feat(docs): update contract examples (#2489)

Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>

Author: Piskoo

docs/examples/contracts/container-image-sbom/azure-pipeline.yaml

@@ -1,13 +1,17 @@
-schemaVersion: v1
-
 # Require both a container image reference and a CycloneDX SBOM with the attestation happening in Azure Devops Pipeline
-materials:
-  - type: CONTAINER_IMAGE
-    name: image
-    output: true
+apiVersion: chainloop.dev/v1
+kind: Contract
+metadata:
+  name: azure-pipeline
+  description: Require both a container image reference and a CycloneDX SBOM with the attestation happening in Azure Devops Pipeline
+spec:
+  materials:
+    - type: CONTAINER_IMAGE
+      name: image
+      output: true
 
-  - type: SBOM_CYCLONEDX_JSON
-    name: sbom
+    - type: SBOM_CYCLONEDX_JSON
+      name: sbom
 
-runner:
-  type: "AZURE_PIPELINE"
+  runner:
+    type: "AZURE_PIPELINE"

docs/examples/contracts/container-image-sbom/github.yaml

@@ -1,13 +1,17 @@
 # Require both a container image reference and a CycloneDX SBOM with the attestation happening in GitHub actions
-schemaVersion: v1
+apiVersion: chainloop.dev/v1
+kind: Contract
+metadata:
+  name: github
+  description: Require both a container image reference and a CycloneDX SBOM with the attestation happening in GitHub actions
+spec:
+  materials:
+    - type: CONTAINER_IMAGE
+      name: image
+      output: true
 
-materials:
-  - type: CONTAINER_IMAGE
-    name: image
-    output: true
+    - type: SBOM_CYCLONEDX_JSON
+      name: sbom
 
-  - type: SBOM_CYCLONEDX_JSON
-    name: sbom
-
-runner:
-  type: "GITHUB_ACTION"
+  runner:
+    type: "GITHUB_ACTION"

docs/examples/contracts/container-image-sbom/gitlab.yaml

@@ -1,13 +1,17 @@
-schemaVersion: v1
-
 # Require both a container image reference and a CycloneDX SBOM with the attestation happening in Gitlab
-materials:
-  - type: CONTAINER_IMAGE
-    name: image
-    output: true
+apiVersion: chainloop.dev/v1
+kind: Contract
+metadata:
+  name: gitlab
+  description: Require both a container image reference and a CycloneDX SBOM with the attestation happening in Gitlab
+spec:
+  materials:
+    - type: CONTAINER_IMAGE
+      name: image
+      output: true
 
-  - type: SBOM_CYCLONEDX_JSON
-    name: sbom
+    - type: SBOM_CYCLONEDX_JSON
+      name: sbom
 
-runner:
-  type: "GITLAB_PIPELINE"
+  runner:
+    type: "GITLAB_PIPELINE"

docs/examples/contracts/csaf/contract.yaml

@@ -1,14 +1,19 @@
-schemaVersion: v1
-materials:
-  # Refs: https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#45-profile-5-vex
-  - type: CSAF_VEX
-    name: vex-disclosure
-  # Refs: https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#43-profile-3-informational-advisory
-  - type: CSAF_INFORMATIONAL_ADVISORY
-    name: informational-advisory
-  # Refs: https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#44-profile-4-security-advisory
-  - type: CSAF_SECURITY_ADVISORY
-    name: security-advisory
-  # Refs: https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#42-profile-2-security-incident-response
-  - type: CSAF_SECURITY_INCIDENT_RESPONSE
-    name: security-incident-response
+apiVersion: chainloop.dev/v1
+kind: Contract
+metadata:
+  name: contract
+  description: Contract for CSAF advisories and VEX
+spec:
+  materials:
+    # Refs: https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#45-profile-5-vex
+    - type: CSAF_VEX
+      name: vex-disclosure
+    # Refs: https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#43-profile-3-informational-advisory
+    - type: CSAF_INFORMATIONAL_ADVISORY
+      name: informational-advisory
+    # Refs: https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#44-profile-4-security-advisory
+    - type: CSAF_SECURITY_ADVISORY
+      name: security-advisory
+    # Refs: https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#42-profile-2-security-incident-response
+    - type: CSAF_SECURITY_INCIDENT_RESPONSE
+      name: security-incident-response

docs/examples/contracts/empty/azure-pipeline.yaml

@@ -1,5 +1,10 @@
 # Empty Chainloop contract valid for a workflow run in a Azure Pipeline
-schemaVersion: "v1"
 # See https://docs.chainloop.dev/reference/operator/contract#runner-context
-runner:
-  type: "AZURE_PIPELINE"
+apiVersion: chainloop.dev/v1
+kind: Contract
+metadata:
+  name: azure-pipeline
+  description: Empty Chainloop contract valid for a workflow run in a Azure Pipeline
+spec:
+  runner:
+    type: "AZURE_PIPELINE"

docs/examples/contracts/empty/generic.yaml

@@ -1,2 +1,7 @@
 # Empty Chainloop contract valid for any runner type
-schemaVersion: "v1"
+apiVersion: chainloop.dev/v1
+kind: Contract
+metadata:
+  name: generic
+  description: Empty Chainloop contract valid for any runner type
+spec:

docs/examples/contracts/empty/github.yaml

@@ -1,5 +1,10 @@
 # Empty Chainloop contract valid for a workflow run in a Github Action
-schemaVersion: "v1"
 # See https://docs.chainloop.dev/reference/operator/contract#runner-context
-runner:
-  type: "GITHUB_ACTION"
+apiVersion: chainloop.dev/v1
+kind: Contract
+metadata:
+  name: github
+  description: Empty Chainloop contract valid for a workflow run in a Github Action
+spec:
+  runner:
+    type: "GITHUB_ACTION"

docs/examples/contracts/empty/gitlab.yaml

@@ -1,5 +1,10 @@
 # Empty Chainloop contract valid for a workflow run in a Gitlab pipeline
-schemaVersion: "v1"
 # See https://docs.chainloop.dev/reference/operator/contract#runner-context
-runner:
-  type: "GITLAB_PIPELINE"
+apiVersion: chainloop.dev/v1
+kind: Contract
+metadata:
+  name: gitlab
+  description: Empty Chainloop contract valid for a workflow run in a Gitlab pipeline
+spec:
+  runner:
+    type: "GITLAB_PIPELINE"

docs/examples/contracts/helm-chart/contract.yaml

@@ -1,4 +1,9 @@
-schemaVersion: v1
-materials:
-  - type: HELM_CHART
-    name: helm-chart
+apiVersion: chainloop.dev/v1
+kind: Contract
+metadata:
+  name: contract
+  description: Contract for Helm chart attestation
+spec:
+  materials:
+    - type: HELM_CHART
+      name: helm-chart

docs/examples/contracts/sarif/sarif.yaml

@@ -1,4 +1,9 @@
-schemaVersion: v1
-materials:
-  - type: SARIF
-    name: static-output
+apiVersion: chainloop.dev/v1
+kind: Contract
+metadata:
+  name: sarif
+  description: Contract for SARIF static analysis output
+spec:
+  materials:
+    - type: SARIF
+      name: static-output