pipeline
pipeline copied to clipboard
tektoncd
[TEP-0089] - Phase 1 Signed TaskRun Results
Signed-off-by: pxp928 [email protected]
Changes
Authors - @pxp928 and @lumjjb
In association with TEP-0089: Non-falsifiable provenance support
This PR is the implementation of Phase 1 of the TEP-0089: Non-falsifiable provenance support
Phase 2 of the PR. Thats build on top of this to add Signed TaskRun Status can be found here - #4828
Phase 1
- Add support for Signed Results with SPIRE (this will primarily involve modifications to the entrypointer image)
- Add support for tekton-pipelines-controller verifying Signed Results
Taking the work that @dlorenc started a while back and adding improvements to get the spire integrated with Tekton pipeline.
The integration of spire k8s workload registrar automatically allows for tekton created pods to be registered into the spire-server.
Currently spire-server and spire-agent needs to be running in your cluster in order for tekton pipelines to integrate. Please follow the Spire documentation that is part of this PR to set up for local testing.
Submitter Checklist
As the author of this PR, please check off the items in this checklist:
- [x] Docs included if any changes are user facing
- [x] Tests included if any functionality added or changed
- [x] Follows the commit message standard
- [x] Meets the Tekton contributor standards (including functionality, content, code)
- [x] Release notes block below has been filled in or deleted (only if no user facing changes)
Release Notes
- Added Spiffe-CSI driver to the controller and allow for spire workload API communication over CSI driver (not using hostpath)
- Added in k8s-workload-registrar into the tekton pipeline controller. This will allow pods to be auto registered into the spire server based on pod annotations.
- Added fetch SVID based on the pod running the TaskRun and use the private key to sign payload and attach the corresponding SVID to the termination messages
- Add in a RESULT_MANIFEST to register all outputs of the TaskRun
- Tekton Pipelines verifies the Results against the SPIRE SVID and Trust Bundle and sets the SignedResultsVerified condition to True
Please provide feedback and improvements!
Hi @pxp928. Thanks for your PR.
I'm waiting for a tektoncd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.
Once the patch is verified, the new status will be reflected by the ok-to-test label.
I understand the commands that are listed here.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report
| File | Old Coverage | New Coverage | Delta |
|---|---|---|---|
| cmd/entrypoint/main.go | 14.0% | 13.3% | -0.7 |
| pkg/apis/config/feature_flags.go | 88.0% | 86.5% | -1.5 |
| pkg/apis/pipeline/v1beta1/taskrun_types.go | 77.2% | 78.3% | 1.1 |
| pkg/entrypoint/entrypointer.go | 69.7% | 87.8% | 18.1 |
| pkg/pod/pod.go | 88.3% | 89.4% | 1.1 |
| pkg/pod/status.go | 90.8% | 90.9% | 0.1 |
| pkg/reconciler/taskrun/resources/image_exporter.go | 81.8% | 83.3% | 1.5 |
| pkg/reconciler/taskrun/taskrun.go | 79.9% | 78.0% | -1.9 |
| pkg/spire/controller.go | Do not exist | 0.0% | |
| pkg/spire/entrypointer.go | Do not exist | 0.0% | |
| pkg/spire/sign.go | Do not exist | 19.4% | |
| pkg/spire/spire_mock.go | Do not exist | 89.8% | |
| pkg/spire/verify.go | Do not exist | 10.6% |
The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report
| File | Old Coverage | New Coverage | Delta |
|---|---|---|---|
| cmd/entrypoint/main.go | 14.0% | 13.3% | -0.7 |
| pkg/apis/config/feature_flags.go | 88.0% | 86.5% | -1.5 |
| pkg/apis/pipeline/v1beta1/taskrun_types.go | 77.2% | 78.3% | 1.1 |
