From 2d756ca927777f53b617e584f44eb6b6095aa93b Mon Sep 17 00:00:00 2001 From: "rh-tap-build-team[bot]" <127938674+rh-tap-build-team[bot]@users.noreply.github.com> Date: Thu, 26 Sep 2024 12:18:49 +0000 Subject: [PATCH] update task/rpms-signature-scan/0.1/rpms-signature-scan.yaml --- .../0.1/rpms-signature-scan.yaml | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/task/rpms-signature-scan/0.1/rpms-signature-scan.yaml b/task/rpms-signature-scan/0.1/rpms-signature-scan.yaml index 5c65de8aa9..fb19e14975 100644 --- a/task/rpms-signature-scan/0.1/rpms-signature-scan.yaml +++ b/task/rpms-signature-scan/0.1/rpms-signature-scan.yaml @@ -7,7 +7,10 @@ spec: params: - name: image-url type: string - description: "AppStudio container image" + description: Image URL + - name: image-digest + type: string + description: Image digest to scan - name: fail-unsigned type: string description: "[true | false] If true fail if unsigned RPMs were found" @@ -31,6 +34,8 @@ spec: description: Tekton task test output. - name: RPMS_DATA description: Information about signed and unsigned RPMs + - name: IMAGES_PROCESSED + description: Images processed in the task. volumes: - name: workdir emptyDir: {} @@ -43,7 +48,7 @@ spec: optional: true steps: - name: rpms-signature-scan - image: quay.io/redhat-appstudio/tools@sha256:130dbe49cc76ff4457cb53916a32b6b1330d86feeb95beaa3b443fd8ac5b47fa + image: quay.io/redhat-appstudio/tools@sha256:2ae975e79742691d678292a676715ed7ef48b0ee37c5725eea30bc8ae0a7a9af volumeMounts: - name: workdir mountPath: "$(params.workdir)" @@ -54,6 +59,8 @@ spec: env: - name: IMAGE_URL value: "$(params.image-url)" + - name: IMAGE_DIGEST + value: "$(params.image-digest)" - name: FAIL_UNSIGNED value: "$(params.fail-unsigned)" - name: WORKDIR @@ -64,7 +71,8 @@ spec: set -o pipefail rpm_verifier \ - --input "${IMAGE_URL}" \ + --image-url "${IMAGE_URL}" \ + --image-digest "${IMAGE_DIGEST}" \ --fail-unsigned "${FAIL_UNSIGNED}" \ --workdir "${WORKDIR}" \ - name: output-results @@ -82,6 +90,7 @@ spec: source /utils.sh status=$(cat "${WORKDIR}"/status) rpms_data=$(cat "${WORKDIR}"/results) + images_processed=$(cat "${WORKDIR}"/images_processed) if [ "$status" == "ERROR" ]; then note="Task $(context.task.name) completed: Not all RPMs were confirmed to be signed. Refer to Tekton task output for details" else @@ -91,3 +100,4 @@ spec: TEST_OUTPUT=$(make_result_json -r "$status" -t "$note") echo "${TEST_OUTPUT}" | tee "$(results.TEST_OUTPUT.path)" echo "${rpms_data}" | tee "$(results.RPMS_DATA.path)" + echo "${images_processed}" | tee "$(results.IMAGES_PROCESSED.path)"