Skip to content

Commit

Permalink
implement the push pipeline
Browse files Browse the repository at this point in the history
  • Loading branch information
mabulgu authored and jameswnl committed Jan 7, 2025
1 parent f6ecb84 commit dd43b6a
Showing 1 changed file with 103 additions and 71 deletions.
174 changes: 103 additions & 71 deletions .tekton/ansible-chatbot-service-push.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,60 +2,32 @@ apiVersion: tekton.dev/v1
kind: PipelineRun
metadata:
annotations:
build.appstudio.openshift.io/repo: https://github.com/openshift/lightspeed-service?rev={{revision}}
build.appstudio.redhat.com/commit_sha: "{{revision}}"
build.appstudio.redhat.com/target_branch: "{{target_branch}}"
build.appstudio.openshift.io/repo: https://github.com/ansible/ansible-chatbot-service?rev={{revision}}
build.appstudio.redhat.com/commit_sha: '{{revision}}'
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
pipelinesascode.tekton.dev/max-keep-runs: "3"
pipelinesascode.tekton.dev/on-cel-expression: "event == \"push\" && \ntarget_branch == \"main\"\n"
pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main"
build.appstudio.openshift.io/build-nudge-files: |
.*Dockerfile.*, bundle/manifests/lightspeed-operator.clusterserviceversion.yaml, config/default/kustomization.yaml, lightspeed-catalog-4.15/index.yaml, lightspeed-catalog-4.16/index.yaml
creationTimestamp: null
labels:
appstudio.openshift.io/application: ols
appstudio.openshift.io/component: lightspeed-service
appstudio.openshift.io/application: ansible-chatbot-service
appstudio.openshift.io/component: ansible-chatbot-service
pipelines.appstudio.openshift.io/type: build
name: lightspeed-service-on-push
namespace: crt-nshift-lightspeed-tenant
name: ansible-chatbot-service-on-push
namespace: ansible-lightspeed-tenant
spec:
params:
- name: dockerfile
value: Containerfile
- name: git-url
value: "{{source_url}}"
- name: output-image
value: quay.io/redhat-user-workloads/crt-nshift-lightspeed-tenant/ols/lightspeed-service:{{revision}}
value: quay.io/ansible/ansible-chatbot-service:{{revision}}
- name: path-context
value: .
- name: revision
value: "{{revision}}"
- name: build-source-image
value: "true"
- name: prefetch-input
value: '[{"type": "rpm", "path": "."}, {"type": "pip", "path": ".", "allow_binary": "true"}]'
- name: hermetic
value: "true"
taskRunSpecs:
- pipelineTaskName: build-source-image
computeResources:
requests:
cpu: '1'
memory: 1Gi
limits:
memory: 4Gi
- pipelineTaskName: clair-scan
computeResources:
requests:
cpu: '1'
memory: 1Gi
limits:
memory: 8Gi
- pipelineTaskName: ecosystem-cert-preflight-checks
computeResources:
requests:
cpu: '1'
memory: 1Gi
limits:
memory: 8Gi
pipelineSpec:
finally:
- name: show-sbom
Expand All @@ -67,7 +39,7 @@ spec:
- name: name
value: show-sbom
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:9bfc6b99ef038800fe131d7b45ff3cd4da3a415dd536f7c657b3527b01c4a13b
value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:8e0f8cad75e6f674d72a874385b69c4651afc0c9dcc59feffe0d85844687d852
- name: kind
value: task
resolver: bundles
Expand All @@ -93,6 +65,44 @@ spec:
workspaces:
- name: workspace
workspace: workspace
- name: slack-notification-when-failed
params:
- name: message
value: Konflux https://console.redhat.com/application-pipeline/workspaces/ansible-lightspeed/applications/ansible-chatbot-service/pipelineruns/$(context.pipelineRun.name) status=$(tasks.status)
- name: secret-name
value: slack-webhook-urls
- name: key-name
value: team-wisdom-eng
taskRef:
params:
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-slack-webhook-notification:0.1
- name: name
value: slack-webhook-notification
- name: kind
value: Task
resolver: bundles
when:
- input: $(tasks.status)
operator: in
values: [ "Failed" ]
- name: slack-notification
params:
- name: message
value: Konflux https://console.redhat.com/application-pipeline/workspaces/ansible-lightspeed/applications/ansible-chatbot-service/pipelineruns/$(context.pipelineRun.name) status=$(tasks.status)
- name: secret-name
value: slack-webhook-urls
- name: key-name
value: wisdom-cicd-events
taskRef:
params:
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-slack-webhook-notification:0.1
- name: name
value: slack-webhook-notification
- name: kind
value: Task
resolver: bundles
params:
- description: Source Repository URL
name: git-url
Expand Down Expand Up @@ -139,10 +149,6 @@ spec:
description: Build a source image.
name: build-source-image
type: string
- default: []
description: Array of --build-arg values ("arg=value" strings) for buildah
name: build-args
type: array
- default: ""
description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file
name: build-args-file
Expand Down Expand Up @@ -177,7 +183,7 @@ spec:
- name: name
value: init
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:092c113b614f6551113f17605ae9cb7e822aa704d07f0e37ed209da23ce392cc
value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:596b7c11572bb94eb67d9ffb4375068426e2a8249ff2792ce04ad2a4bc593a63
- name: kind
value: task
resolver: bundles
Expand All @@ -194,7 +200,7 @@ spec:
- name: name
value: git-clone
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:2cccdf8729ad4d5adf65e8b66464f8efa1e1c87ba16d343b4a6c621a2a40f7e1
