Skip to content

Add buildType for Chains format slsa/v2alpha2 (SLSAv1.0 predicate).#906

Merged
tekton-robot merged 2 commits intotektoncd:mainfrom
chitrangpatel:buildtype
Jan 21, 2025
Merged

Add buildType for Chains format slsa/v2alpha2 (SLSAv1.0 predicate).#906
tekton-robot merged 2 commits intotektoncd:mainfrom
chitrangpatel:buildtype

Conversation

@chitrangpatel
Copy link
Contributor

@chitrangpatel chitrangpatel commented Aug 25, 2023
edited by chuangw6
Loading

Changes

Fixes #890

This PR adds the build type for the implementation of the SLSA format v2alpha2 as per issue #797.

Submitter Checklist

As the author of this PR, please check off the items in this checklist:

  • Has Docs included if any changes are user facing
  • Has Tests included if any functionality added or changed
  • Follows the commit message standard
  • Meets the Tekton contributor standards (including
    functionality, content, code)
  • Release notes block below has been updated with any user facing changes (API changes, bug fixes, changes requiring upgrade notices or deprecation warnings)
  • Release notes contains the string "action required" if the change requires additional action from users switching to the new release

Release Notes

Add buildType for Chains format slsa/v2alpha2 (SLSAv1.0 preficate).

/kind documentation

Looks something like this on locally hosted tekton website:
Screenshot 2023-08-30 at 10 38 33 AM

@tekton-robot tekton-robot added the kind/documentation Categorizes issue or PR as related to documentation. label Aug 25, 2023
@tekton-robot tekton-robot added the size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. label Aug 25, 2023
@chitrangpatel chitrangpatel force-pushed the buildtype branch 4 times, most recently from 4333990 to aaaa781 Compare August 30, 2023 14:37
@chitrangpatel
Copy link
Contributor Author

chitrangpatel commented Aug 30, 2023

/assign @wlynch @chuangw6 @lcarva

wlynch
wlynch reviewed Aug 30, 2023
View reviewed changes
docs/buildtype/buildtype-v2.md Outdated
# Description

```
"buildType": "https://tekton.dev/docs/chains/buildtype-v2"
Copy link
Member

@wlynch wlynch Aug 30, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this the right build type?

I don't know if we should be pointing to /docs/ page - I'd prefer to carve out a more dedicated space e.g. https://tekton.dev/predicate/chains/run/v2alpha1

Copy link
Contributor Author

@chitrangpatel chitrangpatel Aug 31, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This url is what would appear if we simply merged this doc as is. This is what the Tekton Website would point to. I can certainly work towards making changes in the Tekton website as well such that the url is what we desire.

Let me start by trying to achieve something like this: https://tekton.dev/predicate/chains/run/v2alpha1

Copy link
Contributor Author

@chitrangpatel chitrangpatel Oct 26, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is now "buildType": "https://tekton.dev/predicate/chains/slsa/v2"

@chitrangpatel chitrangpatel force-pushed the buildtype branch 2 times, most recently from 4e0c486 to 0528761 Compare August 31, 2023 15:38
@wlynch wlynch mentioned this pull request Aug 31, 2023
Merged
2 tasks
@chitrangpatel chitrangpatel force-pushed the buildtype branch 2 times, most recently from 32647cd to 5e67cca Compare September 1, 2023 13:00
@chuangw6 chuangw6 mentioned this pull request Sep 6, 2023
Merged
4 tasks
chuangw6
chuangw6 reviewed Sep 7, 2023
View reviewed changes
Copy link
Member

@chuangw6 chuangw6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @chitrangpatel for writing this up!

@joejstuart joejstuart mentioned this pull request Sep 16, 2023
Merged
3 tasks
@chitrangpatel chitrangpatel changed the title Add buildType for Chains format slsa/v2alpha2 (SLSAv1.0 preficate). Add buildType for Chains format slsa/v2alpha2 (SLSAv1.0 predicate). Oct 11, 2023
@chitrangpatel
Add buildType for Chains format slsa/v2alpha2 (SLSAv1.0 predicate)
92217e3 
This PR adds the build type for the implementation of the SLSA format
v2alpha2 as per issue tektoncd#797.
lehors
lehors reviewed Dec 14, 2023
View reviewed changes
Copy link
Contributor

@lehors lehors left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't mean to be pedantic but I used your samples as input to test a provenance validator and found a few typos in the json.
Also I should note that I don't believe it is valid for a URI to be relative as in:

"uri": "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init",

Otherwise this looks good to me.
Thanks for working on adding support for SLSA 1.0!

@chitrangpatel @lehors
Apply suggestions from code review
9868aa8 
pulling in suggested changes.

Co-authored-by: Arnaud J Le Hors <[email protected]>
@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Dec 15, 2023
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

@lehors
Copy link
Contributor

lehors commented Feb 16, 2024

Folks, I apologize for not realizing that this was blocked by my (simple) contribution not being covered by my company's CLA. I got this addressed and hope you can proceed with merging this PR.

@lcarva
Copy link
Contributor

lcarva commented Jan 20, 2025

@chitrangpatel, @lehors is this still relevant?

@lehors
Copy link
Contributor

lehors commented Jan 21, 2025

@chitrangpatel, @lehors is this still relevant?

I have to admit not to understand why this hasn't been merged yet. Issue #890 is still open so I assume this hasn't been addressed elsewhere. On that basis, yes, I think it should be merged.
Thanks.

lcarva
lcarva approved these changes Jan 21, 2025
View reviewed changes
Copy link
Contributor

@lcarva lcarva left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Jan 21, 2025
@tekton-robot
Copy link

tekton-robot commented Jan 21, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: lcarva

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 21, 2025
@tekton-robot tekton-robot merged commit f488a69 into tektoncd:main Jan 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wlynch wlynch wlynch left review comments

@lcarva lcarva lcarva approved these changes

+3 more reviewers

@lehors lehors lehors left review comments

@joejstuart joejstuart joejstuart left review comments

@chuangw6 chuangw6 chuangw6 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@wlynch wlynch

@lcarva lcarva

@chuangw6 chuangw6

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/documentation Categorizes issue or PR as related to documentation. lgtm Indicates that a PR is ready to be merged. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Build Type and Documentation for SLSA 1.0 provenance

7 participants

@chitrangpatel @lehors @lcarva @tekton-robot @wlynch @joejstuart @chuangw6