tektoncd
Adds initial Attestor implementation.
Changes
This is the initial implementation of Attestors, which uses generics to link chains components together with strict typing.
To start, this adds Attestor implementations of OCI signing and v1 SLSA attestations. These Attestors are NOT wired up to the controller yet, since they don't yet support the full range of config options (and there's likely a few tweaks we need to make in order to help reuse components like signers between Attestors).
attestors.go is the file to pay most attention to in this PR.
Part of #780
Submitter Checklist
As the author of this PR, please check off the items in this checklist:
- [ ] Has Docs included if any changes are user facing
- [ ] Has Tests included if any functionality added or changed
- [ ] Follows the commit message standard
- [ ] Meets the Tekton contributor standards (including functionality, content, code)
- [ ] Release notes block below has been updated with any user facing changes (API changes, bug fixes, changes requiring upgrade notices or deprecation warnings)
- [ ] Release notes contains the string "action required" if the change requires additional action from users switching to the new release
Release Notes
NONE
[APPROVALNOTIFIER] This PR is NOT APPROVED
This pull-request has been approved by: To complete the pull request process, please ask for approval from wlynch after the PR has been reviewed.
The full list of commands accepted by this bot can be found here.
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
The following is the coverage report on the affected files.
Say /test pull-tekton-chains-go-coverage to re-run this coverage report
| File | Old Coverage | New Coverage | Delta |
|---|---|---|---|
| pkg/artifacts/signable.go | 70.2% | 69.5% | -0.7 |
| pkg/chains/formats/simple/simple.go | 72.7% | 61.5% | -11.2 |
| pkg/chains/formats/slsa/extract/extract.go | 61.5% | 60.6% | -0.9 |
| pkg/chains/formats/slsa/v1/intotoite6.go | 88.9% | 62.1% | -26.8 |
| pkg/chains/internal/attestors/attestors.go | Do not exist | 20.0% | |
| pkg/chains/signing.go | 73.7% | 71.6% | -2.2 |
| pkg/chains/signing/x509/x509.go | 44.0% | 44.1% | 0.1 |
| pkg/chains/storage/oci/attestation.go | 80.0% | 41.7% | -38.3 |
| pkg/chains/storage/oci/legacy.go | 40.0% | 37.3% | -2.7 |
| pkg/chains/storage/oci/simple.go | 81.5% | 86.2% | 4.7 |
| pkg/chains/storage/tekton/tekton.go | 78.6% | 71.0% | -7.6 |
@wlynch: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:
| Test name | Commit | Details | Required | Rerun command |
|---|---|---|---|---|
| pull-tekton-chains-build-tests | bac7923a46c667697c4bced33480925f8f299825 | link | true | /test pull-tekton-chains-build-tests |
Full PR test history. Your PR dashboard.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.
@wlynch: PR needs rebase.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.