Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Populate the *Run.Status.Provenance.ConfigSource field #5397

Merged
merged 1 commit into from
Nov 11, 2022
Merged

Populate the *Run.Status.Provenance.ConfigSource field #5397

merged 1 commit into from
Nov 11, 2022

Conversation

chuangw6
Copy link
Member

@chuangw6 chuangw6 commented Aug 30, 2022
edited
Loading

Changes

Before:
Prior, remote ResolutionRequest CRD supports recording the source information
in its Status that identifies where the remote resource came from.
Similarly, TaskRun/PipelineRun CRD supports receiving the source information
via a field in its status from remote ResolutionRequest. Specifically,
this field named ConfigSource is a subfield of the Provenance field in status.

Now:
In this PR, we are trying to pass the data from ResolutionRequest to pipeline
reconciler so that the data can be captured in TaskRun/PipelineRun's Status.Provenance.ConfigSource.
The implication of this change is that many functions' interface has been
changed because we are passing this extra source data alongside the remote resoure.

Note:

  • The provenance field in Run.status is behind a feature flag named enable-provenance-in-status
    , which was introduced in Feature flag for provenance field in status #5670. The field will be populated iff
    the flag is set to true.
  • If a pipeline yaml is from remote place A, and the individual tasks
    are from other remote places, pipelinerun status will only record the source
    for the pipeline, and the individual taskrun status will record the
    source for the corresponding task.

Related PRs/Issues:

Signed-off-by: Chuang Wang chuangw@google.com

Submitter Checklist

As the author of this PR, please check off the items in this checklist:

  • Has Docs included if any changes are user facing
  • Has Tests included if any functionality added or changed
  • Follows the commit message standard
  • Meets the Tekton contributor standards (including
    functionality, content, code)
  • Has a kind label. You can add one by adding a comment on this PR that contains /kind <type>. Valid types are bug, cleanup, design, documentation, feature, flake, misc, question, tep
  • Release notes block below has been updated with any user facing changes (API changes, bug fixes, changes requiring upgrade notices or deprecation warnings)
  • Release notes contains the string "action required" if the change requires additional action from users switching to the new release

Release Notes

Populate the TaskRun/PipelineRun's Status.Provenance.ConfigSource field with the value from the remote ResolutionRequest Status. 

Note: the feature flag `enable-provenance-in-status` needs to be set to "true" to enable this provenance field to be populated & available in *Run.Status.

@tekton-robot
Copy link
Collaborator

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@tekton-robot tekton-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Aug 30, 2022
@tekton-robot tekton-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Aug 30, 2022
@chuangw6 chuangw6 mentioned this pull request Aug 31, 2022
Closed
@chuangw6
Copy link
Member Author

/test all

@tekton-robot
Copy link
Collaborator

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/remote/oci/resolver.go 72.3% 71.4% -0.9

@chuangw6
Copy link
Member Author

/test tekton-pipeline-unit-tests

@chuangw6 chuangw6 force-pushed the gitresolver-record-more-info branch from 000f52f to 4374be0 Compare August 31, 2022 00:46
@chuangw6
Copy link
Member Author

/test all

@tekton-robot
Copy link
Collaborator

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/reconciler/taskrun/resources/taskref.go 85.2% 86.0% 0.8
pkg/remote/oci/resolver.go 72.3% 71.4% -0.9

@chuangw6
Copy link
Member Author

/retest

1 similar comment
@abayer
Copy link
Contributor

abayer commented Aug 31, 2022

/retest

@abayer
Copy link
Contributor

abayer commented Aug 31, 2022

/assign

@tekton-robot tekton-robot added release-note-none Denotes a PR that doesnt merit a release note. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Aug 31, 2022
@abayer
Copy link
Contributor

abayer commented Aug 31, 2022

Oh, and this should be done for Pipelines, not just Tasks. I'd do all of that in one PR.

@chuangw6
Copy link
Member Author

chuangw6 commented Aug 31, 2022
edited
Loading

Oh, and this should be done for Pipelines, not just Tasks. I'd do all of that in one PR.

Yeah, that's what I planned to do in this PR. I just did for Tasks for now to gather some thoughts first. I've updated the description to reflect that. Thanks @abayer!

