Rename ConfigSource to RefSource

Recently, we introduced a new field named `provenance` in *Run.satus, and one subfield it has is named `ConfigSource`. In this commit, we renamed the subfield `ConfigSource` to `RefSource`. Reasoning: ConfigSource is the SLSA name and ties to a specific SLSA version. It also makes this a leaky abstraction, i.e. we are naming fields in our API after how we want to use them. Additionally, `config` isn't a concept that exists in Tekton. Backward compatible: This field was just introduced recently as an alpha feature gated by a dedicated feature flag. It should be okay being unstable :D. As far as I know, it would be only a breaking change for Chains which just started using this field recently, but I am happy to handle this in Chains once this change is included in our next release. Signed-off-by: Chuang Wang <chuangw@google.com>
tektoncd · Mar 20, 2023 · 5dfd647 · 5dfd647
1 parent d3f10fd
commit 5dfd647
Show file tree

Hide file tree

Showing 52 changed files with 514 additions and 524 deletions.
diff --git a/docs/resolver-template/cmd/demoresolver/main.go b/docs/resolver-template/cmd/demoresolver/main.go
@@ -93,8 +93,8 @@ func (*myResolvedResource) Annotations() map[string]string {
 	return nil
 }
 
-// Source is the source reference of the remote data that records where the remote
+// RefSource is the source reference of the remote data that records where the remote
 // file came from including the url, digest and the entrypoint. None atm.
-func (*myResolvedResource) Source() *pipelinev1beta1.ConfigSource {
+func (*myResolvedResource) RefSource() *pipelinev1beta1.RefSource {
 	return nil
 }
diff --git a/pkg/apis/pipeline/v1/openapi_generated.go b/pkg/apis/pipeline/v1/openapi_generated.go
diff --git a/pkg/apis/pipeline/v1/provenance.go b/pkg/apis/pipeline/v1/provenance.go
@@ -15,37 +15,32 @@ package v1
 
 import "github.com/tektoncd/pipeline/pkg/apis/config"
 
-// Provenance contains some key authenticated metadata about how a software artifact was
-// built (what sources, what inputs/outputs, etc.). For now, it only contains the subfield
-// `ConfigSource` that identifies the source where a build config file came from.
-// In future, it can be expanded as needed to include more metadata about the build.
-// This field aims to be used to carry minimum amount of the authenticated metadata in *Run status
-// so that Tekton Chains can pick it up and record in the provenance it generates.
+// Provenance contains metadata about resources used in the TaskRun/PipelineRun
+// such as the source from where a remote build definition was fetched.
+// This field aims to carry minimum amoumt of metadata in *Run status so that
+// Tekton Chains can capture them in the provenance.
 type Provenance struct {
-	// ConfigSource identifies the source where a resource came from.
-	ConfigSource *ConfigSource `json:"configSource,omitempty"`
+	// RefSource identifies the source where a remote task/pipeline came from.
+	RefSource *RefSource `json:"refSource,omitempty"`
 
 	// FeatureFlags identifies the feature flags that were used during the task/pipeline run
 	FeatureFlags *config.FeatureFlags `json:"featureFlags,omitempty"`
 }
 
-// ConfigSource identifies the source where a resource came from.
-// This can include Git repositories, Task Bundles, file checksums, or other information
-// that allows users to identify where the resource came from and what version was used.
-type ConfigSource struct {
-	// URI indicates the identity of the source of the config.
-	// Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.uri
+// RefSource contains the information that can uniquely identify where a remote
+// built definition came from i.e. Git repositories, Tekton Bundles in OCI registry
+// and hub.
+type RefSource struct {
+	// URI indicates the identity of the source of the build definition.
 	// Example: "https://github.com/tektoncd/catalog"
 	URI string `json:"uri,omitempty"`
 
 	// Digest is a collection of cryptographic digests for the contents of the artifact specified by URI.
-	// Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.digest
 	// Example: {"sha1": "f99d13e554ffcb696dee719fa85b695cb5b0f428"}
 	Digest map[string]string `json:"digest,omitempty"`
 
