Version 3

The following is an example of a signed component descriptor containing a resource, source and one component reference. It uses the v3alpha1 schema.

This component is publicly available and can be inspected using the following command:

ocm componentversion get --repo ghcr.io/phoban01/ocm github.com/weaveworks/weave-gitops --scheme v3alpha1 -oyaml

Component Descriptor 

apiVersion: ocm.software/v3alpha1 # component schema version
kind: ComponentVersion
metadata:
  name: github.com/weaveworks/weave-gitops # name of the component
  provider: # component provider information
    name: weaveworks
  version: v1.0.0 # version of the component
repositoryContexts: # origin of this document
- baseUrl: ghcr.io
  componentNameMapping: urlPath
  subPath: phoban01/ocm
  type: OCIRegistry
spec:
  resources: # list of resources modelled by the component
  - name: image # resource name
    relation: external # resource location (external repository or internal to this repository)
    type: ociImage # resource type
    version: v0.14.1 # resource version
    access: # metadata describing how to access the resource
      type: ociArtifact # type of accesss information
      imageReference: ghcr.io/weaveworks/wego-app:v0.14.1 # oci image url
    digest: # signing metadata for the resource
      hashAlgorithm: SHA-256
      normalisationAlgorithm: ociArtifactDigest/v1
      value: efa2b9980ca2de65dc5a0c8cc05638b1a4b4ce8f6972dc08d0e805e5563ba5bb # the digest itself
  sources: # list of sources relevant to this component
  - name: weave-gitops # source name
    type: git # source type
    version: v0.14.1 # source version
    access: # metadata describing how to access the source
      type: gitHub #
      ref: refs/tags/v0.14.1
      repoUrl: github.com/weaveworks/weave-gitops
      commit: 727513969553bfcc603e1c0ae1a75d79e4132b58
  references: # list of references to other components
  - name: prometheus # reference name
    version: v1.0.0 # reference version
    componentName: cncf.io/prometheus # referenced component name
    digest: # signing metadata for the referenced resource
      hashAlgorithm: SHA-256
      normalisationAlgorithm: jsonNormalisation/v1
      value: 04eb20b6fd942860325caf7f4415d1acf287a1aabd9e4827719328ba25d6f801
signatures: # list of signatures used for signing and verification
- name: ww-dev # name of the signature
  digest: # digest of the signature including the algorithm used
    hashAlgorithm: SHA-256
    normalisationAlgorithm: jsonNormalisation/v1
    value: 4faff7822616305ecd09284d7c3e74a64f2269dcc524a9cdf0db4b592b8cee6a
  signature: # signature including the algorithm used
    algorithm: RSASSA-PKCS1-V1_5
    mediaType: application/vnd.ocm.signature.rsa
    value: 26468587671bdbd2166cf5f69829f090c10768511b15e804294fcb26e552654316c8f4851ed396f279ec99335e5f4b11cb043feb97f1f9a42115f4fda2d31ae8b481b7303b9a913d3a4b92d446fbee9ed487c93b09e513f3f68355040ec08454675e1f407422062abbd2681f70dd5488ad29020b30cfa7e001455c550458da96166bc3243c8426977d73352aface5323fb2b5a374e9c31b272a59c160b85631231c9fc2f23c032401b80fef937029a39111cee34470c61ae86cd4942553466411a5a116159fdcc10e50fe9360c5184028e72d1fe9c7315f26e15d7b4849f62d197501b8cc6b6f1b1391ecc2fc2fc0c1290d2554594505b25fa8f9bfb28c8df24
← Getting Started with OCM
Context →