Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create new buildType for tekton specific verifiers #895

Merged
merged 1 commit into from
Sep 15, 2023
Merged

Create new buildType for tekton specific verifiers #895

merged 1 commit into from
Sep 15, 2023

Conversation

joejstuart
Copy link
Contributor

Changes

This change introduces a new buildType for pipelineRun and taskRun attestations that produces more verbose output. The buildType is based off of this design doc

Submitter Checklist

As the author of this PR, please check off the items in this checklist:

Release Notes

NONE

@tekton-robot tekton-robot added needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Aug 7, 2023
@tekton-robot
Copy link

Hi @joejstuart. Thanks for your PR.

I'm waiting for a tektoncd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@joejstuart joejstuart marked this pull request as draft August 7, 2023 19:33
@tekton-robot tekton-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 7, 2023
@joejstuart
Copy link
Contributor Author

Setting this as a draft while conflicts are fixed

@tekton-robot tekton-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 7, 2023
joejstuart
joejstuart commented Aug 7, 2023
View reviewed changes
pkg/chains/formats/slsa/v2alpha2/internal/build_definitions/build_definitions.go Outdated

const (
SlsaBuildType = "https://tekton.dev/chains/v2/slsa"
TektonBuildType = ""
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still undecided what this should be.

@joejstuart joejstuart force-pushed the tekton-build-type2 branch 3 times, most recently from 06475b8 to 9cfd86c Compare August 8, 2023 03:35
@joejstuart joejstuart marked this pull request as ready for review August 8, 2023 12:56
@tekton-robot tekton-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 8, 2023
@chitrangpatel
Copy link
Contributor

/ok-to-test

@tekton-robot tekton-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Aug 8, 2023
@tekton-robot
Copy link

The following is the coverage report on the affected files.
Say /test pull-tekton-chains-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/chains/formats/slsa/v2alpha2/internal/build_definitions/pipelinerun.go Do not exist 100.0%
pkg/chains/formats/slsa/v2alpha2/internal/build_definitions/resolved_dependencies.go Do not exist 86.9%
pkg/chains/formats/slsa/v2alpha2/internal/build_definitions/taskrun.go Do not exist 100.0%
pkg/chains/formats/slsa/v2alpha2/internal/pipelinerun/pipelinerun.go 92.9% 80.6% -12.2
pkg/chains/formats/slsa/v2alpha2/internal/taskrun/taskrun.go 92.9% 80.6% -12.2

@tekton-robot
Copy link

The following is the coverage report on the affected files.
Say /test pull-tekton-chains-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/chains/formats/slsa/v2alpha2/internal/build_definitions/pipelinerun.go Do not exist 100.0%
pkg/chains/formats/slsa/v2alpha2/internal/build_definitions/resolved_dependencies.go Do not exist 86.9%
pkg/chains/formats/slsa/v2alpha2/internal/build_definitions/taskrun.go Do not exist 100.0%
pkg/chains/formats/slsa/v2alpha2/internal/pipelinerun/pipelinerun.go 92.9% 79.4% -13.4
pkg/chains/formats/slsa/v2alpha2/internal/taskrun/taskrun.go 92.9% 79.4% -13.4

@chitrangpatel
Copy link
Contributor

Hi @joejstuart, we generally sqash the commits into a single commit for a PR (please do that if you can 🙏 ). You can capture the high level changes in the PR description.

@tekton-robot
Copy link

The following is the coverage report on the affected files.
Say /test pull-tekton-chains-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/chains/formats/slsa/v2alpha2/internal/build_definitions/pipelinerun.go Do not exist 100.0%
pkg/chains/formats/slsa/v2alpha2/internal/build_definitions/resolved_dependencies.go Do not exist 86.9%
pkg/chains/formats/slsa/v2alpha2/internal/build_definitions/taskrun.go Do not exist 100.0%
pkg/chains/formats/slsa/v2alpha2/internal/pipelinerun/pipelinerun.go 92.9% 79.4% -13.4
pkg/chains/formats/slsa/v2alpha2/internal/taskrun/taskrun.go 92.9% 79.4% -13.4

