TEP 0122: complete build instuctions: adding taskspec to buildConfig

This PR introduces a new format in-toto-v2 which contains the complete
build instructions as designed in TEP0122.

pkg/chains/formats/all/all.go

@@ -16,6 +16,7 @@ package all
 
 import (
  _ "github.com/tektoncd/chains/pkg/chains/formats/intotoite6"
+ _ "github.com/tektoncd/chains/pkg/chains/formats/intotoite6v2"
  _ "github.com/tektoncd/chains/pkg/chains/formats/simple"
  _ "github.com/tektoncd/chains/pkg/chains/formats/tekton"
 )

pkg/chains/formats/intotoite6/extract/extract_test.go → pkg/chains/formats/extract/extract_test.go

@@ -23,7 +23,7 @@ import (
  "github.com/google/go-cmp/cmp"
  "github.com/google/go-cmp/cmp/cmpopts"
  intoto "github.com/in-toto/in-toto-golang/in_toto"
- "github.com/tektoncd/chains/pkg/chains/formats/intotoite6/extract"
+ "github.com/tektoncd/chains/pkg/chains/formats/extract"
  "github.com/tektoncd/chains/pkg/chains/objects"
  "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
  logtesting "knative.dev/pkg/logging/testing"

pkg/chains/formats/format.go

@@ -31,6 +31,7 @@ const (
  PayloadTypeTekton config.PayloadType = "tekton"
  PayloadTypeSimpleSigning config.PayloadType = "simplesigning"
  PayloadTypeInTotoIte6 config.PayloadType = "in-toto"
+ PayloadTypeInTotoIte6V2 config.PayloadType = "in-toto-v2"
 )
 
 var (

pkg/chains/formats/intotoite6/intotoite6.go

@@ -21,8 +21,8 @@ import (
  "fmt"
 
  "github.com/tektoncd/chains/pkg/chains/formats"
- "github.com/tektoncd/chains/pkg/chains/formats/intotoite6/pipelinerun"
- "github.com/tektoncd/chains/pkg/chains/formats/intotoite6/taskrun"
+ intotov1pr "github.com/tektoncd/chains/pkg/chains/formats/intotoite6/pipelinerun"
+ intotov1tr "github.com/tektoncd/chains/pkg/chains/formats/intotoite6/taskrun"
  "github.com/tektoncd/chains/pkg/chains/objects"
  "github.com/tektoncd/chains/pkg/config"
  "knative.dev/pkg/logging"
@@ -54,9 +54,9 @@ func (i *InTotoIte6) CreatePayload(ctx context.Context, obj interface{}) (interf
  logger := logging.FromContext(ctx)
  switch v := obj.(type) {
  case *objects.TaskRunObject:
- return taskrun.GenerateAttestation(i.builderID, v, logger)
+ return intotov1tr.GenerateAttestation(i.builderID, v, logger)
  case *objects.PipelineRunObject:
- return pipelinerun.GenerateAttestation(i.builderID, v, logger)
+ return intotov1pr.GenerateAttestation(i.builderID, v, logger)
  default:
  return nil, fmt.Errorf("intoto does not support type: %s", v)
  }

pkg/chains/formats/intotoite6/intotoite6_test.go

@@ -21,7 +21,7 @@ import (
  "time"
 
  "github.com/tektoncd/chains/pkg/chains/formats"
- "github.com/tektoncd/chains/pkg/chains/formats/intotoite6/attest"
+ "github.com/tektoncd/chains/pkg/chains/formats/attest"
  "github.com/tektoncd/chains/pkg/chains/formats/intotoite6/pipelinerun"
  "github.com/tektoncd/chains/pkg/chains/formats/intotoite6/taskrun"
  "github.com/tektoncd/chains/pkg/chains/objects"
@@ -41,7 +41,7 @@ var e1BuildFinished = time.Unix(1617011415, 0)
 func TestTaskRunCreatePayload1(t *testing.T) {
  ctx := logtesting.TestContextWithLogger(t)
 
- tr, err := objectloader.TaskRunFromFile("testdata/taskrun1.json")
+ tr, err := objectloader.TaskRunFromFile("../testdata/taskrun1.json")
  if err != nil {
  t.Fatal(err)
  }
@@ -129,7 +129,7 @@ func TestTaskRunCreatePayload1(t *testing.T) {
 
 func TestPipelineRunCreatePayload(t *testing.T) {
  ctx := logtesting.TestContextWithLogger(t)
- pr, err := objectloader.PipelineRunFromFile("testdata/pipelinerun1.json")
+ pr, err := objectloader.PipelineRunFromFile("../testdata/pipelinerun1.json")
  if err != nil {
  t.Fatal(err)
  }
@@ -307,11 +307,11 @@ func TestPipelineRunCreatePayload(t *testing.T) {
  },
  }
 
- tr1, err := objectloader.TaskRunFromFile("testdata/taskrun1.json")
+ tr1, err := objectloader.TaskRunFromFile("../testdata/taskrun1.json")
  if err != nil {
  t.Errorf("error reading taskrun1: %s", err.Error())
  }
- tr2, err := objectloader.TaskRunFromFile("testdata/taskrun2.json")
+ tr2, err := objectloader.TaskRunFromFile("../testdata/taskrun2.json")
  if err != nil {
  t.Errorf("error reading taskrun: %s", err.Error())
  }
@@ -331,7 +331,7 @@ func TestPipelineRunCreatePayload(t *testing.T) {
 }
 func TestPipelineRunCreatePayloadChildRefs(t *testing.T) {
  ctx := logtesting.TestContextWithLogger(t)
- pr, err := objectloader.PipelineRunFromFile("testdata/pipelinerun-childrefs.json")
+ pr, err := objectloader.PipelineRunFromFile("../testdata/pipelinerun-childrefs.json")
  if err != nil {
  t.Fatal(err)
  }
@@ -504,11 +504,11 @@ func TestPipelineRunCreatePayloadChildRefs(t *testing.T) {
  },
  }
 
- tr1, err := objectloader.TaskRunFromFile("testdata/taskrun1.json")
+ tr1, err := objectloader.TaskRunFromFile("../testdata/taskrun1.json")
  if err != nil {
  t.Errorf("error reading taskrun1: %s", err.Error())
  }
- tr2, err := objectloader.TaskRunFromFile("testdata/taskrun2.json")
+ tr2, err := objectloader.TaskRunFromFile("../testdata/taskrun2.json")
  if err != nil {
  t.Errorf("error reading taskrun: %s", err.Error())
  }
@@ -528,7 +528,7 @@ func TestPipelineRunCreatePayloadChildRefs(t *testing.T) {
 
 func TestTaskRunCreatePayload2(t *testing.T) {
  ctx := logtesting.TestContextWithLogger(t)
- tr, err := objectloader.TaskRunFromFile("testdata/taskrun2.json")
+ tr, err := objectloader.TaskRunFromFile("../testdata/taskrun2.json")
  if err != nil {
  t.Fatal(err)
  }
@@ -597,7 +597,7 @@ func TestTaskRunCreatePayload2(t *testing.T) {
 func TestMultipleSubjects(t *testing.T) {
  ctx := logtesting.TestContextWithLogger(t)
 
- tr, err := objectloader.TaskRunFromFile("testdata/taskrun-multiple-subjects.json")
+ tr, err := objectloader.TaskRunFromFile("../testdata/taskrun-multiple-subjects.json")
  if err != nil {
  t.Fatal(err)
  }

pkg/chains/formats/intotoite6/pipelinerun/pipelinerun.go

@@ -19,8 +19,8 @@ import (
  intoto "github.com/in-toto/in-toto-golang/in_toto"
  slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
  "github.com/tektoncd/chains/pkg/artifacts"
- "github.com/tektoncd/chains/pkg/chains/formats/intotoite6/attest"
- "github.com/tektoncd/chains/pkg/chains/formats/intotoite6/extract"
+ "github.com/tektoncd/chains/pkg/chains/formats/attest"
+ "github.com/tektoncd/chains/pkg/chains/formats/extract"
  "github.com/tektoncd/chains/pkg/chains/objects"
  "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
  "go.uber.org/zap"

pkg/chains/formats/intotoite6/pipelinerun/provenance_test.go

@@ -22,8 +22,8 @@ import (
  "github.com/google/go-containerregistry/pkg/name"
  intoto "github.com/in-toto/in-toto-golang/in_toto"
  slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
- "github.com/tektoncd/chains/pkg/chains/formats/intotoite6/attest"
- "github.com/tektoncd/chains/pkg/chains/formats/intotoite6/extract"
+ "github.com/tektoncd/chains/pkg/chains/formats/attest"
+ "github.com/tektoncd/chains/pkg/chains/formats/extract"
  "github.com/tektoncd/chains/pkg/chains/objects"
  "github.com/tektoncd/chains/pkg/internal/objectloader"
  "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
@@ -42,15 +42,15 @@ func init() {
 
