Skip to content

Commit

Permalink
Merge pull request #556 from skattoju/add_preflight_task
Browse files Browse the repository at this point in the history
add preflight task
  • Loading branch information
MartinBasti authored Mar 1, 2024
2 parents c513018 + 379d88d commit 0549029
Show file tree
Hide file tree
Showing 4 changed files with 97 additions and 0 deletions.
13 changes: 13 additions & 0 deletions pipelines/template-build/template-build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,19 @@ spec:
value: $(tasks.build-container.results.IMAGE_DIGEST)
- name: image-url
value: $(tasks.build-container.results.IMAGE_URL)
- name: ecosystem-cert-preflight-checks
when:
- input: $(params.skip-checks)
operator: in
values: ["false"]
runAfter:
- build-container
taskRef:
name: ecosystem-cert-preflight-checks
version: "0.1"
params:
- name: image-url
value: $(tasks.build-container.results.IMAGE_URL)
- name: sast-snyk-check
when:
- input: $(params.skip-checks)
Expand Down
23 changes: 23 additions & 0 deletions task/ecosystem-cert-preflight-checks/0.1/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# ecosystem-cert-preflight-checks task

## Description:

The ecosystem-cert-preflight-checks task checks an image for certification readiness.

## Params:

| name | description |
|--------------|----------------------------------------------------------------|
| image-url | Image URL. |

## Results:

| name | description |
|-------------------|--------------------------------------------------|
| TEST_OUTPUT | Indicates whether the container passsed preflight|

## Source repository for preflight:
https://github.com/redhat-openshift-ecosystem/openshift-preflight

## Additional links:
https://connect.redhat.com/en/blog/topic/preflight
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: ecosystem-cert-preflight-checks
spec:
description: >-
Scans container images for certification readiness
params:
- name: image-url
description: Image url to scan.
results:
- name: TEST_OUTPUT
description: Preflight pass or fail outcome.
steps:
- name: check-container
image: quay.io/opdev/preflight:stable@sha256:d990cbe8fb0db4dff0f7609403992f273f07d55f89dc7d2f046eb8f9c3e48110
args: ["check", "container", "$(params.image-url)"]
volumeMounts:
- name: pfltoutputdir
mountPath: /artifacts
- name: gather-pflt-results
image: quay.io/redhat-appstudio/appstudio-utils@sha256:586149e3f18d966f681d956ab074b4e1d8433663d615ed86e19a3804ba952dfe
volumeMounts:
- name: pfltoutputdir
mountPath: /artifacts
script: |
# Expected results directory
RESULT_JSON_PATH=artifacts/results.json
# Process results
PFLT_RESULT="FAILURE"
PFLT_PASSED=$(cat $RESULT_JSON_PATH |jq .passed)
if [ $PFLT_PASSED = true ]; then PFLT_RESULT="SUCCESS" ; fi
PFLT_NOTE="Task prelifght is a ${PFLT_RESULT}: Refer to Tekton task logs for more information"
PFLT_PASS_COUNT=$(cat $RESULT_JSON_PATH | jq '.results.passed | length')
PFLT_FAIL_COUNT=$(cat $RESULT_JSON_PATH | jq '.results.failed |length')
PFLT_ERROR_COUNT=$(cat $RESULT_JSON_PATH | jq '.results.errors |length')
if [[ $PFLT_ERROR_COUNT > 0 ]]; then PFLT_RESULT="ERROR" ; fi
# Generate TEST_OUTPUT
TEST_OUTPUT=$(jq -rce \
--arg date "$(date +%s)" \
--arg note "${PFLT_NOTE}" \
--arg result "${PFLT_RESULT}" \
--arg successes "${PFLT_PASS_COUNT}" \
--arg failures "${PFLT_FAIL_COUNT}" \
--arg warnings "0" \
--null-input \
'{ result: $result,
timestamp: $date,
note: $note,
successes: $successes|tonumber,
failures: $failures|tonumber,
warnings: $warnings|tonumber
}')
echo $TEST_OUTPUT | tee $(results.TEST_OUTPUT.path)
volumes:
- name: pfltoutputdir
emptyDir: {}
2 changes: 2 additions & 0 deletions task/ecosystem-cert-preflight-checks/OWNERS
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@

opdev

0 comments on commit 0549029

Please sign in to comment.