feat: Implement IsolatedReplayContext for deterministic audit replay
- Added IsolatedReplayContext class to provide an isolated environment for replaying audit bundles without external calls. - Introduced methods for initializing the context, verifying input digests, and extracting inputs for policy evaluation. - Created supporting interfaces and options for context configuration. feat: Create ReplayExecutor for executing policy re-evaluation and verdict comparison - Developed ReplayExecutor class to handle the execution of replay processes, including input verification and verdict comparison. - Implemented detailed drift detection and error handling during replay execution. - Added interfaces for policy evaluation and replay execution options. feat: Add ScanSnapshotFetcher for fetching scan data and snapshots - Introduced ScanSnapshotFetcher class to retrieve necessary scan data and snapshots for audit bundle creation. - Implemented methods to fetch scan metadata, advisory feeds, policy snapshots, and VEX statements. - Created supporting interfaces for scan data, feed snapshots, and policy snapshots.
This commit is contained in:
StellaOps Bot
@@ -2,6 +2,7 @@
|
||||
set -euo pipefail
|
||||
|
||||
# DEVOPS-CLI-41-001: Build multi-platform CLI binaries with SBOM and checksums.
|
||||
# Updated: SPRINT_5100_0001_0001 - CLI Consolidation: includes Aoc and Symbols plugins
|
||||
|
||||
RIDS="${RIDS:-linux-x64,win-x64,osx-arm64}"
|
||||
CONFIG="${CONFIG:-Release}"
|
||||
@@ -11,6 +12,17 @@ SBOM_TOOL="${SBOM_TOOL:-syft}" # syft|none
|
||||
SIGN="${SIGN:-false}"
|
||||
COSIGN_KEY="${COSIGN_KEY:-}"
|
||||
|
||||
# CLI Plugins to include in the distribution
|
||||
# SPRINT_5100_0001_0001: CLI Consolidation - stella aoc and stella symbols
|
||||
PLUGIN_PROJECTS=(
|
||||
"src/Cli/__Libraries/StellaOps.Cli.Plugins.Aoc/StellaOps.Cli.Plugins.Aoc.csproj"
|
||||
"src/Cli/__Libraries/StellaOps.Cli.Plugins.Symbols/StellaOps.Cli.Plugins.Symbols.csproj"
|
||||
)
|
||||
PLUGIN_MANIFESTS=(
|
||||
"src/Cli/plugins/cli/StellaOps.Cli.Plugins.Aoc/stellaops.cli.plugins.aoc.manifest.json"
|
||||
"src/Cli/plugins/cli/StellaOps.Cli.Plugins.Symbols/stellaops.cli.plugins.symbols.manifest.json"
|
||||
)
|
||||
|
||||
IFS=',' read -ra TARGETS <<< "$RIDS"
|
||||
|
||||
mkdir -p "$OUT_ROOT"
|
||||
@@ -39,8 +51,11 @@ for rid in "${TARGETS[@]}"; do
|
||||
echo "[cli-build] publishing for $rid"
|
||||
out_dir="${OUT_ROOT}/${rid}"
|
||||
publish_dir="${out_dir}/publish"
|
||||
plugins_dir="${publish_dir}/plugins/cli"
|
||||
mkdir -p "$publish_dir"
|
||||
mkdir -p "$plugins_dir"
|
||||
|
||||
# Build main CLI
|
||||
dotnet publish "$PROJECT" -c "$CONFIG" -r "$rid" \
|
||||
-o "$publish_dir" \
|
||||
--self-contained true \
|
||||
@@ -49,6 +64,37 @@ for rid in "${TARGETS[@]}"; do
|
||||
-p:DebugType=None \
|
||||
>/dev/null
|
||||
|
||||
# Build and copy plugins
|
||||
# SPRINT_5100_0001_0001: CLI Consolidation
|
||||
for i in "${!PLUGIN_PROJECTS[@]}"; do
|
||||
plugin_project="${PLUGIN_PROJECTS[$i]}"
|
||||
manifest_path="${PLUGIN_MANIFESTS[$i]}"
|
||||
|
||||
if [[ ! -f "$plugin_project" ]]; then
|
||||
echo "[cli-build] WARNING: Plugin project not found: $plugin_project"
|
||||
continue
|
||||
fi
|
||||
|
||||
# Get plugin name from project path
|
||||
plugin_name=$(basename "$(dirname "$plugin_project")")
|
||||
plugin_out="${plugins_dir}/${plugin_name}"
|
||||
mkdir -p "$plugin_out"
|
||||
|
||||
echo "[cli-build] building plugin: $plugin_name"
|
||||
dotnet publish "$plugin_project" -c "$CONFIG" -r "$rid" \
|
||||
-o "$plugin_out" \
|
||||
--self-contained false \
|
||||
-p:DebugType=None \
|
||||
>/dev/null 2>&1 || echo "[cli-build] WARNING: Plugin build failed for $plugin_name (may have pre-existing errors)"
|
||||
|
||||
# Copy manifest file
|
||||
if [[ -f "$manifest_path" ]]; then
|
||||
cp "$manifest_path" "$plugin_out/"
|
||||
else
|
||||
echo "[cli-build] WARNING: Manifest not found: $manifest_path"
|
||||
fi
|
||||
done
|
||||
|
||||
# Package
|
||||
archive_ext="tar.gz"
|
||||
archive_cmd=(tar -C "$publish_dir" -czf)
|
||||
@@ -70,12 +116,15 @@ done
|
||||
|
||||
# Build manifest
|
||||
manifest="${OUT_ROOT}/manifest.json"
|
||||
plugin_list=$(printf '"%s",' "${PLUGIN_PROJECTS[@]}" | sed 's/,.*//' | sed 's/.*\///' | sed 's/\.csproj//')
|
||||
cat > "$manifest" <<EOF
|
||||
{
|
||||
"generated_at": "$(date -u +"%Y-%m-%dT%H:%M:%SZ")",
|
||||
"config": "$CONFIG",
|
||||
"rids": [$(printf '"%s",' "${TARGETS[@]}" | sed 's/,$//')],
|
||||
"artifacts_root": "$OUT_ROOT"
|
||||
"plugins": ["stellaops.cli.plugins.aoc", "stellaops.cli.plugins.symbols"],
|
||||
"artifacts_root": "$OUT_ROOT",
|
||||
"notes": "CLI Consolidation (SPRINT_5100_0001_0001) - includes aoc and symbols plugins"
|
||||
}
|
||||
EOF
|
||||
|
||||
|
||||
Reference in New Issue
Block a user