component

package

v0.8.0 Latest Latest Go to latest Published: Feb 25, 2026 License: Apache-2.0 Imports: 0 Imported by: 0

Details

Package component provides unified types and utilities for both collectors and tools.

This package re-exports commonly used types from subpackages for convenience. For less common types, import the subpackages directly:

config: Configuration types (JobConfig, CollectorConfig, ToolConfig) and parsing
lockfile: Lockfile types (LockFile, LockedCollector, LockedTool) and I/O
sync: Component synchronization (Syncer, Locker) and registry abstraction
github: GitHub API client (Client, Release, Asset, ParseSource)
semver: Semantic versioning (ParseConstraint, SelectVersion)
sigstore: Sigstore verification

Both collectors and tools use the same supply chain security model:

This package is part of Layer 2 (Component System) and MUST NOT import:

Component resolution and verification must come exclusively from the lockfile. This boundary is enforced by import_guard_test.go.

Path	Synopsis
config Package config provides configuration parsing for epack.yaml files.	Package config provides configuration parsing for epack.yaml files.
github Package github provides a GitHub API client for fetching releases and assets.	Package github provides a GitHub API client for fetching releases and assets.
lockfile Package lockfile provides lockfile parsing, serialization, and management.	Package lockfile provides lockfile parsing, serialization, and management.
semver Package semver provides semantic version parsing and constraint matching.	Package semver provides semantic version parsing and constraint matching.
sigstore Package sigstore provides Sigstore signature verification for epack components.	Package sigstore provides Sigstore signature verification for epack components.
sync Package sync provides component synchronization and locking operations.	Package sync provides component synchronization and locking operations.