Start signing all of our releases (all projects, full and nightly) #884
Labels
area/roadmap
Issues that are part of the project (or organization) roadmap (usually an epic)
area/s3c
Issues or PRs that are related to Secure Software Supply Chain (S3C)
kind/feature
Categorizes issue or PR as related to a new feature.
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
priority/important-soon
Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Feature request
Tekton Chains is running in our dogfooding cluster and currently signing pipelines releases. We should add signing for our other releases as well. Since they share the same or very similar publish tasks we should be able to replicate the needed changes across them all.
Here's the IMAGES field we added for pipelines, which is then picked up by chains to perform the signing: https://github.com/tektoncd/pipeline/blob/main/tekton/publish.yaml#L57-L60
The text was updated successfully, but these errors were encountered: