feat: Add Artifact Hub Integration for Tekton Resources

[waveywaves]

Feature request

Add Artifact Hub Integration for Tekton Resources

🎯 Overview

With Tekton Hub now deprecated, we need to implement Artifact Hub integration to provide users with access to community contributed Tekton resources. Artifact Hub has become the recommended platform for
discovering and sharing Tekton pipelines, tasks, and step actions.

📋 Background

• Tekton Hub is deprecated and the community has migrated to Artifact Hub
• Artifact Hub is now a CNCF incubating project (as of September 2024)
• Artifact Hub provides better visibility, security scanning, and verified publisher support
• The Hub Resolver in Tekton already supports Artifact Hub via the artifact type

🚀 Proposed Features

Search and Discovery Tools

• search_artifacthub_tasks - Search for Tekton tasks with filters
• search_artifacthub_pipelines - Search for Tekton pipelines
• search_artifacthub_stepactions - Search for Tekton step actions
• get_artifacthub_package - Get detailed package information
• get_artifacthub_versions - List available versions of a package
• get_artifacthub_changelog - View package changelog
• get_artifacthub_security_report - Check for security vulnerabilities

Installation and Import Tools

• install_from_artifacthub - Install a package directly to the cluster
• import_from_artifacthub - Import package YAML for review before installation
• resolve_artifacthub_dependencies - Check and resolve package dependencies

Repository Management

• list_artifacthub_repos - List available Tekton repositories
• add_custom_repo - Configure custom Artifact Hub instance
• sync_repo_catalog - Sync local cache with repository

📝 Implementation Plan

Phase 1: Core Client Implementation

• Create HTTP client for Artifact Hub API
• Define data models for packages, versions, and search results
• Implement authentication support (API key)
• Add rate limiting and retry logic

Phase 2: Search and Discovery

• Implement search tools for different Tekton resource types
• Add filtering by category, repository, official status
• Implement package detail retrieval
• Add version listing and changelog access

Phase 3: Installation Features

• Implement direct installation to cluster
• Add YAML import for review workflow
• Support version pinning
• Add namespace selection support

Phase 4: Enhanced Features

• Add caching layer for improved performance
• Implement package signature validation
• Add CVE scanning integration
• Support verified publisher badges

🔧 Technical Details

API Endpoints to Integrate

• GET /packages/search - Search packages
• GET /packages/tekton-task/{repoName}/{packageName} - Get task details
• GET /packages/tekton-pipeline/{repoName}/{packageName} - Get pipeline details
• GET /packages/tekton-stepaction/{repoName}/{packageName} - Get step action details
• GET /packages/{packageID}/{version}/security-report - Security information

Configuration

Environment Variables:

• ARTIFACT_HUB_API: Custom Artifact Hub instance URL (default: https://artifacthub.io)
• ARTIFACT_HUB_API_KEY: Optional API key for authenticated requests
• ARTIFACT_HUB_CACHE_TTL: Cache duration in seconds (default: 3600)
• ARTIFACT_HUB_TIMEOUT: Request timeout in seconds (default: 30)

Example Usage

  # Search for a Tekton task
  mcp> search_artifacthub_tasks query="git-clone" category="git"

  # Get package details
  mcp> get_artifacthub_package repo="tekton" name="git-clone" type="task"

  # Install a specific version
  mcp> install_from_artifacthub repo="tekton" name="git-clone" version="0.9.0" namespace="default"

  # Check security vulnerabilities
  mcp> get_artifacthub_security_report package="git-clone" version="0.9.0"

✅ Acceptance Criteria

• Users can search for Tekton resources on Artifact Hub
• Users can view package details including versions and changelog
• Users can install packages directly or import YAML for review
• Security reports are accessible for packages with container images
• Custom Artifact Hub instances can be configured
• Search results are cached for performance
• Comprehensive tests cover all new functionality
• Documentation is updated with all new tools

🎁 Benefits

1. Access to Community Resources - Discover and use community-contributed Tekton resources
2. Version Management - Track and manage different versions of resources
3. Security Awareness - View CVE reports and security vulnerabilities
4. Trusted Sources - Leverage verified publisher and official status indicators
5. Seamless Migration - Smooth transition from deprecated Tekton Hub

📚 References

• https://artifacthub.io/docs/topics/annotations/tekton/
• Migrate from Tekton Hub to Artifact Hub pipeline#5585
• https://tekton.dev/docs/pipelines/hub-resolver/
• https://artifacthub.io/docs/api/