tektoncd · PuneetPunamiya · Feb 7, 2025
diff --git a/cmd/entrypoint/main.go b/cmd/entrypoint/main.go
@@ -30,13 +30,12 @@ import (
 
 	"github.com/containerd/containerd/platforms"
 	"github.com/tektoncd/pipeline/cmd/entrypoint/subcommands"
-	featureFlags "github.com/tektoncd/pipeline/pkg/apis/config"
-	"github.com/tektoncd/pipeline/pkg/apis/pipeline"
-	v1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1"
+	v1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/types"
 	"github.com/tektoncd/pipeline/pkg/credentials"
 	"github.com/tektoncd/pipeline/pkg/credentials/dockercreds"
 	"github.com/tektoncd/pipeline/pkg/credentials/gitcreds"
 	"github.com/tektoncd/pipeline/pkg/entrypoint"
+	"github.com/tektoncd/pipeline/pkg/entrypoint/pipeline"
 	"github.com/tektoncd/pipeline/pkg/spire"
 	"github.com/tektoncd/pipeline/pkg/spire/config"
 	"github.com/tektoncd/pipeline/pkg/termination"
@@ -61,7 +60,7 @@ var (
 	stepMetadataDir        = flag.String("step_metadata_dir", "", "If specified, create directory to store the step metadata e.g. /tekton/steps/<step-name>/")
 	enableSpire            = flag.Bool("enable_spire", false, "If specified by configmap, this enables spire signing and verification")
 	socketPath             = flag.String("spire_socket_path", "unix:///spiffe-workload-api/spire-agent.sock", "Experimental: The SPIRE agent socket for SPIFFE workload API.")
-	resultExtractionMethod = flag.String("result_from", featureFlags.ResultExtractionMethodTerminationMessage, "The method using which to extract results from tasks. Default is using the termination message.")
+	resultExtractionMethod = flag.String("result_from", entrypoint.ResultExtractionMethodTerminationMessage, "The method using which to extract results from tasks. Default is using the termination message.")
 )
 
 const (

diff --git a/cmd/entrypoint/runner.go b/cmd/entrypoint/runner.go
@@ -31,7 +31,11 @@ import (
 	"syscall"
 
 	"github.com/tektoncd/pipeline/pkg/entrypoint"
-	"github.com/tektoncd/pipeline/pkg/pod"
+	// "github.com/tektoncd/pipeline/pkg/pod"
+)
+
+const (
+	TektonHermeticEnvVar = "TEKTON_HERMETIC"
 )
 
 // TODO(jasonhall): Test that original exit code is propagated and that
@@ -111,7 +115,7 @@ func (rr *realRunner) Run(ctx context.Context, args ...string) error {
 	// main process and all children
 	cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true}
 
-	if os.Getenv("TEKTON_RESOURCE_NAME") == "" && os.Getenv(pod.TektonHermeticEnvVar) == "1" {
+	if os.Getenv("TEKTON_RESOURCE_NAME") == "" && os.Getenv(TektonHermeticEnvVar) == "1" {
 		dropNetworking(cmd)
 	}
 

diff --git a/pkg/apis/config/feature_flags.go b/pkg/apis/config/feature_flags.go
@@ -17,13 +17,10 @@ limitations under the License.
 package config
 
 import (
-	"context"
 	"fmt"
 	"os"
 	"strconv"
 	"strings"
-
-	corev1 "k8s.io/api/core/v1"
 )
 
 const (
@@ -441,21 +438,6 @@ func setVerificationNoMatchPolicy(cfgMap map[string]string, defaultValue string,
 	return nil
 }
 
-// NewFeatureFlagsFromConfigMap returns a Config for the given configmap
-func NewFeatureFlagsFromConfigMap(config *corev1.ConfigMap) (*FeatureFlags, error) {
-	return NewFeatureFlagsFromMap(config.Data)
-}
-
-// GetVerificationNoMatchPolicy returns the "trusted-resources-verification-no-match-policy" value
-func GetVerificationNoMatchPolicy(ctx context.Context) string {
-	return FromContextOrDefaults(ctx).FeatureFlags.VerificationNoMatchPolicy
-}
-
-// IsSpireEnabled checks if non-falsifiable provenance is enforced through SPIRE
-func IsSpireEnabled(ctx context.Context) bool {
-	return FromContextOrDefaults(ctx).FeatureFlags.EnforceNonfalsifiability == EnforceNonfalsifiabilityWithSpire
-}
-
 type PerFeatureFlag struct {
 	// Name of the feature flag
 	Name string

diff --git a/pkg/apis/config/featureflags_validation.go b/pkg/apis/config/featureflags_validation.go
@@ -1,3 +1,5 @@
+//go:build !disable_tls
+
 /*
 Copyright 2021 The Tekton Authors
 

diff --git a/pkg/apis/config/metrics.go b/pkg/apis/config/metrics.go
@@ -18,7 +18,6 @@ package config
 
 import (
 	corev1 "k8s.io/api/core/v1"
-	"knative.dev/pkg/metrics"
 )
 
 const (
@@ -109,12 +108,6 @@ type Metrics struct {
 	ThrottleWithNamespace   bool
 }
 
