This may well not be a bug, but figured I would use this to track my findings.
I am following the readme steps, but there are no signing annotations such as payload / signature. I have tried this with gpg, cosign and x509.
gpg --gen-key
gpg --export-secret-key --armor $keyname > pgp.private-key
gpg --export --armor $keyname > pgp.public-key
kubectl create secret generic signing-secrets -n tekton-chains --from-file=pgp.passphrase --from-file=pgp.private-key --from-file=pgp.public-key
kubectl create -f examples/task-output-image.yaml
NAME SUCCEEDED REASON STARTTIME COMPLETIONTIME
build-push-run-output-image-fmjmx True Succeeded 64m 64m
tkn taskrun list
NAME STARTED DURATION STATUS
build-push-run-output-image-fmjmx 1 hour ago 23 seconds Succeeded
kubectl get taskrun build-push-run-output-image-fmjmx -o=json | jq
{
"apiVersion": "tekton.dev/v1beta1",
"kind": "TaskRun",
"metadata": {
"annotations": {
"chains.tekton.dev/signed": "true",
"pipeline.tekton.dev/release": "devel"
},
"creationTimestamp": "2021-05-19T09:57:49Z",
"generateName": "build-push-run-output-image-",
"generation": 1,
"labels": {
"app.kubernetes.io/managed-by": "tekton-pipelines"
},
"name": "build-push-run-output-image-fmjmx",
"namespace": "default",
"resourceVersion": "134736",
"uid": "d2f71d21-73fa-4957-a08c-88a1729d3c84"
},
"spec": {
"resources": {
"inputs": [
{
"name": "sourcerepo",
"resourceSpec": {
"params": [
{
"name": "revision",
"value": "v0.32.0"
},
{
"name": "url",
"value": "https://github.com/GoogleContainerTools/skaffold"
}
],
"type": "git"
}
}
],
"outputs": [
{
"name": "builtImage",
"resourceSpec": {
"params": [
{
"name": "url",
"value": "gcr.io/foo/bar"
}
],
"type": "image"
}
}
]
},
"serviceAccountName": "default",
"taskSpec": {
"resources": {
"inputs": [
{
"name": "sourcerepo",
"type": "git"
}
],
"outputs": [
{
"name": "builtImage",
"targetPath": "/workspace/sourcerepo",
"type": "image"
}
]
},
"steps": [
{
"image": "busybox",
"name": "build-and-push",
"resources": {},
"script": "set -e\ncat <<EOF > $(inputs.resources.sourcerepo.path)/index.json\n{\n\"schemaVersion\": 2,\n\"manifests\": [\n {\n \"mediaType\": \"application/vnd.oci.image.index.v1+json\",\n \"size\": 314,\n \"digest\": \"sha256:05f95b26ed10668b7183c1e2da98610e91372fa9f510046d4ce5812addad86b5\"\n }\n]\n}\n"
},
{
"image": "busybox",
"name": "echo",
"resources": {},
"script": "cat $(inputs.resources.sourcerepo.path)/index.json"
}
]
},
"timeout": "1h0m0s"
},
"status": {
"completionTime": "2021-05-19T09:58:12Z",
"conditions": [
{
"lastTransitionTime": "2021-05-19T09:58:12Z",
"message": "All Steps have completed executing",
"reason": "Succeeded",
"status": "True",
"type": "Succeeded"
}
],
"podName": "build-push-run-output-image-fmjmx-pod-7f7br",
"resourcesResult": [
{
"key": "commit",
"resourceName": "sourcerepo",
"resourceRef": {
"name": "sourcerepo"
},
"value": "6ed7aad5e8a36052ee5f6079fc91368e362121f7"
},
{
"key": "url",
"resourceName": "sourcerepo",
"resourceRef": {
"name": "sourcerepo"
},
"value": "https://github.com/GoogleContainerTools/skaffold"
},
{
"key": "digest",
"resourceName": "builtImage",
"resourceRef": {
"name": "builtImage"
},
"value": "sha256:05f95b26ed10668b7183c1e2da98610e91372fa9f510046d4ce5812addad86b5"
},
{
"key": "url",
"resourceName": "builtImage",
"resourceRef": {
"name": "builtImage"
},
"value": "gcr.io/foo/bar"
}
],
"startTime": "2021-05-19T09:57:49Z",
"steps": [
{
"container": "step-create-dir-builtimage-fhhzh",
"imageID": "gcr.io/distroless/base@sha256:aa4fd987555ea10e1a4ec8765da8158b5ffdfef1e72da512c7ede509bc9966c4",
"name": "create-dir-builtimage-fhhzh",
"terminated": {
"containerID": "containerd://7bebd525bd9369eed146acc55179d856a1ee05652ad236945b8a8a2281b2b0b7",
"exitCode": 0,
"finishedAt": "2021-05-19T09:58:01Z",
"reason": "Completed",
"startedAt": "2021-05-19T09:58:01Z"
}
},
{
"container": "step-git-source-sourcerepo-7tvf6",
"imageID": "localhost:5000/mypipeline/git-init-4874978a9786b6625dd8b6ef2a21aa70@sha256:b873705b6716384afd08e485dffd112a77d038e06cda95e64d759273d11e1f7f",
"name": "git-source-sourcerepo-7tvf6",
"terminated": {
"containerID": "containerd://d1a09b1b3daebd019834bc22152848211f37a3833530da3e0944c1eb5b5fbea6",
"exitCode": 0,
"finishedAt": "2021-05-19T09:58:10Z",
"message": "[{\"key\":\"commit\",\"value\":\"6ed7aad5e8a36052ee5f6079fc91368e362121f7\",\"resourceName\":\"sourcerepo\",\"resourceRef\":{\"name\":\"sourcerepo\"}},{\"key\":\"url\",\"value\":\"https://github.com/GoogleContainerTools/skaffold\",\"resourceName\":\"sourcerepo\",\"resourceRef\":{\"name\":\"sourcerepo\"}}]",
"reason": "Completed",
"startedAt": "2021-05-19T09:58:01Z"
}
},
{
"container": "step-build-and-push",
"imageID": "docker.io/library/busybox@sha256:b5fc1d7b2e4ea86a06b0cf88de915a2c43a99a00b6b3c0af731e5f4c07ae8eff",
"name": "build-and-push",
"terminated": {
"containerID": "containerd://fbf8538daf6a215cfbabd1109a47935a971c03766608dbcebde250f95707de1a",
"exitCode": 0,
"finishedAt": "2021-05-19T09:58:11Z",
"reason": "Completed",
"startedAt": "2021-05-19T09:58:11Z"
}
},
{
"container": "step-echo",
"imageID": "docker.io/library/busybox@sha256:b5fc1d7b2e4ea86a06b0cf88de915a2c43a99a00b6b3c0af731e5f4c07ae8eff",
"name": "echo",
"terminated": {
"containerID": "containerd://5451255769fcb3973e6c1893f6f50d9064057859a0c1e397787a119175accf15",
"exitCode": 0,
"finishedAt": "2021-05-19T09:58:11Z",
"reason": "Completed",
"startedAt": "2021-05-19T09:58:11Z"
}
},
{
"container": "step-image-digest-exporter-h6hxl",
"imageID": "localhost:5000/mypipeline/imagedigestexporter-6e7c518e6125f31761ebe0b96cc63971@sha256:70b6715e478899bcc4a2c2c65db2fad26413fc1865bce368c48930cdc9c05eb9",
"name": "image-digest-exporter-h6hxl",
"terminated": {
"containerID": "containerd://b723d8ee2bc4c909668c00025eda98c7ca39d665a455c1ce38bccfa6b09fb993",
"exitCode": 0,
"finishedAt": "2021-05-19T09:58:12Z",
"message": "[{\"key\":\"digest\",\"value\":\"sha256:05f95b26ed10668b7183c1e2da98610e91372fa9f510046d4ce5812addad86b5\",\"resourceName\":\"builtImage\",\"resourceRef\":{\"name\":\"builtImage\"}},{\"key\":\"url\",\"value\":\"gcr.io/foo/bar\",\"resourceName\":\"builtImage\",\"resourceRef\":{\"name\":\"builtImage\"}}]",
"reason": "Completed",
"startedAt": "2021-05-19T09:58:12Z"
}
}
],
"taskSpec": {
"resources": {
"inputs": [
{
"name": "sourcerepo",
"type": "git"
}
],
"outputs": [
{
"name": "builtImage",
"targetPath": "/workspace/sourcerepo",
"type": "image"
}
]
},
"steps": [
{
"image": "busybox",
"name": "build-and-push",
"resources": {},
"script": "set -e\ncat <<EOF > $(inputs.resources.sourcerepo.path)/index.json\n{\n\"schemaVersion\": 2,\n\"manifests\": [\n {\n \"mediaType\": \"application/vnd.oci.image.index.v1+json\",\n \"size\": 314,\n \"digest\": \"sha256:05f95b26ed10668b7183c1e2da98610e91372fa9f510046d4ce5812addad86b5\"\n }\n]\n}\n"
},
{
"image": "busybox",
"name": "echo",
"resources": {},
"script": "cat $(inputs.resources.sourcerepo.path)/index.json"
}
]
}
}
}