| pkg/entrypoint/entrypointer.go | 69.7% | 87.8% | 18.1 |
| pkg/pod/pod.go | 88.3% | 89.4% | 1.1 |
| pkg/pod/status.go | 90.8% | 90.9% | 0.1 |
| pkg/reconciler/taskrun/resources/image_exporter.go | 81.8% | 83.3% | 1.5 |
| pkg/reconciler/taskrun/taskrun.go | 79.9% | 78.0% | -1.9 |
| pkg/spire/controller.go | Do not exist | 0.0% | |
| pkg/spire/entrypointer.go | Do not exist | 0.0% | |
| pkg/spire/sign.go | Do not exist | 19.4% | |
| pkg/spire/spire_mock.go | Do not exist | 89.8% | |
| pkg/spire/verify.go | Do not exist | 10.6% |
The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report
| File | Old Coverage | New Coverage | Delta |
|---|---|---|---|
| cmd/entrypoint/main.go | 14.0% | 13.3% | -0.7 |
| pkg/apis/config/feature_flags.go | 88.0% | 86.5% | -1.5 |
| pkg/apis/pipeline/v1beta1/taskrun_types.go | 77.2% | 78.3% | 1.1 |
| pkg/entrypoint/entrypointer.go | 69.7% | 87.8% | 18.1 |
| pkg/pod/pod.go | 88.3% | 89.4% | 1.1 |
| pkg/pod/status.go | 90.8% | 90.9% | 0.1 |
| pkg/reconciler/taskrun/resources/image_exporter.go | 81.8% | 83.3% | 1.5 |
| pkg/reconciler/taskrun/taskrun.go | 79.9% | 78.0% | -1.9 |
| pkg/spire/controller.go | Do not exist | 0.0% | |
| pkg/spire/entrypointer.go | Do not exist | 0.0% | |
| pkg/spire/sign.go | Do not exist | 19.4% | |
| pkg/spire/spire_mock.go | Do not exist | 89.8% | |
| pkg/spire/verify.go | Do not exist | 10.6% |
The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report
| File | Old Coverage | New Coverage | Delta |
|---|---|---|---|
| cmd/entrypoint/main.go | 14.0% | 13.3% | -0.7 |
| pkg/apis/config/feature_flags.go | 88.0% | 86.5% | -1.5 |
| pkg/apis/pipeline/v1beta1/taskrun_types.go | 77.2% | 78.3% | 1.1 |
| pkg/entrypoint/entrypointer.go | 69.7% | 87.8% | 18.1 |
| pkg/pod/pod.go | 88.3% | 89.4% | 1.1 |
| pkg/pod/status.go | 90.8% | 90.9% | 0.1 |
| pkg/reconciler/taskrun/resources/image_exporter.go | 81.8% | 83.3% | 1.5 |
| pkg/reconciler/taskrun/taskrun.go | 79.9% | 78.0% | -1.9 |
| pkg/spire/controller.go | Do not exist | 0.0% | |
| pkg/spire/entrypointer.go | Do not exist | 0.0% | |
| pkg/spire/sign.go | Do not exist | 19.4% | |
| pkg/spire/spire_mock.go | Do not exist | 89.8% | |
| pkg/spire/verify.go | Do not exist | 10.6% |
The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report
| File | Old Coverage | New Coverage | Delta |
|---|---|---|---|
| cmd/entrypoint/main.go | 14.0% | 13.3% | -0.7 |
| pkg/apis/config/feature_flags.go | 88.0% | 86.5% | -1.5 |
| pkg/apis/pipeline/v1beta1/taskrun_types.go | 77.2% | 78.3% | 1.1 |
| pkg/entrypoint/entrypointer.go | 69.7% | 87.8% | 18.1 |
| pkg/pod/pod.go | 88.3% | 89.4% | 1.1 |
| pkg/pod/status.go | 90.8% | 90.9% | 0.1 |
| pkg/reconciler/taskrun/resources/image_exporter.go | 81.8% | 83.3% | 1.5 |
| pkg/reconciler/taskrun/taskrun.go | 79.9% | 78.0% | -1.9 |
| pkg/spire/controller.go | Do not exist | 0.0% | |
| pkg/spire/entrypointer.go | Do not exist | 0.0% | |
| pkg/spire/sign.go | Do not exist | 19.4% | |
| pkg/spire/spire_mock.go | Do not exist | 89.8% | |
| pkg/spire/verify.go | Do not exist | 10.6% |
The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report
| File | Old Coverage | New Coverage | Delta |
|---|---|---|---|
| cmd/entrypoint/main.go | 14.0% | 13.3% | -0.7 |
| pkg/apis/config/feature_flags.go | 88.0% | 86.5% | -1.5 |
| pkg/apis/pipeline/v1beta1/taskrun_types.go | 77.2% | 78.3% | 1.1 |
| pkg/entrypoint/entrypointer.go | 69.7% | 87.8% | 18.1 |
| pkg/reconciler/taskrun/resources/image_exporter.go | 81.8% | 83.3% | 1.5 |
| pkg/reconciler/taskrun/taskrun.go | 79.9% | 78.0% | -1.9 |
