Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add repository information to artifacts when using tkn bundle #2100

Open
arewm opened this issue Aug 17, 2023 · 1 comment
Open

Add repository information to artifacts when using tkn bundle #2100

arewm opened this issue Aug 17, 2023 · 1 comment
Labels
kind/feature Categorizes issue or PR as related to a new feature.
Milestone
0.39.0

Comments

@arewm
Copy link

arewm commented Aug 17, 2023

Feature request

When pushing a Tekton bundle using the tkn bundle command, users should have an option to add labels to the artifact pointing to the git source for the bundle including the immutable reference and context directory within the source.

These labels could either be added using a single command which would get the relevant information from the context or using multiple commands requiring users to explicitly specify the references for the label content.

Use case

The source and history of Tekton tasks can be beneficial when debugging Pipelines. Users should be able to view the bundles in OCI registries to easily track the sources.

Tekton bundles can be easily copied from one image registry to another. As this happens, the original provenance can easily be lost. Since the image labels would be copied with the artifacts, provenance should be easily tracked assuming a well-intending entity made the copy (i.e. registry copies with intentional modification to the labels would be out of scope from a threat model).

UI Example

If the bundle is generated from within the context of a git repository, then it could be possible to collect the repo and commit references and the context can additionally be added based on the file used as the bundle's source

tkn bundle push quay.io/myork/mybundle:1.0 -f path/to/my/file.json --label-source
tkn bundle push quay.io/myorg/mybundle:latest "apiVersion: tekton.dev/v1beta1 kind: Pipeline..." --label-repository "..." --label-commit "abc..."
cat path/to/my/unified_yaml_file.yaml | tkn bundle push myprivateregistry.com/myorg/mybundle -f  --label-repository "..." --label-commit "abc..." --label-context "path/to/my/" -

The following examples would not be supported as tkn wouldn't be able to validate that the sources are related to the git invocation information from $CWD.

tkn bundle push quay.io/myorg/mybundle:latest "apiVersion: tekton.dev/v1beta1 kind: Pipeline..." --label-source
cat path/to/my/unified_yaml_file.yaml | tkn bundle push myprivateregistry.com/myorg/mybundle -f --label-source -
@arewm arewm added the kind/feature Categorizes issue or PR as related to a new feature. label Aug 17, 2023
@zregvart
Copy link
Contributor

zregvart commented Sep 1, 2023

With #1933 one can provide annotations on the tkn bundle push command. Note that labels are considered deprecated. For the use cases outlined here there are standard annotations that can be used.

For example:

tkn bundle push registry.io/repository/my-bundle:1.0 -f my-task.yaml \
  --annotate org.opencontainers.image.source=git@git.myorg.io:tekton/tasks.git \
  --annotate org.opencontainers.image.revision=git-commit-id

@vinamra28 vinamra28 added this to the 0.39.0 milestone May 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
0.39.0
Development

No branches or pull requests
3 participants
@zregvart @arewm @vinamra28