support v1 for sign and verify command

[Yongxuanzhang]

Changes

This commit adds v1 support for sign and verify.

close #2214

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

• Includes tests (if functionality changed/added)
• Run the code checkers with make check
• Regenerate the manpages, docs and go formatting with make generated
• Commit messages follow commit message best practices

See the contribution guide
for more details.

Release Notes

tkn supports v1 Task and Pipeline sign and verify

[tekton-robot]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[tekton-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign vdemeester after the PR has been reviewed.
You can assign the PR to them by writing /assign @vdemeester in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Yongxuanzhang]

/kind feature

[Yongxuanzhang]

/retest

[Yongxuanzhang]

/retest

[piyush-garg]

We are reading the file provided by user as input, we can get the info about version from file content. Correct me if this is wrong. Why we need to take the input from user?

Also --pipeline-version flag does not look make sense for task commands

[chmouel]

naming is hard 😅 I think the idea is to convey which tektoncd/pipeline version we want

but yeah that may be confusing?

any other suggestions? --crd-version perhaps ?

actually forget what i said, you are acutally right we can just autodetect this

[Yongxuanzhang]

Thanks for the suggestion, but I don't know what would be the best way to do this.
How to read the version info from the file content? Scan the string? How to get the version v1 for this case?
e.g.

# apiVersion: v1beta1
apiVersion: v1
...

[Yongxuanzhang]

--pipeline-version means (Tekton) Pipeline Version, it was suggested in the previous comment of this PR. Maybe rename it to --api-version?Wdyt?

[piyush-garg]

Replied here #2216 (comment)

It does omit the commented one than in file

[vdemeester]

@Yongxuanzhang seems like it needs another rebase 🙏🏼

[Yongxuanzhang]

@Yongxuanzhang seems like it needs another rebase 🙏🏼

Just rebased, sorry for the delay 🙏
I was focusing on something else in the past months

[piyush-garg]

@Yongxuanzhang seems like it needs another rebase 🙏🏼

Just rebased, sorry for the delay 🙏 I was focusing on something else in the past months

Did you try with some approach for reading it through yaml ?

[Yongxuanzhang]

@Yongxuanzhang seems like it needs another rebase 🙏🏼

Just rebased, sorry for the delay 🙏 I was focusing on something else in the past months

Did you try with some approach for reading it through yaml ?

Sorry I cannot think of a way which is not error prone. :(
Like I mentioned before, detecting the content from file can lead to unexpected outcome.

Since it is an experiment feature, why don't we start with the easier one then iterate?

[piyush-garg]

Hey @Yongxuanzhang

Coming back to this after a long, you can try something like this which we are already using CLI code

func getApiVersion(pipelineLocation string, httpClient http.Client) (string, error) {
	b, err := file.LoadFileContent(httpClient, pipelineLocation, file.IsYamlFile(), fmt.Errorf("invalid file format for %s: .yaml or .yml file extension and format required", pipelineLocation))
	if err != nil {
		return "", err
	}
	m := map[string]interface{}{}
	err = yaml.UnmarshalStrict(b, &m)
	if err != nil {
		return "nil", err
	}
	return fmt.Sprint(m["apiVersion"]), nil
}

We have this file load function at https://github.com/tektoncd/cli/blob/main/pkg/file/file.go

[tekton-robot]

@Yongxuanzhang: PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.