Jason Hall

To add a new command, add a new `cmd.AddCommand(Pipelines())` here: https://github.com/chainguard-dev/melange/blob/main/pkg/cli/commands.go#L33 Create `pkg/cli/commands/pipelines.go`. Take inspiration from [`sign.go`](https://github.com/chainguard-dev/melange/blob/main/pkg/cli/sign.go) -- it returns a `cmd` which specifies a `RunE` which gets called when...

Worth noting that this will still `apk add` any of the pipeline's dependencies, which might undermine some assumptions about how the flag works. Should `--disable-network` also skip the `apk add`...

> I would rather have the melange.yaml file declare the desired capabilities, rather than have a CLI option for this. We can sync on it if you want. I like...

> What about something like: That sounds good. The current direction we're going (not too late to change though) would be that `fetch` would still _run_ without the capability, we'd...

I'm for it. In theory folks can already do this today at head, but it's a bit of a hack, and we could make it more sturdy and flexible. The...

Can we send signals to containers in the pod from the controller? I didn't think that was an option, so we've relied on file-existence checks backed by Downard volumes instead....

As evidence that TF's usage of GPG can be brittle, [TF's provider docs state](https://developer.hashicorp.com/terraform/tutorials/providers/provider-release-publish#generate-gpg-signing-key): > The Terraform Registry only supports RSA and DSA keys. ...even though the default key type...

And as timely evidence that GPG keys can leak: https://grafana.com/blog/2023/08/24/grafana-security-update-gpg-signing-key-rotation/

@paisleyrob @TBBle thanks for digging into this. Unfortunately this project is pretty short-staffed, so if you can find where in the code this is going wrong, or a recent commit...

FWIW, it looks like `gcr.io/go-containerregistry/crane:debug` hasn't been updated since Mon Jul 31 2023 21:49:55, which is likely when the repo stopped having access to GCP. I don't know the current...