 	// EntryPoint identifies the entry point into the build. This is often a path to a
-	// configuration file and/or a target label within that file.
-	// Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.entryPoint
+	// build definition file and/or a target label within that file.
 	// Example: "task/git-clone/0.8/git-clone.yaml"
 	EntryPoint string `json:"entryPoint,omitempty"`
 }
diff --git a/pkg/apis/pipeline/v1/swagger.json b/pkg/apis/pipeline/v1/swagger.json
@@ -180,28 +180,6 @@
         }
       }
     },
-    "v1.ConfigSource": {
-      "description": "ConfigSource identifies the source where a resource came from. This can include Git repositories, Task Bundles, file checksums, or other information that allows users to identify where the resource came from and what version was used.",
-      "type": "object",
-      "properties": {
-        "digest": {
-          "description": "Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.digest Example: {\"sha1\": \"f99d13e554ffcb696dee719fa85b695cb5b0f428\"}",
-          "type": "object",
-          "additionalProperties": {
-            "type": "string",
-            "default": ""
-          }
-        },
-        "entryPoint": {
-          "description": "EntryPoint identifies the entry point into the build. This is often a path to a configuration file and/or a target label within that file. Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.entryPoint Example: \"task/git-clone/0.8/git-clone.yaml\"",
-          "type": "string"
-        },
-        "uri": {
-          "description": "URI indicates the identity of the source of the config. Definition: https://slsa.dev/provenance/v0.2#invocation.configSource.uri Example: \"https://github.com/tektoncd/catalog\"",
-          "type": "string"
-        }
-      }
-    },
     "v1.EmbeddedTask": {
       "description": "EmbeddedTask is used to define a Task inline within a Pipeline's PipelineTasks.",
       "type": "object",
@@ -1074,16 +1052,38 @@
       }
     },
     "v1.Provenance": {
-      "description": "Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.). For now, it only contains the subfield `ConfigSource` that identifies the source where a build config file came from. In future, it can be expanded as needed to include more metadata about the build. This field aims to be used to carry minimum amount of the authenticated metadata in *Run status so that Tekton Chains can pick it up and record in the provenance it generates.",
+      "description": "Provenance contains metadata about resources used in the TaskRun/PipelineRun such as the source from where a remote build definition was fetched. This field aims to carry minimum amoumt of metadata in *Run status so that Tekton Chains can capture them in the provenance.",
       "type": "object",
       "properties": {
-        "configSource": {
-          "description": "ConfigSource identifies the source where a resource came from.",
-          "$ref": "#/definitions/v1.ConfigSource"
-        },
         "featureFlags": {
           "description": "FeatureFlags identifies the feature flags that were used during the task/pipeline run",
           "$ref": "#/definitions/github.com.tektoncd.pipeline.pkg.apis.config.FeatureFlags"
+        },
+        "refSource": {
+          "description": "RefSource identifies the source where a remote task/pipeline came from.",
+          "$ref": "#/definitions/v1.RefSource"
+        }
+      }
+    },
+    "v1.RefSource": {
+      "description": "RefSource contains the information that can uniquely identify where a remote built definition came from i.e. Git repositories, Tekton Bundles in OCI registry and hub.",
+      "type": "object",
+      "properties": {
+        "digest": {
+          "description": "Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. Example: {\"sha1\": \"f99d13e554ffcb696dee719fa85b695cb5b0f428\"}",
+          "type": "object",
+          "additionalProperties": {
+            "type": "string",
+            "default": ""
+          }
+        },
+        "entryPoint": {
+          "description": "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.8/git-clone.yaml\"",
+          "type": "string"
+        },
+        "uri": {
+          "description": "URI indicates the identity of the source of the build definition. Example: \"https://github.com/tektoncd/catalog\"",
+          "type": "string"
         }
       }
     },

diff --git a/pkg/apis/pipeline/v1/zz_generated.deepcopy.go b/pkg/apis/pipeline/v1/zz_generated.deepcopy.go