Merge pull request #160 from simonbaird/big-rename-pr

Big search and replace name change
enterprise-contract · Jan 23, 2025 · bed6411 · bed6411
2 parents 91134ee + 6d4f963
commit bed6411
Show file tree

Hide file tree

Showing 12 changed files with 91 additions and 84 deletions.
diff --git a/README.md b/README.md
@@ -1,10 +1,10 @@
-Enterprise Contract User Guide
-============================
+Conforma User Guide
+===================
 
-Some high level documentation on how to use and configure Enterprise Contract
-with Konflux CI.
+Some high level documentation on how to use and configure Conforma,
+particularly with Konflux CI.
 
 Uses Asciidoc and Antora.
 
 The published version should be viewable
-[here](https://enterprisecontract.dev/docs/user-guide/).
+[here](https://conforma.dev/docs/user-guide/).
diff --git a/modules/ROOT/pages/cli.adoc b/modules/ROOT/pages/cli.adoc
@@ -1,5 +1,5 @@
 
-= Using the Enterprise Contract command line
+= Using the Conforma command line
 
 == Installation
 
@@ -125,7 +125,7 @@ kubectl get -n openshift-pipelines secret public-key -o jsonpath='{.data.cosign\
 ----
 ////
 
-If you've run EC at least once using an integration test, as described in
+If you've run Conforma at least once using an integration test, as described in
 xref:getting-started.adoc[Getting started...], the public key is visible in the
 logs for the pipeline run.
 
@@ -138,7 +138,7 @@ xref:ecc:ROOT:index.adoc[the configuration docs] for more information on the
 `policy.yaml` file, or take a look at the examples
 link:https://github.com/enterprise-contract/config[here].
 
-See also the how-to on xref:reproducing-an-rhtap-report.adoc[reproducing the Enterprise Contract output from a Konflux
+See also the how-to on xref:reproducing-an-rhtap-report.adoc[reproducing the Conforma output from a Konflux
 integration test].
 
 == Validating arbitrary inputs

diff --git a/modules/ROOT/pages/configuration.adoc b/modules/ROOT/pages/configuration.adoc
@@ -1,20 +1,20 @@
 
-= Enterprise Contract Configuration
+= Conforma Configuration
 
-Enterprise Contract configuration is described xref:ecc:ROOT:index.adoc[here].
+Conforma configuration is described xref:ecc:ROOT:index.adoc[here].
 
-The configuration used by EC can be provided by an
+The configuration used by Conforma can be provided by an
 xref:ecc:ROOT:reference.adoc[`EnterpriseContractPolicy` cluster resource], or
 it can be fetched from a git url.
 
-For xref:cli.adoc[command line use] of Enterprise Contract a local file can also be used.
+For xref:cli.adoc[command line use] of Conforma a local file can also be used.
 
 There are some pre-defined configuration files available
 link:https://github.com/enterprise-contract/config[here].
 
 == Finding the configuration used
 
-The output of the Enterprise Contract task includes a copy of the configuration
+The output of the Conforma task includes a copy of the configuration
 used. You can find it under the `policy` key in the raw YAML output where it
 can be copy and pasted.
 
@@ -23,12 +23,12 @@ image::c64db6a88c99447507fb87e42c966fda.png[]
 
 TIP: Notice that the public key used to verify both the signed images and the
 signed attestations created by Tekton Chains is available in the YAML output
-also. This public key is useful if you want to use Enterprise Contract outside the
+also. This public key is useful if you want to use Conforma outside the
 Konflux cluster as described xref:cli.adoc[here].
 
-== Modifying the Enterprise Contract configuration used in Konflux
+== Modifying the Conforma configuration used in Konflux
 
-To change which configuration is used by the Enterprise Contract integration
+To change which configuration is used by the Conforma integration
 test, it is necessary to modify the applicable "IntegrationTestScenario"
 cluster resouce.
 

diff --git a/modules/ROOT/pages/custom-config.adoc b/modules/ROOT/pages/custom-config.adoc
@@ -58,7 +58,7 @@ available] in that same repo. You can of course substitute your own git repo
 with your own customized policy file.
 