 func createPro() *objects.PipelineRunObject {
  var err error
- pr, err := objectloader.PipelineRunFromFile("../testdata/pipelinerun1.json")
+ pr, err := objectloader.PipelineRunFromFile("../../testdata/pipelinerun1.json")
  if err != nil {
  panic(err)
  }
- tr1, err := objectloader.TaskRunFromFile("../testdata/taskrun1.json")
+ tr1, err := objectloader.TaskRunFromFile("../../testdata/taskrun1.json")
  if err != nil {
  panic(err)
  }
- tr2, err := objectloader.TaskRunFromFile("../testdata/taskrun2.json")
+ tr2, err := objectloader.TaskRunFromFile("../../testdata/taskrun2.json")
  if err != nil {
  panic(err)
  }

pkg/chains/formats/intotoite6/taskrun/buildconfig.go

@@ -17,7 +17,7 @@ limitations under the License.
 package taskrun
 
 import (
- "github.com/tektoncd/chains/pkg/chains/formats/intotoite6/attest"
+ "github.com/tektoncd/chains/pkg/chains/formats/attest"
  "github.com/tektoncd/chains/pkg/chains/objects"
  "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
 )

pkg/chains/formats/intotoite6/taskrun/buildconfig_test.go

@@ -22,7 +22,7 @@ import (
 
  "github.com/ghodss/yaml"
  "github.com/google/go-cmp/cmp"
- "github.com/tektoncd/chains/pkg/chains/formats/intotoite6/attest"
+ "github.com/tektoncd/chains/pkg/chains/formats/attest"
  "github.com/tektoncd/chains/pkg/chains/objects"
  "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
 )

pkg/chains/formats/intotoite6/taskrun/provenance_test.go

@@ -28,7 +28,7 @@ import (
  "github.com/google/go-cmp/cmp"
  "github.com/in-toto/in-toto-golang/in_toto"
  "github.com/tektoncd/chains/pkg/artifacts"
- "github.com/tektoncd/chains/pkg/chains/formats/intotoite6/extract"
+ "github.com/tektoncd/chains/pkg/chains/formats/extract"
  "github.com/tektoncd/chains/pkg/chains/objects"
  "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
  "github.com/tektoncd/pipeline/pkg/apis/resource/v1alpha1"

pkg/chains/formats/intotoite6/taskrun/taskrun.go

@@ -17,8 +17,8 @@ import (
  intoto "github.com/in-toto/in-toto-golang/in_toto"
  slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
  "github.com/tektoncd/chains/pkg/artifacts"
- "github.com/tektoncd/chains/pkg/chains/formats/intotoite6/attest"
- "github.com/tektoncd/chains/pkg/chains/formats/intotoite6/extract"
+ "github.com/tektoncd/chains/pkg/chains/formats/attest"
+ "github.com/tektoncd/chains/pkg/chains/formats/extract"
  "github.com/tektoncd/chains/pkg/chains/objects"
  "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
  "github.com/tektoncd/pipeline/pkg/apis/resource/v1alpha1"

pkg/chains/formats/intotoite6v2/intotoite6v2.go

@@ -0,0 +1,64 @@
+/*
+Copyright 2021 The Tekton Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package intotoite6v2
+
+import (
+ "context"
+ "fmt"
+
+ "github.com/tektoncd/chains/pkg/chains/formats"
+ intotoite6v2tr "github.com/tektoncd/chains/pkg/chains/formats/intotoite6v2/taskrun"
+ "github.com/tektoncd/chains/pkg/chains/objects"
+ "github.com/tektoncd/chains/pkg/config"
+ "knative.dev/pkg/logging"
+)
+
+const (
+ PayloadTypeInTotoIte6V2 = formats.PayloadTypeInTotoIte6V2
+)
+
+func init() {
+ formats.RegisterPayloader(PayloadTypeInTotoIte6V2, NewFormatter)
+}
+
+type InTotoIte6V2 struct {
+ builderID string
+}
+
+func NewFormatter(cfg config.Config) (formats.Payloader, error) {
+ return &InTotoIte6V2{
+ builderID: cfg.Builder.ID,
+ }, nil
+}
+
+func (i *InTotoIte6V2) Wrap() bool {
+ return true
+}
+
+func (i *InTotoIte6V2) CreatePayload(ctx context.Context, obj interface{}) (interface{}, error) {
+ logger := logging.FromContext(ctx)
+ switch v := obj.(type) {
+ case *objects.TaskRunObject:
+ return intotoite6v2tr.GenerateAttestation(i.builderID, v, logger)
+ default:
+ return nil, fmt.Errorf("intoto does not support type: %s", v)
+ }
+}
+
+func (i *InTotoIte6V2) Type() config.PayloadType {
+ return formats.PayloadTypeInTotoIte6V2
+}