minimum CLI Version check in the backend

chainloop-dev / chainloop

Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.

https://docs.chainloop.dev

Apache License 2.0

336 stars 24 forks source link

minimum CLI Version check in the backend #796

Open migmartri opened 2 months ago

migmartri commented 2 months ago

The CLI and backend are rapidly evolving and currently there is no check to make sure CLI/Controlplane are compatible.

This is problematic since for example @jp-gouin ran into the following issue

- attestation.workflow.organization: value length must be at least 1 characters [string.min_len]

which was related to using a version of the CLI (0.83.0) that was not sending the required organization information in the attestation, requirement that was added in 0.87.

jiparis commented 2 months ago

Implementation:

Add a minumunVersion to the /infoz enpoint response
Block CLI command only when there is a requirement in the backend (the case described in this task)

Another useful feature would be to add the used CLI version and digest to the local crafting state, so that these issues can be easily debugged. We would use this metadata in the render phase when doing att push.