docs: add evidence transformation pipeline documentation

[anoncam]

Document how JUnit and Jacoco evidence types are transformed before being injected into the policy engine. This addresses issue #2183 which requested documentation of the transformation process for non-JSON evidence types.

The documentation covers:

• Complete transformation pipeline architecture with flow diagram
• JUnit XML transformation process and JSON output structure
• Jacoco XML transformation process and coverage metrics
• Policy engine integration via GetEvaluableContent function
• Practical Rego policy examples for both evidence types
• Guide for adding new evidence types to the system
• Performance, security, and error handling considerations
• Complete reference of key implementation files

[anoncam]

ah bummer my workflow didn't have a gpg key setup

[migmartri]

Thanks @anoncam for the contribution.

Something it's worth mentioning that we now have a CLI command that allows you to see the transformed input.

For example, this is the result of running it against our test-coverage policy, you'll notice a debug_info.inputs where the transformed jacoco is.

 chainloop policy devel eval --policy policy.yaml --material ../integration-tests/materials/jacoco.xml --debug
WRN API contacted in insecure mode
{
   "result": {
      "violations": [
         "minimum coverage not reached: 25%, required: 80%"
      ],
      "skip_reasons": [],
      "skipped": false
   },
   "debug_info": {
      "inputs": [
         {
            "args": {
               "counter": "INSTRUCTION",
               "threshold": "80"
            },
            "chainloop_metadata": {
               "annotations": {
                  "chainloop.material.cas.inline": true,
                  "chainloop.material.name": "auto-detected-material",
                  "chainloop.material.type": "JACOCO_XML"
               },
               "content": "REDACTED-BASE64",
               "digest": {
                  "sha256": "6e5a5e079b0775a7cec76dff9afb6cefb25a3b25d9b38c1fb6dd683141f1eb38"
               },
               "name": "jacoco.xml"
            },

[migmartri]

@anoncam please make sure your commits are signed, thanks!

[anoncam]

@anoncam please make sure your commits are signed, thanks!

Yeah I'm embarrassed by that oversight. I could overly explain it but instead will sign my commits in the future. Do you need me to reopen this with a signed commit?

[migmartri]

@anoncam please make sure your commits are signed, thanks!

Yeah I'm embarrassed by that oversight. I could overly explain it but instead will sign my commits in the future. Do you need me to reopen this with a signed commit?

No worries! It happens to me all the time.

Could you ammend your commit re-signing it + force pushing it?

[migmartri]

Sorry @anoncam but now it seems that the commit is signed but doesn't contain the Signeed-Off stanza (for DCO)

Could you make sure the commit is commited with -S -s (both Ss :)

Thanks!

[anoncam]

Sorry @anoncam but now it seems that the commit is signed but doesn't contain the Signeed-Off stanza (for DCO)

Could you make sure the commit is commited with -S -s (both Ss :)

Thanks!

There we go.