community icon indicating copy to clipboard operation
community copied to clipboard

Published 20 hours ago verified publisher icon tektoncd

[TEP-0093] tkn cli sign verify

Open nadgowdas opened this issue 4 years ago • 16 comments

Tekton CLI extension to allow signing/verification of tkn resources. This would include:

  1. Task/Pipeline/TriggerBinding/EventListeners definitions from YAML
  2. Task -> step images
  3. tkn bundles

Users should be able to exercise these commands locally or at pipeline orchestrator.

Reference implementation is available at: https://github.com/tap8stry/tapestry-pipelines

nadgowdas avatar Oct 20 '21 19:10 nadgowdas

/kind tep /assign

pritidesai avatar Oct 20 '21 20:10 pritidesai

/assign @afrittoli

fyi @tektoncd/cli-maintainers 🙏 would be great to get a reviewer from CLI as well (maybe @piyush-garg 😉 ?)

bobcatfish avatar Oct 25 '21 16:10 bobcatfish

/assign

vdemeester avatar Oct 26 '21 11:10 vdemeester

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: To complete the pull request process, please assign afrittoli You can assign the PR to them by writing /assign @afrittoli in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

tekton-robot avatar Nov 15 '21 13:11 tekton-robot

@afrittoli @pritidesai @vdemeester if you have any feedback on this TEP, please let me know.

nadgowdas avatar Nov 15 '21 13:11 nadgowdas

@nadgowdas: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

tekton-robot avatar Jan 29 '22 12:01 tekton-robot

I'd like to take a look at this in the context of TEP-0091 (both of them XD)

cc @wlynch

/assign

bobcatfish avatar Jan 31 '22 17:01 bobcatfish

/assign

chmouel avatar Jan 31 '22 17:01 chmouel

@nadgowdas thanks again for this proposal, I'd love to see some signing facility integrated in the CLI, and integrated in our CI/CD for resources too.

I'd love to see this TEP moving forward - it has been sitting here for some time which is unfortunate. It would be great if we could decouple this work from TEP-0093 and/or collaborate on a common base for the resource signing and verification story.

One way could be through the new s3c working group we setup to discuss software supply chain security - would you be interested / able to attend?

afrittoli avatar Feb 14 '22 15:02 afrittoli

thanks @afrittoli Yes, that sounds good, would be interested to participate and discuss this in s3c working group.

nadgowdas avatar Feb 14 '22 18:02 nadgowdas

/area s3c

pritidesai avatar Feb 22 '22 16:02 pritidesai

/test pull-community-teps-lint

afrittoli avatar Apr 05 '22 16:04 afrittoli

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale with a justification. Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with /close with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle stale

Send feedback to tektoncd/plumbing.

tekton-robot avatar Jul 04 '22 16:07 tekton-robot

Stale issues rot after 30d of inactivity. Mark the issue as fresh with /remove-lifecycle rotten with a justification. Rotten issues close after an additional 30d of inactivity. If this issue is safe to close now please do so with /close with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle rotten

Send feedback to tektoncd/plumbing.

tekton-robot avatar Aug 03 '22 17:08 tekton-robot

Hi @nadgowdas, will you be working on this tep? I took over the tep-0091 and it also includes signing via cli. I can also take over this after https://github.com/tektoncd/community/pull/739 it finalized. 😄
The goal is to enable tkn to sign and verify tekton resources right?

Yongxuanzhang avatar Aug 09 '22 14:08 Yongxuanzhang

that's awesome @Yongxuanzhang by all means please continue your great work. I would love to sync up with you to learn about your implementation.

nadgowdas avatar Aug 10 '22 00:08 nadgowdas

Rotten issues close after 30d of inactivity. Reopen the issue with /reopen with a justification. Mark the issue as fresh with /remove-lifecycle rotten with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/close

Send feedback to tektoncd/plumbing.

tekton-robot avatar Sep 09 '22 00:09 tekton-robot

@tekton-robot: Closed this PR.

In response to this:

Rotten issues close after 30d of inactivity. Reopen the issue with /reopen with a justification. Mark the issue as fresh with /remove-lifecycle rotten with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/close

Send feedback to tektoncd/plumbing.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

tekton-robot avatar Sep 09 '22 00:09 tekton-robot