plumbing Enable commit signing

Feature request

We should enable commit signing so that commits to main are signed and can be verified.

Ideally it'd be great if everyone could sign commits, but to start enabling for the Prow/Tide submit job is probably okay.

Use case

So we can meet SLSA L3 Verified History requirements.

Jun 14 '22 16:06 wlynch

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale with a justification. Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with /close with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle stale

Send feedback to tektoncd/plumbing.

Sep 12 '22 17:09 tekton-robot

/remove-lifecycle stale

Sep 14 '22 08:09 afrittoli

/lifecycle frozen this is something that we need to do

Sep 14 '22 08:09 afrittoli

@wlynch do you know how signing plays with automatic squash of commits? Is prow able to re-sign the commits with a bot identity after they are squashed into one, or does signing mean that contributors must craft their own one/two commit per PR and re-sign before merge?

Sep 14 '22 08:09 afrittoli

Pretty much in any case (unless it's a pure fast-forward) the prow robot user should take over as the committer and write its own signature - this would apply to squash, merge, or rebase. The original author should be preserved as the author.

Sep 14 '22 09:09 wlynch

Do you know if that's supported by tide today? I can look into it - if not we would need to either work with the k8s test-infra team to support that in tide or write our own bot (which I'd rather not).

Sep 14 '22 09:09 afrittoli

I think so? Looks like the commits for k/k are signed by the GitHub web-flow key -

Sep 14 '22 09:09 wlynch

Ah interesting 👼🏼

Sep 14 '22 09:09 vdemeester

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale with a justification. Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with /close with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle stale

Send feedback to tektoncd/plumbing.

Dec 13 '22 10:12 tekton-robot

Stale issues rot after 30d of inactivity. Mark the issue as fresh with /remove-lifecycle rotten with a justification. Rotten issues close after an additional 30d of inactivity. If this issue is safe to close now please do so with /close with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle rotten

Send feedback to tektoncd/plumbing.

Jan 12 '23 10:01 tekton-robot

Rotten issues close after 30d of inactivity. Reopen the issue with /reopen with a justification. Mark the issue as fresh with /remove-lifecycle rotten with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/close

Send feedback to tektoncd/plumbing.

Feb 11 '23 10:02 tekton-robot

@tekton-robot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity. Reopen the issue with /reopen with a justification. Mark the issue as fresh with /remove-lifecycle rotten with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/close

Send feedback to tektoncd/plumbing.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Feb 11 '23 10:02 tekton-robot

/lifecycle frozen

Feb 11 '23 11:02 afrittoli