 NOTE: The `//` syntax in the git url is used to separate the git repo location
-and the subdirectory inside the git repo. EC will look for a `policy.yaml` or
+and the subdirectory inside the git repo. Conforma will look for a `policy.yaml` or
 `.ec/policy.yaml` file in the directory specified, or at the top level of the git
 repo if no directory is specified. For details on this syntax consult the link:https://github.com/hashicorp/go-getter#url-format[go-getter documentation].
 
@@ -80,7 +80,7 @@ kind: EnterpriseContractPolicy
 metadata:
   name: ec-policy
 spec:
-  description: An example custom EC policy
+  description: An example custom Conforma policy
   publicKey: k8s://openshift-pipelines/public-key
   sources:
     - name: Release policies
@@ -140,7 +140,7 @@ policy configuration parameter value.
 == Retriggering the integration test
 
 There's currently no way to retrigger just the integration test, so to rerun
-the Enterprise Contract pipeline a retrigger of the build pipeline is required.
+the Conforma pipeline a retrigger of the build pipeline is required.
 
 This can be achieved by opening a new PR, typing `/retest` in an existing PR,
 or by pushing a commit to `main` branch. An empty commit works fine, so you
@@ -151,6 +151,6 @@ could do this for example:
 $ git commit -m "Trigger a Konflux rebuild" --allow-empty && git push origin main
 ----
 
-For testing and debugging Enterprise Contract policies conveniently on your
+For testing and debugging Conforma policies conveniently on your
 workstation, you can use command line ec xref:cli.adoc[as
 described here].
diff --git a/modules/ROOT/pages/custom-data.adoc b/modules/ROOT/pages/custom-data.adoc
@@ -1,5 +1,5 @@
 
-= Customizing EC data
+= Customizing Conforma data
 
 I'll work through real-world example.
 
@@ -37,7 +37,7 @@ kubectl get -n openshift-pipelines secret public-key -o json | jq -r '.data."cos
 kubectl get -n enterprise-contract-service enterprisecontractpolicy default -o yaml | yq .spec > policy.yml
 ----
 
-== Running EC locally
+== Running Conforma locally
 
 Install ec as per xref:cli.adoc[these instructions] then do the following.
 
@@ -54,7 +54,7 @@ ec validate image --image $IMAGE --public-key cosign.pub --policy "$(yq -ojson -
 
 
 In the above example we downloaded the public key and the policy, but since we
-have cluster access, it's not actually required. EC can find the public key and
+have cluster access, it's not actually required. Conforma can find the public key and
 the policy configuration in the cluster. For example we can do this, which
 should give the same result:
 
@@ -102,7 +102,7 @@ sources:
         - '@minimal'
 ----
 
-Notice that the EC is currently passing. There are no violations and the top
+Notice that Conforma is currently passing. There are no violations and the top
 level success value is `true`.
 
 == Modify the policy so all rules are applied
@@ -119,9 +119,9 @@ You can also use ec to produce a list of the rules like this:
 ec inspect policy --source quay.io/enterprise-contract/ec-release-policy --collection minimal --output text
 ----
 
-By default EC applies all the rules found in the policy source. So we can just remove the collection configuration to make this happen.
+By default Conforma applies all the rules found in the policy source. So we can just remove the collection configuration to make this happen.
 
-Let's do that and re-run the EC locally.
+Let's do that and re-run Conforma locally.
 
 Edit the policy.yml file:
 
@@ -140,7 +140,7 @@ NOTE: To make these examples tidier I removed some `description` and `name`
 fields that won't be consequential. You can leave them alone or modify them if
 you wish.
 
-Running the EC with this new policy configuration produces some violations:
+Running Conforma with this new policy configuration produces some violations:
 
 [.console-input]
 [source, bash]
@@ -339,9 +339,9 @@ link:https://github.com/simonbaird/ec-data-demos/blob/example1/step_registry_pre
 here].
 
 That's not a real registry prefix of course, but let's start with that and see
-what results EC produces.
+what results Conforma produces.
 
-=== Configuring EC to use the data source
+=== Configuring Conforma to use the data source
 
 Let's modify the `policy.yml` file to add an extra data source:
 
@@ -399,7 +399,7 @@ Step 4 in task 'build-container' has disallowed image ref 'registry.access.redha
 Step 5 in task 'build-container' has disallowed image ref 'quay.io/konflux-ci/cosign@sha256:18b3716a6225727877475e1ab4f2493915e72cffd2ce431e9901d2ed2e4b2c0b'
 ----
 
-As you might have predicted, EC is now reporting that all the steps are using disallowed image refs.
+As you might have predicted, Conforma is now reporting that all the steps are using disallowed image refs.
 