| pkg/spire/controller.go | Do not exist | 0.0% | |
| pkg/spire/entrypointer.go | Do not exist | 0.0% | |
| pkg/spire/sign.go | Do not exist | 19.4% | |
| pkg/spire/spire_mock.go | Do not exist | 89.8% | |
| pkg/spire/verify.go | Do not exist | 10.6% |
The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report
| File | Old Coverage | New Coverage | Delta |
|---|---|---|---|
| cmd/entrypoint/main.go | 14.0% | 13.3% | -0.7 |
| pkg/apis/config/feature_flags.go | 88.0% | 86.5% | -1.5 |
| pkg/apis/pipeline/v1beta1/taskrun_types.go | 77.2% | 78.3% | 1.1 |
| pkg/entrypoint/entrypointer.go | 69.7% | 87.8% | 18.1 |
| pkg/pod/pod.go | 88.3% | 89.4% | 1.1 |
| pkg/pod/status.go | 90.8% | 90.9% | 0.1 |
| pkg/reconciler/taskrun/resources/image_exporter.go | 81.8% | 83.3% | 1.5 |
| pkg/reconciler/taskrun/taskrun.go | 79.9% | 78.0% | -1.9 |
| pkg/spire/controller.go | Do not exist | 0.0% | |
| pkg/spire/entrypointer.go | Do not exist | 0.0% | |
| pkg/spire/sign.go | Do not exist | 19.4% | |
| pkg/spire/spire_mock.go | Do not exist | 89.8% | |
| pkg/spire/verify.go | Do not exist | 10.6% |
Hey @priyawadhwa, could you review this PR also? Looks for some more inputs from the community.
The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report
| File | Old Coverage | New Coverage | Delta |
|---|---|---|---|
| cmd/entrypoint/main.go | 14.0% | 13.3% | -0.7 |
| pkg/apis/config/feature_flags.go | 88.0% | 86.5% | -1.5 |
| pkg/apis/pipeline/v1beta1/taskrun_types.go | 77.2% | 78.3% | 1.1 |
| pkg/entrypoint/entrypointer.go | 84.8% | 87.3% | 2.5 |
| pkg/reconciler/taskrun/resources/image_exporter.go | 81.8% | 83.3% | 1.5 |
| pkg/reconciler/taskrun/taskrun.go | 80.2% | 78.3% | -1.9 |
| pkg/spire/controller.go | Do not exist | 0.0% | |
| pkg/spire/entrypointer.go | Do not exist | 0.0% | |
| pkg/spire/sign.go | Do not exist | 19.4% | |
| pkg/spire/spire_mock.go | Do not exist | 89.8% | |
| pkg/spire/verify.go | Do not exist | 10.6% |
The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report
| File | Old Coverage | New Coverage | Delta |
|---|---|---|---|
| cmd/entrypoint/main.go | 14.0% | 13.3% | -0.7 |
| pkg/apis/config/feature_flags.go | 88.0% | 86.5% | -1.5 |
| pkg/apis/pipeline/v1beta1/taskrun_types.go | 77.2% | 78.3% | 1.1 |
| pkg/entrypoint/entrypointer.go | 84.8% | 87.8% | 3.0 |
| pkg/pod/pod.go | 88.3% | 89.4% | 1.1 |
| pkg/pod/status.go | 90.9% | 91.0% | 0.1 |
| pkg/reconciler/taskrun/resources/image_exporter.go | 81.8% | 83.3% | 1.5 |
| pkg/reconciler/taskrun/taskrun.go | 80.2% | 78.3% | -1.9 |
| pkg/spire/controller.go | Do not exist | 0.0% | |
| pkg/spire/entrypointer.go | Do not exist | 0.0% | |
| pkg/spire/sign.go | Do not exist | 17.6% | |
| pkg/spire/spire_mock.go | Do not exist | 86.8% | |
| pkg/spire/verify.go | Do not exist | 17.3% |
The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report
| File | Old Coverage | New Coverage | Delta |
|---|---|---|---|
| cmd/entrypoint/main.go | 14.0% | 13.3% | -0.7 |
| pkg/apis/config/feature_flags.go | 88.0% | 86.5% | -1.5 |
| pkg/apis/pipeline/v1beta1/taskrun_types.go | 77.2% | 78.3% | 1.1 |
| pkg/entrypoint/entrypointer.go | 84.8% | 87.8% | 3.0 |
| pkg/pod/pod.go | 88.3% | 89.4% | 1.1 |
| pkg/pod/status.go | 90.9% | 91.0% | 0.1 |
| pkg/reconciler/taskrun/resources/image_exporter.go | 81.8% | 83.3% | 1.5 |
| pkg/reconciler/taskrun/taskrun.go | 80.3% | 78.4% | -1.9 |
| pkg/spire/controller.go | Do not exist | 0.0% | |
| pkg/spire/entrypointer.go | Do not exist | 0.0% | |
| pkg/spire/sign.go | Do not exist | 17.6% | |
| pkg/spire/spire_mock.go | Do not exist | 85.5% | |
