Skip to content

Commit

Permalink
gitrepo: add docs for tag verification
Browse files Browse the repository at this point in the history
Signed-off-by: Sanskar Jaiswal <[email protected]>
  • Loading branch information
aryan9600 committed Aug 17, 2023
1 parent 524220a commit 160072c
Showing 1 changed file with 22 additions and 4 deletions.
26 changes: 22 additions & 4 deletions docs/spec/v1/gitrepositories.md
Original file line number Diff line number Diff line change
Expand Up @@ -366,8 +366,17 @@ spec:
`.spec.verify` is an optional field to enable the verification of Git commit
signatures. The field offers two subfields:

- `.mode`, to specify what Git commit object should be verified. Only supports
`head` at present.
- `.mode`, to specify what Git object(s) should be verified. Supported
values are:
- `HEAD`: Verifies the commit object pointed to by the HEAD of the repository
after performing a checkout via `.spec.ref`.
- `head`: Same as `HEAD`, supported for backwards compatibility purposes.
- `Tag`: Verifies the tag object pointed to by the specified/inferred tag
reference in `.spec.ref.tag`, `.spec.ref.semver` or `.spec.ref.name`.
- `TagAndHEAD`: Verifies the tag object pointed to by the specified/inferred tag
reference in `.spec.ref.tag`, `.spec.ref.semver` or `.spec.ref.name` and
the commit object pointed to by the tag.

- `.secretRef.name`, to specify a reference to a Secret in the same namespace as
the GitRepository. Containing the (PGP) public keys of trusted Git authors.

Expand All @@ -384,7 +393,7 @@ spec:
ref:
branch: master
verify:
mode: head
mode: HEAD
secretRef:
name: pgp-public-keys
```
Expand All @@ -394,7 +403,7 @@ following attributes to the GitRepository's `.status.conditions`:

- `type: SourceVerifiedCondition`
- `status: "True"`
- `reason: Succeeded`
- `reason: Succeeded

#### Verification Secret example

Expand Down Expand Up @@ -978,6 +987,15 @@ status:
...
```

### Source Verification Mode

The source-controller reports the Git object(s) it verified in the Git
repository to create an artifact in the GitRepository's
`.status.sourceVerificationMode`. This value is the same as the [verification
mode in spec](#verify). The verification status is applicable only to the
latest Git repository revision used to successfully build and store an
artifact.

### Observed Generation

The source-controller reports an [observed generation][typical-status-properties]
Expand Down

0 comments on commit 160072c

Please sign in to comment.