98 lines
3.6 KiB
Text
98 lines
3.6 KiB
Text
# schemas/lib/integration/oci_artifact_format.ncl
|
|
#
|
|
# OCI artifact descriptors for the federated integration-modes protocol.
|
|
# Two artifact kinds:
|
|
# DomainArtifact — typed contract pushed by the domain owner
|
|
# ModeArtifact — integration mode manifest pushed by the participant
|
|
#
|
|
# Also exports:
|
|
# Invocation — how a mode step binary is invoked
|
|
# DomainLock — per-workspace lock file written after `prvng integration pull`
|
|
|
|
let _binary_source = [| 'path_assumed, 'cargo_install, 'oci_blob |] in
|
|
|
|
let _invocation_method = [| 'stdin_context, 'argv_context_file |] in
|
|
|
|
# How a mode step binary is resolved and invoked.
|
|
let _Invocation = {
|
|
method | _invocation_method
|
|
| doc "stdin_context: JSON piped to stdin; argv_context_file: path written to a temp file, passed as $1",
|
|
binary | {
|
|
source | _binary_source,
|
|
name | String,
|
|
version | String | optional,
|
|
cargo_crate | String | optional
|
|
| doc "Required when source = 'cargo_install",
|
|
oci_layer | String | optional
|
|
| doc "OCI blob reference when source = 'oci_blob — e.g. reg.librecloud.online/binaries/lian-build:0.3.0",
|
|
},
|
|
args | Array String | default = [],
|
|
env | { _ | String } | default = {},
|
|
} in
|
|
|
|
# A single OCI layer descriptor inside an artifact manifest.
|
|
let _LayerDescriptor = {
|
|
media_type | String,
|
|
description | String,
|
|
required | Bool | default = true,
|
|
} in
|
|
|
|
# DomainArtifact — pushed to reg.librecloud.online/domains/<id>:<semver>
|
|
# mediaType: application/vnd.ontoref.domain.v1
|
|
let _DomainArtifact = {
|
|
media_type | String
|
|
| default = "application/vnd.ontoref.domain.v1",
|
|
id | String
|
|
| doc "Stable domain identifier, e.g. 'secret-delivery'",
|
|
version | String
|
|
| doc "Semver of the domain contract",
|
|
description | String,
|
|
layers | Array _LayerDescriptor
|
|
| doc "Expected layers in the OCI image. 'contract.ncl' layer is always required.",
|
|
# ADR-017 G2 — explicit dependency declaration. References a RegistryEntry.id
|
|
# in the consuming project's manifest.registry_provides.registries[]. Enables
|
|
# impact analysis on `ore secrets close`: which artifacts are affected by a
|
|
# credential change. Empty = artifact does not consume registry credentials.
|
|
uses_registry | String | optional
|
|
| doc "RegistryEntry.id this artifact's runtime depends on",
|
|
} in
|
|
|
|
# ModeArtifact — pushed to reg.librecloud.online/modes/<id>:<semver>
|
|
# mediaType: application/vnd.ontoref.mode.v1
|
|
let _ModeArtifact = {
|
|
media_type | String
|
|
| default = "application/vnd.ontoref.mode.v1",
|
|
id | String,
|
|
version | String,
|
|
description | String,
|
|
participant | String
|
|
| doc "Originating project/workspace that owns this mode",
|
|
layers | Array _LayerDescriptor,
|
|
uses_registry | String | optional
|
|
| doc "RegistryEntry.id this mode's runtime depends on (ADR-017 G2)",
|
|
} in
|
|
|
|
# Written to infra/<ws>/integrations/<mode-id>.lock.ncl after successful pull.
|
|
# Keyed by domain id, records the resolved version + digest for reproducibility.
|
|
let _DomainLockEntry = {
|
|
version | String,
|
|
digest | String
|
|
| doc "OCI manifest digest, sha256:...",
|
|
pulled_at | String
|
|
| doc "ISO-8601 timestamp",
|
|
media_type | String,
|
|
} in
|
|
|
|
let _DomainLock = {
|
|
schema_version | String | default = "0.1.0",
|
|
domains | { _ | _DomainLockEntry },
|
|
} in
|
|
|
|
{
|
|
Invocation = _Invocation,
|
|
DomainArtifact = _DomainArtifact,
|
|
ModeArtifact = _ModeArtifact,
|
|
DomainLockEntry = _DomainLockEntry,
|
|
DomainLock = _DomainLock,
|
|
LayerDescriptor = _LayerDescriptor,
|
|
}
|