| pkg/spire/verify.go | Do not exist | 17.3% |
Thanks a lot for working on this feature @pxp928, and sorry about the delay in review. I'm going to release v0.37 today or tomorrow, so this won't make this release, but let's aim for getting this and possibly part2 in v0.38.
At a first glance this seems like a relatively sizeable change, so we may ask you to split this up, but I'll attempt to do an initial review first in any case.
I noticed the 0% unit test coverage on a few new modules:
pkg/spire/controller.go | Do not exist | 0.0% |
pkg/spire/entrypointer.go | Do not exist | 0.0%
Is this something you could look into? We have a few exported functions there, so we should provide coverage for them.
Thank you!!
Thanks a lot for working on this feature @pxp928, and sorry about the delay in review. I'm going to release v0.37 today or tomorrow, so this won't make this release, but let's aim for getting this and possibly part2 in v0.38.
At a first glance this seems like a relatively sizeable change, so we may ask you to split this up, but I'll attempt to do an initial review first in any case.
I noticed the 0% unit test coverage on a few new modules:
pkg/spire/controller.go | Do not exist | 0.0% | pkg/spire/entrypointer.go | Do not exist | 0.0%Is this something you could look into? We have a few exported functions there, so we should provide coverage for them.
Thank you!!
The controller and entrypointer are covered via the mocked spire that we created. Plus those tests are covered under the integration tests.
In hindsight this was a mistake on our part. We should have created smaller PRs to get this code incorporated. If that is what the maintainers require, I can work on getting smaller PRs with smaller additions.
Thanks a lot for working on this feature @pxp928, and sorry about the delay in review. I'm going to release v0.37 today or tomorrow, so this won't make this release, but let's aim for getting this and possibly part2 in v0.38. At a first glance this seems like a relatively sizeable change, so we may ask you to split this up, but I'll attempt to do an initial review first in any case. I noticed the 0% unit test coverage on a few new modules:
pkg/spire/controller.go | Do not exist | 0.0% | pkg/spire/entrypointer.go | Do not exist | 0.0%Is this something you could look into? We have a few exported functions there, so we should provide coverage for them. Thank you!!
The controller and entrypointer are covered via the mocked spire that we created. Plus those tests are covered under the integration tests.
I understand the E2E coverage, but not that of the unit test one. I'll probably need to dig further in the code.
In hindsight this was a mistake on our part. We should have created smaller PRs to get this code incorporated. If that is what the maintainers require, I can work on getting smaller PRs with smaller additions.
I'd hate to delay your work on this further, but definitely smaller PRs are much easier to review with confidence.
For those 2 files, those are just wrappers around calling the spire implementation, we've refactored most of the code are in the rest of the files in the package so that they are re-used by the SPIRE mock for testing!
I'd hate to delay your work on this further, but definitely smaller PRs are much easier to review with confidence
Thanks @afrittoli for the review! Do you have any recommendations on how to break this up? The individual components are a little hard to review without the context of how they are used. Was chatting with @pxp928 and think maybe we can schedule some time to help walk through the PR.