 Let's fix that now. Back in the git repo for your custom data source, modify
 `step_registry_prefixes/data.yml` to look like this:
@@ -456,7 +456,7 @@ key: ...
 
 == Adding a custom policy source
 Now imagine your organization has a need for a custom policy. A policy that doesn't exactly fit in
-with the default. The solution is to create a custom policy repo and apply that to your next EC run.
+with the default. The solution is to create a custom policy repo and apply that to your next Conforma run.
 
 === Creating the custom policy source
 To create a custom policy, we'll start by creating a git repo for it.
@@ -508,7 +508,7 @@ deny contains result if {
 ----
 The above policy will throw a violation if a task named `myorg-task` is not found in the build.
 
-=== Configuring EC to use the custom policy source
+=== Configuring Conforma to use the custom policy source
 Let's modify the `policy.yml` file to add an extra policy source:
 
 .policy.yaml

diff --git a/modules/ROOT/pages/getting-started.adoc b/modules/ROOT/pages/getting-started.adoc
@@ -1,15 +1,15 @@
 
-= Getting started with Enterprise Contract & Konflux CI
+= Getting started with Conforma & Konflux CI
 
 == Creating an application
 
 If you don't already have an application defined in Konflux, follow the
 link:https://konflux-ci.dev/docs/how-tos/creating/[guide]. Once that's done you should have an application with at least one component.
-To get the most out of Enterprise Contract, be sure to follow the steps in the guide so Konflux sends a pull request to your repository to define a custom build pipeline in your GitHub repository.
+To get the most out of Conforma, be sure to follow the steps in the guide so Konflux sends a pull request to your repository to define a custom build pipeline in your GitHub repository.
 
 == Creating an integration test
 
-To run the Enterprise Contract pipeline automatically after each build, an integration test is
+To run the Conforma pipeline automatically after each build, an integration test is
 used. One should be automatically created when a new application is created. The process of
 recreating it manually is
 link:https://konflux-ci.dev/docs/advanced-how-tos/managing-compliance-with-ec/[described here].
@@ -29,21 +29,21 @@ pipeline definition in its git repo instead of as a Tekton bundle image
 reference. It's expected this will become the preferred way to specify the
 integration test pipeline.
 
-== Viewing Enterprise Contract results
+== Viewing Conforma results
 
-With the Enterprise Contract integration test created, each successful build
+With the Conforma integration test created, each successful build
 pipeline run will trigger an integration test pipeline run. You can find the
 integration test pipeline runs by clicking the integration test under the
 "Integration Tests" tab.
 
-The Enterprise Contract results can be seen under the "Security" tab, for example
-this shows a passing Enterprise Contract test:
+The Conforma results can be seen under the "Security" tab, for example
+this shows a passing Conforma test:
 
-.Enterprise Contract results in the "Security" tab
+.Conforma results in the "Security" tab
 image::05a225eebbec005e079a084226e869f3.png[]
 
-The raw output from the Enterprise Contract task is YAML formatted and can be
+The raw output from the Conforma task is YAML formatted and can be
 seen in the pipeline run logs, particularly under the "STEP-REPORT" heading:
 
-.Raw Enterprise Contract results in the task log
+.Raw Conforma results in the task log
 image::0dfd56dd2c4d8d000ab18e9d8a75bf99.png[]
diff --git a/modules/ROOT/pages/glossary.adoc b/modules/ROOT/pages/glossary.adoc
@@ -1,6 +1,6 @@
 = Glossary
 
-Here is a list of terms we use when discussing Enterprise Contracts
+Here is a list of terms we use when discussing Conforma.
 
 :toc: 
 
@@ -9,6 +9,8 @@ Here is a list of terms we use when discussing Enterprise Contracts
 
 A set of requirements imposed upon software delivery artifacts implemented in a <<_enterprise_contract_policy>> fulfilling a gating role allowing or preventing a release of these artifacts
 
+Also, Enterprise Contract is the former name for Conforma.
+
 [[_enterprise_contract_policy]]
 == Enterprise Contract Policy
 

diff --git a/modules/ROOT/pages/hitchhikers-guide.adoc b/modules/ROOT/pages/hitchhikers-guide.adoc
@@ -1,8 +1,8 @@
-= Hitchhiker's Guide to Enterprise Contract
+= Hitchhiker's Guide to Conforma
 
-The Enterprise Contract can be used to validate a software artifact, e.g. a container image, that
+Conforma can be used to validate a software artifact, e.g. a container image, that
 has already been signed and attested. This document assumes you do not have such an artifact. It
-walks you through the process of signing and attesting a container image, then how to use EC to
+walks you through the process of signing and attesting a container image, then how to use Conforma to
 validate those operations.
 
