogger"
"github.com/sirupsen/logrus"
"github.com/testifysec/archivist"
"github.com/testifysec/archivist/internal/config"
"github.com/testifysec/archivist/internal/metadatastorage/mysqlstore"
"github.com/testifysec/archivist/internal/objectstorage/blobstore"
"github.com/testifysec/archivist/internal/objectstorage/filestore"
"github.com/testifysec/archivist/internal/server"

"github.com/testifysec/archivista"
"github.com/testifysec/archivista/internal/config"
"github.com/testifysec/archivista/internal/metadatastorage/mysqlstore"
"github.com/testifysec/archivista/internal/objectstorage/blobstore"
"github.com/testifysec/archivista/internal/objectstorage/filestore"
"github.com/testifysec/archivista/internal/server"
)

func main() {
Expand Down Expand Up @@ -110,12 +111,12 @@ func main() {

if cfg.EnableGraphql {
client := mysqlStore.GetClient()
srv := handler.NewDefaultServer(archivist.NewSchema(client))
srv := handler.NewDefaultServer(archivista.NewSchema(client))
srv.Use(entgql.Transactioner{TxOpener: client})
router.Handle("/query", srv)
if cfg.GraphqlWebClientEnable {
router.Handle("/",
playground.Handler("Archivist", "/query"),
playground.Handler("Archivista", "/query"),
)
}
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2022 The Archivist Contributors
// Copyright 2022 The Archivista Contributors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
Expand All @@ -21,21 +21,21 @@ import (
"strings"

"github.com/spf13/cobra"
archivistapi "github.com/testifysec/archivist-api"
archivistaapi "github.com/testifysec/archivista-api"
)

var (
outFile string

retrieveCmd = &cobra.Command{
Use: "retrieve",
Short: "Retrieve information from an archivist server",
Short: "Retrieve information from an archivista server",
SilenceUsage: true,
}

envelopeCmd = &cobra.Command{
Use: "envelope",
Short: "Retrieves a dsse envelope by it's gitoid from archivist",
Short: "Retrieves a dsse envelope by it's gitoid from archivista",
SilenceUsage: true,
Args: cobra.ExactArgs(1),
RunE: func(cmd *cobra.Command, args []string) error {
Expand All @@ -50,7 +50,7 @@ var (
out = file
}

return archivistapi.DownloadWithWriter(cmd.Context(), archivistUrl, args[0], out)
return archivistaapi.DownloadWithWriter(cmd.Context(), archivistaUrl, args[0], out)
},
}

Expand All @@ -60,7 +60,7 @@ var (
SilenceUsage: true,
Args: cobra.ExactArgs(1),
RunE: func(cmd *cobra.Command, args []string) error {
results, err := archivistapi.GraphQlQuery[retrieveSubjectResults](cmd.Context(), archivistUrl, retrieveSubjectsQuery, retrieveSubjectVars{Gitoid: args[0]})
results, err := archivistaapi.GraphQlQuery[retrieveSubjectResults](cmd.Context(), archivistaUrl, retrieveSubjectsQuery, retrieveSubjectVars{Gitoid: args[0]})
if err != nil {
return err
}
Expand Down
10 changes: 5 additions & 5 deletions cmd/archivistctl/cmd/root.go → cmd/archivistactl/cmd/root.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2022 The Archivist Contributors
// Copyright 2022 The Archivista Contributors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
Expand All @@ -19,16 +19,16 @@ import (
)

var (
archivistUrl string
archivistaUrl string

rootCmd = &cobra.Command{
Use: "archivistctl",
Short: "A utility to interact with an archivist server",
Use: "archivistactl",
Short: "A utility to interact with an archivista server",
}
)

func init() {
rootCmd.PersistentFlags().StringVarP(&archivistUrl, "archivisturl", "u", "http://localhost:8082", "url of the archivist instance")
rootCmd.PersistentFlags().StringVarP(&archivistaUrl, "archivistaurl", "u", "http://localhost:8082", "url of the archivista instance")
}

func Execute() error {
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2022 The Archivist Contributors
// Copyright 2022 The Archivista Contributors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
Expand All @@ -20,15 +20,15 @@ import (
"strings"

"github.com/spf13/cobra"
archivistapi "github.com/testifysec/archivist-api"
archivistaapi "github.com/testifysec/archivista-api"
)

var (
searchCmd = &cobra.Command{
Use: "search",
Short: "Searches the archivist instance for an attestation matching a query",
Short: "Searches the archivista instance for an attestation matching a query",
SilenceUsage: true,
Long: `Searches the archivist instance for an envelope with a specified subject digest.
Long: `Searches the archivista instance for an envelope with a specified subject digest.
Optionally a collection name can be provided to further constrain results.
Digests are expected to be in the form algorithm:digest, for instance: sha256:456c0c9a7c05e2a7f84c139bbacedbe3e8e88f9c`,
Expand All @@ -49,7 +49,7 @@ Digests are expected to be in the form algorithm:digest, for instance: sha256:45
return err
}

results, err := archivistapi.GraphQlQuery[searchResults](cmd.Context(), archivistUrl, searchQuery, searchVars{Algorithm: algo, Digest: digest})
results, err := archivistaapi.GraphQlQuery[searchResults](cmd.Context(), archivistaUrl, searchQuery, searchVars{Algorithm: algo, Digest: digest})
if err != nil {
return err
}
Expand Down
10 changes: 5 additions & 5 deletions cmd/archivistctl/cmd/store.go → cmd/archivistactl/cmd/store.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2022 The Archivist Contributors
// Copyright 2022 The Archivista Contributors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
Expand All @@ -20,18 +20,18 @@ import (
"os"

"github.com/spf13/cobra"
archivistapi "github.com/testifysec/archivist-api"
archivistaapi "github.com/testifysec/archivista-api"
)

var (
storeCmd = &cobra.Command{
Use: "store",
Short: "stores an attestation on the archivist server",
Short: "stores an attestation on the archivista server",
SilenceUsage: true,
Args: cobra.MinimumNArgs(1),
RunE: func(cmd *cobra.Command, args []string) error {
for _, filePath := range args {
if gitoid, err := storeAttestationByPath(cmd.Context(), archivistUrl, filePath); err != nil {
if gitoid, err := storeAttestationByPath(cmd.Context(), archivistaUrl, filePath); err != nil {
return fmt.Errorf("failed to store %s: %w", filePath, err)
} else {
fmt.Printf("%s stored with gitoid %s\n", filePath, gitoid)
Expand All @@ -54,7 +54,7 @@ func storeAttestationByPath(ctx context.Context, baseUrl, path string) (string,
}

defer file.Close()
resp, err := archivistapi.StoreWithReader(ctx, baseUrl, file)
resp, err := archivistaapi.StoreWithReader(ctx, baseUrl, file)
if err != nil {
return "", err
}
Expand Down
Loading

0 comments on commit 1f459fa

Please sign in to comment.