From 8970bdd2f5fcffe2270e46c4c4c89ac562b82fb1 Mon Sep 17 00:00:00 2001 From: Chuang Wang Date: Wed, 28 Sep 2022 12:37:09 -0700 Subject: [PATCH] Add Provenance field in TaskRun&PipelineRun status Change 1: Add a Provenance field in TaskRun&PipelineRun status. This field currently only contains a subfield named `ConfigSource`, but can be extended later to have more provenance-related fields. Change 2: Prior, https://github.com/tektoncd/pipeline/pull/5551 introduced the ConfigSource to api/resolution alpha & beta package. In this PR, we moved the ConfigSource to api/pipeline alpha & beta package for the provenance field to reuse that type (cannot import the api/resolution alpha because of import cycle). Why: See the motivation and discussions in https://github.com/tektoncd/pipeline/issues/5550. The tldr is that it helps pass provenance-related data in a more structured way ConfigSource is one example. Signed-off-by: Chuang Wang --- docs/how-to-write-a-resolver.md | 10 +- docs/pipeline-api.md | 362 ++++++++++++------ .../cmd/demoresolver/main.go | 2 +- pkg/apis/pipeline/v1/openapi_generated.go | 98 ++++- pkg/apis/pipeline/v1/pipelinerun_types.go | 3 + pkg/apis/pipeline/v1/provenance.go | 46 +++ pkg/apis/pipeline/v1/swagger.json | 48 +++ pkg/apis/pipeline/v1/taskrun_types.go | 3 + pkg/apis/pipeline/v1/zz_generated.deepcopy.go | 54 +++ .../pipeline/v1beta1/openapi_generated.go | 150 +++++--- .../pipeline/v1beta1/pipelinerun_types.go | 3 + pkg/apis/pipeline/v1beta1/provenance.go | 46 +++ pkg/apis/pipeline/v1beta1/swagger.json | 34 +- pkg/apis/pipeline/v1beta1/taskrun_types.go | 3 + .../pipeline/v1beta1/zz_generated.deepcopy.go | 54 +++ .../v1alpha1/resolution_request_types.go | 21 +- .../v1alpha1/zz_generated.deepcopy.go | 26 +- .../v1beta1/resolution_request_types.go | 20 +- .../v1beta1/zz_generated.deepcopy.go | 25 +- pkg/resolution/resolver/bundle/bundle.go | 6 +- pkg/resolution/resolver/cluster/resolver.go | 3 +- .../resolver/framework/fakeresolver.go | 5 +- .../resolver/framework/interface.go | 3 +- .../resolver/framework/reconciler.go | 7 +- .../resolver/framework/reconciler_test.go | 4 +- pkg/resolution/resolver/git/resolver.go | 3 +- pkg/resolution/resolver/hub/resolver.go | 3 +- pkg/resolution/resource/crd_resource.go | 3 +- pkg/resolution/resource/resource.go | 3 +- test/resolution.go | 5 +- 30 files changed, 760 insertions(+), 293 deletions(-) create mode 100644 pkg/apis/pipeline/v1/provenance.go create mode 100644 pkg/apis/pipeline/v1beta1/provenance.go diff --git a/docs/how-to-write-a-resolver.md b/docs/how-to-write-a-resolver.md index 079495cae67..9ccafbce9c7 100644 --- a/docs/how-to-write-a-resolver.md +++ b/docs/how-to-write-a-resolver.md @@ -186,11 +186,11 @@ We'll also need to add another import for this package at the top: import ( "context" - "github.com/tektoncd/pipeline/pkg/apis/resolution/v1beta1" -// Add this one; it defines LabelKeyResolverType we use in GetSelector + // Add this one; it defines LabelKeyResolverType we use in GetSelector "github.com/tektoncd/pipeline/pkg/resolution/common" "github.com/tektoncd/pipeline/pkg/resolution/resolver/framework" "knative.dev/pkg/injection/sharedmain" + pipelinev1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" ) ``` @@ -262,7 +262,7 @@ func (*myResolvedResource) Annotations() map[string]string { // Source is the source reference of the remote data that records where the remote // file came from including the url, digest and the entrypoint. None atm. -func (*myResolvedResource) Source() *v1beta1.ConfigSource { +func (*myResolvedResource) Source() *pipelinev1beta1.ConfigSource { return nil } ``` @@ -275,8 +275,8 @@ following example. ```go // Source is the source reference of the remote data that records where the remote // file came from including the url, digest and the entrypoint. -func (*myResolvedResource) Source() *v1beta1.ConfigSource { - return &v1beta1.ConfigSource{ +func (*myResolvedResource) Source() *pipelinev1beta1.ConfigSource { + return &v1alpha1.ConfigSource{ URI: "https://github.com/user/example", Digest: map[string]string{ "sha1": "example", diff --git a/docs/pipeline-api.md b/docs/pipeline-api.md index fed492b981d..ff445cbb1fd 100644 --- a/docs/pipeline-api.md +++ b/docs/pipeline-api.md @@ -29,63 +29,6 @@ weight: 1000 Resource Types: -

ConfigSource -

-

-(Appears on:ResolutionRequestStatusFields) -

-
-

ConfigSource records where the task/pipeline file came from.

-
- - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-uri
- -string - -
-

URI indicating the identity of the source of the config. -https://github.com/in-toto/attestation/blob/main/spec/field_types.md#ResourceURI -Example: https://github.com/tektoncd/catalog

-
-digest
- -map[string]string - -
-

Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. -https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet -Example: {“sha1”: “f99d13e554ffcb696dee719fa85b695cb5b0f428”}

-
-entryPoint
- -string - -
-

EntryPoint identifying the entry point into the build. This is often a path to a -configuration file and/or a target label within that file. -Example: “task/git-clone/0.8/git-clone.yaml”

-

ResolutionRequest

@@ -282,7 +225,7 @@ object.

source
- + ConfigSource @@ -300,63 +243,6 @@ file came from including the url, digest and the entrypoint.

Resource Types: -

ConfigSource -

-

-(Appears on:ResolutionRequestStatusFields) -

-
-

ConfigSource records where the task/pipeline file came from.

-
- - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-uri
- -string - -
-

URI indicating the identity of the source of the config. -https://github.com/in-toto/attestation/blob/main/spec/field_types.md#ResourceURI -Example: https://github.com/tektoncd/catalog

-
-digest
- -map[string]string - -
-

Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. -https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet -Example: {“sha1”: “f99d13e554ffcb696dee719fa85b695cb5b0f428”}

-
-entryPoint
- -string - -
-

EntryPoint identifying the entry point into the build. This is often a path to a -configuration file and/or a target label within that file. -Example: “task/git-clone/0.8/git-clone.yaml”

-

ResolutionRequest

@@ -557,7 +443,7 @@ object.

source
- + ConfigSource @@ -1422,6 +1308,66 @@ string +

ConfigSource +

+

+(Appears on:Provenance) +

+
+

ConfigSource identifies the source where a resource came from. +This can include Git repositories, Task Bundles, file checksums, or other information +that allows users to identify where the resource came from and what version was used.

+
+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+uri
+ +string + +
+

URI indicates the identity of the source of the config. +Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.uri +Example: “https://github.com/tektoncd/catalog”

+
+digest
+ +map[string]string + +
+

Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. +Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.digest +Example: {“sha1”: “f99d13e554ffcb696dee719fa85b695cb5b0f428”}

+
+entryPoint
+ +string + +
+

EntryPoint identifies the entry point into the build. This is often a path to a +configuration file and/or a target label within that file. +Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.entryPoint +Example: “task/git-clone/0.8/git-clone.yaml”

+

EmbeddedTask

@@ -2358,6 +2304,19 @@ Kubernetes meta/v1.Time

FinallyStartTime is when all non-finally tasks have been completed and only finally tasks are being executed.

+ + +provenance
+ + +Provenance + + + + +

Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.).

