Uploaded image for project: 'OpenShift Builds'
  1. OpenShift Builds
  2. BUILD-1775

Shipwright Builds Signed by Tekton Chains

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • shipwright
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected

      Story (Required)

      As a developer trying to produce secure software artifacts I want images built by Shipwright to be signed by Tekton Chains if it is present and configured on my cluster.

      <Describes high level purpose and goal for this story. Answers the questions: Who is impacted, what is it and why do we need it? How does it improve the customer’s experience?>

      Background (Required)

      <Describes the context or background related to this story>

      Tekton Chains is a core component of Tekton's secure software capabilities. It provides the following secure software artifacts:

      • Signatures for container images (provided by cosign)
      • In-toto attestations of the image build.

      Chains identifies images to sign and attest by looking for parameters and results in `TaskRuns` that match specific [type hint patterns](https://tekton.dev/docs/chains/slsa-provenance/#type-hinting).

      Out of scope

      <Defines what is not included in this story>

      Approach (Required)

      <Description of the general technical path on how to achieve the goal of the story. Include details like json schema, class definitions>

      Dependencies

      <Describes what this story depends on. Dependent Stories and EPICs should be linked to the story.>

      Acceptance Criteria (Mandatory)

      <Describe edge cases to consider when implementing the story and defining tests>

      <Provides a required and minimum list of acceptance tests for this story. More is expected as the engineer implements this story>

      INVEST Checklist

      Dependencies identified

      Blockers noted and expected delivery timelines set

      Design is implementable

      Acceptance criteria agreed upon

      Story estimated

      Legend

      Unknown

      Verified

      Unsatisfied

      Done Checklist

      • Code is completed, reviewed, documented and checked in
      • Unit and integration test automation have been delivered and running cleanly in continuous integration/staging/canary environment
      • Continuous Delivery pipeline(s) is able to proceed with new code included
      • Customer facing documentation, API docs etc. are produced/updated, reviewed and published
      • Acceptance criteria are met

              Unassigned Unassigned
              adkaplan@redhat.com Adam Kaplan
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: