Deprecate the tekton-provenance predicate format

For now, this will still work but we just print the error message.
It can be removed in a future release, and I removed all docs around it as well.

docs/config.md

@@ -48,7 +48,7 @@ Supported keys include:
 
 | Key | Description | Supported Values | Default |
 | :--- | :--- | :--- | :--- |
-| `artifacts.taskrun.format` | The format to store `TaskRun` payloads in. | `tekton`, `in-toto`, `tekton-provenance` | `tekton` |
+| `artifacts.taskrun.format` | The format to store `TaskRun` payloads in. | `tekton`, `in-toto`| `tekton` |
 | `artifacts.taskrun.storage` | The storage backend to store `TaskRun` signatures in. | `tekton`, `oci`, `gcs`, `docdb` | `tekton` |
 | `artifacts.taskrun.signer` | The signature backend to sign `Taskrun` payloads with. | `x509`, `kms` | `x509` |
 

docs/deprecations.md

@@ -0,0 +1,28 @@
+<!--
+---
+linkTitle: "Deprecations"
+weight: 5000
+---
+-->
+
+# Deprecations
+
+- [Introduction](#introduction)
+- [Deprecation Table](#deprecation-table)
+
+## Introduction
+
+This doc provides a list of features in Tekton Chains that are
+being deprecated.
+
+Deprecations will follow this timeline:
+- Deprecation announcement is made during a release
+- Feature is removed two releases later
+
+So, if a feature is deprecated at v0.1.0, then it would be removed in v0.3.0.
+
+## Deprecation Table
+
+| Feature Being Deprecated  | Deprecation Announcement  | API Compatibility Policy | Earliest Date or Release of Removal |
+| ------------------------- | ------------------------- | ------------------------ | ----------------------------------- |
+| [`tekton-provenance` format is deprecated](https://github.com/tektoncd/chains/issues/293)  | [v0.6.0](https://github.com/tektoncd/pipeline/releases/tag/v0.6.0) | Alpha | v0.8.0 |

docs/intoto.md

@@ -11,20 +11,8 @@ weight: 40
 
 The in-toto attestation spec is defined [here](https://github.com/in-toto/attestation/tree/v0.1.0/spec).
 
-In-toto attestations can be generated for TaskRuns. 
-Currently, two predicate formats are supported by Tekton Chains:
-1. A custom [Tekton Chains predicate](../PROVENANCE_SPEC.md)
-1. The standard [in-toto predicate](https://github.com/in-toto/attestation/blob/v0.1.0/spec/predicates/provenance.md)
-
-### Custom Tekton Chains predicate
-The custom Chains predicate can be enabled by running:
-
-```
-kubectl patch configmap chains-config -n tekton-chains -p='{"data":{"artifacts.taskrun.format": "tekton-provenance"}}'
-```
-
-For more details around this custom predicate, see [PROVENANCE_SPEC.md](../PROVENANCE_SPEC.md)
-
+In-toto attestations can be generated for TaskRuns.
+Tekton Chains generates in-toto attestations with the `slsa-provenance` predicate [format](https://slsa.dev/provenance/v0.2). 
 
 ### Standard in-toto predicate
 

docs/tutorials/signed-provenance-tutorial.md

@@ -55,14 +55,14 @@ kubectl create secret generic [DOCKERCONFIG_SECRET_NAME] --from-file [PATH TO CO
 
 You'll need to make these changes to the Tekton Chains Config:
 
-* `artifacts.taskrun.format=tekton-provenance`
+* `artifacts.taskrun.format=in-toto`
 * `artifacts.taskrun.storage=oci`
 * `transparency.enabled=true`
 
 You can set these fields by running
 
 ```shell
-kubectl patch configmap chains-config -n tekton-chains -p='{"data":{"artifacts.taskrun.format": "tekton-provenance"}}'
+kubectl patch configmap chains-config -n tekton-chains -p='{"data":{"artifacts.taskrun.format": "in-toto"}}'
 kubectl patch configmap chains-config -n tekton-chains -p='{"data":{"artifacts.taskrun.storage": "oci"}}'
 kubectl patch configmap chains-config -n tekton-chains -p='{"data":{"transparency.enabled": "true"}}'
 ```

pkg/chains/formats/provenance/provenance.go

@@ -49,10 +49,16 @@ type Provenance struct {
 }
 
 func NewFormatter(cfg config.Config, logger *zap.SugaredLogger) (formats.Payloader, error) {
+	errorMsg := `The 'tekton-provenance' format is deprecated, and support will be removed in the next release.
+	
+	Please switch to the in-toto format by running:
+	
+	kubectl patch configmap chains-config -n tekton-chains -p='{"data":{"artifacts.taskrun.format": "in-toto"}}'	
+	`
 	return &Provenance{
 		builderID: cfg.Builder.ID,
 		logger:    logger,
-	}, nil
+	}, errors.New(errorMsg)
 }
 
 func (i *Provenance) Wrap() bool {

pkg/chains/signing.go

@@ -103,7 +103,7 @@ func allFormatters(cfg config.Config, l *zap.SugaredLogger) map[formats.PayloadT
 		case formats.PayloadTypeProvenance:
 			formatter, err := provenance.NewFormatter(cfg, l)
 			if err != nil {
-				l.Warnf("error configuring intoto formatter: %s", err)
+				l.Warnf("error configuring tekton-provenance formatter: %s", err)
 			}
 			all[f] = formatter
 		}

pkg/chains/storage/oci/oci_test.go

@@ -58,7 +58,7 @@ func TestBackend_StorePayload(t *testing.T) {
 				rawPayload: sampleIntotoStatementBytes,
 				signature:  "",
 				storageOpts: config.StorageOpts{
-					PayloadFormat: "tekton-provenance",
+					PayloadFormat: "in-toto",
 				},
 			},
 			wantErr: true,

test/e2e_test.go

@@ -328,7 +328,7 @@ func TestOCIStorage(t *testing.T) {
 		"artifacts.oci.format":            "simplesigning",
 		"artifacts.oci.storage":           "oci",
 		"artifacts.oci.signer":            "x509",
-		"artifacts.taskrun.format":        "tekton-provenance",
+		"artifacts.taskrun.format":        "in-toto",
 		"artifacts.taskrun.signer":        "x509",
 		"artifacts.taskrun.storage":       "oci",
 		"storage.oci.repository.insecure": "true",
@@ -467,7 +467,7 @@ func TestProvenanceMaterials(t *testing.T) {
 
 	// Setup the right config.
 	resetConfig := setConfigMap(ctx, t, c, map[string]string{
-		"artifacts.taskrun.format":  "tekton-provenance",
+		"artifacts.taskrun.format":  "in-toto",
 		"artifacts.taskrun.signer":  "x509",
 		"artifacts.taskrun.storage": "tekton",
 	})