value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:9e6c4db5a666ea0e1e747e03d63f46e5617a6b9852c26871f9d50891d778dfa2
- name: kind
value: task
resolver: bundles
Expand All @@ -221,7 +227,7 @@ spec:
- name: name
value: prefetch-dependencies
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:fe7234e3824d1e65d6a7aac352e7a6bbce623d90d8d7da9aceeee108ad2c61be
value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:eea8bd511343b4014dab46a77e7215510f7a63820937d1267c6dc428e10ffbe4
- name: kind
value: task
resolver: bundles
Expand All @@ -230,6 +236,10 @@ spec:
operator: notin
values:
- ""
- input: $(params.hermetic)
operator: in
values:
- "true"
workspaces:
- name: source
workspace: workspace
Expand All @@ -251,19 +261,20 @@ spec:
value: $(params.image-expires-after)
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit)
- name: BUILD_ARGS
value:
- $(params.build-args[*])
- name: BUILD_ARGS_FILE
value: build.args
value: $(params.build-args-file)
- name: TARGET_STAGE
value: production
- name: BUILD_ARGS
value: [ "IMAGE_TAGS=latest 1.0.$(tasks.git-metadata.results.commit-timestamp)", "GIT_COMMIT=$(tasks.clone-repository.results.commit)" ]
runAfter:
- prefetch-dependencies
taskRef:
params:
- name: name
value: buildah-10gb
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-buildah-10gb:0.2@sha256:fe86b7c7e746f0d0a5ee6791d29eae5569138a5d31df42fadebcb6a9d2722ccb
value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-10gb:0.2
- name: kind
value: task
resolver: bundles
Expand All @@ -275,6 +286,42 @@ spec:
workspaces:
- name: source
workspace: workspace
- name: apply-tags
params:
- name: IMAGE
value: $(tasks.build-container.results.IMAGE_URL)
- name: ADDITIONAL_TAGS
value: [ "latest", "1.0.$(tasks.git-metadata.results.commit-timestamp)" ]
runAfter:
- build-container
taskRef:
params:
- name: name
value: apply-tags
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-apply-tags:0.1
- name: kind
value: task
resolver: bundles
- name: git-metadata
runAfter:
- clone-repository
workspaces:
- name: source
workspace: workspace
taskSpec:
workspaces:
- name: source
steps:
- name: get-commit-timestamp
image: alpine/git
script: |
#!/bin/sh
set -euo pipefail
cd "$(workspaces.source.path)/source"
echo -n $(date -d @$(git log -1 --format=%at) "+%Y%m%d%H%M") > $(results.commit-timestamp.path)
results:
- name: commit-timestamp
- name: build-source-image
params:
- name: BINARY_IMAGE
Expand All @@ -286,7 +333,7 @@ spec:
- name: name
value: source-build
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:21cb5ebaff7a9216903cf78933dc4ec4dd6283a52636b16590a5f52ceb278269
value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:14b91ad9124b722b44222685013faaf9af8ac5b66030d9abeb1c61da3c118cdd
- name: kind
value: task
resolver: bundles
Expand Down Expand Up @@ -315,7 +362,7 @@ spec:
- name: name
value: deprecated-image-check
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:b4f9599f5770ea2e6e4d031224ccc932164c1ecde7f85f68e16e99c98d754003
value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.4@sha256:1f17ef7ab9859d6e2215ef2ed532ebc15e516ba09226b8cae77907a7a8b7cedd
- name: kind
value: task
resolver: bundles
Expand All @@ -337,7 +384,7 @@ spec:
- name: name
value: clair-scan
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:28fee4bf5da87f2388c973d9336086749cad8436003f9a514e22ac99735e056b
value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:b8c51079ea1110e1095c229e184e3c340120ba211a63a200e836706f5a35361c
- name: kind
value: task
resolver: bundles
Expand All @@ -357,7 +404,7 @@ spec:
- name: name
value: ecosystem-cert-preflight-checks
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:5131cce0f93d0b728c7bcc0d6cee4c61d4c9f67c6d619c627e41e3c9775b497d
value: quay.io/redhat-appstudio-tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:fc2cda064580364bb80c3ad6f438002de0033963fc33985d01ad249346b93433
- name: kind
value: task
resolver: bundles
Expand All @@ -374,7 +421,7 @@ spec:
- name: name
value: sast-snyk-check
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2@sha256:c1ea706405f9ae146e31baef4abfea49b1e855a75bfc44c33eb0eb29516831b3
value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.2@sha256:479bd0d9aaa7b377ff5f8ad93168d44807455646f2161688637cb2e4e0b990d9
- name: kind
value: task
resolver: bundles
Expand Down Expand Up @@ -404,7 +451,7 @@ spec:
- name: name
value: clamav-scan
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:1e29eebe916b81b7100138d62db0e03e22d03657274d37041c59cbaca5fdbf7d
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:7bb17b937c9342f305468e8a6d0a22493e3ecde58977bd2ffc8b50e2fa234d58
- name: kind
value: task
resolver: bundles
Expand All @@ -413,21 +460,6 @@ spec:
operator: in
values:
- "false"
- name: apply-tags
params:
- name: IMAGE
value: $(tasks.build-container.results.IMAGE_URL)
runAfter:
- build-container
taskRef:
params:
- name: name
value: apply-tags
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:f485e250fb060060892b633c495a3d7e38de1ec105ae1be48608b0401530ab2c
- name: kind
value: task
resolver: bundles
workspaces:
- name: workspace
- name: git-auth
Expand Down

0 comments on commit dd43b6a

Please sign in to comment.