@chuangw6 chuangw6 force-pushed the gitresolver-record-more-info branch from 4374be0 to 1361c80 Compare August 31, 2022 14:42
@chuangw6
Copy link
Member Author

/test all

@tekton-robot
Copy link
Collaborator

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/reconciler/taskrun/resources/taskref.go 85.2% 86.0% 0.8
pkg/remote/oci/resolver.go 72.3% 71.4% -0.9

@ywluogg ywluogg mentioned this pull request Sep 8, 2022
Closed
@tekton-robot tekton-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Sep 8, 2022
@dibyom
Copy link
Member

dibyom commented Nov 8, 2022

Good point! Agree. I've added the e2e test in my local but not pushed because the source value in all resolvers is still nil, which will lead us to compare if nil == nil. Happy to add this in another PR (or hold this pr) once the prs of setting value in resolver are merged. wdyt? @dibyom

Slight preference for merging the PRs setting the source value in resolver first and then merging this with the e2e test (since this pr enables the feature).

@tekton-robot tekton-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 10, 2022
@tekton-robot tekton-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 10, 2022
@tekton-robot
Copy link
Collaborator

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/reconciler/pipelinerun/pipelinerun.go 85.5% 85.6% 0.0
pkg/reconciler/pipelinerun/resources/pipelineref.go 92.2% 92.6% 0.4
pkg/reconciler/taskrun/resources/taskref.go 88.2% 88.7% 0.5
pkg/reconciler/taskrun/taskrun.go 81.4% 81.5% 0.1
pkg/remote/oci/resolver.go 72.3% 71.4% -0.9

@tekton-robot
Copy link
Collaborator

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/reconciler/pipelinerun/pipelinerun.go 85.5% 85.6% 0.0
pkg/reconciler/pipelinerun/resources/pipelineref.go 92.2% 92.6% 0.4
pkg/reconciler/taskrun/resources/taskref.go 88.2% 88.7% 0.5
pkg/reconciler/taskrun/taskrun.go 81.4% 81.5% 0.1
pkg/remote/oci/resolver.go 72.3% 71.4% -0.9
pkg/resolution/resolver/cluster/resolver.go 84.4% 84.8% 0.5

@tekton-robot tekton-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Nov 10, 2022
@chuangw6
Copy link
Member Author

chuangw6 commented Nov 10, 2022
edited
Loading

Slight preference for merging the PRs setting the source value in resolver first and then merging this with the e2e test (since this pr enables the feature).

That makes perfect sense to me! PRs for all resolvers were merged and e2e test is added. Please take a look! Thank you @dibyom .

@chuangw6 chuangw6 requested a review from dibyom November 10, 2022 18:57
@tekton-robot
Copy link
Collaborator

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/reconciler/pipelinerun/pipelinerun.go 85.5% 85.6% 0.0
pkg/reconciler/pipelinerun/resources/pipelineref.go 92.2% 92.6% 0.4
pkg/reconciler/taskrun/resources/taskref.go 88.2% 88.7% 0.5
pkg/reconciler/taskrun/taskrun.go 81.4% 81.5% 0.1
pkg/remote/oci/resolver.go 72.3% 71.4% -0.9
pkg/resolution/resolver/cluster/resolver.go 84.4% 84.8% 0.5

@chuangw6
Copy link
Member Author

/retest

@chuangw6
Copy link
Member Author

/unhold

@tekton-robot tekton-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 10, 2022
@dibyom
Copy link
Member

dibyom commented Nov 10, 2022
edited
Loading

Has Docs included if any changes are user facing

This seems to be already documented in https://github.com/tektoncd/pipeline/blob/main/docs/pipelineruns.md#the-status-field

@chuangw6
Populate the *Run.Status.Provenance.ConfigSource field
55744ed 
Prior, remote `ResolutionRequest` CRD supports **recording** the source information
in its Status that identifies where the remote resource came from.
Similarly, `TaskRun/PipelineRun` CRD supports **receiving** the source information
via a field in its status from remote ResolutionRequest. Specifically,
this field named `ConfigSource` is a subfield of the `Provenance` field in status.

In this PR, we are trying to pass the data from `ResolutionRequest` to pipeline
reconciler so that the data can be captured in TaskRun/PipelineRun's `Status.Provenance.ConfigSource`.
The implication of this change is that many functions' interface has been
changed because we are passing this extra source data alongside the remote resoure.

