Skip to content

Commit

Permalink
Add Provenance field in TaskRun&PipelineRun status
Browse files Browse the repository at this point in the history
Change 1: Add a Provenance field in TaskRun&PipelineRun status that
currently only contains configsource data, but can be extended later to
have more provenance-related fields.

Change 2: Prior, #5551 introduced
the ConfigSource to api/resolution alpha & beta package. In this PR, we moved
the ConfigSource to api/pipeline alpha & beta package for the provenance field
to reuse that type (cannot import the api/resolution alpha because of
import cycle).

Why: See the motivation and discussions in #5550.
The tldr is that it helps pass provenance-related data in a more structured way
ConfigSource is one example.

Signed-off-by: Chuang Wang <chuangw@google.com>
  • Loading branch information
chuangw6 committed Oct 3, 2022
1 parent b817d77 commit ce2a9a4
Show file tree
Hide file tree
Showing 30 changed files with 519 additions and 197 deletions.
6 changes: 3 additions & 3 deletions docs/how-to-write-a-resolver.md
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,7 @@ import (

"github.com/tektoncd/pipeline/pkg/resolution/resolver/framework"
"knative.dev/pkg/injection/sharedmain"
"github.com/tektoncd/pipeline/pkg/apis/resolution/v1alpha1"
pipelinev1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
)
```

Expand Down Expand Up @@ -263,7 +263,7 @@ func (*myResolvedResource) Annotations() map[string]string {

// Source is the source reference of the remote data that records where the remote
// file came from including the url, digest and the entrypoint. None atm.
func (*myResolvedResource) Source() *v1alpha1.ConfigSource {
func (*myResolvedResource) Source() *pipelinev1beta1.ConfigSource {
return nil
}
```
Expand All @@ -276,7 +276,7 @@ following example.
```go
// Source is the source reference of the remote data that records where the remote
// file came from including the url, digest and the entrypoint.
func (*myResolvedResource) Source() *v1alpha1.ConfigSource {
func (*myResolvedResource) Source() *pipelinev1beta1.ConfigSource {
return &v1alpha1.ConfigSource{
URI: "https://github.com/user/example",
Digest: map[string]string{
Expand Down
3 changes: 2 additions & 1 deletion docs/resolver-template/cmd/demoresolver/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import (
"context"
"errors"

pipelinev1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
"github.com/tektoncd/pipeline/pkg/apis/resolution/v1alpha1"
"github.com/tektoncd/pipeline/pkg/resolution/common"
"github.com/tektoncd/pipeline/pkg/resolution/resolver/framework"
Expand Down Expand Up @@ -94,6 +95,6 @@ func (*myResolvedResource) Annotations() map[string]string {

// Source is the source reference of the remote data that records where the remote
// file came from including the url, digest and the entrypoint. None atm.
func (*myResolvedResource) Source() *v1alpha1.ConfigSource {
func (*myResolvedResource) Source() *pipelinev1beta1.ConfigSource {
return nil
}
2 changes: 0 additions & 2 deletions go.sum

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

97 changes: 93 additions & 4 deletions pkg/apis/pipeline/v1/openapi_generated.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions pkg/apis/pipeline/v1/pipelinerun_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -427,6 +427,9 @@ type PipelineRunStatusFields struct {
// FinallyStartTime is when all non-finally tasks have been completed and only finally tasks are being executed.
// +optional
FinallyStartTime *metav1.Time `json:"finallyStartTime,omitempty"`

// Provenance contains all the information that needs to be recorded in a provenance i.e. ConfigSource
Provenance *Provenance `json:"provenance,omitempty"`
}

// SkippedTask is used to describe the Tasks that were skipped due to their When Expressions
Expand Down
37 changes: 37 additions & 0 deletions pkg/apis/pipeline/v1/provenance.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
/*
Copyright 2022 The Tekton Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package v1

// Provenance contains all the information that needs to be recorded in a provenance i.e. ConfigSource
type Provenance struct {
Source *ConfigSource `json:"source,omitempty"`
}

// ConfigSource records where the task/pipeline file came from.
type ConfigSource struct {
// URI indicating the identity of the source of the config.
// https://github.com/in-toto/attestation/blob/main/spec/field_types.md#ResourceURI