-// GetMetricsConfigName returns the name of the configmap containing all
-// customizations for the storage bucket.
-func GetMetricsConfigName() string {
-	return metrics.ConfigMapName()
-}
-
 // Equals returns true if two Configs are identical
 func (cfg *Metrics) Equals(other *Metrics) bool {
 	if cfg == nil && other == nil {

diff --git a/pkg/apis/config/metrics_notls.go b/pkg/apis/config/metrics_notls.go
@@ -0,0 +1,7 @@
+//go:build disable_tls
+
+package config
+
+// GetMetricsConfigName returns the name of the configmap containing all
+// customizations for the storage bucket.
+func GetMetricsConfigName() string { panic("not supported when tls is disabled") }
diff --git a/pkg/apis/config/metrics_tls.go b/pkg/apis/config/metrics_tls.go
@@ -0,0 +1,31 @@
+//go:build !disable_tls
+
+package config
+
+import (
+	"context"
+
+	corev1 "k8s.io/api/core/v1"
+	"knative.dev/pkg/metrics"
+)
+
+// GetMetricsConfigName returns the name of the configmap containing all
+// customizations for the storage bucket.
+func GetMetricsConfigName() string {
+	return metrics.ConfigMapName()
+}
+
+// NewFeatureFlagsFromConfigMap returns a Config for the given configmap
+func NewFeatureFlagsFromConfigMap(config *corev1.ConfigMap) (*FeatureFlags, error) {
+	return NewFeatureFlagsFromMap(config.Data)
+}
+
+// GetVerificationNoMatchPolicy returns the "trusted-resources-verification-no-match-policy" value
+func GetVerificationNoMatchPolicy(ctx context.Context) string {
+	return FromContextOrDefaults(ctx).FeatureFlags.VerificationNoMatchPolicy
+}
+
+// IsSpireEnabled checks if non-falsifiable provenance is enforced through SPIRE
+func IsSpireEnabled(ctx context.Context) bool {
+	return FromContextOrDefaults(ctx).FeatureFlags.EnforceNonfalsifiability == EnforceNonfalsifiabilityWithSpire
+}
diff --git a/pkg/apis/config/resolver/store.go b/pkg/apis/config/resolver/store.go
@@ -1,3 +1,5 @@
+//go:build !disable_tls
+
 /*
 Copyright 2022 The Tekton Authors
 

diff --git a/pkg/apis/config/spire_config.go b/pkg/apis/config/spire_config.go
@@ -1,3 +1,5 @@
+//go:build !disable_tls
+
 /*
 Copyright 2022 The Tekton Authors
 

diff --git a/pkg/apis/config/store.go b/pkg/apis/config/store.go
@@ -1,3 +1,5 @@
+//go:build !disable_tls
+
 /*
 Copyright 2019 The Tekton Authors
 

