Add Bundles resolver for OCI artifacts by vdemeester · Pull Request #13 · vdemeester/chisel

vdemeester · 2026-02-05T11:25:12Z

Summary

Implements Tekton Bundles resolver to fetch tasks from OCI registries. This completes full Tekton resolver parity and provides production-ready versioned task distribution.

Features

Bundles Resolver

Pull tasks from any OCI-compliant registry (Docker Hub, GHCR, GCR, ECR, ACR)
Support for both tags and SHA256 digests for immutable references
Authentication via ~/.docker/config.json (standard Docker credentials)
Content-addressable caching
Case-insensitive kind matching (Task vs task)

Implementation

Uses github.com/google/go-containerregistry library (official Google library)
Extracts Tekton YAML from OCI image layers
Supports extracting specific resources by name from bundles
Default kind: task (also supports pipeline)

Bundle Reference Formats

# Tag-based reference
taskRef:
  resolver: bundles
  params:
  - name: bundle
    value: gcr.io/tekton-releases/catalog/upstream/git-clone:0.9
  - name: name
    value: git-clone

# Digest-based reference (immutable)
taskRef:
  resolver: bundles
  params:
  - name: bundle
    value: gcr.io/tekton-releases/catalog/upstream/git-clone@sha256:abc123...
  - name: name
    value: git-clone

Changes

New file: pkg/parser/bundles_resolver_test.go - Comprehensive test suite (6 tests)
Updated: pkg/parser/resolver.go - Added resolveBundles() implementation
New file: examples/resolvers/bundles-resolver-pipelinerun.yaml - Example usage
Updated: examples/resolvers/README.md - Bundles documentation with auth guide
Updated: README.md - Added bundles resolver to features list
Dependencies: Added github.com/google/go-containerregistry@v0.20.7

Test Coverage

6 bundles-specific tests (all passing)
Mock OCI registry for unit tests
Error handling: missing params, invalid format, nonexistent registry
Caching behavior verification
All 60+ parser tests passing

Authentication Examples

Works with standard Docker authentication:

# Docker Hub
docker login

# GHCR (GitHub Container Registry)
echo $GITHUB_TOKEN | docker login ghcr.io -u USERNAME --password-stdin

# GCR (Google Container Registry)
gcloud auth configure-docker

# ECR (AWS Container Registry)
aws ecr get-login-password | docker login --username AWS --password-stdin $ECR_REGISTRY

Resolver Completion Status

With this PR, all four Tekton resolvers are now implemented:

Resolver	Status	Use Case
HTTP	✅ Complete	Fetch from raw URLs
Git	✅ Complete	Clone repos and extract tasks
Hub	✅ Complete	Query Artifact Hub catalogs
Bundles	✅ Complete	Pull from OCI registries

🤖 Generated with Claude Code

Implements Tekton Bundles resolver to fetch tasks from OCI registries. This provides production-ready versioned task distribution using container registries. Features: - Pull tasks from any OCI-compliant registry (Docker Hub, GHCR, GCR, ECR, ACR) - Support for both tags and SHA256 digests (immutable references) - Authentication via ~/.docker/config.json (standard Docker auth) - Content-addressable caching - Case-insensitive kind matching (Task vs task) Implementation: - Uses github.com/google/go-containerregistry library - Extracts Tekton YAML from OCI image layers - Supports name parameter to extract specific resource from bundle - Default kind: task (also supports pipeline) Bundle reference formats: - registry/image:tag (e.g., gcr.io/tekton-releases/catalog/upstream/git-clone:0.9) - registry/image@digest (e.g., gcr.io/.../git-clone@sha256:abc123...) Test coverage: - Unit tests with mock OCI registry - Caching behavior tests - Error handling tests (missing params, invalid format, nonexistent registry) - All 6 bundles tests passing Documentation: - Created examples/resolvers/bundles-resolver-pipelinerun.yaml - Updated examples/resolvers/README.md with comprehensive bundles docs - Updated main README.md with bundles resolver feature Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

vdemeester enabled auto-merge (rebase) February 5, 2026 11:25

vdemeester merged commit 61738f9 into main Feb 5, 2026
3 checks passed

vdemeester deleted the feature/bundles-resolver branch February 5, 2026 11:28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add Bundles resolver for OCI artifacts#13

Add Bundles resolver for OCI artifacts#13
vdemeester merged 1 commit intomainfrom
feature/bundles-resolver

vdemeester commented Feb 5, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

vdemeester commented Feb 5, 2026

Summary

Features

Bundles Resolver

Implementation

Bundle Reference Formats

Changes

Test Coverage

Authentication Examples

Resolver Completion Status

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant