Billy Lynch
Billy Lynch
+1 from me!
Sorry about the delay! Catching up post-travel 🙇 An alternative that's been mentioned before is to capture a digest of the resolved API object in the pipeline provenance. Even if...
We may want to derive this value from the run status itself so the controller can self-report - either by `app.kubernetes.io/managed-by`, [ManagedFieldsEntry](https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#ManagedFieldsEntry) or some other mechanism.
I believe either? My expectation would be the annotations trickle down PipelineRun > Pipeline > TaskRun > Task.
Thanks! Closing this though since we've bumped past this version with other PRs now.
I suspect handling key phasing on the verification side might be easier - I don't think we'd want to stop reconciliation on the Chains to phase out a key (since...
Sorry about the delayed response! What I think is happening (assuming you're using the catalog tasks): 1. The kaniko task is outputting the IMAGE_URL/IMAGE_DIGEST results Chains is looking for. 2....
/test pull-tekton-chains-integration-tests
For tracking when an object was processed, +1 for using a Condition though we should create a new condition for chains, not reuse an existing pipelines condition. This would also...
We already have update permissions in order to add the current annotation. (and even though we have both the normal object + status permissions, idk what happens if you try...