// Example: https://github.com/tektoncd/catalog
URI string `json:"uri,omitempty"`

// Digest is a collection of cryptographic digests for the contents of the artifact specified by URI.
// https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
// Example: {"sha1": "f99d13e554ffcb696dee719fa85b695cb5b0f428"}
Digest map[string]string `json:"digest,omitempty"`

// EntryPoint identifying the entry point into the build. This is often a path to a
// configuration file and/or a target label within that file.
// Example: "task/git-clone/0.8/git-clone.yaml"
EntryPoint string `json:"entryPoint,omitempty"`
}
47 changes: 47 additions & 0 deletions pkg/apis/pipeline/v1/swagger.json
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,28 @@
}
}
},
"v1.ConfigSource": {
"description": "ConfigSource records where the task/pipeline file came from.",
"type": "object",
"properties": {
"digest": {
"description": "Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet Example: {\"sha1\": \"f99d13e554ffcb696dee719fa85b695cb5b0f428\"}",
"type": "object",
"additionalProperties": {
"type": "string",
"default": ""
}
},
"entryPoint": {
"description": "EntryPoint identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. Example: \"task/git-clone/0.8/git-clone.yaml\"",
"type": "string"
},
"uri": {
"description": "URI indicating the identity of the source of the config. https://github.com/in-toto/attestation/blob/main/spec/field_types.md#ResourceURI Example: https://github.com/tektoncd/catalog",
"type": "string"
}
}
},
"v1.EmbeddedTask": {
"description": "EmbeddedTask is used to define a Task inline within a Pipeline's PipelineTasks.",
"type": "object",
Expand Down Expand Up @@ -643,6 +665,10 @@
"description": "PipelineRunSpec contains the exact spec used to instantiate the run",
"$ref": "#/definitions/v1.PipelineSpec"
},
"provenance": {
"description": "Provenance contains all the information that needs to be recorded in a provenance i.e. ConfigSource",
"$ref": "#/definitions/v1.Provenance"
},
"results": {
"description": "Results are the list of results written out by the pipeline task's containers",
"type": "array",
Expand Down Expand Up @@ -692,6 +718,10 @@
"description": "PipelineRunSpec contains the exact spec used to instantiate the run",
"$ref": "#/definitions/v1.PipelineSpec"
},
"provenance": {
"description": "Provenance contains all the information that needs to be recorded in a provenance i.e. ConfigSource",
"$ref": "#/definitions/v1.Provenance"
},
"results": {
"description": "Results are the list of results written out by the pipeline task's containers",
"type": "array",
Expand Down Expand Up @@ -988,6 +1018,15 @@
}
}
},
"v1.Provenance": {
"description": "Provenance contains all the information that needs to be recorded in a provenance i.e. ConfigSource",
"type": "object",
"properties": {
"source": {
"$ref": "#/definitions/v1.ConfigSource"
}
}
},
"v1.ResolverRef": {
"description": "ResolverRef can be used to refer to a Pipeline or Task in a remote location like a git repo. This feature is in alpha and these fields are only available when the alpha feature gate is enabled.",
"type": "object",
Expand Down Expand Up @@ -1838,6 +1877,10 @@
"type": "string",
"default": ""
},
"provenance": {
"description": "Provenance contains all the information that needs to be recorded in a provenance i.e. ConfigSource",
"$ref": "#/definitions/v1.Provenance"
},
"results": {
"description": "Results are the list of results written out by the task's containers",
"type": "array",
Expand Down Expand Up @@ -1900,6 +1943,10 @@
"type": "string",
"default": ""
},
"provenance": {
"description": "Provenance contains all the information that needs to be recorded in a provenance i.e. ConfigSource",
"$ref": "#/definitions/v1.Provenance"
},
"results": {
"description": "Results are the list of results written out by the task's containers",
"type": "array",
Expand Down
3 changes: 3 additions & 0 deletions pkg/apis/pipeline/v1/taskrun_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -231,6 +231,9 @@ type TaskRunStatusFields struct {

// TaskSpec contains the Spec from the dereferenced Task definition used to instantiate this TaskRun.
TaskSpec *TaskSpec `json:"taskSpec,omitempty"`

// Provenance contains all the information that needs to be recorded in a provenance i.e. ConfigSource
Provenance *Provenance `json:"provenance,omitempty"`
}

// TaskRunStepSpec is used to override the values of a Step in the corresponding Task.
Expand Down
Loading

0 comments on commit ce2a9a4

Please sign in to comment.