+ +

PipelineRunTaskRunStatus @@ -3006,6 +2965,42 @@ ParamType +

Provenance +

+

+(Appears on:PipelineRunStatusFields, TaskRunStatusFields) +

+
+

Provenance contains some key authenticated metadata about how a software artifact was +built (what sources, what inputs/outputs, etc.). For now, it only contains the subfield +ConfigSource that identifies the source where a build config file came from. +In future, it can be expanded as needed to include more metadata about the build. +This field aims to be used to carry minimum amount of the authenticated metadata in *Run status +so that Tekton Chains can pick it up and record in the provenance it generates.

+
+ + + + + + + + + + + + + +
FieldDescription
+configSource
+ + +ConfigSource + + +
+

ConfigSource identifies the source where a resource came from.

+

ResolverName (string alias)

@@ -5084,6 +5079,19 @@ TaskSpec

TaskSpec contains the Spec from the dereferenced Task definition used to instantiate this TaskRun.

+ + +provenance
+ + +Provenance + + + + +

Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.).

+ +

TaskRunStepSpec @@ -8170,6 +8178,66 @@ int32 +

ConfigSource +

+

+(Appears on:Provenance, ResolutionRequestStatusFields, ResolutionRequestStatusFields) +

+
+

ConfigSource identifies the source where a resource came from. +This can include Git repositories, Task Bundles, file checksums, or other information +that allows users to identify where the resource came from and what version was used.

+
+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+uri
+ +string + +
+

URI indicates the identity of the source of the config. +Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.uri +Example: “https://github.com/tektoncd/catalog”

+
+digest
+ +map[string]string + +
+

Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. +Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.digest +Example: {“sha1”: “f99d13e554ffcb696dee719fa85b695cb5b0f428”}

+
+entryPoint
+ +string + +
+

EntryPoint identifies the entry point into the build. This is often a path to a +configuration file and/or a target label within that file. +Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.entryPoint +Example: “task/git-clone/0.8/git-clone.yaml”

+

CustomRunSpec

@@ -9620,6 +9688,19 @@ Kubernetes meta/v1.Time

FinallyStartTime is when all non-finally tasks have been completed and only finally tasks are being executed.

+ + +provenance
+ + +Provenance + + + + +

Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.).

+ +

PipelineRunTaskRunStatus @@ -10402,6 +10483,42 @@ ParamType +

Provenance +

+

+(Appears on:PipelineRunStatusFields, TaskRunStatusFields) +

+
+

Provenance contains some key authenticated metadata about how a software artifact was +built (what sources, what inputs/outputs, etc.). For now, it only contains the subfield +ConfigSource that identifies the source where a build config file came from. +In future, it can be expanded as needed to include more metadata about the build. +This field aims to be used to carry minimum amount of the authenticated metadata in *Run status +so that Tekton Chains can pick it up and record in the provenance it generates.

+
+ + + + + + + + + + + + + +
FieldDescription
+configSource
+ + +ConfigSource + + +
+

ConfigSource identifies the source where a resource came from.

+

ResolverName (string alias)

@@ -13007,6 +13124,19 @@ TaskSpec

TaskSpec contains the Spec from the dereferenced Task definition used to instantiate this TaskRun.

+ + +provenance
+ + +Provenance + + + + +

Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.).

