Add chains installation and notes.

2023-02-02 22:22:45 -05:00 · 2023-02-02 22:22:45 -05:00 · 95f543154b
parent cfcb908bfc
commit 95f543154b
3 changed files with 38 additions and 3 deletions
--- a/chains/chains-config.yaml
+++ b/chains/chains-config.yaml
@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/part-of: tekton-chains
+  name: chains-config
+  namespace: tekton-chains
+data:
+   artifacts.taskrun.format: in-toto
+   artifacts.taskrun.storage: tekton
+   artifacts.taskrun.signer: x509
+   artifacts.pipelinerun.format: in-toto
+   artifacts.pipelinerun.storage: tekton
+   artifacts.pipelinerun.signer: x509
+   artifacts.oci.storage: tekton
+   artifacts.oci.signer: x509
+   builder.id: http://tekton.internal.jpace121.net
--- a/notes.md
+++ b/notes.md
@ -23,6 +23,7 @@ Install Tekton:
 kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
 kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml
 kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml
+
 ```
 Set up local registry on master.
 (See below.)
@ -61,8 +62,7 @@ Apply rest of the CRDs.

 # Set up Tekton Dashboard:
 ```
-curl -sL https://raw.githubusercontent.com/tektoncd/dashboard/main/scripts/release-installer | \
-   bash -s -- install latest --read-only
+kubectl apply --filename https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml
 ```
 Port forward locally:
 ```
@ -187,6 +187,23 @@ helm install --namespace nfs-subdir-external-provisioner nfs-subdir-external-pro
  --set nfs.path=/srv/nfs
 ```

+# Chains
+Set up:
+```
+kubectl apply --filename https://storage.googleapis.com/tekton-releases/chains/previous/v0.14.0/release.yaml
+# Apply secret from j7s-intoto.
+# name: signing-secrets namespace: tekton-chains data: x509.pem: base64 of pem
+kubectl apply -f chains-config.yaml
+kubectl rollout restart -n tekton-chains deployment tekton-chains-controller
+```
+
+See:
+```
+export TASKRUN_UID=$(tkn pr describe --namespace j7s-ci --last -o  jsonpath='{.metadata.uid}')
+tkn pr describe --namespace j7s-ci --last -o jsonpath="{.metadata.annotations.chains\.tekton\.dev/signature-pipelinerun-$TASKRUN_UID}" > signature
+tkn pr describe --namespace j7s-ci --last -o jsonpath="{.metadata.annotations.chains\.tekton\.dev/payload-pipelinerun-$TASKRUN_UID}" | base64 -d > payload
+```
+
 # Future Ideas

 If we later want to do this on an overlay network:
--- a/pipelines/test-report-pipeline.yaml
+++ b/pipelines/test-report-pipeline.yaml
@ -39,7 +39,7 @@ spec:
        script: |
          set -x
          cat $(workspaces.source.path)/README.md
-          exit -1
+          exit 0
  finally:
    - name: notify-onedev
      params: