-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Small doc changes #55
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,33 @@ | ||
# Design | ||
|
||
From repository `task-git` to `tektoncd-catalog` `p` branch. | ||
|
||
- In `task-git` repository | ||
- I have a "configuration file" (`catalog.yaml` ?) that lists Tasks and Pipelines from the repository that I want to release | ||
- This file can be generated, updated, … | ||
- When I do the release, I want to issue one command (`catalog-cd release`) | ||
- it mutates the resources to add the version annotation | ||
- it generates the final `catalog.yaml` with hash, digest, signature, … | ||
- it packages the tasks and pipelines in a `tekton-resources.tar.gz` tarball (with READMEs for documentation) | ||
- it (optionally) create, push the tag, create a GitHub release and attach content to it | ||
- In `tektoncd-catalog` repository | ||
- `task-git` is configured in the `externals.yaml` configuration file | ||
- A schedule action (each hours ?) does the following, for each entry in `externals.yaml` | ||
- List releases and filter those that have a `catalog.yaml` | ||
- Fetch the `catalog.yaml` and the `tekton-resources.tar.gz` | ||
- Extract the tarball content and merge it with the current catalog available in the `p` branch | ||
- Creates a pull-request to update it | ||
- The pull request checks includes | ||
- Lint the resources | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. And for the future, we should require a proof that There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Maybe part of the SBOM payload. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. /cc @savitaashture |
||
|
||
What is describe above is *required* for the internal launch. | ||
|
||
What is missing from here: | ||
- Attestation, SBOM, signature, … | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Which should go into So, we still need to describe:
|
||
- How to validate the task is well tested (so that Red Hat can support it) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Then this, plus making sure the image is part of the Red Hat catalog, also, the image itself needs to provide a valid provenance attestation. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. /cc @savitaashture 🙏 |
||
|
||
--- | ||
|
||
## Workflow | ||
|
||
- `p` is where the indexed catalog is (where users can pull it from) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here I expect users to rely on
gh
directly, socatalog-cd release
will do all the heavy lifting for the user be able to only upload the release.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In my head, it was more, something similar to
goreleaser
. Quite some project usinggoreleaser
do not create any GitHub release using the UI orgh
, just rely on thegorelease
tool. The idea was kind-of the same 🙃