Note:
- The `provenance` field in Run.status is behind a feature flag named `enable-provenance-in-status`
, which was introduced in tektoncd#5670. The field will be populated iff
the flag is set to `true`.
- If a pipeline yaml is from remote place A, and the individual tasks
are from other remote places, pipelinerun status will only record the source
for the pipeline, and the individual taskrun status will record the
source for the corresponding task.

Related PRs/Issues:
- tektoncd#5580
- tektoncd#5551
- tektoncd#5670
- tektoncd#5522

Signed-off-by: Chuang Wang <chuangw@google.com>
@dibyom
Copy link
Member

dibyom commented Nov 10, 2022

Thank you for all the work through the many iterations on this @chuangw6 🎉

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Nov 10, 2022
@tekton-robot tekton-robot removed the lgtm Indicates that a PR is ready to be merged. label Nov 10, 2022
@tekton-robot
Copy link
Collaborator

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/reconciler/pipelinerun/pipelinerun.go 85.5% 85.6% 0.0
pkg/reconciler/pipelinerun/resources/pipelineref.go 92.2% 92.6% 0.4
pkg/reconciler/taskrun/resources/taskref.go 88.2% 88.7% 0.5
pkg/reconciler/taskrun/taskrun.go 81.4% 81.5% 0.1
pkg/remote/oci/resolver.go 72.3% 71.4% -0.9

@dibyom
Copy link
Member

dibyom commented Nov 10, 2022

Coverage drop is oci/resolver is due to one line being split into two (thanks @chuangw6 ). So again:

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Nov 10, 2022
@chuangw6
Copy link
Member Author

chuangw6 commented Nov 10, 2022
edited
Loading

Thank you so much everyone for the thorough review on this PR. @abayer @jagathprakash @Yongxuanzhang @alhuizenga @dibyom @wlynch!!

Started with the PoC which passed the data through unstructured annotations to the current approach which passes through the structured fields in status, this PR enables Chains to capture the important information in the provenance in a way that is extensible and easy to maintain. Special thanks to @wlynch @dibyom for the suggestion of introducing the structured fields into ResolutionRequest.Status and Run.Status. 👍

@tekton-robot tekton-robot merged commit ca7c70c into tektoncd:main Nov 11, 2022
chuangw6 added a commit to chuangw6/chains that referenced this pull request Nov 18, 2022
@chuangw6
Record invocation.configSource section in slsa provenance
00587f9 
Related to tektoncd#521 and tektoncd/pipeline#5397

Prior to this PR, `invocation.configSource` section in slsa provenance
was missing.

In this change, we want to record the configSource information for the
remote resources i.e. git, bundle, catalog.

Signed-off-by: Chuang Wang <chuangw@google.com>
chuangw6 added a commit to chuangw6/chains that referenced this pull request Nov 18, 2022
@chuangw6
Record invocation.configSource section in slsa provenance
6f8ce45 
Related to tektoncd#521 and tektoncd/pipeline#5397

Prior to this PR, `invocation.configSource` section in slsa provenance
was missing.

In this change, we want to record the configSource information for the
remote resources i.e. git, bundle, catalog.

Signed-off-by: Chuang Wang <chuangw@google.com>
chuangw6 added a commit to chuangw6/chains that referenced this pull request Nov 18, 2022
@chuangw6
Record invocation.configSource section in slsa provenance
efbddf2 
Related to tektoncd#521 and tektoncd/pipeline#5397

Prior to this PR, `invocation.configSource` section in slsa provenance
was missing.

In this change, we want to record the configSource information for the
remote resources i.e. git, bundle, catalog.

Signed-off-by: Chuang Wang <chuangw@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Yongxuanzhang Yongxuanzhang Yongxuanzhang left review comments

@jagathprakash jagathprakash jagathprakash left review comments

@abayer abayer abayer left review comments

@wlynch wlynch wlynch approved these changes

@dibyom dibyom Awaiting requested review from dibyom

Assignees

@abayer abayer

@wlynch wlynch

@dibyom dibyom

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/feature Categorizes issue or PR as related to a new feature. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
Pipelines v0.42
Development

Successfully merging this pull request may close these issues.
9 participants
@chuangw6 @tekton-robot @abayer @alhuizenga @dibyom @wlynch @jagathprakash @Yongxuanzhang @jerop