For those 2 files, those are just wrappers around calling the spire implementation, we've refactored most of the code are in the rest of the files in the package so that they are re-used by the SPIRE mock for testing!
I'd hate to delay your work on this further, but definitely smaller PRs are much easier to review with confidence
Thanks @afrittoli for the review! Do you have any recommendations on how to break this up? The individual components are a little hard to review without the context of how they are used. Was chatting with @pxp928 and think maybe we can schedule some time to help walk through the PR.
Yeah, that's a fair point - but perhaps the spire package could be added by itself along with test coverage for it. At least for me the highest barrier to review is the lack of knowledge about SPIRE, so having that in a dedicated PR might help.
The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report
| File | Old Coverage | New Coverage | Delta |
|---|---|---|---|
| cmd/entrypoint/main.go | 14.0% | 13.3% | -0.7 |
| pkg/apis/config/feature_flags.go | 88.0% | 86.5% | -1.5 |
| pkg/apis/pipeline/v1beta1/taskrun_types.go | 77.2% | 78.3% | 1.1 |
| pkg/entrypoint/entrypointer.go | 84.8% | 87.8% | 3.0 |
| pkg/reconciler/taskrun/resources/image_exporter.go | 81.8% | 83.3% | 1.5 |
| pkg/reconciler/taskrun/taskrun.go | 81.6% | 79.7% | -1.9 |
The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report
| File | Old Coverage | New Coverage | Delta |
|---|---|---|---|
| cmd/entrypoint/main.go | 14.0% | 13.3% | -0.7 |
| pkg/apis/config/feature_flags.go | 88.0% | 86.8% | -1.2 |
| pkg/apis/pipeline/v1beta1/taskrun_types.go | 77.2% | 78.3% | 1.1 |
| pkg/entrypoint/entrypointer.go | 84.8% | 87.8% | 3.0 |
| pkg/pod/pod.go | 88.3% | 89.4% | 1.1 |
| pkg/pod/status.go | 90.9% | 91.0% | 0.1 |
| pkg/reconciler/taskrun/resources/image_exporter.go | 81.8% | 83.3% | 1.5 |
| pkg/reconciler/taskrun/taskrun.go | 81.6% | 79.7% | -1.9 |
| pkg/spire/controller.go | Do not exist | 0.0% | |
| pkg/spire/entrypointer.go | Do not exist | 0.0% | |
| pkg/spire/sign.go | Do not exist | 17.6% | |
| pkg/spire/spire_mock.go | Do not exist | 85.5% | |
| pkg/spire/verify.go | Do not exist | 17.3% |
The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report
| File | Old Coverage | New Coverage | Delta |
|---|---|---|---|
| cmd/entrypoint/main.go | 14.0% | 13.3% | -0.7 |
| pkg/apis/config/feature_flags.go | 88.0% | 86.8% | -1.2 |
| pkg/apis/pipeline/v1beta1/taskrun_types.go | 77.2% | 78.3% | 1.1 |
| pkg/entrypoint/entrypointer.go | 84.8% | 87.8% | 3.0 |
| pkg/pod/pod.go | 88.3% | 89.4% | 1.1 |
| pkg/pod/status.go | 90.9% | 91.0% | 0.1 |
| pkg/reconciler/taskrun/resources/image_exporter.go | 81.8% | 83.3% | 1.5 |
| pkg/reconciler/taskrun/taskrun.go | 81.6% | 79.7% | -1.9 |
| pkg/spire/controller.go | Do not exist | 0.0% | |
| pkg/spire/entrypointer.go | Do not exist | 0.0% | |
| pkg/spire/sign.go | Do not exist | 17.6% | |
| pkg/spire/spire_mock.go | Do not exist | 85.5% | |
| pkg/spire/verify.go | Do not exist | 17.3% |
For those 2 files, those are just wrappers around calling the spire implementation, we've refactored most of the code are in the rest of the files in the package so that they are re-used by the SPIRE mock for testing!
I'd hate to delay your work on this further, but definitely smaller PRs are much easier to review with confidence
Thanks @afrittoli for the review! Do you have any recommendations on how to break this up? The individual components are a little hard to review without the context of how they are used. Was chatting with @pxp928 and think maybe we can schedule some time to help walk through the PR.
