[TEP-0091] Add VerificationPolicy types

This commit adds VerificationPolicy as a new type under
`pkg/apis/pipeline/v1alpha1`, via VerificationPolicy users can
config public keys in the CRD for resources verification. The mapping
from resources to keys can be done via `pattern`

Author: Yongxuanzhang

cmd/webhook/main.go

@@ -51,8 +51,9 @@ import (
 
 var types = map[schema.GroupVersionKind]resourcesemantics.GenericCRD{
 	// v1alpha1
-	v1alpha1.SchemeGroupVersion.WithKind("PipelineResource"): &resourcev1alpha1.PipelineResource{},
-	v1alpha1.SchemeGroupVersion.WithKind("Run"):              &v1alpha1.Run{},
+	v1alpha1.SchemeGroupVersion.WithKind("PipelineResource"):   &resourcev1alpha1.PipelineResource{},
+	v1alpha1.SchemeGroupVersion.WithKind("Run"):                &v1alpha1.Run{},
+	v1alpha1.SchemeGroupVersion.WithKind("VerificationPolicy"): &v1alpha1.VerificationPolicy{},
 	// v1beta1
 	v1beta1.SchemeGroupVersion.WithKind("Pipeline"):    &v1beta1.Pipeline{},
 	v1beta1.SchemeGroupVersion.WithKind("Task"):        &v1beta1.Task{},

config/200-clusterrole.yaml

@@ -30,11 +30,14 @@ rules:
   - apiGroups: ["tekton.dev"]
     resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources", "runs", "customruns"]
     verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
+  - apiGroups: ["tekton.dev"]
+    resources: ["verificationpolicies"]
+    verbs: ["get", "list", "watch"]
   - apiGroups: ["tekton.dev"]
     resources: ["taskruns/finalizers", "pipelineruns/finalizers", "runs/finalizers", "customruns/finalizers"]
     verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
   - apiGroups: ["tekton.dev"]
-    resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "pipelineresources/status", "runs/status", "customruns/status"]
+    resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "pipelineresources/status", "runs/status", "customruns/status", "verificationpolicies/status"]
     verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
   # resolution.tekton.dev
   - apiGroups: ["resolution.tekton.dev"]
@@ -92,6 +95,7 @@ rules:
       - pipelineresources.tekton.dev
       - resolutionrequests.resolution.tekton.dev
       - customruns.tekton.dev
+      - verificationpolicies.tekton.dev
   # knative.dev/pkg needs list/watch permissions to set up informers for the webhook.
   - apiGroups: ["apiextensions.k8s.io"]
     resources: ["customresourcedefinitions"]