Pontos de extremidade da API REST para metadados de artefato
Use esses pontos de extremidade para recuperar e gerenciar metadados para artefatos em sua organização. Os metadados de artefato fornecem informações sobre artefatos de build, sua origem e detalhes relacionados.
Ao exibir os alertas do Dependabot ou code scanning para uma organização, você pode usar metadados de artefatos para filtrar e priorizar alertas, consulte Priorizando alertas do Dependabot e de verificação de código no contexto de produção.
Create an artifact deployment record
Create or update deployment records for an artifact associated with an organization. This endpoint allows you to record information about a specific artifact, such as its name, digest, environments, cluster, and deployment.
Tokens de acesso refinados para "Create an artifact deployment record"
Esse ponto de extremidade funciona com os seguintes tipos de token refinados:
- Tokens de acesso de usuário do aplicativo GitHub
- Tokens de acesso à instalação do aplicativo GitHub
- Tokens de acesso pessoal refinados
O token refinado deve ter pelo menos um dos seguintes conjuntos de permissões:
- "Contents" repository permissions (write)
- "Artifact metadata" repository permissions (write)
Parâmetros para "Create an artifact deployment record"
| Nome, Tipo, Descrição |
|---|
accept string Setting to |
| Nome, Tipo, Descrição |
|---|
org string ObrigatórioThe organization name. The name is not case sensitive. |
| Nome, Tipo, Descrição |
|---|
name string ObrigatórioThe name of the artifact. |
digest string ObrigatórioThe hex encoded digest of the artifact. |
version string The artifact version. |
status string ObrigatórioThe status of the artifact. Can be either deployed or decommissioned. Pode ser um dos: |
logical_environment string ObrigatórioThe stage of the deployment. |
physical_environment string The physical region of the deployment. |
cluster string The deployment cluster. |
deployment_name string ObrigatórioThe name of the deployment. |
tags object The tags associated with the deployment. |
runtime_risks array of strings A list of runtime risks associated with the deployment.
Supported values are: |
github_repository string The name of the GitHub repository associated with the artifact. This should be used when there are no provenance attestations available for the artifact. The repository must belong to the organization specified in the path parameter. If a provenance attestation is available for the artifact, the API will use the repository information from the attestation instead of this parameter. |
Códigos de status de resposta HTTP para "Create an artifact deployment record"
| Código de status | Descrição |
|---|---|
200 | Artifact deployment record stored successfully. |
Exemplos de código para "Create an artifact deployment record"
Exemplo de solicitação
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/artifacts/metadata/deployment-record \
-d '{"name":"awesome-image","digest":"sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72","status":"deployed","logical_environment":"prod","physical_environment":"pacific-east","cluster":"moda-1","deployment_name":"deployment-pod","tags":{"data-access":"sensitive"}}'Artifact deployment record stored successfully.
Status: 200{
"total_count": 1,
"deployment_records": [
{
"id": 123,
"digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
"logical_environment": "prod",
"physical_environment": "pacific-east",
"cluster": "moda-1",
"deployment_name": "prod-deployment",
"tags": {
"data": "sensitive"
},
"created": "2011-01-26T19:14:43Z",
"updated_at": "2011-01-26T19:14:43Z",
"attestation_id": 456
}
]
}Set cluster deployment records
Set deployment records for a given cluster.
