You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add a new predicate for artifacts, the reflect the signature of the
artifact being generated. Different artifacts have different
strategies for storing signatures, so the signature is a very generic
string attribute which is only available in the artifact.signed event.
Signed-off-by: Andrea Frittoli <andrea.frittoli@gmail.com>
Copy file name to clipboardExpand all lines: continuous-integration.md
+18-1Lines changed: 18 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,7 +19,7 @@ This specification defines three subjects in this stage: `builds`, `artifacts` a
19
19
| Subject | Description | Predicates |
20
20
|---------|-------------|------------|
21
21
|[`build`](#build)| A software build |[`queued`](#build-queued), [`started`](#build-started), [`finished`](#build-finished)|
22
-
|[`artifact`](#artifact)| An artifact produced by a build |[`packaged`](#artifact-packaged), [`published`](#artifact-published)|
22
+
|[`artifact`](#artifact)| An artifact produced by a build |[`packaged`](#artifact-packaged), [`published`](#artifact-published), [`signed`](#artifact-signed)|
23
23
24
24
> `testCase`/`testSuite` events have moved to their own top-level bucket [Testing Events](testing-events.md)
25
25
@@ -46,6 +46,7 @@ An `artifact` is usually produced as output of a build process. Events need to b
46
46
| source |`URI-Reference`| See [source](spec.md#source-subject)|`staging/tekton`, `tekton-dev-123`|
47
47
| type |`String`| See [type](spec.md#type-subject)|`artifact`|
48
48
| change |`object`| The change (tag, commit, revision) of the repository which was used to build the artifact" |`{"id": "527d4a1aca5e8d0df24813df5ad65d049fc8d312", "source": "my-git.example/an-org/a-repo"}`, `{"id": "feature1234", "source": "my-git.example/an-org/a-repo"}`|
49
+
| signature |`string`| The signature of the artifact |`MEYCIQCBT8U5ypDXWCjlNKfzTV4KH516/SK13NZSh8znnSMNkQIhAJ3XiQlc9PM1KyjITcZXHotdMB+J3NGua5T/yshmiPmp`|
49
50
50
51
## Events
51
52
@@ -120,3 +121,19 @@ The event represents an artifact that has been published and it can be advertise
120
121
| id |`Purl`| See [id](spec.md#id-subject)|`pkg:oci/myapp@sha256%3A0b31b1c02ff458ad9b7b81cbdf8f028bd54699fa151f221d1e8de6817db93427?repository_url=mycr.io/myapp`, `pkg:golang/mygit.com/myorg/myapp@234fd47e07d1004f0aed9c`| ✅ |
121
122
| source |`URI-Reference`| See [source](spec.md#source-subject)|||
122
123
| type |`String`| See [type](spec.md#type-subject)|`artifact`||
124
+
125
+
### `artifact signed`
126
+
127
+
The event represents an artifact that has been signed. The signature is included in the events itself.
128
+
An artifact may be signed after it has been packaged or sometimes after it has published, depending on the tooling being used and the type of artifact.
| id |`Purl`| See [id](spec.md#id-subject)|`pkg:oci/myapp@sha256%3A0b31b1c02ff458ad9b7b81cbdf8f028bd54699fa151f221d1e8de6817db93427?repository_url=mycr.io/myapp`, `pkg:golang/mygit.com/myorg/myapp@234fd47e07d1004f0aed9c`| ✅ |
137
+
| source |`URI-Reference`| See [source](spec.md#source-subject)|||
138
+
| type |`String`| See [type](spec.md#type-subject)|`artifact`||
139
+
| signature |`string`| The signature of the artifact |`MEYCIQCBT8U5ypDXWCjlNKfzTV4KH516/SK13NZSh8znnSMNkQIhAJ3XiQlc9PM1KyjITcZXHotdMB+J3NGua5T/yshmiPmp`| ✅ |
0 commit comments