Skip to content

Commit

Permalink
chore: Make PR checks happy
Browse files Browse the repository at this point in the history
  • Loading branch information
jhutar committed Aug 7, 2024
1 parent d70f7fb commit 51a5070
Show file tree
Hide file tree
Showing 3 changed files with 181 additions and 25 deletions.
63 changes: 60 additions & 3 deletions task/buildah-oci-ta/0.2/buildah-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -418,10 +418,11 @@ spec:
echo "$BASE_IMAGES" >/shared/base_images_from_dockerfile
computeResources:
limits:
memory: 4Gi
cpu: "4"
memory: 8Gi
requests:
cpu: 250m
memory: 512Mi
cpu: "1"
memory: 2Gi
securityContext:
capabilities:
add:
Expand All @@ -440,6 +441,13 @@ spec:
find $(cat /shared/container_path) -xtype l -delete
echo "Running syft on the image filesystem"
syft dir:$(cat /shared/container_path) --output cyclonedx-json=/var/workdir/sbom-image.json
computeResources:
limits:
cpu: "2"
memory: 4Gi
requests:
cpu: 500m
memory: 1Gi
- name: analyse-dependencies-java-sbom
image: quay.io/redhat-appstudio/hacbs-jvm-build-request-processor:127ee0c223a2b56a9bd20a6f2eaeed3bd6015f77
volumeMounts:
Expand All @@ -454,6 +462,13 @@ spec:
else
touch $(results.JAVA_COMMUNITY_DEPENDENCIES.path)
fi
computeResources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
securityContext:
runAsUser: 0
- name: merge-syft-sboms
Expand Down Expand Up @@ -488,6 +503,13 @@ spec:
# write the CycloneDX unified SBOM
with open("./sbom-cyclonedx.json", "w") as f:
json.dump(image_sbom, f, indent=4)
computeResources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
securityContext:
runAsUser: 0
- name: merge-cachi2-sbom
Expand All @@ -501,6 +523,13 @@ spec:
else
echo "Skipping step since no Cachi2 SBOM was produced"
fi
computeResources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
securityContext:
runAsUser: 0
- name: create-purl-sbom
Expand All @@ -518,6 +547,13 @@ spec:
with open("sbom-purl.json", "w") as output_file:
json.dump(purl_content, output_file, indent=4)
computeResources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
securityContext:
runAsUser: 0
- name: create-base-images-sbom
Expand All @@ -528,6 +564,13 @@ spec:
--sbom=sbom-cyclonedx.json \
--base-images-from-dockerfile=/shared/base_images_from_dockerfile \
--base-images-digests=/shared/base_images_digests
computeResources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
securityContext:
runAsUser: 0
- name: inject-sbom-and-push
Expand Down Expand Up @@ -592,6 +635,13 @@ spec:
sbom_digest="$(sha256sum sbom-cyclonedx.json | cut -d' ' -f1)"
# The SBOM_BLOB_URL is created by `cosign attach sbom`.
echo -n "${sbom_repo}@sha256:${sbom_digest}" | tee "$(results.SBOM_BLOB_URL.path)"
computeResources:
limits:
cpu: "4"
memory: 4Gi
requests:
cpu: "1"
memory: 1Gi
securityContext:
capabilities:
add:
Expand All @@ -613,3 +663,10 @@ spec:
name: trusted-ca
readOnly: true
subPath: ca-bundle.crt
computeResources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
72 changes: 61 additions & 11 deletions task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -204,10 +204,11 @@ spec:
- $(params.BUILD_ARGS[*])
computeResources:
limits:
memory: 4Gi
cpu: "4"
memory: 8Gi
requests:
cpu: 250m
memory: 512Mi
cpu: "1"
memory: 2Gi
env:
- name: COMMIT_SHA
value: $(params.COMMIT_SHA)
Expand Down Expand Up @@ -494,7 +495,13 @@ spec:
name: ssh
readOnly: true
workingDir: /var/workdir
- computeResources: {}
- computeResources:
limits:
cpu: "2"
memory: 4Gi
requests:
cpu: 500m
memory: 1Gi
image: quay.io/redhat-appstudio/syft:v0.105.1@sha256:1910b829997650c696881e5fc2fc654ddf3184c27edb1b2024e9cb2ba51ac431
name: sbom-syft-generate
script: |
Expand All @@ -509,7 +516,13 @@ spec:
- mountPath: /shared
name: shared
workingDir: /var/workdir/source
- computeResources: {}
- computeResources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
image: quay.io/redhat-appstudio/hacbs-jvm-build-request-processor:127ee0c223a2b56a9bd20a6f2eaeed3bd6015f77
name: analyse-dependencies-java-sbom
script: |
Expand All @@ -526,7 +539,13 @@ spec:
name: varlibcontainers
- mountPath: /shared
name: shared
- computeResources: {}
- computeResources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
image: registry.access.redhat.com/ubi9/python-39:1-192.1722518946@sha256:0176b477075984d5a502253f951d2502f0763c551275f9585ac515b9f241d73d
name: merge-syft-sboms
script: |
Expand Down Expand Up @@ -561,7 +580,13 @@ spec:
securityContext:
runAsUser: 0
workingDir: /var/workdir
- computeResources: {}
- computeResources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
image: quay.io/redhat-appstudio/cachi2:0.9.1@sha256:df67f9e063b544a8c49a271359377fed560562615e0278f6d0b9a3485f3f8fad
name: merge-cachi2-sbom
script: |
Expand All @@ -575,7 +600,13 @@ spec:
securityContext:
runAsUser: 0
workingDir: /var/workdir
- computeResources: {}
- computeResources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
image: registry.access.redhat.com/ubi9/python-39:1-192.1722518946@sha256:0176b477075984d5a502253f951d2502f0763c551275f9585ac515b9f241d73d
name: create-purl-sbom
script: |
Expand All @@ -593,7 +624,13 @@ spec:
securityContext:
runAsUser: 0
workingDir: /var/workdir
- computeResources: {}
- computeResources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
image: quay.io/redhat-appstudio/base-images-sbom-script@sha256:667669e3def018f9dbb8eaf8868887a40bc07842221e9a98f6787edcff021840
name: create-base-images-sbom
script: |
Expand All @@ -604,7 +641,14 @@ spec:
securityContext:
runAsUser: 0
workingDir: /var/workdir
- computeResources: {}
- computeResources:
limits:
cpu: "4"
memory: 4Gi
requests:
cpu: "1"
memory: 1Gi
image: quay.io/konflux-ci/buildah:latest@sha256:3fe211715717eca9eca1f19d326e19dd052c92fc6eb4f2434d8f903fe5b9aeb7
image: quay.io/konflux-ci/buildah:latest@sha256:7d7658b12457107d171f3c1644850e22a22513668484c5e971e6a773542461db
name: inject-sbom-and-push
script: |
Expand Down Expand Up @@ -680,7 +724,13 @@ spec:
- --type
- cyclonedx
- $(params.IMAGE)
computeResources: {}
computeResources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
image: quay.io/redhat-appstudio/cosign:v2.1.1@sha256:c883d6f8d39148f2cea71bff4622d196d89df3e510f36c140c097b932f0dd5d5
name: upload-sbom
volumeMounts:
Expand Down
71 changes: 60 additions & 11 deletions task/buildah-remote/0.2/buildah-remote.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -186,10 +186,11 @@ spec:
- $(params.BUILD_ARGS[*])
computeResources:
limits:
memory: 4Gi
cpu: "4"
memory: 8Gi
requests:
cpu: 250m
memory: 512Mi
cpu: "1"
memory: 2Gi
env:
- name: COMMIT_SHA
value: $(params.COMMIT_SHA)
Expand Down Expand Up @@ -476,7 +477,13 @@ spec:
name: ssh
readOnly: true
workingDir: $(workspaces.source.path)
- computeResources: {}
- computeResources:
limits:
cpu: "2"
memory: 4Gi
requests:
cpu: 500m
memory: 1Gi
image: quay.io/redhat-appstudio/syft:v0.105.1@sha256:1910b829997650c696881e5fc2fc654ddf3184c27edb1b2024e9cb2ba51ac431
name: sbom-syft-generate
script: |
Expand All @@ -491,7 +498,13 @@ spec:
- mountPath: /shared
name: shared
workingDir: $(workspaces.source.path)/source
- computeResources: {}
- computeResources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
image: quay.io/redhat-appstudio/hacbs-jvm-build-request-processor:127ee0c223a2b56a9bd20a6f2eaeed3bd6015f77
name: analyse-dependencies-java-sbom
script: |
Expand All @@ -508,7 +521,13 @@ spec:
name: varlibcontainers
- mountPath: /shared
name: shared
- computeResources: {}
- computeResources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
image: registry.access.redhat.com/ubi9/python-39:1-192.1722518946@sha256:0176b477075984d5a502253f951d2502f0763c551275f9585ac515b9f241d73d
name: merge-syft-sboms
script: |
Expand Down Expand Up @@ -543,7 +562,13 @@ spec:
securityContext:
runAsUser: 0
workingDir: $(workspaces.source.path)
- computeResources: {}
- computeResources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
image: quay.io/redhat-appstudio/cachi2:0.9.1@sha256:df67f9e063b544a8c49a271359377fed560562615e0278f6d0b9a3485f3f8fad
name: merge-cachi2-sbom
script: |
Expand All @@ -557,7 +582,13 @@ spec:
securityContext:
runAsUser: 0
workingDir: $(workspaces.source.path)
- computeResources: {}
- computeResources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
image: registry.access.redhat.com/ubi9/python-39:1-192.1722518946@sha256:0176b477075984d5a502253f951d2502f0763c551275f9585ac515b9f241d73d
name: create-purl-sbom
script: |
Expand All @@ -575,7 +606,13 @@ spec:
securityContext:
runAsUser: 0
workingDir: $(workspaces.source.path)
- computeResources: {}
- computeResources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
image: quay.io/redhat-appstudio/base-images-sbom-script@sha256:667669e3def018f9dbb8eaf8868887a40bc07842221e9a98f6787edcff021840
name: create-base-images-sbom
script: |
Expand All @@ -586,7 +623,13 @@ spec:
securityContext:
runAsUser: 0
workingDir: $(workspaces.source.path)
- computeResources: {}
- computeResources:
limits:
cpu: "4"
memory: 4Gi
requests:
cpu: "1"
memory: 1Gi
image: quay.io/konflux-ci/buildah:latest@sha256:7d7658b12457107d171f3c1644850e22a22513668484c5e971e6a773542461db
name: inject-sbom-and-push
script: |
Expand Down Expand Up @@ -662,7 +705,13 @@ spec:
- --type
- cyclonedx
- $(params.IMAGE)
computeResources: {}
computeResources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
image: quay.io/redhat-appstudio/cosign:v2.1.1@sha256:c883d6f8d39148f2cea71bff4622d196d89df3e510f36c140c097b932f0dd5d5
name: upload-sbom
volumeMounts:
Expand Down

0 comments on commit 51a5070

Please sign in to comment.