 == Required Tooling
@@ -147,11 +147,11 @@ $ cosign tree "$REPOSITORY:latest"
 
 ----
 
-We are ready to verify the image with the Enterprise Contract CLI!
+We are ready to verify the image with the Conforma CLI!
 
 == Basic Verification
 
-The most basic verification that can be done with the EC cli is to verify the image has a signature
+The most basic verification that can be done with the Conforma cli is to verify the image has a signature
 and a SLSA Provenance attestation matching a given public key.
 
 [source, bash]
@@ -214,7 +214,7 @@ The above contains a single policy rule that ensure the `builder.id` in the SLSA
 the expected value.
 
 The `METADATA` comment block is rego's way to specify
-https://www.openpolicyagent.org/docs/latest/policy-language/#metadata[annotations] for rules. EC
+https://www.openpolicyagent.org/docs/latest/policy-language/#metadata[annotations] for rules. Conforma
 leverages this in order to provide additional information in its report, see
 https://enterprisecontract.dev/docs/ec-policies/authoring.html#_rule_annotations[here].
 
@@ -269,7 +269,7 @@ violations:
 
 == Conclusion
 
-I hope you enjoyed this high level overview of the Enterprise Contract. You are now officially an EC
+I hope you enjoyed this high level overview of Conforma. You are now officially a Conforma
 Hero!
 
 By the way, once you are done experimenting, it is a good idea to tear down the local container

diff --git a/modules/ROOT/pages/index.adoc b/modules/ROOT/pages/index.adoc
@@ -1,9 +1,14 @@
 
-= Enterprise Contract User Guide
+= Conforma Contract User Guide
 
-This documentation will describe how to use Enterprise Contract, particularly
+This documentation describes how to use Conforma, particularly
 with link:https://github.com/konflux-ci[Konflux CI].
 
+NOTE: Conforma was previously known as "Enterprise Contract". You can consider
+"Conforma" and "Enterprise Contract" to be synonynous. See
+link:/posts/whats-in-a-name/[this article] for more details about the name
+change.
+
 See also the link:https://konflux-ci.dev/docs/[Konflux-CI Documentation].
 
 == Contents

diff --git a/modules/ROOT/pages/reproducing-an-rhtap-report.adoc b/modules/ROOT/pages/reproducing-an-rhtap-report.adoc
@@ -1,13 +1,13 @@
-= Reproducing a Konflux Enterprise Contract report locally
+= Reproducing a Konflux Conforma report locally
 
 This requires that you installed `ec` locally as described in
-xref:cli.adoc[Command line EC], and that you have at least one Enterprise
+xref:cli.adoc[Command line Conforma], and that you have at least one Enterprise
 Contract integration test pipeline run in your Konflux environment.
 
 include::partial$oc_login.adoc[]
 
 Run the following commands to extract the raw YAML output from the most recent
-Enterprise Contract pipeline run.
+Conforma pipeline run.
 
 [,bash]
 ----
@@ -16,7 +16,7 @@ POD_NAME=$( kubectl get $TR_NAME -o jsonpath='{.status.podName}' )
 kubectl logs -c step-report $POD_NAME | tee ec-report.yaml
 ----
 
-Extract some useful parts of the EC report output and save them to files.
+Extract some useful parts of the Conforma report output and save them to files.
 
 [,bash]
 ----
@@ -31,7 +31,7 @@ Extracting the components list is similar, but a little more complicated. Note t
 yq -o json '{"components":.components.[] | [{"name":.name, "containerImage":.containerImage}]}' ec-report.yaml | tee snapshot.json
 ----
 
-With the snapshot file, the public key and the policy file, we can reproduce the Enterprise Contract output like this:
+With the snapshot file, the public key and the policy file, we can reproduce the Conforma output like this:
 
 [,bash]
 ----