Version 3

The following is an example of a signed component descriptor containing a resource, source and one component reference. It uses the v3alpha1 schema. There are no differences in the semantics between v2 and v3. “version” is used as kind of moniker for different serializing/deserializing formats (v3 has the format of Kubernetes resources).

This component is publicly available and can be inspected using the following command:

ocm componentversion get --repo ghcr.io/phoban01/ocm github.com/weaveworks/weave-gitops --scheme v3alpha1 -oyaml

Component Descriptor

apiVersion: ocm.software/v3alpha1 # component schema version
kind: ComponentVersion
metadata:
  name: github.com/weaveworks/weave-gitops # name of the component
  provider: # component provider information
    name: weaveworks
  version: v1.0.0 # version of the component
repositoryContexts: # list of repository context the component version "lived" in, with the current one at the top 
- baseUrl: ghcr.io
  componentNameMapping: urlPath
  subPath: phoban01/ocm
  type: OCIRegistry
spec:
  resources: # list of resources modelled by the component
  - name: image # resource name
    relation: external # resource location (external repository or internal to this repository)
    type: ociImage # resource type
    version: v0.14.1 # resource version
    access: # metadata describing how to access the resource
      type: ociArtifact # type of accesss information
      imageReference: ghcr.io/weaveworks/wego-app:v0.14.1 # oci image url
    digest: # signing metadata for the resource
      hashAlgorithm: SHA-256
      normalisationAlgorithm: ociArtifactDigest/v1
      value: efa2b9980ca2de65dc5a0c8cc05638b1a4b4ce8f6972dc08d0e805e5563ba5bb # the digest itself
  sources: # list of sources relevant to this component
  - name: weave-gitops # source name
    type: git # source type
    version: v0.14.1 # source version
    access: # metadata describing how to access the source
      type: gitHub #
      ref: refs/tags/v0.14.1
      repoUrl: github.com/weaveworks/weave-gitops
      commit: 727513969553bfcc603e1c0ae1a75d79e4132b58
  references: # list of references to other components
  - name: prometheus # reference name
    version: v1.0.0 # reference version
    componentName: cncf.io/prometheus # referenced component name
    digest: # signing metadata for the referenced resource
      hashAlgorithm: SHA-256
      normalisationAlgorithm: jsonNormalisation/v1
      value: 04eb20b6fd942860325caf7f4415d1acf287a1aabd9e4827719328ba25d6f801
signatures: # list of signatures used for signing and verification
- name: ww-dev # name of the signature
  digest: # digest of the signature including the algorithm used
    hashAlgorithm: SHA-256
    normalisationAlgorithm: jsonNormalisation/v1
    value: 4faff7822616305ecd09284d7c3e74a64f2269dcc524a9cdf0db4b592b8cee6a
  signature: # signature including the algorithm used
    algorithm: RSASSA-PKCS1-V1_5
    mediaType: application/vnd.ocm.signature.rsa
    value: 26468587671bdbd2166cf5f69829f090c10768511b15e804294fcb26e552654316c8f4851ed396f279ec99335e5f4b11cb043feb97f1f9a42115f4fda2d31ae8b481b7303b9a913d3a4b92d446fbee9ed487c93b09e513f3f68355040ec08454675e1f407422062abbd2681f70dd5488ad29020b30cfa7e001455c550458da96166bc3243c8426977d73352aface5323fb2b5a374e9c31b272a59c160b85631231c9fc2f23c032401b80fef937029a39111cee34470c61ae86cd4942553466411a5a116159fdcc10e50fe9360c5184028e72d1fe9c7315f26e15d7b4849f62d197501b8cc6b6f1b1391ecc2fc2fc0c1290d2554594505b25fa8f9bfb28c8df24