Add user-facing doc "SLSA Provenance"

[chuangw6]

Changes

Fixes #786

The doc includes instruction on how to configure a pipeline/task so that Tekton Chains can generate SLSA provenance properly.

Submitter Checklist

As the author of this PR, please check off the items in this checklist:

• Has Docs included if any changes are user facing
• Follows the commit message standard
• Meets the Tekton contributor standards (including
  functionality, content, code)
• Release notes block below has been updated with any user facing changes (API changes, bug fixes, changes requiring upgrade notices or deprecation warnings)

Release Notes

Add user facing doc that includes instructions on how to configure pipeline/task so that Chains can generate SLSA provenance properly.

[chuangw6]

cc @chitrangpatel @wlynch @lcarva PTAL. Any feedback would be appreciated! Thanks

[wlynch]

Thanks for putting this together!

This looks like a mix between the existing type hinting docs and tutorials that include lifecycle information. 🤔

I'd like to avoid duplicating / fragmenting docs if we can. I think most of this information is already present in https://github.com/tektoncd/chains/blob/main/docs/intoto.md. Can we consolidate these docs together?

[chuangw6]

I'd like to avoid duplicating / fragmenting docs if we can. I think most of this information is already present in https://github.com/tektoncd/chains/blob/main/docs/intoto.md. Can we consolidate these docs together?

Yeah, type hinting is also mentioned in https://github.com/tektoncd/chains/blob/main/docs/config.md#chains-type-hinting.

I'll consolidate those docs

• remove type hinting in both intoto.md (majority of the content) and config.md
• just leave intoto.md with things mentioned in Call for a doc on how to use Pipelines with Chains #786. Feel free to suggest the scope of the intoto.md. Open for ideas!

[chuangw6]

Hi @wlynch, I've cleaned up the docs. PTAL. It turns out the intoto.md file can be completely removed. Most contents are covered in the new doc in a more structured way.

I also added a reference to the build type doc that @chitrangpatel is working on in #906.

[wlynch]

Table-ify this

[wlynch]

This is where it would make sense to include links to the different slsa spec docs

[chuangw6]

Table-ify this

Done!

This is where it would make sense to include links to the different slsa spec docs

SGTM.

@chitrangpatel Assume this PR might be merged first, could you please add link to spec doc once #906 is merged? Thanks

[chuangw6]

@wlynch Thank you for taking your time to review. I've incorporated all of your suggestions. Please take another look and let me know if you have any other comments/questions.

Thanks again!

[wlynch]

LGTM besides a link fix!

[chitrangpatel]

/test pull-tekton-chains-integration-tests

[chitrangpatel]

/approve

[wlynch]

/lgtm

[tekton-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: chitrangpatel, wlynch

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [chitrangpatel,wlynch]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment