Add repository information to artifacts when using tkn bundle
#2100
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
Milestone
Comments
arewm
added
the
kind/feature
|
With #1933 one can provide annotations on the For example: tkn bundle push registry.io/repository/my-bundle:1.0 -f my-task.yaml \
--annotate [email protected]:tekton/tasks.git \
--annotate org.opencontainers.image.revision=git-commit-id |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature request
When pushing a Tekton bundle using the
tkn bundlecommand, users should have an option to add labels to the artifact pointing to the git source for the bundle including the immutable reference and context directory within the source.These labels could either be added using a single command which would get the relevant information from the context or using multiple commands requiring users to explicitly specify the references for the label content.
Use case
The source and history of Tekton tasks can be beneficial when debugging Pipelines. Users should be able to view the bundles in OCI registries to easily track the sources.
Tekton bundles can be easily copied from one image registry to another. As this happens, the original provenance can easily be lost. Since the image labels would be copied with the artifacts, provenance should be easily tracked assuming a well-intending entity made the copy (i.e. registry copies with intentional modification to the labels would be out of scope from a threat model).
UI Example
If the bundle is generated from within the context of a git repository, then it could be possible to collect the repo and commit references and the context can additionally be added based on the file used as the bundle's source
The following examples would not be supported as
tknwouldn't be able to validate that the sources are related to the git invocation information from$CWD.The text was updated successfully, but these errors were encountered: