Set ConfigSource in ociresolver

Prior, a field named Source was introduced to `ResolutionRequest` status to record the source where the remote resource came from. And the individual resolvers need to implement the Source function to set the correct source value. But the method in ociresolver returns a nil value. Now, we return correct source value with the 3 subfields: url, digest and entrypoint - url: [image repository name](https://pkg.go.dev/github.com/google/[email protected]/pkg/name#Repository.Name) - digest: image digest - entrypoint: resource name in the OCI bundle Signed-off-by: Chuang Wang <[email protected]>
tektoncd · Oct 25, 2022 · d47c22d · d47c22d
1 parent 1e96ac7
commit d47c22d
Show file tree

Hide file tree

Showing 2 changed files with 86 additions and 4 deletions.
diff --git a/docs/bundle-resolver.md b/docs/bundle-resolver.md
@@ -81,6 +81,73 @@ spec:
     value: "tekton pipelines"
 ```
 
+## `ResolutionRequest` Status
+`ResolutionRequest.Status.Source` field captures the source where the remote resource came from. It includes the 3 subfields: `url`, `digest` and `entrypoint`.
+- `url`: [image repository name](https://pkg.go.dev/github.com/google/[email protected]/pkg/name#Repository.Name)
+- `digest`: image digest
+- `entrypoint`: the resource name in the OCI bundle
+
+Example:
+- TaskRun Resolution
+```yaml
+apiVersion: tekton.dev/v1beta1
+kind: TaskRun
+metadata:
+  name: remote-task-reference
+spec:
+  taskRef:
+    resolver: bundles
+    params:
+    - name: bundle
+      value: gcr.io/tekton-releases/catalog/upstream/git-clone:0.7
+    - name: name
+      value: git-clone
+    - name: kind
+      value: task
+  params:
+    - name: url
+      value: https://github.com/octocat/Hello-World
+  workspaces:
+    - name: output
+      volumeClaimTemplate:
+        spec:
+          accessModes:
+            - ReadWriteOnce
+          resources:
+            requests:
+              storage: 500Mi
+```
+
+- `ResolutionRequest`
+```yaml
+apiVersion: resolution.tekton.dev/v1beta1
+kind: ResolutionRequest
+metadata:
+  ...
+  labels:
+    resolution.tekton.dev/type: bundles
+  name: bundles-21ad80ec13f3e8b73fed5880a64d4611
+  ...
+spec:
+  params:
+  - name: bundle
+    value: gcr.io/tekton-releases/catalog/upstream/git-clone:0.7
+  - name: name
+    value: git-clone
+  - name: kind
+    value: task
+status:
+  annotations: ...
+  ...
+  data: xxx
+  observedGeneration: 1
+  source:
+    digest:
+      sha256: f51ca50f1c065acba8290ef14adec8461915ecc5f70a8eb26190c6e8e0ededaf
+    entryPoint: git-clone
+    uri: gcr.io/tekton-releases/catalog/upstream/git-clone
+```
+
 ---
 
 Except as otherwise noted, the content of this page is licensed under the

diff --git a/pkg/resolution/resolver/bundle/bundle.go b/pkg/resolution/resolver/bundle/bundle.go
@@ -25,6 +25,7 @@ import (
 	"github.com/google/go-containerregistry/pkg/name"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 	"github.com/google/go-containerregistry/pkg/v1/remote"
+	"github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
 	pipelinev1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
 	"github.com/tektoncd/pipeline/pkg/resolution/resolver/framework"
 )
@@ -72,7 +73,12 @@ func (br *ResolvedResource) Source() *pipelinev1beta1.ConfigSource {
 // GetEntry accepts a keychain and options for the request and returns
 // either a successfully resolved bundle entry or an error.
 func GetEntry(ctx context.Context, keychain authn.Keychain, opts RequestOptions) (*ResolvedResource, error) {
-	img, err := retrieveImage(ctx, keychain, opts.Bundle)
+	uri, img, err := retrieveImage(ctx, keychain, opts.Bundle)
+	if err != nil {
+		return nil, err
+	}
+
+	h, err := img.Digest()
 	if err != nil {
 		return nil, err
 	}
@@ -117,19 +123,28 @@ func GetEntry(ctx context.Context, keychain authn.Keychain, opts RequestOptions)
 					ResolverAnnotationName:       lName,
 					ResolverAnnotationAPIVersion: l.Annotations[BundleAnnotationAPIVersion],
 				},
+				source: &v1beta1.ConfigSource{
+					URI: uri,
+					Digest: map[string]string{
+						h.Algorithm: h.Hex,
+					},
+					EntryPoint: opts.EntryName,
+				},
 			}, nil
 		}
 	}
 	return nil, fmt.Errorf("could not find object in image with kind: %s and name: %s", opts.Kind, opts.EntryName)
 }
 
 // retrieveImage will fetch the image's contents and manifest.
-func retrieveImage(ctx context.Context, keychain authn.Keychain, ref string) (v1.Image, error) {
+func retrieveImage(ctx context.Context, keychain authn.Keychain, ref string) (string, v1.Image, error) {
 	imgRef, err := name.ParseReference(ref)
 	if err != nil {
-		return nil, fmt.Errorf("%s is an unparseable image reference: %w", ref, err)
+		return "", nil, fmt.Errorf("%s is an unparseable image reference: %w", ref, err)
 	}
-	return remote.Image(imgRef, remote.WithAuthFromKeychain(keychain), remote.WithContext(ctx))
+
+	img, err := remote.Image(imgRef, remote.WithAuthFromKeychain(keychain), remote.WithContext(ctx))
+	return imgRef.Context().Name(), img, err
 }
 
 // checkImageCompliance will perform common checks to ensure the Tekton Bundle is compliant to our spec.