Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tekton Chains + Spire for validating results and taskrun status #462

Closed
wants to merge 5 commits into from
Closed

Tekton Chains + Spire for validating results and taskrun status #462

wants to merge 5 commits into from

Conversation

pxp928
Copy link
Member

@pxp928 pxp928 commented Jun 16, 2022

Draft PR:

Tekton Chains + Spire integration to validate results and taskrun status. If spire verification is valid for both, Chains proceed with signing and attestation generation.

Note: This needs upstream pipeline PRs to be merged first.
tektoncd/pipeline#4759
tektoncd/pipeline#4828

@tekton-robot tekton-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 16, 2022
@tekton-robot tekton-robot requested review from font and mattmoor June 16, 2022 20:00
@tekton-robot tekton-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Jun 16, 2022
@tekton-robot
Copy link

Hi @pxp928. Thanks for your PR.

I'm waiting for a tektoncd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tekton-robot tekton-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jun 24, 2022
@tekton-robot
Copy link

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign wlynch after the PR has been reviewed.
You can assign the PR to them by writing /assign @wlynch in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

pxp928 and others added 4 commits July 28, 2022 22:03
@pxp928
Chains Spire Verification (#24)
1482784 
* Implement Chains API server with GRPC, and add in an integration test

* Add SPIRE verification to chains

* fix merge conflict

* pull main and tidy

Signed-off-by: pxp928 <parth.psu@gmail.com>

* added spire annotation verification

Signed-off-by: pxp928 <parth.psu@gmail.com>

* error if spire verification fails

Signed-off-by: pxp928 <parth.psu@gmail.com>

* changed to check status annotations

Signed-off-by: pxp928 <parth.psu@gmail.com>

* removed local spire and moved condition check

Signed-off-by: pxp928 <parth.psu@gmail.com>

* updated condition check and spire check to format

Signed-off-by: pxp928 <parth.psu@gmail.com>

* fixed typo

Signed-off-by: pxp928 <parth.psu@gmail.com>

* fixed vendor for pipelines

Signed-off-by: pxp928 <parth.psu@gmail.com>

Co-authored-by: Priya Wadhwa <priyawadhwa@google.com>
@pxp928
updated results verification (#25)
3e6da3a 
Signed-off-by: pxp928 <parth.psu@gmail.com>
@pxp928
updated checks based on pipeline (#31)
86c0750 
Signed-off-by: pxp928 <parth.psu@gmail.com>
@pxp928
rebased
bb3c7db 
Signed-off-by: pxp928 <parth.psu@gmail.com>
@tekton-robot tekton-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 29, 2022
@pxp928 pxp928 force-pushed the spire-main branch 4 times, most recently from 022de05 to d1cb9a4 Compare July 29, 2022 18:30
@pxp928
Added unit and integration testing for spire to chains (#35)
c8674db 
* added spire testing

Signed-off-by: pxp928 <parth.psu@gmail.com>

* fixed comments

Signed-off-by: pxp928 <parth.psu@gmail.com>
@tekton-robot tekton-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 26, 2022
@tekton-robot
Copy link

@pxp928: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tekton-robot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale with a justification.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle stale

Send feedback to tektoncd/plumbing.

@tekton-robot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten with a justification.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle rotten

Send feedback to tektoncd/plumbing.

@pxp928
Copy link
Member Author

pxp928 commented Jan 4, 2023
edited
Loading

/remove-lifecycle rotten waiting on upstream pipeline PRs to merge

@pxp928
Copy link
Member Author

pxp928 commented Jan 4, 2023

/remove-lifecycle rotten

@tekton-robot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale with a justification.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle stale

Send feedback to tektoncd/plumbing.

@tekton-robot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten with a justification.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle rotten

Send feedback to tektoncd/plumbing.

@tekton-robot
Copy link

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen with a justification.
Mark the issue as fresh with /remove-lifecycle rotten with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/close

Send feedback to tektoncd/plumbing.

@tekton-robot
Copy link

@tekton-robot: Closed this PR.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen with a justification.
Mark the issue as fresh with /remove-lifecycle rotten with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/close

Send feedback to tektoncd/plumbing.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@font font Awaiting requested review from font

@mattmoor mattmoor Awaiting requested review from mattmoor

Assignees
No one assigned
Labels
do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. lifecycle/rotten needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pxp928 @tekton-robot