Add --markdown falg for markdown files the user might add to the DSSE

evidence/cli/command_build.go

@@ -29,6 +29,7 @@ func (ebc *evidenceBuildCommand) CreateEvidence(ctx *components.Context, serverD
 		serverDetails,
 		ebc.ctx.GetStringFlagValue(predicate),
 		ebc.ctx.GetStringFlagValue(predicateType),
+		ebc.ctx.GetStringFlagValue(markdown),
 		ebc.ctx.GetStringFlagValue(key),
 		ebc.ctx.GetStringFlagValue(keyAlias),
 		ebc.ctx.GetStringFlagValue(project),

evidence/cli/command_custom.go

@@ -22,6 +22,7 @@ func (ecc *evidenceCustomCommand) CreateEvidence(_ *components.Context, serverDe
 		serverDetails,
 		ecc.ctx.GetStringFlagValue(predicate),
 		ecc.ctx.GetStringFlagValue(predicateType),
+		ecc.ctx.GetStringFlagValue(markdown),
 		ecc.ctx.GetStringFlagValue(key),
 		ecc.ctx.GetStringFlagValue(keyAlias),
 		ecc.ctx.GetStringFlagValue(subjectRepoPath),

evidence/cli/command_package.go

@@ -29,6 +29,7 @@ func (epc *evidencePackageCommand) CreateEvidence(ctx *components.Context, serve
 		serverDetails,
 		epc.ctx.GetStringFlagValue(predicate),
 		epc.ctx.GetStringFlagValue(predicateType),
+		epc.ctx.GetStringFlagValue(markdown),
 		epc.ctx.GetStringFlagValue(key),
 		epc.ctx.GetStringFlagValue(keyAlias),
 		epc.ctx.GetStringFlagValue(packageName),

evidence/cli/command_relesae_bundle.go

@@ -29,6 +29,7 @@ func (erc *evidenceReleaseBundleCommand) CreateEvidence(ctx *components.Context,
 		serverDetails,
 		erc.ctx.GetStringFlagValue(predicate),
 		erc.ctx.GetStringFlagValue(predicateType),
+		erc.ctx.GetStringFlagValue(markdown),
 		erc.ctx.GetStringFlagValue(key),
 		erc.ctx.GetStringFlagValue(keyAlias),
 		erc.ctx.GetStringFlagValue(project),

evidence/cli/flags.go

@@ -30,6 +30,7 @@ const (
 	// Unique evidence flags
 	predicate       = "predicate"
 	predicateType   = "predicate-type"
+	markdown        = "markdown"
 	subjectRepoPath = "subject-repo-path"
 	subjectSha256   = "subject-sha256"
 	key             = "key"
@@ -61,6 +62,7 @@ var flagsMap = map[string]components.Flag{
 
 	predicate:       components.NewStringFlag(predicate, "Path to the predicate, arbitrary JSON.", func(f *components.StringFlag) { f.Mandatory = true }),
 	predicateType:   components.NewStringFlag(predicateType, "Type of the predicate.", func(f *components.StringFlag) { f.Mandatory = true }),
+	markdown:        components.NewStringFlag(markdown, "Markdown of the predicate.", func(f *components.StringFlag) { f.Mandatory = false }),
 	subjectRepoPath: components.NewStringFlag(subjectRepoPath, "Full path to some subject' location.", func(f *components.StringFlag) { f.Mandatory = false }),
 	subjectSha256:   components.NewStringFlag(subjectSha256, "Subject checksum sha256.", func(f *components.StringFlag) { f.Mandatory = false }),
 	key:             components.NewStringFlag(key, "Path to a private key that will sign the DSSE. Supported keys: 'ecdsa','rsa' and 'ed25519'.", func(f *components.StringFlag) { f.Mandatory = false }),
@@ -83,6 +85,7 @@ var commandFlags = map[string][]string{
 		packageRepoName,
 		predicate,
 		predicateType,
+		markdown,
 		subjectRepoPath,
 		subjectSha256,
 		key,

evidence/create_base.go

@@ -22,6 +22,7 @@ type createEvidenceBase struct {
 	serverDetails     *config.ServerDetails
 	predicateFilePath string
 	predicateType     string
+	markdownFilePath  string
 	key               string
 	keyId             string
 }
@@ -58,6 +59,11 @@ func (c *createEvidenceBase) buildIntotoStatementJson(subject, subjectSha256 str
 	}
 
 	statement := intoto.NewStatement(predicate, c.predicateType, c.serverDetails.User)
+	err = c.setMarkdown(statement)
+	if err != nil {
+		return nil, err
+	}
+
 	err = statement.SetSubject(artifactoryClient, subject, subjectSha256)
 	if err != nil {
 		return nil, err
@@ -70,6 +76,21 @@ func (c *createEvidenceBase) buildIntotoStatementJson(subject, subjectSha256 str
 	return statementJson, nil
 }
 
