lcarva
commented
6 months ago +1
This was discussed in chat a few days ago. The only concern raised was that this behavior should be behind a flag, at least initially.
Open arewm opened 6 months ago
lcarva
commented
6 months ago +1
This was discussed in chat a few days ago. The only concern raised was that this behavior should be behind a flag, at least initially.
Feature request
If Chains is provided with an Image Index to sign and attest, it should recursively perform this same behavior for all referenced Image Manfiests as well.
Use case
In order to improve the experience for increasing supported architectures for images, some build tasks may choose to always produce Image Index OCI artifacts even if there is only a single architecture referenced. As architectures are added to the Image Index, the Image Manifests should be signed without requiring that the specific pullspecs are included as results on the pipeline.