+ +

TaskRunStepOverride diff --git a/docs/resolver-template/cmd/demoresolver/main.go b/docs/resolver-template/cmd/demoresolver/main.go index 52386d248a0..b2e1caad3dc 100644 --- a/docs/resolver-template/cmd/demoresolver/main.go +++ b/docs/resolver-template/cmd/demoresolver/main.go @@ -95,6 +95,6 @@ func (*myResolvedResource) Annotations() map[string]string { // Source is the source reference of the remote data that records where the remote // file came from including the url, digest and the entrypoint. None atm. -func (*myResolvedResource) Source() *v1beta1.ConfigSource { +func (*myResolvedResource) Source() *pipelinev1beta1.ConfigSource { return nil } diff --git a/pkg/apis/pipeline/v1/openapi_generated.go b/pkg/apis/pipeline/v1/openapi_generated.go index 49a52e627ae..c586cb3b274 100644 --- a/pkg/apis/pipeline/v1/openapi_generated.go +++ b/pkg/apis/pipeline/v1/openapi_generated.go @@ -33,6 +33,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/tektoncd/pipeline/pkg/apis/pipeline/pod.AffinityAssistantTemplate": schema_pkg_apis_pipeline_pod_AffinityAssistantTemplate(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/pod.Template": schema_pkg_apis_pipeline_pod_Template(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.ChildStatusReference": schema_pkg_apis_pipeline_v1_ChildStatusReference(ref), + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.ConfigSource": schema_pkg_apis_pipeline_v1_ConfigSource(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.EmbeddedTask": schema_pkg_apis_pipeline_v1_EmbeddedTask(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Matrix": schema_pkg_apis_pipeline_v1_Matrix(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Param": schema_pkg_apis_pipeline_v1_Param(ref), @@ -59,6 +60,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.PipelineTaskRunTemplate": schema_pkg_apis_pipeline_v1_PipelineTaskRunTemplate(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.PipelineWorkspaceDeclaration": schema_pkg_apis_pipeline_v1_PipelineWorkspaceDeclaration(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.PropertySpec": schema_pkg_apis_pipeline_v1_PropertySpec(ref), + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Provenance": schema_pkg_apis_pipeline_v1_Provenance(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.ResolverRef": schema_pkg_apis_pipeline_v1_ResolverRef(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.ResultRef": schema_pkg_apis_pipeline_v1_ResultRef(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Sidecar": schema_pkg_apis_pipeline_v1_Sidecar(ref), @@ -416,6 +418,49 @@ func schema_pkg_apis_pipeline_v1_ChildStatusReference(ref common.ReferenceCallba } } +func schema_pkg_apis_pipeline_v1_ConfigSource(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ConfigSource identifies the source where a resource came from. This can include Git repositories, Task Bundles, file checksums, or other information that allows users to identify where the resource came from and what version was used.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "uri": { + SchemaProps: spec.SchemaProps{ + Description: "URI indicates the identity of the source of the config. Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.uri Example: \"https://github.com/tektoncd/catalog\"", + Type: []string{"string"}, + Format: "", + }, + }, + "digest": { + SchemaProps: spec.SchemaProps{ + Description: "Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.digest Example: {\"sha1\": \"f99d13e554ffcb696dee719fa85b695cb5b0f428\"}", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "entryPoint": { + SchemaProps: spec.SchemaProps{ + Description: "EntryPoint identifies the entry point into the build. This is often a path to a configuration file and/or a target label within that file. Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.entryPoint Example: \"task/git-clone/0.8/git-clone.yaml\"", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + func schema_pkg_apis_pipeline_v1_EmbeddedTask(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -1338,11 +1383,17 @@ func schema_pkg_apis_pipeline_v1_PipelineRunStatus(ref common.ReferenceCallback) Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, + "provenance": { + SchemaProps: spec.SchemaProps{ + Description: "Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.).", + Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Provenance"), + }, + }, }, }, }, Dependencies: []string{ - "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.ChildStatusReference", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.PipelineRunResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.PipelineSpec", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.SkippedTask", "k8s.io/apimachinery/pkg/apis/meta/v1.Time", "knative.dev/pkg/apis.Condition"}, + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.ChildStatusReference", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.PipelineRunResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.PipelineSpec", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Provenance", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.SkippedTask", "k8s.io/apimachinery/pkg/apis/meta/v1.Time", "knative.dev/pkg/apis.Condition"}, } } @@ -1434,11 +1485,17 @@ func schema_pkg_apis_pipeline_v1_PipelineRunStatusFields(ref common.ReferenceCal Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, + "provenance": { + SchemaProps: spec.SchemaProps{ + Description: "Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.).", + Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Provenance"), + }, + }, }, }, }, Dependencies: []string{ - "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.ChildStatusReference", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.PipelineRunResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.PipelineSpec", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.SkippedTask", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.ChildStatusReference", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.PipelineRunResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.PipelineSpec", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Provenance", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.SkippedTask", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -1981,6 +2038,27 @@ func schema_pkg_apis_pipeline_v1_PropertySpec(ref common.ReferenceCallback) comm } } +func schema_pkg_apis_pipeline_v1_Provenance(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.). For now, it only contains the subfield `ConfigSource` that identifies the source where a build config file came from. In future, it can be expanded as needed to include more metadata about the build. This field aims to be used to carry minimum amount of the authenticated metadata in *Run status so that Tekton Chains can pick it up and record in the provenance it generates.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "configSource": { + SchemaProps: spec.SchemaProps{ + Description: "ConfigSource identifies the source where a resource came from.", + Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.ConfigSource"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.ConfigSource"}, + } +} + func schema_pkg_apis_pipeline_v1_ResolverRef(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -3634,12 +3712,18 @@ func schema_pkg_apis_pipeline_v1_TaskRunStatus(ref common.ReferenceCallback) com Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskSpec"), }, }, + "provenance": { + SchemaProps: spec.SchemaProps{ + Description: "Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.).", + Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Provenance"), + }, + }, }, Required: []string{"podName"}, }, }, Dependencies: []string{ - "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.SidecarState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.StepState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunStatus", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.Time", "knative.dev/pkg/apis.Condition"}, + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Provenance", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.SidecarState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.StepState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunStatus", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.Time", "knative.dev/pkg/apis.Condition"}, } } @@ -3752,12 +3836,18 @@ func schema_pkg_apis_pipeline_v1_TaskRunStatusFields(ref common.ReferenceCallbac Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskSpec"), }, }, + "provenance": { + SchemaProps: spec.SchemaProps{ + Description: "Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.).", + Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Provenance"), + }, + }, }, Required: []string{"podName"}, }, }, Dependencies: []string{ - "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.SidecarState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.StepState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunStatus", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.Provenance", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.SidecarState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.StepState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskRunStatus", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1.TaskSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } diff --git a/pkg/apis/pipeline/v1/pipelinerun_types.go b/pkg/apis/pipeline/v1/pipelinerun_types.go index c86d9e81f3b..11f8296395b 100644 --- a/pkg/apis/pipeline/v1/pipelinerun_types.go +++ b/pkg/apis/pipeline/v1/pipelinerun_types.go @@ -427,6 +427,9 @@ type PipelineRunStatusFields struct { // FinallyStartTime is when all non-finally tasks have been completed and only finally tasks are being executed. // +optional FinallyStartTime *metav1.Time `json:"finallyStartTime,omitempty"` + + // Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.). + Provenance *Provenance `json:"provenance,omitempty"` } // SkippedTask is used to describe the Tasks that were skipped due to their When Expressions diff --git a/pkg/apis/pipeline/v1/provenance.go b/pkg/apis/pipeline/v1/provenance.go new file mode 100644 index 00000000000..f0034a3ae79 --- /dev/null +++ b/pkg/apis/pipeline/v1/provenance.go @@ -0,0 +1,46 @@ +/* +Copyright 2022 The Tekton Authors +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +// Provenance contains some key authenticated metadata about how a software artifact was +// built (what sources, what inputs/outputs, etc.). For now, it only contains the subfield +// `ConfigSource` that identifies the source where a build config file came from. +// In future, it can be expanded as needed to include more metadata about the build. +// This field aims to be used to carry minimum amount of the authenticated metadata in *Run status +// so that Tekton Chains can pick it up and record in the provenance it generates. +type Provenance struct { + // ConfigSource identifies the source where a resource came from. + ConfigSource *ConfigSource `json:"configSource,omitempty"` +} + +// ConfigSource identifies the source where a resource came from. +// This can include Git repositories, Task Bundles, file checksums, or other information +// that allows users to identify where the resource came from and what version was used. +type ConfigSource struct { + // URI indicates the identity of the source of the config. + // Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.uri + // Example: "https://github.com/tektoncd/catalog" + URI string `json:"uri,omitempty"` + + // Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. + // Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.digest + // Example: {"sha1": "f99d13e554ffcb696dee719fa85b695cb5b0f428"} + Digest map[string]string `json:"digest,omitempty"` + + // EntryPoint identifies the entry point into the build. This is often a path to a + // configuration file and/or a target label within that file. + // Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.entryPoint + // Example: "task/git-clone/0.8/git-clone.yaml" + EntryPoint string `json:"entryPoint,omitempty"` +} diff --git a/pkg/apis/pipeline/v1/swagger.json b/pkg/apis/pipeline/v1/swagger.json index b6a5ce78e18..0960125b903 100644 --- a/pkg/apis/pipeline/v1/swagger.json +++ b/pkg/apis/pipeline/v1/swagger.json @@ -169,6 +169,28 @@ } } }, + "v1.ConfigSource": { + "description": "ConfigSource identifies the source where a resource came from. This can include Git repositories, Task Bundles, file checksums, or other information that allows users to identify where the resource came from and what version was used.", + "type": "object", + "properties": { + "digest": { + "description": "Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.digest Example: {\"sha1\": \"f99d13e554ffcb696dee719fa85b695cb5b0f428\"}", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "entryPoint": { + "description": "EntryPoint identifies the entry point into the build. This is often a path to a configuration file and/or a target label within that file. Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.entryPoint Example: \"task/git-clone/0.8/git-clone.yaml\"", + "type": "string" + }, + "uri": { + "description": "URI indicates the identity of the source of the config. Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.uri Example: \"https://github.com/tektoncd/catalog\"", + "type": "string" + } + } + }, "v1.EmbeddedTask": { "description": "EmbeddedTask is used to define a Task inline within a Pipeline's PipelineTasks.", "type": "object", @@ -643,6 +665,10 @@ "description": "PipelineRunSpec contains the exact spec used to instantiate the run", "$ref": "#/definitions/v1.PipelineSpec" }, + "provenance": { + "description": "Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.).", + "$ref": "#/definitions/v1.Provenance" + }, "results": { "description": "Results are the list of results written out by the pipeline task's containers", "type": "array", @@ -692,6 +718,10 @@ "description": "PipelineRunSpec contains the exact spec used to instantiate the run", "$ref": "#/definitions/v1.PipelineSpec" }, + "provenance": { + "description": "Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.).", + "$ref": "#/definitions/v1.Provenance" + }, "results": { "description": "Results are the list of results written out by the pipeline task's containers", "type": "array", @@ -988,6 +1018,16 @@ } } }, + "v1.Provenance": { + "description": "Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.). For now, it only contains the subfield `ConfigSource` that identifies the source where a build config file came from. In future, it can be expanded as needed to include more metadata about the build. This field aims to be used to carry minimum amount of the authenticated metadata in *Run status so that Tekton Chains can pick it up and record in the provenance it generates.", + "type": "object", + "properties": { + "configSource": { + "description": "ConfigSource identifies the source where a resource came from.", + "$ref": "#/definitions/v1.ConfigSource" + } + } + }, "v1.ResolverRef": { "description": "ResolverRef can be used to refer to a Pipeline or Task in a remote location like a git repo. This feature is in beta and these fields are only available when the beta feature gate is enabled.", "type": "object", @@ -1838,6 +1878,10 @@ "type": "string", "default": "" }, + "provenance": { + "description": "Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.).", + "$ref": "#/definitions/v1.Provenance" + }, "results": { "description": "Results are the list of results written out by the task's containers", "type": "array", @@ -1900,6 +1944,10 @@ "type": "string", "default": "" }, + "provenance": { + "description": "Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.).", + "$ref": "#/definitions/v1.Provenance" + }, "results": { "description": "Results are the list of results written out by the task's containers", "type": "array", diff --git a/pkg/apis/pipeline/v1/taskrun_types.go b/pkg/apis/pipeline/v1/taskrun_types.go index 534f50a9920..bf29a836425 100644 --- a/pkg/apis/pipeline/v1/taskrun_types.go +++ b/pkg/apis/pipeline/v1/taskrun_types.go @@ -231,6 +231,9 @@ type TaskRunStatusFields struct { // TaskSpec contains the Spec from the dereferenced Task definition used to instantiate this TaskRun. TaskSpec *TaskSpec `json:"taskSpec,omitempty"` + + // Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.). + Provenance *Provenance `json:"provenance,omitempty"` } // TaskRunStepSpec is used to override the values of a Step in the corresponding Task. diff --git a/pkg/apis/pipeline/v1/zz_generated.deepcopy.go b/pkg/apis/pipeline/v1/zz_generated.deepcopy.go index d1760ec28a2..ef03a3bb5ad 100644 --- a/pkg/apis/pipeline/v1/zz_generated.deepcopy.go +++ b/pkg/apis/pipeline/v1/zz_generated.deepcopy.go @@ -53,6 +53,29 @@ func (in *ChildStatusReference) DeepCopy() *ChildStatusReference { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigSource) DeepCopyInto(out *ConfigSource) { + *out = *in + if in.Digest != nil { + in, out := &in.Digest, &out.Digest + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigSource. +func (in *ConfigSource) DeepCopy() *ConfigSource { + if in == nil { + return nil + } + out := new(ConfigSource) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *EmbeddedTask) DeepCopyInto(out *EmbeddedTask) { *out = *in @@ -481,6 +504,11 @@ func (in *PipelineRunStatusFields) DeepCopyInto(out *PipelineRunStatusFields) { in, out := &in.FinallyStartTime, &out.FinallyStartTime *out = (*in).DeepCopy() } + if in.Provenance != nil { + in, out := &in.Provenance, &out.Provenance + *out = new(Provenance) + (*in).DeepCopyInto(*out) + } return } @@ -813,6 +841,27 @@ func (in *PropertySpec) DeepCopy() *PropertySpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Provenance) DeepCopyInto(out *Provenance) { + *out = *in + if in.ConfigSource != nil { + in, out := &in.ConfigSource, &out.ConfigSource + *out = new(ConfigSource) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Provenance. +func (in *Provenance) DeepCopy() *Provenance { + if in == nil { + return nil + } + out := new(Provenance) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ResolverRef) DeepCopyInto(out *ResolverRef) { *out = *in @@ -1524,6 +1573,11 @@ func (in *TaskRunStatusFields) DeepCopyInto(out *TaskRunStatusFields) { *out = new(TaskSpec) (*in).DeepCopyInto(*out) } + if in.Provenance != nil { + in, out := &in.Provenance, &out.Provenance + *out = new(Provenance) + (*in).DeepCopyInto(*out) + } return } diff --git a/pkg/apis/pipeline/v1beta1/openapi_generated.go b/pkg/apis/pipeline/v1beta1/openapi_generated.go index 24d208f3e9c..e7de0e885e8 100644 --- a/pkg/apis/pipeline/v1beta1/openapi_generated.go +++ b/pkg/apis/pipeline/v1beta1/openapi_generated.go @@ -37,6 +37,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.CloudEventDeliveryState": schema_pkg_apis_pipeline_v1beta1_CloudEventDeliveryState(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.ClusterTask": schema_pkg_apis_pipeline_v1beta1_ClusterTask(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.ClusterTaskList": schema_pkg_apis_pipeline_v1beta1_ClusterTaskList(ref), + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.ConfigSource": schema_pkg_apis_pipeline_v1beta1_ConfigSource(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.CustomRun": schema_pkg_apis_pipeline_v1beta1_CustomRun(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.CustomRunList": schema_pkg_apis_pipeline_v1beta1_CustomRunList(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.CustomRunSpec": schema_pkg_apis_pipeline_v1beta1_CustomRunSpec(ref), @@ -74,6 +75,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.PipelineTaskRunSpec": schema_pkg_apis_pipeline_v1beta1_PipelineTaskRunSpec(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.PipelineWorkspaceDeclaration": schema_pkg_apis_pipeline_v1beta1_PipelineWorkspaceDeclaration(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.PropertySpec": schema_pkg_apis_pipeline_v1beta1_PropertySpec(ref), + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Provenance": schema_pkg_apis_pipeline_v1beta1_Provenance(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.ResolverRef": schema_pkg_apis_pipeline_v1beta1_ResolverRef(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.ResultRef": schema_pkg_apis_pipeline_v1beta1_ResultRef(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Sidecar": schema_pkg_apis_pipeline_v1beta1_Sidecar(ref), @@ -109,7 +111,6 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.WorkspaceDeclaration": schema_pkg_apis_pipeline_v1beta1_WorkspaceDeclaration(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.WorkspacePipelineTaskBinding": schema_pkg_apis_pipeline_v1beta1_WorkspacePipelineTaskBinding(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.WorkspaceUsage": schema_pkg_apis_pipeline_v1beta1_WorkspaceUsage(ref), - "github.com/tektoncd/pipeline/pkg/apis/resolution/v1beta1.ConfigSource": schema_pkg_apis_resolution_v1beta1_ConfigSource(ref), "github.com/tektoncd/pipeline/pkg/apis/resolution/v1beta1.ResolutionRequest": schema_pkg_apis_resolution_v1beta1_ResolutionRequest(ref), "github.com/tektoncd/pipeline/pkg/apis/resolution/v1beta1.ResolutionRequestList": schema_pkg_apis_resolution_v1beta1_ResolutionRequestList(ref), "github.com/tektoncd/pipeline/pkg/apis/resolution/v1beta1.ResolutionRequestSpec": schema_pkg_apis_resolution_v1beta1_ResolutionRequestSpec(ref), @@ -613,6 +614,49 @@ func schema_pkg_apis_pipeline_v1beta1_ClusterTaskList(ref common.ReferenceCallba } } +func schema_pkg_apis_pipeline_v1beta1_ConfigSource(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ConfigSource identifies the source where a resource came from. This can include Git repositories, Task Bundles, file checksums, or other information that allows users to identify where the resource came from and what version was used.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "uri": { + SchemaProps: spec.SchemaProps{ + Description: "URI indicates the identity of the source of the config. Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.uri Example: \"https://github.com/tektoncd/catalog\"", + Type: []string{"string"}, + Format: "", + }, + }, + "digest": { + SchemaProps: spec.SchemaProps{ + Description: "Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.digest Example: {\"sha1\": \"f99d13e554ffcb696dee719fa85b695cb5b0f428\"}", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "entryPoint": { + SchemaProps: spec.SchemaProps{ + Description: "EntryPoint identifies the entry point into the build. This is often a path to a configuration file and/or a target label within that file. Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.entryPoint Example: \"task/git-clone/0.8/git-clone.yaml\"", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + func schema_pkg_apis_pipeline_v1beta1_CustomRun(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -2047,11 +2091,17 @@ func schema_pkg_apis_pipeline_v1beta1_PipelineRunStatus(ref common.ReferenceCall Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, + "provenance": { + SchemaProps: spec.SchemaProps{ + Description: "Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.).", + Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Provenance"), + }, + }, }, }, }, Dependencies: []string{ - "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.ChildStatusReference", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.PipelineRunResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.PipelineRunRunStatus", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.PipelineRunTaskRunStatus", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.PipelineSpec", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.SkippedTask", "k8s.io/apimachinery/pkg/apis/meta/v1.Time", "knative.dev/pkg/apis.Condition"}, + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.ChildStatusReference", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.PipelineRunResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.PipelineRunRunStatus", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.PipelineRunTaskRunStatus", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.PipelineSpec", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Provenance", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.SkippedTask", "k8s.io/apimachinery/pkg/apis/meta/v1.Time", "knative.dev/pkg/apis.Condition"}, } } @@ -2171,11 +2221,17 @@ func schema_pkg_apis_pipeline_v1beta1_PipelineRunStatusFields(ref common.Referen Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, + "provenance": { + SchemaProps: spec.SchemaProps{ + Description: "Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.).", + Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Provenance"), + }, + }, }, }, }, Dependencies: []string{ - "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.ChildStatusReference", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.PipelineRunResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.PipelineRunRunStatus", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.PipelineRunTaskRunStatus", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.PipelineSpec", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.SkippedTask", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.ChildStatusReference", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.PipelineRunResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.PipelineRunRunStatus", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.PipelineRunTaskRunStatus", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.PipelineSpec", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Provenance", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.SkippedTask", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -2850,6 +2906,27 @@ func schema_pkg_apis_pipeline_v1beta1_PropertySpec(ref common.ReferenceCallback) } } +func schema_pkg_apis_pipeline_v1beta1_Provenance(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.). For now, it only contains the subfield `ConfigSource` that identifies the source where a build config file came from. In future, it can be expanded as needed to include more metadata about the build. This field aims to be used to carry minimum amount of the authenticated metadata in *Run status so that Tekton Chains can pick it up and record in the provenance it generates.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "configSource": { + SchemaProps: spec.SchemaProps{ + Description: "ConfigSource identifies the source where a resource came from.", + Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.ConfigSource"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.ConfigSource"}, + } +} + func schema_pkg_apis_pipeline_v1beta1_ResolverRef(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -4992,12 +5069,18 @@ func schema_pkg_apis_pipeline_v1beta1_TaskRunStatus(ref common.ReferenceCallback Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.TaskSpec"), }, }, + "provenance": { + SchemaProps: spec.SchemaProps{ + Description: "Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.).", + Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Provenance"), + }, + }, }, Required: []string{"podName"}, }, }, Dependencies: []string{ - "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.CloudEventDelivery", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.PipelineResourceResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.SidecarState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.StepState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.TaskRunResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.TaskRunStatus", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.TaskSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.Time", "knative.dev/pkg/apis.Condition"}, + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.CloudEventDelivery", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.PipelineResourceResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Provenance", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.SidecarState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.StepState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.TaskRunResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.TaskRunStatus", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.TaskSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.Time", "knative.dev/pkg/apis.Condition"}, } } @@ -5148,12 +5231,18 @@ func schema_pkg_apis_pipeline_v1beta1_TaskRunStatusFields(ref common.ReferenceCa Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.TaskSpec"), }, }, + "provenance": { + SchemaProps: spec.SchemaProps{ + Description: "Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.).", + Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Provenance"), + }, + }, }, Required: []string{"podName"}, }, }, Dependencies: []string{ - "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.CloudEventDelivery", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.PipelineResourceResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.SidecarState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.StepState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.TaskRunResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.TaskRunStatus", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.TaskSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.CloudEventDelivery", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.PipelineResourceResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.Provenance", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.SidecarState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.StepState", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.TaskRunResult", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.TaskRunStatus", "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.TaskSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -5608,49 +5697,6 @@ func schema_pkg_apis_pipeline_v1beta1_WorkspaceUsage(ref common.ReferenceCallbac } } -func schema_pkg_apis_resolution_v1beta1_ConfigSource(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ConfigSource records where the task/pipeline file came from.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "uri": { - SchemaProps: spec.SchemaProps{ - Description: "URI indicating the identity of the source of the config. https://github.com/in-toto/attestation/blob/main/spec/field_types.md#ResourceURI Example: https://github.com/tektoncd/catalog", - Type: []string{"string"}, - Format: "", - }, - }, - "digest": { - SchemaProps: spec.SchemaProps{ - Description: "Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet Example: {\"sha1\": \"f99d13e554ffcb696dee719fa85b695cb5b0f428\"}", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "entryPoint": { - SchemaProps: spec.SchemaProps{ - Description: "EntryPoint identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. Example: \"task/git-clone/0.8/git-clone.yaml\"", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - } -} - func schema_pkg_apis_resolution_v1beta1_ResolutionRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -5844,7 +5890,7 @@ func schema_pkg_apis_resolution_v1beta1_ResolutionRequestStatus(ref common.Refer "source": { SchemaProps: spec.SchemaProps{ Description: "Source is the source reference of the remote data that records the url, digest and the entrypoint.", - Ref: ref("github.com/tektoncd/pipeline/pkg/apis/resolution/v1beta1.ConfigSource"), + Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.ConfigSource"), }, }, }, @@ -5852,7 +5898,7 @@ func schema_pkg_apis_resolution_v1beta1_ResolutionRequestStatus(ref common.Refer }, }, Dependencies: []string{ - "github.com/tektoncd/pipeline/pkg/apis/resolution/v1beta1.ConfigSource", "knative.dev/pkg/apis.Condition"}, + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.ConfigSource", "knative.dev/pkg/apis.Condition"}, } } @@ -5874,7 +5920,7 @@ func schema_pkg_apis_resolution_v1beta1_ResolutionRequestStatusFields(ref common "source": { SchemaProps: spec.SchemaProps{ Description: "Source is the source reference of the remote data that records the url, digest and the entrypoint.", - Ref: ref("github.com/tektoncd/pipeline/pkg/apis/resolution/v1beta1.ConfigSource"), + Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.ConfigSource"), }, }, }, @@ -5882,7 +5928,7 @@ func schema_pkg_apis_resolution_v1beta1_ResolutionRequestStatusFields(ref common }, }, Dependencies: []string{ - "github.com/tektoncd/pipeline/pkg/apis/resolution/v1beta1.ConfigSource"}, + "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.ConfigSource"}, } } diff --git a/pkg/apis/pipeline/v1beta1/pipelinerun_types.go b/pkg/apis/pipeline/v1beta1/pipelinerun_types.go index 354ec62180e..6e81abd7bea 100644 --- a/pkg/apis/pipeline/v1beta1/pipelinerun_types.go +++ b/pkg/apis/pipeline/v1beta1/pipelinerun_types.go @@ -456,6 +456,9 @@ type PipelineRunStatusFields struct { // FinallyStartTime is when all non-finally tasks have been completed and only finally tasks are being executed. // +optional FinallyStartTime *metav1.Time `json:"finallyStartTime,omitempty"` + + // Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.). + Provenance *Provenance `json:"provenance,omitempty"` } // SkippedTask is used to describe the Tasks that were skipped due to their When Expressions diff --git a/pkg/apis/pipeline/v1beta1/provenance.go b/pkg/apis/pipeline/v1beta1/provenance.go new file mode 100644 index 00000000000..7ab90ae3fca --- /dev/null +++ b/pkg/apis/pipeline/v1beta1/provenance.go @@ -0,0 +1,46 @@ +/* +Copyright 2022 The Tekton Authors +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +// Provenance contains some key authenticated metadata about how a software artifact was +// built (what sources, what inputs/outputs, etc.). For now, it only contains the subfield +// `ConfigSource` that identifies the source where a build config file came from. +// In future, it can be expanded as needed to include more metadata about the build. +// This field aims to be used to carry minimum amount of the authenticated metadata in *Run status +// so that Tekton Chains can pick it up and record in the provenance it generates. +type Provenance struct { + // ConfigSource identifies the source where a resource came from. + ConfigSource *ConfigSource `json:"configSource,omitempty"` +} + +// ConfigSource identifies the source where a resource came from. +// This can include Git repositories, Task Bundles, file checksums, or other information +// that allows users to identify where the resource came from and what version was used. +type ConfigSource struct { + // URI indicates the identity of the source of the config. + // Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.uri + // Example: "https://github.com/tektoncd/catalog" + URI string `json:"uri,omitempty"` + + // Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. + // Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.digest + // Example: {"sha1": "f99d13e554ffcb696dee719fa85b695cb5b0f428"} + Digest map[string]string `json:"digest,omitempty"` + + // EntryPoint identifies the entry point into the build. This is often a path to a + // configuration file and/or a target label within that file. + // Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.entryPoint + // Example: "task/git-clone/0.8/git-clone.yaml" + EntryPoint string `json:"entryPoint,omitempty"` +} diff --git a/pkg/apis/pipeline/v1beta1/swagger.json b/pkg/apis/pipeline/v1beta1/swagger.json index a771f39241e..4fef6fd3ecc 100644 --- a/pkg/apis/pipeline/v1beta1/swagger.json +++ b/pkg/apis/pipeline/v1beta1/swagger.json @@ -431,11 +431,11 @@ } }, "v1beta1.ConfigSource": { - "description": "ConfigSource records where the task/pipeline file came from.", + "description": "ConfigSource identifies the source where a resource came from. This can include Git repositories, Task Bundles, file checksums, or other information that allows users to identify where the resource came from and what version was used.", "type": "object", "properties": { "digest": { - "description": "Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet Example: {\"sha1\": \"f99d13e554ffcb696dee719fa85b695cb5b0f428\"}", + "description": "Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.digest Example: {\"sha1\": \"f99d13e554ffcb696dee719fa85b695cb5b0f428\"}", "type": "object", "additionalProperties": { "type": "string", @@ -443,11 +443,11 @@ } }, "entryPoint": { - "description": "EntryPoint identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. Example: \"task/git-clone/0.8/git-clone.yaml\"", + "description": "EntryPoint identifies the entry point into the build. This is often a path to a configuration file and/or a target label within that file. Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.entryPoint Example: \"task/git-clone/0.8/git-clone.yaml\"", "type": "string" }, "uri": { - "description": "URI indicating the identity of the source of the config. https://github.com/in-toto/attestation/blob/main/spec/field_types.md#ResourceURI Example: https://github.com/tektoncd/catalog", + "description": "URI indicates the identity of the source of the config. Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.uri Example: \"https://github.com/tektoncd/catalog\"", "type": "string" } } @@ -1200,6 +1200,10 @@ "description": "PipelineRunSpec contains the exact spec used to instantiate the run", "$ref": "#/definitions/v1beta1.PipelineSpec" }, + "provenance": { + "description": "Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.).", + "$ref": "#/definitions/v1beta1.Provenance" + }, "runs": { "description": "Deprecated - use ChildReferences instead. map of PipelineRunRunStatus with the run name as the key", "type": "object", @@ -1263,6 +1267,10 @@ "description": "PipelineRunSpec contains the exact spec used to instantiate the run", "$ref": "#/definitions/v1beta1.PipelineSpec" }, + "provenance": { + "description": "Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.).", + "$ref": "#/definitions/v1beta1.Provenance" + }, "runs": { "description": "Deprecated - use ChildReferences instead. map of PipelineRunRunStatus with the run name as the key", "type": "object", @@ -1638,6 +1646,16 @@ } } }, + "v1beta1.Provenance": { + "description": "Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.). For now, it only contains the subfield `ConfigSource` that identifies the source where a build config file came from. In future, it can be expanded as needed to include more metadata about the build. This field aims to be used to carry minimum amount of the authenticated metadata in *Run status so that Tekton Chains can pick it up and record in the provenance it generates.", + "type": "object", + "properties": { + "configSource": { + "description": "ConfigSource identifies the source where a resource came from.", + "$ref": "#/definitions/v1beta1.ConfigSource" + } + } + }, "v1beta1.ResolutionRequest": { "description": "ResolutionRequest is an object for requesting the content of a Tekton resource like a pipeline.yaml.", "type": "object", @@ -2875,6 +2893,10 @@ "type": "string", "default": "" }, + "provenance": { + "description": "Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.).", + "$ref": "#/definitions/v1beta1.Provenance" + }, "resourcesResult": { "description": "Results from Resources built during the taskRun. currently includes the digest of build container images", "type": "array", @@ -2955,6 +2977,10 @@ "type": "string", "default": "" }, + "provenance": { + "description": "Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.).", + "$ref": "#/definitions/v1beta1.Provenance" + }, "resourcesResult": { "description": "Results from Resources built during the taskRun. currently includes the digest of build container images", "type": "array", diff --git a/pkg/apis/pipeline/v1beta1/taskrun_types.go b/pkg/apis/pipeline/v1beta1/taskrun_types.go index 901d761ee5e..3b7030671c3 100644 --- a/pkg/apis/pipeline/v1beta1/taskrun_types.go +++ b/pkg/apis/pipeline/v1beta1/taskrun_types.go @@ -255,6 +255,9 @@ type TaskRunStatusFields struct { // TaskSpec contains the Spec from the dereferenced Task definition used to instantiate this TaskRun. TaskSpec *TaskSpec `json:"taskSpec,omitempty"` + + // Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.). + Provenance *Provenance `json:"provenance,omitempty"` } // TaskRunStepOverride is used to override the values of a Step in the corresponding Task. diff --git a/pkg/apis/pipeline/v1beta1/zz_generated.deepcopy.go b/pkg/apis/pipeline/v1beta1/zz_generated.deepcopy.go index 60c8779025a..2706537bef1 100644 --- a/pkg/apis/pipeline/v1beta1/zz_generated.deepcopy.go +++ b/pkg/apis/pipeline/v1beta1/zz_generated.deepcopy.go @@ -151,6 +151,29 @@ func (in *ClusterTaskList) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigSource) DeepCopyInto(out *ConfigSource) { + *out = *in + if in.Digest != nil { + in, out := &in.Digest, &out.Digest + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigSource. +func (in *ConfigSource) DeepCopy() *ConfigSource { + if in == nil { + return nil + } + out := new(ConfigSource) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CustomRun) DeepCopyInto(out *CustomRun) { *out = *in @@ -861,6 +884,11 @@ func (in *PipelineRunStatusFields) DeepCopyInto(out *PipelineRunStatusFields) { in, out := &in.FinallyStartTime, &out.FinallyStartTime *out = (*in).DeepCopy() } + if in.Provenance != nil { + in, out := &in.Provenance, &out.Provenance + *out = new(Provenance) + (*in).DeepCopyInto(*out) + } return } @@ -1247,6 +1275,27 @@ func (in *PropertySpec) DeepCopy() *PropertySpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Provenance) DeepCopyInto(out *Provenance) { + *out = *in + if in.ConfigSource != nil { + in, out := &in.ConfigSource, &out.ConfigSource + *out = new(ConfigSource) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Provenance. +func (in *Provenance) DeepCopy() *Provenance { + if in == nil { + return nil + } + out := new(Provenance) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ResolverRef) DeepCopyInto(out *ResolverRef) { *out = *in @@ -2150,6 +2199,11 @@ func (in *TaskRunStatusFields) DeepCopyInto(out *TaskRunStatusFields) { *out = new(TaskSpec) (*in).DeepCopyInto(*out) } + if in.Provenance != nil { + in, out := &in.Provenance, &out.Provenance + *out = new(Provenance) + (*in).DeepCopyInto(*out) + } return } diff --git a/pkg/apis/resolution/v1alpha1/resolution_request_types.go b/pkg/apis/resolution/v1alpha1/resolution_request_types.go index 95c9dfada01..9dd8f59f7cb 100644 --- a/pkg/apis/resolution/v1alpha1/resolution_request_types.go +++ b/pkg/apis/resolution/v1alpha1/resolution_request_types.go @@ -17,6 +17,7 @@ limitations under the License. package v1alpha1 import ( + pipelinev1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" duckv1 "knative.dev/pkg/apis/duck/v1" ) @@ -80,28 +81,10 @@ type ResolutionRequestStatusFields struct { Data string `json:"data"` // Source is the source reference of the remote data that records where the remote // file came from including the url, digest and the entrypoint. - Source *ConfigSource `json:"source"` + Source *pipelinev1beta1.ConfigSource `json:"source"` } // GetStatus implements KRShaped. func (rr *ResolutionRequest) GetStatus() *duckv1.Status { return &rr.Status.Status } - -// ConfigSource records where the task/pipeline file came from. -type ConfigSource struct { - // URI indicating the identity of the source of the config. - // https://github.com/in-toto/attestation/blob/main/spec/field_types.md#ResourceURI - // Example: https://github.com/tektoncd/catalog - URI string `json:"uri,omitempty"` - - // Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. - // https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet - // Example: {"sha1": "f99d13e554ffcb696dee719fa85b695cb5b0f428"} - Digest map[string]string `json:"digest,omitempty"` - - // EntryPoint identifying the entry point into the build. This is often a path to a - // configuration file and/or a target label within that file. - // Example: "task/git-clone/0.8/git-clone.yaml" - EntryPoint string `json:"entryPoint,omitempty"` -} diff --git a/pkg/apis/resolution/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/resolution/v1alpha1/zz_generated.deepcopy.go index 53a2eecbf2d..56813ebe5cb 100644 --- a/pkg/apis/resolution/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/resolution/v1alpha1/zz_generated.deepcopy.go @@ -22,32 +22,10 @@ limitations under the License. package v1alpha1 import ( + v1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" runtime "k8s.io/apimachinery/pkg/runtime" ) -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConfigSource) DeepCopyInto(out *ConfigSource) { - *out = *in - if in.Digest != nil { - in, out := &in.Digest, &out.Digest - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigSource. -func (in *ConfigSource) DeepCopy() *ConfigSource { - if in == nil { - return nil - } - out := new(ConfigSource) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ResolutionRequest) DeepCopyInto(out *ResolutionRequest) { *out = *in @@ -155,7 +133,7 @@ func (in *ResolutionRequestStatusFields) DeepCopyInto(out *ResolutionRequestStat *out = *in if in.Source != nil { in, out := &in.Source, &out.Source - *out = new(ConfigSource) + *out = new(v1beta1.ConfigSource) (*in).DeepCopyInto(*out) } return diff --git a/pkg/apis/resolution/v1beta1/resolution_request_types.go b/pkg/apis/resolution/v1beta1/resolution_request_types.go index 5fe1876e3d1..da507b70845 100644 --- a/pkg/apis/resolution/v1beta1/resolution_request_types.go +++ b/pkg/apis/resolution/v1beta1/resolution_request_types.go @@ -82,28 +82,10 @@ type ResolutionRequestStatusFields struct { Data string `json:"data"` // Source is the source reference of the remote data that records the url, digest // and the entrypoint. - Source *ConfigSource `json:"source"` + Source *pipelinev1beta1.ConfigSource `json:"source"` } // GetStatus implements KRShaped. func (rr *ResolutionRequest) GetStatus() *duckv1.Status { return &rr.Status.Status } - -// ConfigSource records where the task/pipeline file came from. -type ConfigSource struct { - // URI indicating the identity of the source of the config. - // https://github.com/in-toto/attestation/blob/main/spec/field_types.md#ResourceURI - // Example: https://github.com/tektoncd/catalog - URI string `json:"uri,omitempty"` - - // Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. - // https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet - // Example: {"sha1": "f99d13e554ffcb696dee719fa85b695cb5b0f428"} - Digest map[string]string `json:"digest,omitempty"` - - // EntryPoint identifying the entry point into the build. This is often a path to a - // configuration file and/or a target label within that file. - // Example: "task/git-clone/0.8/git-clone.yaml" - EntryPoint string `json:"entryPoint,omitempty"` -} diff --git a/pkg/apis/resolution/v1beta1/zz_generated.deepcopy.go b/pkg/apis/resolution/v1beta1/zz_generated.deepcopy.go index 886ca597966..f89a39f4f27 100644 --- a/pkg/apis/resolution/v1beta1/zz_generated.deepcopy.go +++ b/pkg/apis/resolution/v1beta1/zz_generated.deepcopy.go @@ -26,29 +26,6 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConfigSource) DeepCopyInto(out *ConfigSource) { - *out = *in - if in.Digest != nil { - in, out := &in.Digest, &out.Digest - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigSource. -func (in *ConfigSource) DeepCopy() *ConfigSource { - if in == nil { - return nil - } - out := new(ConfigSource) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ResolutionRequest) DeepCopyInto(out *ResolutionRequest) { *out = *in @@ -156,7 +133,7 @@ func (in *ResolutionRequestStatusFields) DeepCopyInto(out *ResolutionRequestStat *out = *in if in.Source != nil { in, out := &in.Source, &out.Source - *out = new(ConfigSource) + *out = new(pipelinev1beta1.ConfigSource) (*in).DeepCopyInto(*out) } return diff --git a/pkg/resolution/resolver/bundle/bundle.go b/pkg/resolution/resolver/bundle/bundle.go index c20648aa979..9f85630a30d 100644 --- a/pkg/resolution/resolver/bundle/bundle.go +++ b/pkg/resolution/resolver/bundle/bundle.go @@ -25,7 +25,7 @@ import ( "github.com/google/go-containerregistry/pkg/name" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/google/go-containerregistry/pkg/v1/remote" - "github.com/tektoncd/pipeline/pkg/apis/resolution/v1beta1" + pipelinev1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" "github.com/tektoncd/pipeline/pkg/resolution/resolver/framework" ) @@ -47,7 +47,7 @@ type RequestOptions struct { type ResolvedResource struct { data []byte annotations map[string]string - source *v1beta1.ConfigSource + source *pipelinev1beta1.ConfigSource } var _ framework.ResolvedResource = &ResolvedResource{} @@ -65,7 +65,7 @@ func (br *ResolvedResource) Annotations() map[string]string { // Source is the source reference of the remote data that records where the remote // file came from including the url, digest