diff --git a/pkg/apis/pipeline/v1/types/artifact_types.go b/pkg/apis/pipeline/v1/types/artifact_types.go
@@ -0,0 +1,135 @@
+/*
+Copyright 2024 The Tekton Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package types
+
+import (
+	"github.com/google/go-cmp/cmp"
+)
+
+// Algorithm Standard cryptographic hash algorithm
+type Algorithm string
+
+// Artifact represents an artifact within a system, potentially containing multiple values
+// associated with it.
+type Artifact struct {
+	// The artifact's identifying category name
+	Name string `json:"name,omitempty"`
+	// A collection of values related to the artifact
+	Values []ArtifactValue `json:"values,omitempty"`
+	// Indicate if the artifact is a build output or a by-product
+	BuildOutput bool `json:"buildOutput,omitempty"`
+}
+
+// ArtifactValue represents a specific value or data element within an Artifact.
+type ArtifactValue struct {
+	Digest map[Algorithm]string `json:"digest,omitempty"` // Algorithm-specific digests for verifying the content (e.g., SHA256)
+	Uri    string               `json:"uri,omitempty"`    // Location where the artifact value can be retrieved
+}
+
+// TaskRunStepArtifact represents an artifact produced or used by a step within a task run.
+// It directly uses the Artifact type for its structure.
+type TaskRunStepArtifact = Artifact
+
+// Artifacts represents the collection of input and output artifacts associated with
+// a task run or a similar process. Artifacts in this context are units of data or resources
+// that the process either consumes as input or produces as output.
+type Artifacts struct {
+	Inputs  []Artifact `json:"inputs,omitempty"`
+	Outputs []Artifact `json:"outputs,omitempty"`
+}
+
+func (a *Artifacts) Merge(another *Artifacts) {
+	inputMap := make(map[string][]ArtifactValue)
+	var newInputs []Artifact
+
+	for _, v := range a.Inputs {
+		inputMap[v.Name] = v.Values
+	}
+	if another != nil {
+		for _, v := range another.Inputs {
+			_, ok := inputMap[v.Name]
+			if !ok {
+				inputMap[v.Name] = []ArtifactValue{}
+			}
+			for _, vv := range v.Values {
+				exists := false
+				for _, av := range inputMap[v.Name] {
+					if cmp.Equal(vv, av) {
+						exists = true
+						break
+					}
+				}
+				if !exists {
+					inputMap[v.Name] = append(inputMap[v.Name], vv)
+				}
+			}
+		}
+	}
+
+	for k, v := range inputMap {
+		newInputs = append(newInputs, Artifact{
+			Name:   k,
+			Values: v,
+		})
+	}
+
+	outputMap := make(map[string]Artifact)
+	var newOutputs []Artifact
+	for _, v := range a.Outputs {
+		outputMap[v.Name] = v
+	}
+
+	if another != nil {
+		for _, v := range another.Outputs {
+			_, ok := outputMap[v.Name]
+			if !ok {
+				outputMap[v.Name] = Artifact{Name: v.Name, Values: []ArtifactValue{}, BuildOutput: v.BuildOutput}
+			}
+			// only update buildOutput to true.
+			// Do not convert to false if it was true before.
+			if v.BuildOutput {
+				art := outputMap[v.Name]
+				art.BuildOutput = v.BuildOutput
+				outputMap[v.Name] = art
+			}
+			for _, vv := range v.Values {
+				exists := false
+				for _, av := range outputMap[v.Name].Values {
+					if cmp.Equal(vv, av) {
+						exists = true
+						break
+					}
+				}
+				if !exists {
+					art := outputMap[v.Name]
+					art.Values = append(art.Values, vv)
+					outputMap[v.Name] = art
+				}
+			}
+		}
+	}
+
+	for _, v := range outputMap {
+		newOutputs = append(newOutputs, Artifact{
+			Name:        v.Name,
+			Values:      v.Values,
+			BuildOutput: v.BuildOutput,
+		})
+	}
+	a.Inputs = newInputs
+	a.Outputs = newOutputs
+}
diff --git a/pkg/apis/pipeline/v1/types/param_types.go b/pkg/apis/pipeline/v1/types/param_types.go
@@ -0,0 +1,88 @@
+package types
+
+import (
+	"encoding/json"
+	"strings"
+)
+
+// ParamType indicates the type of an input parameter;
+// Used to distinguish between a single string and an array of strings.
+type ParamType string
+
+// Valid ParamTypes:
+const (
+	ParamTypeString ParamType = "string"
+	ParamTypeArray  ParamType = "array"
+	ParamTypeObject ParamType = "object"
+)
+
+// AllParamTypes can be used for ParamType validation.
+var AllParamTypes = []ParamType{ParamTypeString, ParamTypeArray, ParamTypeObject}
+
+// ParamValues is modeled after IntOrString in kubernetes/apimachinery:
+
+// ParamValue is a type that can hold a single string, string array, or string map.
+// Used in JSON unmarshalling so that a single JSON field can accept
+// either an individual string or an array of strings.
+type ParamValue struct {
+	Type      ParamType // Represents the stored type of ParamValues.
+	StringVal string
+	// +listType=atomic
+	ArrayVal  []string
+	ObjectVal map[string]string
+}
+
+// PropertySpec defines the struct for object keys
+type PropertySpec struct {
+	Type ParamType `json:"type,omitempty"`
+}
+
+// ParamsPrefix is the prefix used in $(...) expressions referring to parameters
+const ParamsPrefix = "params"
+
+// ArrayReference returns the name of the parameter from array parameter reference
+// returns arrayParam from $(params.arrayParam[*])
+func ArrayReference(a string) string {
+	return strings.TrimSuffix(strings.TrimPrefix(a, "$("+ParamsPrefix+"."), "[*])")
+}
+
+// UnmarshalJSON implements the json.Unmarshaller interface.
+func (paramValues *ParamValue) UnmarshalJSON(value []byte) error {
+	// ParamValues is used for Results Value as well, the results can be any kind of
+	// data so we need to check if it is empty.
+	if len(value) == 0 {
+		paramValues.Type = ParamTypeString
+		return nil
+	}
+	if value[0] == '[' {
+		// We're trying to Unmarshal to []string, but for cases like []int or other types
+		// of nested array which we don't support yet, we should continue and Unmarshal
+		// it to String. If the Type being set doesn't match what it actually should be,
+		// it will be captured by validation in reconciler.
+		// if failed to unmarshal to array, we will convert the value to string and marshal it to string
+		var a []string
+		if err := json.Unmarshal(value, &a); err == nil {
+			paramValues.Type = ParamTypeArray
+			paramValues.ArrayVal = a
+			return nil
+		}
+	}
+	if value[0] == '{' {
+		// if failed to unmarshal to map, we will convert the value to string and marshal it to string
+		var m map[string]string
+		if err := json.Unmarshal(value, &m); err == nil {
+			paramValues.Type = ParamTypeObject
+			paramValues.ObjectVal = m
+			return nil
+		}
+	}
+
+	// By default we unmarshal to string
+	paramValues.Type = ParamTypeString
+	if err := json.Unmarshal(value, &paramValues.StringVal); err == nil {
+		return nil
+	}
+	paramValues.StringVal = string(value)
+
+	return nil
+}