Tokens de acesso refinados para "Set cluster deployment records"
Esse ponto de extremidade funciona com os seguintes tipos de token refinados:
- Tokens de acesso de usuário do aplicativo GitHub
- Tokens de acesso à instalação do aplicativo GitHub
- Tokens de acesso pessoal refinados
O token refinado deve ter pelo menos um dos seguintes conjuntos de permissões:
- "Contents" repository permissions (write)
- "Artifact metadata" repository permissions (write)
Parâmetros para "Set cluster deployment records"
| Nome, Tipo, Descrição |
|---|
accept string Setting to |
| Nome, Tipo, Descrição |
|---|
org string ObrigatórioThe organization name. The name is not case sensitive. |
cluster string ObrigatórioThe cluster name. |
| Nome, Tipo, Descrição | |||||||||
|---|---|---|---|---|---|---|---|---|---|
logical_environment string ObrigatórioThe stage of the deployment. | |||||||||
physical_environment string The physical region of the deployment. | |||||||||
deployments array of objects ObrigatórioThe list of deployments to record. | |||||||||
Properties of |
| Nome, Tipo, Descrição |
|---|
name string ObrigatórioThe name of the artifact. Note that if multiple deployments have identical 'digest' parameter values, the name parameter must also be identical across all entries. |
digest string ObrigatórioThe hex encoded digest of the artifact. Note that if multiple deployments have identical 'digest' parameter values, the name and version parameters must also be identical across all entries. |
version string The artifact version. Note that if multiple deployments have identical 'digest' parameter values, the version parameter must also be identical across all entries. |
status string The deployment status of the artifact. Pode ser um dos: |
deployment_name string ObrigatórioThe unique identifier for the deployment represented by the new record. To accommodate differing containers and namespaces within a record set, the following format is recommended: {namespaceName}-{deploymentName}-{containerName} |
github_repository string The name of the GitHub repository associated with the artifact. This should be used when there are no provenance attestations available for the artifact. The repository must belong to the organization specified in the path parameter. If a provenance attestation is available for the artifact, the API will use the repository information from the attestation instead of this parameter. |
tags object Key-value pairs to tag the deployment record. |
runtime_risks array of strings A list of runtime risks associated with the deployment.
Supported values are: |
Códigos de status de resposta HTTP para "Set cluster deployment records"
| Código de status | Descrição |
|---|---|
200 | Artifact deployment record stored successfully. |
Exemplos de código para "Set cluster deployment records"
Exemplo de solicitação
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/artifacts/metadata/deployment-record/cluster/CLUSTER \
-d '{"logical_environment":"prod","physical_environment":"pacific-east","deployments":[{"name":"awesome-image","digest":"sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72","version":"2.1.0","status":"deployed","deployment_name":"deployment-pod","tags":{"runtime-risk":"sensitive-data"}}]}'Artifact deployment record stored successfully.
Status: 200{
"total_count": 1,
"deployment_records": [
{
"id": 123,
"digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
"logical_environment": "prod",
"physical_environment": "pacific-east",
"cluster": "moda-1",
"deployment_name": "prod-deployment",
"tags": {
"data": "sensitive"
},
"created": "2011-01-26T19:14:43Z",
"updated_at": "2011-01-26T19:14:43Z",
"attestation_id": 456
}
]
}Create artifact metadata storage record
Create metadata storage records for artifacts associated with an organization. This endpoint will create a new artifact storage record on behalf of any artifact matching the provided digest and associated with a repository owned by the organization.
Tokens de acesso refinados para "Create artifact metadata storage record"
Esse ponto de extremidade funciona com os seguintes tipos de token refinados:
- Tokens de acesso de usuário do aplicativo GitHub
- Tokens de acesso à instalação do aplicativo GitHub
- Tokens de acesso pessoal refinados
O token refinado deve ter pelo menos um dos seguintes conjuntos de permissões:
- "Contents" repository permissions (write)
- "Artifact metadata" repository permissions (write)
Parâmetros para "Create artifact metadata storage record"
| Nome, Tipo, Descrição |
|---|
accept string Setting to |
| Nome, Tipo, Descrição |
|---|
org string ObrigatórioThe organization name. The name is not case sensitive. |
| Nome, Tipo, Descrição |
|---|
name string ObrigatórioThe name of the artifact. |
digest string ObrigatórioThe digest of the artifact (algorithm:hex-encoded-digest). |
version string The artifact version. |
artifact_url string The URL where the artifact is stored. |
path string The path of the artifact. |
registry_url string ObrigatórioThe base URL of the artifact registry. |
repository string The repository name within the registry. |
status string The status of the artifact (e.g., active, inactive). Padrão: Pode ser um dos: |
github_repository string The name of the GitHub repository associated with the artifact. This should be used when there are no provenance attestations available for the artifact. The repository must belong to the organization specified in the path parameter. If a provenance attestation is available for the artifact, the API will use the repository information from the attestation instead of this parameter. |
Códigos de status de resposta HTTP para "Create artifact metadata storage record"
| Código de status | Descrição |
|---|---|
200 | Artifact metadata storage record stored successfully. |
Exemplos de código para "Create artifact metadata storage record"
Exemplo de solicitação
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/artifacts/metadata/storage-record \
-d '{"name":"libfoo","version":"1.2.3","digest":"sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72","artifact_url":"https://reg.example.com/artifactory/bar/libfoo-1.2.3","registry_url":"https://reg.example.com/artifactory/","repository":"bar","status":"active"}'Artifact metadata storage record stored successfully.