Yeah, that's a fair point - but perhaps the spire package could be added by itself along with test coverage for it. At least for me the highest barrier to review is the lack of knowledge about SPIRE, so having that in a dedicated PR might help.
@afrittoli I created another PR with just the spire package -> https://github.com/tektoncd/pipeline/pull/5039
The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report
| File | Old Coverage | New Coverage | Delta |
|---|---|---|---|
| cmd/entrypoint/main.go | 14.0% | 13.3% | -0.7 |
| pkg/apis/config/feature_flags.go | 88.0% | 86.8% | -1.2 |
| pkg/apis/pipeline/v1beta1/taskrun_types.go | 77.2% | 78.3% | 1.1 |
| pkg/entrypoint/entrypointer.go | 84.8% | 87.8% | 3.0 |
| pkg/pod/pod.go | 88.3% | 89.4% | 1.1 |
| pkg/pod/status.go | 90.9% | 91.0% | 0.1 |
| pkg/reconciler/taskrun/resources/image_exporter.go | 81.8% | 83.3% | 1.5 |
| pkg/reconciler/taskrun/taskrun.go | 81.6% | 79.7% | -1.9 |
| pkg/spire/controller.go | Do not exist | 0.0% | |
| pkg/spire/entrypointer.go | Do not exist | 0.0% | |
| pkg/spire/sign.go | Do not exist | 17.6% | |
| pkg/spire/spire_mock.go | Do not exist | 85.5% | |
| pkg/spire/verify.go | Do not exist | 17.3% |
The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report
| File | Old Coverage | New Coverage | Delta |
|---|---|---|---|
| cmd/entrypoint/main.go | 14.0% | 13.3% | -0.7 |
| pkg/apis/config/feature_flags.go | 88.0% | 86.8% | -1.2 |
| pkg/apis/pipeline/v1beta1/taskrun_types.go | 77.2% | 78.3% | 1.1 |
| pkg/entrypoint/entrypointer.go | 84.8% | 87.8% | 3.0 |
| pkg/pod/pod.go | 88.3% | 89.4% | 1.1 |
| pkg/pod/status.go | 90.9% | 91.0% | 0.1 |
| pkg/reconciler/taskrun/resources/image_exporter.go | 81.8% | 83.3% | 1.5 |
| pkg/reconciler/taskrun/taskrun.go | 81.6% | 79.7% | -1.9 |
| pkg/spire/controller.go | Do not exist | 0.0% | |
| pkg/spire/entrypointer.go | Do not exist | 0.0% | |
| pkg/spire/sign.go | Do not exist | 17.6% | |
| pkg/spire/spire_mock.go | Do not exist | 85.5% | |
| pkg/spire/verify.go | Do not exist | 17.3% |
[APPROVALNOTIFIER] This PR is NOT APPROVED
This pull-request has been approved by: To complete the pull request process, please ask for approval from pritidesai after the PR has been reviewed.
The full list of commands accepted by this bot can be found here.
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report
| File | Old Coverage | New Coverage | Delta |
|---|---|---|---|
| cmd/entrypoint/main.go | 13.6% | 12.9% | -0.7 |
| pkg/apis/config/feature_flags.go | 81.8% | 81.0% | -0.8 |
| pkg/apis/pipeline/v1beta1/taskrun_types.go | 77.2% | 78.3% | 1.1 |
| pkg/entrypoint/entrypointer.go | 84.8% | 87.8% | 3.0 |
| pkg/pod/pod.go | 88.8% | 89.8% | 1.0 |
| pkg/pod/status.go | 90.9% | 91.0% | 0.1 |
| pkg/reconciler/taskrun/resources/image_exporter.go | 81.8% | 83.3% | 1.5 |
| pkg/reconciler/taskrun/taskrun.go | 80.6% | 78.8% | -1.8 |
| pkg/spire/controller.go | Do not exist | 0.0% | |
| pkg/spire/entrypointer.go | Do not exist | 0.0% | |
| pkg/spire/sign.go | Do not exist | 17.6% | |
| pkg/spire/spire_mock.go | Do not exist | 85.5% | |
| pkg/spire/verify.go | Do not exist | 17.3% |