-
Notifications
You must be signed in to change notification settings - Fork 220
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TEP0122 - Complete build instructions and parameters - implementable #894
TEP0122 - Complete build instructions and parameters - implementable #894
Conversation
7f50790
to
f25c813
Compare
Maybe this PR is an opportunity to address #820 (comment)? |
Good point. I will move the conversation here:
Hmm. I didn't think of that. Do you mean https:/tektoncd/pipeline/blob/d5f1a1743ff03b5aeee0363c234016d3eaa66d75/config/controller.yaml#L63-L87? If so, yes we should be able to capture the args in
I was thinking of including them all for completeness since there are only 16 I think.
Hmm. Unless I'm misunderstanding, the only features that I'm thinking of are these. Surely, that list could increase over time but probably not too large? That shouldn't be an issue right?
I think SLSA wants reproducibility as best as we can. I think feature flags that were used to configure Tekton that produced the build is very important for reproducibility and for verification. A user may decide that the build was performed using wrong feature flags and may not want to deploy the build. |
/approve |
f25c813
to
2386a40
Compare
/assign |
Synced offline with @chitrangpatel . We need to update the tables to reflect that service account, workspaces etc. provided in taskrun will be recorded in invocation.params instead of buildConfig. Not sure if it fits into this pr which just moves the tep to implementable. If not, feel free to do it in another pr :d Thanks @chitrangpatel !! |
2386a40
to
2320a3b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @chitrangpatel for updating this!
I think it fits here. Before making it implementable, its better to address these issues. |
I think on the surface level, the provenance aims to record the information about the build process of an artifact instead of the build system. There is indeed a field in the SLSA v0.2 provenance named predicate.builder to record the builder information, but it only records the builder identifier. That said, the SLSA v1.0 design (draft) seems to introduce more fields about builder, and one of them is builderDependencies which seems like a better place for the flags to the controller? So I am leaning towards making flags out of scope for SLSA v0.2, but I am open to other suggestions here. |
@chuangw6 @afrittoli according to https://slsa.dev/provenance/v0.2, In slsav0.2, I think this is where config-feature-flags belong and may be also arguments that I think @afrittoli is mentioning. |
c01b2f4
to
089e4be
Compare
/kind tep |
/assign @afrittoli |
/approve |
API WG - @afrittoli please take a look, this approved by other reviewers. @chitrangpatel to rebase this. Thanks! |
089e4be
to
4a67752
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: afrittoli, bobcatfish, chuangw6 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This proposal was intended to be implementable but was accidentally left in proposed state. I don't believe there is anything else that needs to be done to make it implementable.
4a67752
to
b378706
Compare
Approved in API WG |
This proposal was intended to be implementable but was accidentally left in proposed state. Some minor cleanup (accidental
buildConfig --> invocation.Parameters
) and clarifications were added to make it more readable. No major changes were introduced.