Status: 200{
"total_count": 1,
"storage_records": [
{
"name": "libfoo",
"digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
"artifact_url": "https://reg.example.com/artifactory/bar/libfoo-1.2.3",
"registry_url": "https://reg.example.com/artifactory/",
"repository": "bar",
"status": "active",
"created_at": "2023-10-01T12:00:00Z",
"updated_at": "2023-10-01T12:00:00Z"
}
]
}List artifact deployment records
List deployment records for an artifact metadata associated with an organization.
Tokens de acesso refinados para "List artifact deployment records"
Esse ponto de extremidade funciona com os seguintes tipos de token refinados:
- Tokens de acesso de usuário do aplicativo GitHub
- Tokens de acesso à instalação do aplicativo GitHub
- Tokens de acesso pessoal refinados
O token refinado deve ter pelo menos um dos seguintes conjuntos de permissões:
- "Contents" repository permissions (read)
- "Artifact metadata" repository permissions (read)
Parâmetros para "List artifact deployment records"
| Nome, Tipo, Descrição |
|---|
accept string Setting to |
| Nome, Tipo, Descrição |
|---|
org string ObrigatórioThe organization name. The name is not case sensitive. |
subject_digest string ObrigatórioThe SHA256 digest of the artifact, in the form |
Códigos de status de resposta HTTP para "List artifact deployment records"
| Código de status | Descrição |
|---|---|
200 | Successful response |
Exemplos de código para "List artifact deployment records"
Exemplo de solicitação
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/artifacts/SUBJECT_DIGEST/metadata/deployment-recordsSuccessful response
Status: 200{
"total_count": 1,
"deployment_records": [
{
"id": 123,
"digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
"logical_environment": "prod",
"physical_environment": "pacific-east",
"cluster": "moda-1",
"deployment_name": "prod-deployment",
"tags": {
"data": "sensitive"
},
"created": "2011-01-26T19:14:43Z",
"updated_at": "2011-01-26T19:14:43Z",
"attestation_id": 456
}
]
}List artifact storage records
List a collection of artifact storage records with a given subject digest that are associated with repositories owned by an organization.
The collection of storage records returned by this endpoint is filtered according to the authenticated user's permissions; if the authenticated user cannot read a repository, the attestations associated with that repository will not be included in the response. In addition, when using a fine-grained access token the content:read permission is required.
Tokens de acesso refinados para "List artifact storage records"
Esse ponto de extremidade funciona com os seguintes tipos de token refinados:
- Tokens de acesso de usuário do aplicativo GitHub
- Tokens de acesso à instalação do aplicativo GitHub
- Tokens de acesso pessoal refinados
O token refinado deve ter pelo menos um dos seguintes conjuntos de permissões:
- "Contents" repository permissions (read)
- "Artifact metadata" repository permissions (read)
Parâmetros para "List artifact storage records"
| Nome, Tipo, Descrição |
|---|
accept string Setting to |
| Nome, Tipo, Descrição |
|---|
org string ObrigatórioThe organization name. The name is not case sensitive. |
subject_digest string ObrigatórioThe parameter should be set to the attestation's subject's SHA256 digest, in the form |
Códigos de status de resposta HTTP para "List artifact storage records"
| Código de status | Descrição |
|---|---|
200 | OK |
Exemplos de código para "List artifact storage records"
Exemplo de solicitação
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/artifacts/SUBJECT_DIGEST/metadata/storage-recordsResponse
Status: 200{
"storage_records": [
{
"name": "libfoo-1.2.3",
"digest": "sha256:1bb1e949e55dcefc6353e7b36c8897d2a107d8e8dca49d4e3c0ea8493fc0bc72",
"artifact_url": "https://reg.example.com/artifactory/bar/libfoo-1.2.3",
"registry_url": "https://reg.example.com/artifactory/",
"repository": "bar",
"status": "active",
"created_at": "2023-10-01T12:00:00Z",
"updated_at": "2023-10-01T12:00:00Z"
}
]
}