Story (Required)

Implement storage and retrieval of Tekton resource signatures in OCI registries alongside bundles.

Background (Required)

<Describes the context or background related to this story>

Out of scope

<Defines what is not included in this story>

Approach (Required)

• Extended OCI storage backend for resource signatures
• Push signatures as OCI layers or annotations
• Pull and cache signatures from OCI bundles
• Integration with Tekton Bundle format
• Performance optimization with caching

Dependencies

<Describes what this story depends on. Dependent Stories and EPICs should be linked to the story.>

Acceptance Criteria (Mandatory)

• Signatures stored and retrieved from OCI registries
• Compatible with major registries (Docker Hub, GCR, ECR, ACR)
• Signatures travel with bundled resources
• Caching reduces latency to <50ms (optional initially)
• E2E tests with real registries pass (can use insecure registry to test)

INVEST Checklist

Dependencies identified

Blockers noted and expected delivery timelines set

Design is implementable

Acceptance criteria agreed upon

Story estimated

Legend

Unknown

Verified

Unsatisfied

Done Checklist

• Code is completed, reviewed, documented and checked in
• Unit and integration test automation have been delivered and running cleanly in continuous integration/staging/canary environment
• Continuous Delivery pipeline(s) is able to proceed with new code included
• Customer facing documentation, API docs etc. are produced/updated, reviewed and published
• Acceptance criteria are met