@tekton-robot
Copy link

The following is the coverage report on the affected files.
Say /test pull-tekton-chains-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/chains/formats/slsa/v2alpha2/internal/build_definitions/pipelinerun.go Do not exist 100.0%
pkg/chains/formats/slsa/v2alpha2/internal/build_definitions/resolved_dependencies.go Do not exist 86.9%
pkg/chains/formats/slsa/v2alpha2/internal/build_definitions/taskrun.go Do not exist 100.0%
pkg/chains/formats/slsa/v2alpha2/internal/pipelinerun/pipelinerun.go 92.9% 85.3% -7.6
pkg/chains/formats/slsa/v2alpha2/internal/taskrun/taskrun.go 92.9% 85.3% -7.6

@tekton-robot
Copy link

The following is the coverage report on the affected files.
Say /test pull-tekton-chains-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/chains/formats/slsa/v2alpha2/internal/external_parameters/external_parameters.go Do not exist 87.5%
pkg/chains/formats/slsa/v2alpha2/internal/internal_parameters/internal_parameters.go Do not exist 100.0%
pkg/chains/formats/slsa/v2alpha2/internal/pipelinerun/pipelinerun.go 93.0% 83.8% -9.2
pkg/chains/formats/slsa/v2alpha2/internal/resolved_dependencies/resolved_dependencies.go 88.4% 88.2% -0.2
pkg/chains/formats/slsa/v2alpha2/internal/taskrun/taskrun.go 93.0% 86.5% -6.5
pkg/chains/objects/objects.go 71.7% 69.7% -1.9

@tekton-robot
Copy link

The following is the coverage report on the affected files.
Say /test pull-tekton-chains-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/chains/formats/slsa/v2alpha2/internal/external_parameters/external_parameters.go Do not exist 87.5%
pkg/chains/formats/slsa/v2alpha2/internal/internal_parameters/internal_parameters.go Do not exist 100.0%
pkg/chains/formats/slsa/v2alpha2/internal/pipelinerun/pipelinerun.go 93.0% 83.8% -9.2
pkg/chains/formats/slsa/v2alpha2/internal/resolved_dependencies/resolved_dependencies.go 88.4% 88.2% -0.2
pkg/chains/formats/slsa/v2alpha2/internal/taskrun/taskrun.go 93.0% 86.5% -6.5
pkg/chains/objects/objects.go 71.7% 69.7% -1.9

@tekton-robot
Copy link

The following is the coverage report on the affected files.
Say /test pull-tekton-chains-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/chains/formats/slsa/v2alpha2/internal/external_parameters/external_parameters.go Do not exist 87.5%
pkg/chains/formats/slsa/v2alpha2/internal/internal_parameters/internal_parameters.go Do not exist 100.0%
pkg/chains/formats/slsa/v2alpha2/internal/pipelinerun/pipelinerun.go 93.0% 83.8% -9.2
pkg/chains/formats/slsa/v2alpha2/internal/resolved_dependencies/resolved_dependencies.go 88.4% 86.4% -2.0
pkg/chains/formats/slsa/v2alpha2/internal/taskrun/taskrun.go 93.0% 86.5% -6.5
pkg/chains/objects/objects.go 71.7% 69.7% -1.9

@tekton-robot
Copy link

The following is the coverage report on the affected files.
Say /test pull-tekton-chains-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/chains/formats/slsa/v2alpha2/internal/external_parameters/external_parameters.go Do not exist 87.5%
pkg/chains/formats/slsa/v2alpha2/internal/internal_parameters/internal_parameters.go Do not exist 100.0%
pkg/chains/formats/slsa/v2alpha2/internal/pipelinerun/pipelinerun.go 93.0% 83.8% -9.2
pkg/chains/formats/slsa/v2alpha2/internal/resolved_dependencies/resolved_dependencies.go 88.4% 86.4% -2.0
pkg/chains/formats/slsa/v2alpha2/internal/taskrun/taskrun.go 93.0% 86.5% -6.5
pkg/chains/objects/objects.go 71.7% 69.7% -1.9

@joejstuart
provide support for multiple buildTypes. The initial types are to
639fce9 
support more general slsa verifiers and provide more verbose output for
tekton verifiers. This implementation will default to the slsa
buildType.
@tekton-robot
Copy link

The following is the coverage report on the affected files.
Say /test pull-tekton-chains-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/chains/formats/slsa/v2alpha2/internal/external_parameters/external_parameters.go Do not exist 87.5%
pkg/chains/formats/slsa/v2alpha2/internal/internal_parameters/internal_parameters.go Do not exist 100.0%
pkg/chains/formats/slsa/v2alpha2/internal/pipelinerun/pipelinerun.go 93.0% 83.8% -9.2
pkg/chains/formats/slsa/v2alpha2/internal/resolved_dependencies/resolved_dependencies.go 88.4% 86.4% -2.0
pkg/chains/formats/slsa/v2alpha2/internal/taskrun/taskrun.go 93.0% 86.5% -6.5
pkg/chains/objects/objects.go 71.7% 69.7% -1.9

lcarva
lcarva reviewed Sep 15, 2023
View reviewed changes
pkg/config/config.go
@@ -200,6 +205,9 @@ const (
transparencyEnabledKey = "transparency.enabled"
transparencyURLKey = "transparency.url"

// Build type
buildTypeKey = "builddefinition.buildtype"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's do a follow up PR to document this.

lcarva
lcarva approved these changes Sep 15, 2023
View reviewed changes
Copy link
Contributor

@lcarva lcarva left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Sep 15, 2023
@tekton-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: lcarva

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 15, 2023
@tekton-robot tekton-robot merged commit 659b32b into tektoncd:main Sep 15, 2023
12 checks passed
@chuangw6
Copy link
Member

@joejstuart could you please document the new config option in https://github.com/tektoncd/chains/blob/main/docs/config.md?

Since this addition is slsa-related, I feel like we should also document some details in https://github.com/tektoncd/chains/pulls once it's merged. WDYT?

@joejstuart
Copy link
Contributor Author

@joejstuart could you please document the new config option in https://github.com/tektoncd/chains/blob/main/docs/config.md?
Yep, I can definitely get this in.

Since this addition is slsa-related, I feel like we should also document some details in https://github.com/tektoncd/chains/pulls once it's merged. WDYT?
I'm not following this link. Do you mean in this PR? #906. If so, I can do that also.

@joejstuart joejstuart mentioned this pull request Sep 16, 2023
Open
6 tasks
joejstuart added a commit to joejstuart/chains that referenced this pull request Sep 17, 2023
@joejstuart
document buildType config for slsa/v2alpha2 format. This is
0fcea42 
documentation for tektoncd#895
@joejstuart joejstuart mentioned this pull request Sep 17, 2023
Merged
6 tasks
@chuangw6
Copy link
Member

Since this addition is slsa-related, I feel like we should also document some details in https://github.com/tektoncd/chains/pulls once it's merged. WDYT?
I'm not following this link. Do you mean in this PR? #906. If so, I can do that also.

I am sorry for the confusion, I must have copied the pr link too fast and miss the number 😢

#913 is what I mean. We can add slsa-related topics to this doc once it's merged.

joejstuart added a commit to joejstuart/chains that referenced this pull request Sep 18, 2023
@joejstuart
document buildType config for slsa/v2alpha2 format. This is
ed7a55b 
documentation for tektoncd#895
joejstuart added a commit to joejstuart/chains that referenced this pull request Sep 18, 2023
@joejstuart
document buildType config for slsa/v2alpha2 format. This is
5275590 
documentation for tektoncd#895
joejstuart added a commit to joejstuart/chains that referenced this pull request Sep 18, 2023
@joejstuart
document buildType config for slsa/v2alpha2 format. This is
7477873 
documentation for tektoncd#895
joejstuart added a commit to joejstuart/chains that referenced this pull request Sep 18, 2023
@joejstuart
document buildType config for slsa/v2alpha2 format. This is
bf92fc0 
documentation for tektoncd#895
joejstuart added a commit to joejstuart/chains that referenced this pull request Sep 18, 2023
@joejstuart
document buildType config for slsa/v2alpha2 format. This is
94989ce 
documentation for tektoncd#895
tekton-robot pushed a commit that referenced this pull request Sep 18, 2023
@joejstuart
document buildType config for slsa/v2alpha2 format. This is (#927)
52b918e 
documentation for #895
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lcarva lcarva lcarva approved these changes

@priyawadhwa priyawadhwa Awaiting requested review from priyawadhwa

@chuangw6 chuangw6 Awaiting requested review from chuangw6

Assignees

@lcarva lcarva

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@joejstuart @tekton-robot @chitrangpatel @chuangw6 @lcarva