Skip to content

Commit

Permalink
Merge pull request #54 from lcarva/local-task-recording
Browse files Browse the repository at this point in the history 
Local task recording
  • Loading branch information
@lcarva
lcarva authored Jan 8, 2024
2 parents 7bc8e93 + 971d673 commit 5ad7776
Show file tree
Hide file tree
Showing 22 changed files with 1,492 additions and 600 deletions.
9 changes: 9 additions & 0 deletions provenance/pipeline/simple-build.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,15 @@ spec:
echo -n "${TEST_OUTPUT}" > "$(results.TEST_OUTPUT.path)"
- name: av-scan
runAfter:
- git-clone
params:
- name: TEST_OUTPUT
value: $(params.TEST_OUTPUT)
taskRef:
name: mock-av-scanner

- name: build
runAfter:
- scan
Expand Down
11 changes: 11 additions & 0 deletions provenance/record.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,11 @@ function build_image() {
echo -n "${digest}"
}

function load_local_task() {
kubectl apply -f provenance/task/mock-av-scan.yaml
log "✅ Loaded local task onto cluster"
}

function render_pipeline() {
local bundle_ref
local git_remote
Expand Down Expand Up @@ -208,7 +213,9 @@ function decode_attestation_content() {
jq "$jq_query" "$att_file" > "$decoded_content_att_file"

# If there were no changes then the file is useless so let's remove it
set +e
diff "$att_file" "$decoded_content_att_file" >/dev/null && rm -f "$decoded_content_att_file"
set -e
}

function setup_scenario() {
Expand All @@ -235,6 +242,8 @@ function run_in_cluster_pipeline() {

image_digest="$(build_image)"

load_local_task

pr_name="simple-build-run-$(rand_string)"

render_pipelinerun "${pr_name}" "${image_digest}" | \
Expand Down Expand Up @@ -262,6 +271,8 @@ function run_inline_pipeline() {

image_digest="$(build_image)"

load_local_task

pr_name="simple-build-run-$(rand_string)"

render_pipelinerun "${pr_name}" "${image_digest}" \
Expand Down
130 changes: 90 additions & 40 deletions provenance/recordings/01-SLSA-v0-2-Pipeline-in-cluster/attestation.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
{
"name": "quay.io/lucarval/test-policies-chains",
"digest": {
"sha256": "9d506a69392c7079eeda978ee6c3377c75411690733d29bfd572d9b17343290f"
"sha256": "2cfcb34dcaabc76e331dc9b28c3256a3d0508f6ddf6b3a9fee156c9bfce91c85"
}
}
],
Expand All @@ -17,11 +17,11 @@
"invocation": {
"configSource": {},
"parameters": {
"IMAGE_DIGEST": "sha256:9d506a69392c7079eeda978ee6c3377c75411690733d29bfd572d9b17343290f",
"IMAGE_DIGEST": "sha256:2cfcb34dcaabc76e331dc9b28c3256a3d0508f6ddf6b3a9fee156c9bfce91c85",
"IMAGE_URL": "quay.io/lucarval/test-policies-chains",
"TEST_OUTPUT": "missing",
"commit": "f3b4439d07a181c21b3527a25cb9c885f49e2781",
"committer-date": "1697558914",
"commit": "a95a628c6bb3de64fe3a56aea3d367a7fd1628a6",
"committer-date": "1704741370",
"url": "gitspam.spam/spam/spam"
},
"environment": {
Expand All @@ -40,54 +40,54 @@
"params": [
{
"name": "url",
"value": "https://github.com/lcarva/ec-policies.git"
"value": "https://github.com/enterprise-contract/hacks.git"
},
{
"name": "revision",
"value": "727f8cae69fdfbae7cf8a44fd5e2055ad9573fb9"
"value": "4fceb2416020011e794105f113a3913ef659c8ee"
},
{
"name": "pathInRepo",
"value": "integration/task/mock-git-clone.yaml"
"value": "provenance/task/mock-git-clone.yaml"
}
]
},
"startedOn": "2023-10-17T16:08:37Z",
"finishedOn": "2023-10-17T16:08:54Z",
"startedOn": "2024-01-08T19:16:11Z",
"finishedOn": "2024-01-08T19:16:15Z",
"status": "Succeeded",
"steps": [
{
"entryPoint": "#!/usr/bin/env sh\nset -euo pipefail\n\necho -n \"${COMMIT}\" > \"/tekton/results/commit\"\necho -n \"${URL}\" > \"/tekton/results/url\"\necho -n \"${COMMITTER_DATE}\" > \"/tekton/results/committer-date\"\n",
"arguments": null,
"environment": {
"container": "clone",
"image": "oci://registry.access.redhat.com/ubi9@sha256:20f695d2a91352d4eaa25107535126727b5945bff38ed36a3e59590f495046f0"
"image": "oci://registry.access.redhat.com/ubi9@sha256:fc300be6adbdf2ca812ad01efd0dee2a3e3f5d33958ad6cd99159e25e9ee1398"
},
"annotations": null
}
],
"invocation": {
"configSource": {
"uri": "git+https://github.com/lcarva/ec-policies.git",
"uri": "git+https://github.com/enterprise-contract/hacks.git",
"digest": {
"sha1": "727f8cae69fdfbae7cf8a44fd5e2055ad9573fb9"
"sha1": "4fceb2416020011e794105f113a3913ef659c8ee"
},
"entryPoint": "integration/task/mock-git-clone.yaml"
"entryPoint": "provenance/task/mock-git-clone.yaml"
},
"parameters": {
"commit": "f3b4439d07a181c21b3527a25cb9c885f49e2781",
"committer-date": "1697558914",
"commit": "a95a628c6bb3de64fe3a56aea3d367a7fd1628a6",
"committer-date": "1704741370",
"url": "gitspam.spam/spam/spam"
},
"environment": {
"annotations": {
"pipeline.tekton.dev/release": "e7b5e58"
"pipeline.tekton.dev/release": "e59ee42"
},
"labels": {
"app.kubernetes.io/managed-by": "tekton-pipelines",
"tekton.dev/memberOf": "tasks",
"tekton.dev/pipeline": "simple-build",
"tekton.dev/pipelineRun": "simple-build-run-2a211ff731",
"tekton.dev/pipelineRun": "simple-build-run-a2595b597b",
"tekton.dev/pipelineTask": "git-clone",
"tekton.dev/task": "mock-git-clone"
}
Expand All @@ -97,12 +97,12 @@
{
"name": "commit",
"type": "string",
"value": "f3b4439d07a181c21b3527a25cb9c885f49e2781"
"value": "a95a628c6bb3de64fe3a56aea3d367a7fd1628a6"
},
{
"name": "committer-date",
"type": "string",
"value": "1697558914"
"value": "1704741370"
},
{
"name": "url",
Expand All @@ -117,16 +117,16 @@
"git-clone"
],
"ref": {},
"startedOn": "2023-10-17T16:08:54Z",
"finishedOn": "2023-10-17T16:08:58Z",
"startedOn": "2024-01-08T19:16:15Z",
"finishedOn": "2024-01-08T19:16:19Z",
"status": "Succeeded",
"steps": [
{
"entryPoint": "#!/usr/bin/env sh\nset -euo pipefail\n\necho -n \"${TEST_OUTPUT}\" > \"/tekton/results/TEST_OUTPUT\"\n",
"arguments": null,
"environment": {
"container": "scan",
"image": "oci://registry.access.redhat.com/ubi9@sha256:20f695d2a91352d4eaa25107535126727b5945bff38ed36a3e59590f495046f0"
"image": "oci://registry.access.redhat.com/ubi9@sha256:fc300be6adbdf2ca812ad01efd0dee2a3e3f5d33958ad6cd99159e25e9ee1398"
},
"annotations": null
}
Expand All @@ -138,13 +138,13 @@
},
"environment": {
"annotations": {
"pipeline.tekton.dev/release": "e7b5e58"
"pipeline.tekton.dev/release": "e59ee42"
},
"labels": {
"app.kubernetes.io/managed-by": "tekton-pipelines",
"tekton.dev/memberOf": "tasks",
"tekton.dev/pipeline": "simple-build",
"tekton.dev/pipelineRun": "simple-build-run-2a211ff731",
"tekton.dev/pipelineRun": "simple-build-run-a2595b597b",
"tekton.dev/pipelineTask": "scan"
}
}
Expand All @@ -157,6 +157,56 @@
}
]
},
{
"name": "av-scan",
"after": [
"git-clone"
],
"ref": {
"name": "mock-av-scanner",
"kind": "Task"
},
"startedOn": "2024-01-08T19:16:15Z",
"finishedOn": "2024-01-08T19:16:19Z",
"status": "Succeeded",
"steps": [
{
"entryPoint": "#!/usr/bin/env sh\nset -euo pipefail\n\necho -n \"${TEST_OUTPUT}\" > \"/tekton/results/TEST_OUTPUT\"\n",
"arguments": null,
"environment": {
"container": "scan",
"image": "oci://registry.access.redhat.com/ubi9@sha256:fc300be6adbdf2ca812ad01efd0dee2a3e3f5d33958ad6cd99159e25e9ee1398"
},
"annotations": null
}
],
"invocation": {
"configSource": {},
"parameters": {
"TEST_OUTPUT": "missing"
},
"environment": {
"annotations": {
"pipeline.tekton.dev/release": "e59ee42"
},
"labels": {
"app.kubernetes.io/managed-by": "tekton-pipelines",
"tekton.dev/memberOf": "tasks",
"tekton.dev/pipeline": "simple-build",
"tekton.dev/pipelineRun": "simple-build-run-a2595b597b",
"tekton.dev/pipelineTask": "av-scan",
"tekton.dev/task": "mock-av-scanner"
}
}
},
"results": [
{
"name": "TEST_OUTPUT",
"type": "string",
"value": "missing"
}
]
},
{
"name": "build",
"after": [
Expand All @@ -168,7 +218,7 @@
"params": [
{
"name": "bundle",
"value": "quay.io/lucarval/test-policies-chains@sha256:50931e4893447c808a5df75e53803432816e0c3a91c55d8e8234caf4b688141a"
"value": "quay.io/lucarval/test-policies-chains@sha256:ae5952d5aac1664fbeae9191d9445244051792af903d28d3e0084e9d9b7cce61"
},
{
"name": "name",
Expand All @@ -180,16 +230,16 @@
}
]
},
"startedOn": "2023-10-17T16:08:58Z",
"finishedOn": "2023-10-17T16:09:02Z",
"startedOn": "2024-01-08T19:16:19Z",
"finishedOn": "2024-01-08T19:16:23Z",
"status": "Succeeded",
"steps": [
{
"entryPoint": "#!/usr/bin/env sh\nset -euo pipefail\n\necho -n \"${IMAGE_URL}\" > \"/tekton/results/IMAGE_URL\"\necho -n \"${IMAGE_DIGEST}\" > \"/tekton/results/IMAGE_DIGEST\"\n",
"arguments": null,
"environment": {
"container": "build-and-push",
"image": "oci://registry.access.redhat.com/ubi9@sha256:20f695d2a91352d4eaa25107535126727b5945bff38ed36a3e59590f495046f0"
"image": "oci://registry.access.redhat.com/ubi9@sha256:fc300be6adbdf2ca812ad01efd0dee2a3e3f5d33958ad6cd99159e25e9ee1398"
},
"annotations": null
}
Expand All @@ -198,23 +248,23 @@
"configSource": {
"uri": "quay.io/lucarval/test-policies-chains",
"digest": {
"sha256": "50931e4893447c808a5df75e53803432816e0c3a91c55d8e8234caf4b688141a"
"sha256": "ae5952d5aac1664fbeae9191d9445244051792af903d28d3e0084e9d9b7cce61"
},
"entryPoint": "mock-build"
},
"parameters": {
"IMAGE_DIGEST": "sha256:9d506a69392c7079eeda978ee6c3377c75411690733d29bfd572d9b17343290f",
"IMAGE_DIGEST": "sha256:2cfcb34dcaabc76e331dc9b28c3256a3d0508f6ddf6b3a9fee156c9bfce91c85",
"IMAGE_URL": "quay.io/lucarval/test-policies-chains"
},
"environment": {
"annotations": {
"pipeline.tekton.dev/release": "e7b5e58"
"pipeline.tekton.dev/release": "e59ee42"
},
"labels": {
"app.kubernetes.io/managed-by": "tekton-pipelines",
"tekton.dev/memberOf": "tasks",
"tekton.dev/pipeline": "simple-build",
"tekton.dev/pipelineRun": "simple-build-run-2a211ff731",
"tekton.dev/pipelineRun": "simple-build-run-a2595b597b",
"tekton.dev/pipelineTask": "build",
"tekton.dev/task": "mock-build"
}
Expand All @@ -224,7 +274,7 @@
{
"name": "IMAGE_DIGEST",
"type": "string",
"value": "sha256:9d506a69392c7079eeda978ee6c3377c75411690733d29bfd572d9b17343290f"
"value": "sha256:2cfcb34dcaabc76e331dc9b28c3256a3d0508f6ddf6b3a9fee156c9bfce91c85"
},
{
"name": "IMAGE_URL",
Expand All @@ -236,8 +286,8 @@
]
},
"metadata": {
"buildStartedOn": "2023-10-17T16:08:34Z",
"buildFinishedOn": "2023-10-17T16:09:02Z",
"buildStartedOn": "2024-01-08T19:16:10Z",
"buildFinishedOn": "2024-01-08T19:16:23Z",
"completeness": {
"parameters": false,
"environment": false,
Expand All @@ -249,25 +299,25 @@
{
"uri": "oci://registry.access.redhat.com/ubi9",
"digest": {
"sha256": "20f695d2a91352d4eaa25107535126727b5945bff38ed36a3e59590f495046f0"
"sha256": "fc300be6adbdf2ca812ad01efd0dee2a3e3f5d33958ad6cd99159e25e9ee1398"
}
},
{
"uri": "git+https://github.com/lcarva/ec-policies.git",
"uri": "git+https://github.com/enterprise-contract/hacks.git",
"digest": {
"sha1": "727f8cae69fdfbae7cf8a44fd5e2055ad9573fb9"
"sha1": "4fceb2416020011e794105f113a3913ef659c8ee"
}
},
{
"uri": "quay.io/lucarval/test-policies-chains",
"digest": {
"sha256": "50931e4893447c808a5df75e53803432816e0c3a91c55d8e8234caf4b688141a"
"sha256": "ae5952d5aac1664fbeae9191d9445244051792af903d28d3e0084e9d9b7cce61"
}
},
{
"uri": "git+gitspam.spam/spam/spam.git",
"digest": {
"sha1": "f3b4439d07a181c21b3527a25cb9c885f49e2781"
"sha1": "a95a628c6bb3de64fe3a56aea3d367a7fd1628a6"
}
}
]
Expand Down
Loading

0 comments on commit 5ad7776

Please sign in to comment.