and the entrypoint. -func (br *ResolvedResource) Source() *v1beta1.ConfigSource { +func (br *ResolvedResource) Source() *pipelinev1beta1.ConfigSource { return br.source } diff --git a/pkg/resolution/resolver/cluster/resolver.go b/pkg/resolution/resolver/cluster/resolver.go index de54267d995..c6bd2e815fd 100644 --- a/pkg/resolution/resolver/cluster/resolver.go +++ b/pkg/resolution/resolver/cluster/resolver.go @@ -24,7 +24,6 @@ import ( resolverconfig "github.com/tektoncd/pipeline/pkg/apis/config/resolver" pipelinev1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" - "github.com/tektoncd/pipeline/pkg/apis/resolution/v1beta1" clientset "github.com/tektoncd/pipeline/pkg/client/clientset/versioned" pipelineclient "github.com/tektoncd/pipeline/pkg/client/injection/client" resolutioncommon "github.com/tektoncd/pipeline/pkg/resolution/common" @@ -183,7 +182,7 @@ func (r *ResolvedClusterResource) Annotations() map[string]string { // Source is the source reference of the remote data that records where the remote // file came from including the url, digest and the entrypoint. -func (r ResolvedClusterResource) Source() *v1beta1.ConfigSource { +func (r ResolvedClusterResource) Source() *pipelinev1beta1.ConfigSource { return nil } diff --git a/pkg/resolution/resolver/framework/fakeresolver.go b/pkg/resolution/resolver/framework/fakeresolver.go index ac2930b6e80..f8fc4cd58ad 100644 --- a/pkg/resolution/resolver/framework/fakeresolver.go +++ b/pkg/resolution/resolver/framework/fakeresolver.go @@ -24,7 +24,6 @@ import ( "time" pipelinev1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" - "github.com/tektoncd/pipeline/pkg/apis/resolution/v1beta1" resolutioncommon "github.com/tektoncd/pipeline/pkg/resolution/common" ) @@ -51,7 +50,7 @@ var _ Resolver = &FakeResolver{} type FakeResolvedResource struct { Content string AnnotationMap map[string]string - ContentSource *v1beta1.ConfigSource + ContentSource *pipelinev1beta1.ConfigSource ErrorWith string WaitFor time.Duration } @@ -68,7 +67,7 @@ func (f *FakeResolvedResource) Annotations() map[string]string { // Source is the source reference of the remote data that records where the remote // file came from including the url, digest and the entrypoint. -func (f *FakeResolvedResource) Source() *v1beta1.ConfigSource { +func (f *FakeResolvedResource) Source() *pipelinev1beta1.ConfigSource { return f.ContentSource } diff --git a/pkg/resolution/resolver/framework/interface.go b/pkg/resolution/resolver/framework/interface.go index 32edef20f56..979ec54bee5 100644 --- a/pkg/resolution/resolver/framework/interface.go +++ b/pkg/resolution/resolver/framework/interface.go @@ -21,7 +21,6 @@ import ( "time" pipelinev1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" - "github.com/tektoncd/pipeline/pkg/apis/resolution/v1beta1" ) // Resolver is the interface to implement for type-specific resource @@ -97,5 +96,5 @@ type TimedResolution interface { type ResolvedResource interface { Data() []byte Annotations() map[string]string - Source() *v1beta1.ConfigSource + Source() *pipelinev1beta1.ConfigSource } diff --git a/pkg/resolution/resolver/framework/reconciler.go b/pkg/resolution/resolver/framework/reconciler.go index 9d339064e3c..cb0beb95456 100644 --- a/pkg/resolution/resolver/framework/reconciler.go +++ b/pkg/resolution/resolver/framework/reconciler.go @@ -24,6 +24,7 @@ import ( "fmt" "time" + pipelinev1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" "github.com/tektoncd/pipeline/pkg/apis/resolution/v1beta1" rrclient "github.com/tektoncd/pipeline/pkg/client/resolution/clientset/versioned" rrv1beta1 "github.com/tektoncd/pipeline/pkg/client/resolution/listers/resolution/v1beta1" @@ -192,9 +193,9 @@ func (r *Reconciler) MarkFailed(ctx context.Context, rr *v1beta1.ResolutionReque // a ResolutionRequest with its data and annotations once successfully // resolved. type statusDataPatch struct { - Annotations map[string]string `json:"annotations"` - Data string `json:"data"` - Source *v1beta1.ConfigSource `json:"source"` + Annotations map[string]string `json:"annotations"` + Data string `json:"data"` + Source *pipelinev1beta1.ConfigSource `json:"source"` } func (r *Reconciler) writeResolvedData(ctx context.Context, rr *v1beta1.ResolutionRequest, resource ResolvedResource) error { diff --git a/pkg/resolution/resolver/framework/reconciler_test.go b/pkg/resolution/resolver/framework/reconciler_test.go index 76e7a04c32c..e3b2b482f2a 100644 --- a/pkg/resolution/resolver/framework/reconciler_test.go +++ b/pkg/resolution/resolver/framework/reconciler_test.go @@ -114,7 +114,7 @@ func TestReconcile(t *testing.T) { "bar": { Content: "some content", AnnotationMap: map[string]string{"foo": "bar"}, - ContentSource: &v1beta1.ConfigSource{ + ContentSource: &pipelinev1beta1.ConfigSource{ URI: "https://abc.com", Digest: map[string]string{ "sha1": "xyz", @@ -131,7 +131,7 @@ func TestReconcile(t *testing.T) { }, ResolutionRequestStatusFields: v1beta1.ResolutionRequestStatusFields{ Data: base64.StdEncoding.Strict().EncodeToString([]byte("some content")), - Source: &v1beta1.ConfigSource{ + Source: &pipelinev1beta1.ConfigSource{ URI: "https://abc.com", Digest: map[string]string{ "sha1": "xyz", diff --git a/pkg/resolution/resolver/git/resolver.go b/pkg/resolution/resolver/git/resolver.go index 4fd8c313972..d9b3a62a0c2 100644 --- a/pkg/resolution/resolver/git/resolver.go +++ b/pkg/resolution/resolver/git/resolver.go @@ -35,7 +35,6 @@ import ( "github.com/jenkins-x/go-scm/scm/factory" resolverconfig "github.com/tektoncd/pipeline/pkg/apis/config/resolver" pipelinev1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" - "github.com/tektoncd/pipeline/pkg/apis/resolution/v1beta1" resolutioncommon "github.com/tektoncd/pipeline/pkg/resolution/common" "github.com/tektoncd/pipeline/pkg/resolution/resolver/framework" "go.uber.org/zap" @@ -333,7 +332,7 @@ func (r *resolvedGitResource) Annotations() map[string]string { // Source is the source reference of the remote data that records where the remote // file came from including the url, digest and the entrypoint. -func (r *resolvedGitResource) Source() *v1beta1.ConfigSource { +func (r *resolvedGitResource) Source() *pipelinev1beta1.ConfigSource { return nil } diff --git a/pkg/resolution/resolver/hub/resolver.go b/pkg/resolution/resolver/hub/resolver.go index 628eac62f2b..42eb830c235 100644 --- a/pkg/resolution/resolver/hub/resolver.go +++ b/pkg/resolution/resolver/hub/resolver.go @@ -23,7 +23,6 @@ import ( resolverconfig "github.com/tektoncd/pipeline/pkg/apis/config/resolver" pipelinev1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" - "github.com/tektoncd/pipeline/pkg/apis/resolution/v1beta1" "github.com/tektoncd/pipeline/pkg/resolution/common" "github.com/tektoncd/pipeline/pkg/resolution/resolver/framework" ) @@ -174,7 +173,7 @@ func (*ResolvedHubResource) Annotations() map[string]string { // Source is the source reference of the remote data that records where the remote // file came from including the url, digest and the entrypoint. -func (rr *ResolvedHubResource) Source() *v1beta1.ConfigSource { +func (rr *ResolvedHubResource) Source() *pipelinev1beta1.ConfigSource { return nil } diff --git a/pkg/resolution/resource/crd_resource.go b/pkg/resolution/resource/crd_resource.go index 21c65043b74..62b721b1885 100644 --- a/pkg/resolution/resource/crd_resource.go +++ b/pkg/resolution/resource/crd_resource.go @@ -22,6 +22,7 @@ import ( "errors" "fmt" + pipelinev1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" "github.com/tektoncd/pipeline/pkg/apis/resolution/v1beta1" rrclient "github.com/tektoncd/pipeline/pkg/client/resolution/clientset/versioned" rrlisters "github.com/tektoncd/pipeline/pkg/client/resolution/listers/resolution/v1beta1" @@ -153,6 +154,6 @@ func (r readOnlyResolutionRequest) Data() ([]byte, error) { return decodedBytes, nil } -func (r readOnlyResolutionRequest) Source() *v1beta1.ConfigSource { +func (r readOnlyResolutionRequest) Source() *pipelinev1beta1.ConfigSource { return r.req.Status.Source } diff --git a/pkg/resolution/resource/resource.go b/pkg/resolution/resource/resource.go index 0ebcf34b88c..c2adeec563c 100644 --- a/pkg/resolution/resource/resource.go +++ b/pkg/resolution/resource/resource.go @@ -20,7 +20,6 @@ import ( "context" pipelinev1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" - "github.com/tektoncd/pipeline/pkg/apis/resolution/v1beta1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -60,5 +59,5 @@ type OwnedRequest interface { type ResolvedResource interface { Data() ([]byte, error) Annotations() map[string]string - Source() *v1beta1.ConfigSource + Source() *pipelinev1beta1.ConfigSource } diff --git a/test/resolution.go b/test/resolution.go index 6c7c322a3da..376b91e374c 100644 --- a/test/resolution.go +++ b/test/resolution.go @@ -8,7 +8,6 @@ import ( "github.com/google/go-cmp/cmp" pipelinev1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" - "github.com/tektoncd/pipeline/pkg/apis/resolution/v1beta1" resolution "github.com/tektoncd/pipeline/pkg/resolution/resource" "github.com/tektoncd/pipeline/test/diff" ) @@ -86,7 +85,7 @@ type ResolvedResource struct { // Annotations to return when resolution is complete. ResolvedAnnotations map[string]string // ResolvedSource to return the source reference of the remote data - ResolvedSource *v1beta1.ConfigSource + ResolvedSource *pipelinev1beta1.ConfigSource } // Data implements resolution.ResolvedResource and returns the mock @@ -103,6 +102,6 @@ func (r *ResolvedResource) Annotations() map[string]string { // Source is the source reference of the remote data that records where the remote // file came from including the url, digest and the entrypoint. -func (r *ResolvedResource) Source() *v1beta1.ConfigSource { +func (r *ResolvedResource) Source() *pipelinev1beta1.ConfigSource { return r.ResolvedSource }