diff --git a/pipelines/enterprise-contract-slsa1.yaml b/pipelines/enterprise-contract-slsa1.yaml deleted file mode 100644 index 62578891ef..0000000000 --- a/pipelines/enterprise-contract-slsa1.yaml +++ /dev/null @@ -1,72 +0,0 @@ -# This is a copy of enterprise-contract.yaml with a different default value for the -# POLICY_CONFIGURATION parameter. This is a workaround until the UI can provide sufficient -# controls to allow users to provide parameters. https://issues.redhat.com/browse/HACBS-2294 -apiVersion: tekton.dev/v1beta1 -kind: Pipeline -metadata: - name: enterprise-contract-slsa1 - labels: - build.appstudio.redhat.com/pipeline: "enterprise-contract" -spec: - params: - - name: SNAPSHOT - type: string - description: | - Spec section of an ApplicationSnapshot resource. Not all fields of the - resource are required. A minimal example: - { - "components": [ - { - "containerImage": "quay.io/example/repo:latest" - } - ] - } - Each "containerImage" in the "components" array is validated. - - name: POLICY_CONFIGURATION - type: string - description: | - Name of the policy configuration (EnterpriseContractConfiguration - object) to use. `namespace/name` or `name` syntax supported. If - namespace is omitted the namespace where the task runs is used. - default: github.com/enterprise-contract/config//slsa1 - - name: SSL_CERT_DIR - type: string - description: | - Path to a directory containing SSL certs to be used when communicating - with external services. This is useful when using the integrated registry - and a local instance of Rekor on a development cluster which may use - certificates issued by a not-commonly trusted root CA. In such cases, - "/var/run/secrets/kubernetes.io/serviceaccount" is a good value. Multiple - paths can be provided by using the ":" separator. - default: "" - results: - - name: TEST_OUTPUT - value: "$(tasks.verify.results.TEST_OUTPUT)" - tasks: - - name: verify - params: - - name: POLICY_CONFIGURATION - value: "$(params.POLICY_CONFIGURATION)" - - name: IMAGES - value: "$(params.SNAPSHOT)" - - name: SSL_CERT_DIR - value: "$(params.SSL_CERT_DIR)" - # It's confusing for users to see a passing taskrun that represents a failing EC test. - # For that reason let's have the taskrun fail when there are EC violations. Also, if - # this is set to false (IIUC), it's not possible to have the IntegrationTest gate the - # deploy to the devel environment work, which is what users expect to be able to do. - - name: STRICT - value: "true" - - name: PUBLIC_KEY - value: "k8s://openshift-pipelines/public-key" - - name: IGNORE_REKOR - value: "true" - taskRef: - resolver: bundles - params: - - name: bundle - value: quay.io/enterprise-contract/ec-task-bundle:snapshot@sha256:172b7d040b55d03eca599009c536726c16d2e14224851b2dbd24c6d771cea59b - - name: name - value: verify-enterprise-contract - - name: kind - value: task diff --git a/pipelines/enterprise-contract-slsa2.yaml b/pipelines/enterprise-contract-slsa2.yaml deleted file mode 100644 index 45e8e98fd7..0000000000 --- a/pipelines/enterprise-contract-slsa2.yaml +++ /dev/null @@ -1,72 +0,0 @@ -# This is a copy of enterprise-contract.yaml with a different default value for the -# POLICY_CONFIGURATION parameter. This is a workaround until the UI can provide sufficient -# controls to allow users to provide parameters. https://issues.redhat.com/browse/HACBS-2294 -apiVersion: tekton.dev/v1beta1 -kind: Pipeline -metadata: - name: enterprise-contract-slsa2 - labels: - build.appstudio.redhat.com/pipeline: "enterprise-contract" -spec: - params: - - name: SNAPSHOT - type: string - description: | - Spec section of an ApplicationSnapshot resource. Not all fields of the - resource are required. A minimal example: - { - "components": [ - { - "containerImage": "quay.io/example/repo:latest" - } - ] - } - Each "containerImage" in the "components" array is validated. - - name: POLICY_CONFIGURATION - type: string - description: | - Name of the policy configuration (EnterpriseContractConfiguration - object) to use. `namespace/name` or `name` syntax supported. If - namespace is omitted the namespace where the task runs is used. - default: github.com/enterprise-contract/config//slsa2 - - name: SSL_CERT_DIR - type: string - description: | - Path to a directory containing SSL certs to be used when communicating - with external services. This is useful when using the integrated registry - and a local instance of Rekor on a development cluster which may use - certificates issued by a not-commonly trusted root CA. In such cases, - "/var/run/secrets/kubernetes.io/serviceaccount" is a good value. Multiple - paths can be provided by using the ":" separator. - default: "" - results: - - name: TEST_OUTPUT - value: "$(tasks.verify.results.TEST_OUTPUT)" - tasks: - - name: verify - params: - - name: POLICY_CONFIGURATION - value: "$(params.POLICY_CONFIGURATION)" - - name: IMAGES - value: "$(params.SNAPSHOT)" - - name: SSL_CERT_DIR - value: "$(params.SSL_CERT_DIR)" - # It's confusing for users to see a passing taskrun that represents a failing EC test. - # For that reason let's have the taskrun fail when there are EC violations. Also, if - # this is set to false (IIUC), it's not possible to have the IntegrationTest gate the - # deploy to the devel environment work, which is what users expect to be able to do. - - name: STRICT - value: "true" - - name: PUBLIC_KEY - value: "k8s://openshift-pipelines/public-key" - - name: IGNORE_REKOR - value: "true" - taskRef: - resolver: bundles - params: - - name: bundle - value: quay.io/enterprise-contract/ec-task-bundle:snapshot@sha256:172b7d040b55d03eca599009c536726c16d2e14224851b2dbd24c6d771cea59b - - name: name - value: verify-enterprise-contract - - name: kind - value: task diff --git a/pipelines/kustomization.yaml b/pipelines/kustomization.yaml index 0173178fa5..9a53f3bb22 100644 --- a/pipelines/kustomization.yaml +++ b/pipelines/kustomization.yaml @@ -6,8 +6,6 @@ resources: - nodejs-builder - enterprise-contract.yaml - enterprise-contract-everything.yaml -- enterprise-contract-slsa1.yaml -- enterprise-contract-slsa2.yaml - enterprise-contract-slsa3.yaml - fbc-builder - tekton-bundle-builder