https://github.com/carabiner-dev/snappy

An easy API snapshot tool.
https://github.com/carabiner-dev/snappy

api attestations rest rest-api sigstore

Last synced: over 1 year ago
JSON representation

An easy API snapshot tool.

• Host: GitHub
• URL: https://github.com/carabiner-dev/snappy
• Owner: carabiner-dev
• License: apache-2.0
• Created: 2025-02-09T01:20:42.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2025-02-24T18:20:17.000Z (over 1 year ago)
• Last Synced: 2025-02-24T19:28:30.989Z (over 1 year ago)
• Topics: api, attestations, rest, rest-api, sigstore
• Language: Go
• Homepage:
• Size: 148 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Snappy

### Grab attestable snapshots of API responses

Snappy is a simple tool that grabs snapshots of API response data to

be able to fix it in a signed attestation.

The API call is contructed according to a spec file, to generate a snapshot

you simply call snappy and pass it a spec:

```

snappy snap spec.yaml

```

## Snapshot Spec 

The API snapshots are controlled through a spec file written in yaml.

The spec describes some basic metadata about the object being queried,

and the API endpoint to hit.

In order to avoid leaking snesitive data, only data specifically configured

in the spec will be written in the resulting snapshot.

An example spec YAML file looks like this:

```yaml

---

id: https://github.com/{$ORG}/{$REPO}

type: http://github.com/carabiner-dev/snapi/specs/repo.yaml

endpoint: repos/{$ORG}/{$REPO}

method:  GET

mask:

  - id

  - node_id

  - name

  - full_name

  - html_url

  - git_url

  - license

  - has_discussions

  - has_issues

  - homepage

  - fork

  - visibility

  - security_and_analysis

  - web_commit_signoff_required

```

From the resulting data structure, only those fields named in the field mask

will be transferred to the resulting snapshot.

## Variable Support

As seen in the example above, the snapshot spec can have variables that

can be substituted when invoking snappy:

```yaml

id: https://github.com/{$ORG}/{$REPO}

type: http://github.com/carabiner-dev/snapi/specs/repo.yaml

endpoint: repos/{$ORG}/{$REPO}

```

To define a value for the `$ORG` and `$REPO` variables, simply pass them

in the command line invocation:

```

snappy snap --var ORG=myorg --var REPO=myrepo spec.yaml

```

## Install

TBD