+func (c *createEvidenceBase) setMarkdown(statement *intoto.Statement) error {
+	if c.markdownFilePath != "" {
+		if !strings.HasSuffix(c.markdownFilePath, ".md") {
+			return fmt.Errorf("file '%s' does not have a .md extension", c.markdownFilePath)
+		}
+		markdown, err := os.ReadFile(c.markdownFilePath)
+		if err != nil {
+			log.Warn(fmt.Sprintf("failed to read markdown file '%s'", c.markdownFilePath))
+			return err
+		}
+		statement.SetMarkdown(markdown)
+	}
+	return nil
+}
+
 func (c *createEvidenceBase) uploadEvidence(envelope []byte, repoPath string) error {
 	evidenceManager, err := utils.CreateEvidenceServiceManager(c.serverDetails, false)
 	if err != nil {

evidence/create_build.go

@@ -19,12 +19,13 @@ type createEvidenceBuild struct {
 }
 
 func NewCreateEvidenceBuild(serverDetails *coreConfig.ServerDetails,
-	predicateFilePath, predicateType, key, keyId, project, buildName, buildNumber string) Command {
+	predicateFilePath, predicateType, markdownFilePath, key, keyId, project, buildName, buildNumber string) Command {
 	return &createEvidenceBuild{
 		createEvidenceBase: createEvidenceBase{
 			serverDetails:     serverDetails,
 			predicateFilePath: predicateFilePath,
 			predicateType:     predicateType,
+			markdownFilePath:  markdownFilePath,
 			key:               key,
 			keyId:             keyId,
 		},

evidence/create_custom.go

@@ -11,13 +11,14 @@ type createEvidenceCustom struct {
 	subjectSha256   string
 }
 
-func NewCreateEvidenceCustom(serverDetails *coreConfig.ServerDetails, predicateFilePath, predicateType, key, keyId, subjectRepoPath,
+func NewCreateEvidenceCustom(serverDetails *coreConfig.ServerDetails, predicateFilePath, predicateType, markdownFilePath, key, keyId, subjectRepoPath,
 	subjectSha256 string) Command {
 	return &createEvidenceCustom{
 		createEvidenceBase: createEvidenceBase{
 			serverDetails:     serverDetails,
 			predicateFilePath: predicateFilePath,
 			predicateType:     predicateType,
+			markdownFilePath:  markdownFilePath,
 			key:               key,
 			keyId:             keyId,
 		},

evidence/create_package.go

@@ -26,13 +26,14 @@ type createEvidencePackage struct {
 	packageRepoName string
 }
 
-func NewCreateEvidencePackage(serverDetails *coreConfig.ServerDetails, predicateFilePath, predicateType, key, keyId, packageName,
+func NewCreateEvidencePackage(serverDetails *coreConfig.ServerDetails, predicateFilePath, predicateType, markdownFilePath, key, keyId, packageName,
 	packageVersion, packageRepoName string) Command {
 	return &createEvidencePackage{
 		createEvidenceBase: createEvidenceBase{
 			serverDetails:     serverDetails,
 			predicateFilePath: predicateFilePath,
 			predicateType:     predicateType,
+			markdownFilePath:  markdownFilePath,
 			key:               key,
 			keyId:             keyId,
 		},

evidence/create_release_bundle.go

@@ -15,13 +15,14 @@ type createEvidenceReleaseBundle struct {
 	releaseBundleVersion string
 }
 
-func NewCreateEvidenceReleaseBundle(serverDetails *coreConfig.ServerDetails, predicateFilePath, predicateType, key, keyId, project, releaseBundle,
+func NewCreateEvidenceReleaseBundle(serverDetails *coreConfig.ServerDetails, predicateFilePath, predicateType, markdownFilePath, key, keyId, project, releaseBundle,
 	releaseBundleVersion string) Command {
 	return &createEvidenceReleaseBundle{
 		createEvidenceBase: createEvidenceBase{
 			serverDetails:     serverDetails,
 			predicateFilePath: predicateFilePath,
 			predicateType:     predicateType,
+			markdownFilePath:  markdownFilePath,
 			key:               key,
 			keyId:             keyId,
 		},

evidence/intoto/intoto_statement_v1.go

@@ -21,6 +21,7 @@ type Statement struct {
 	Predicate     json.RawMessage      `json:"predicate"`
 	CreatedAt     string               `json:"createdAt"`
 	CreatedBy     string               `json:"createdBy"`
+	Markdown      string               `json:"markdown,omitempty"`
 }
 
 type ResourceDescriptor struct {
@@ -54,6 +55,10 @@ func (s *Statement) SetSubject(servicesManager artifactory.ArtifactoryServicesMa
 	return nil
 }
 
+func (s *Statement) SetMarkdown(markdown []byte) {
+	s.Markdown = string(markdown)
+}
+
 func (s *Statement) Marshal() ([]byte, error) {
 	intotoJson, err := json.Marshal(s)
 	if err != nil {