From 51a507060f8369557b49287ff749daef73841303 Mon Sep 17 00:00:00 2001 From: Jan Hutar Date: Mon, 5 Aug 2024 17:56:06 +0200 Subject: [PATCH] chore: Make PR checks happy --- task/buildah-oci-ta/0.2/buildah-oci-ta.yaml | 63 +++++++++++++++- .../0.2/buildah-remote-oci-ta.yaml | 72 ++++++++++++++++--- task/buildah-remote/0.2/buildah-remote.yaml | 71 +++++++++++++++--- 3 files changed, 181 insertions(+), 25 deletions(-) diff --git a/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml b/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml index 17fbd72da0..55b06860c9 100644 --- a/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml +++ b/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml @@ -418,10 +418,11 @@ spec: echo "$BASE_IMAGES" >/shared/base_images_from_dockerfile computeResources: limits: - memory: 4Gi + cpu: "4" + memory: 8Gi requests: - cpu: 250m - memory: 512Mi + cpu: "1" + memory: 2Gi securityContext: capabilities: add: @@ -440,6 +441,13 @@ spec: find $(cat /shared/container_path) -xtype l -delete echo "Running syft on the image filesystem" syft dir:$(cat /shared/container_path) --output cyclonedx-json=/var/workdir/sbom-image.json + computeResources: + limits: + cpu: "2" + memory: 4Gi + requests: + cpu: 500m + memory: 1Gi - name: analyse-dependencies-java-sbom image: quay.io/redhat-appstudio/hacbs-jvm-build-request-processor:127ee0c223a2b56a9bd20a6f2eaeed3bd6015f77 volumeMounts: @@ -454,6 +462,13 @@ spec: else touch $(results.JAVA_COMMUNITY_DEPENDENCIES.path) fi + computeResources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi securityContext: runAsUser: 0 - name: merge-syft-sboms @@ -488,6 +503,13 @@ spec: # write the CycloneDX unified SBOM with open("./sbom-cyclonedx.json", "w") as f: json.dump(image_sbom, f, indent=4) + computeResources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi securityContext: runAsUser: 0 - name: merge-cachi2-sbom @@ -501,6 +523,13 @@ spec: else echo "Skipping step since no Cachi2 SBOM was produced" fi + computeResources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi securityContext: runAsUser: 0 - name: create-purl-sbom @@ -518,6 +547,13 @@ spec: with open("sbom-purl.json", "w") as output_file: json.dump(purl_content, output_file, indent=4) + computeResources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi securityContext: runAsUser: 0 - name: create-base-images-sbom @@ -528,6 +564,13 @@ spec: --sbom=sbom-cyclonedx.json \ --base-images-from-dockerfile=/shared/base_images_from_dockerfile \ --base-images-digests=/shared/base_images_digests + computeResources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi securityContext: runAsUser: 0 - name: inject-sbom-and-push @@ -592,6 +635,13 @@ spec: sbom_digest="$(sha256sum sbom-cyclonedx.json | cut -d' ' -f1)" # The SBOM_BLOB_URL is created by `cosign attach sbom`. echo -n "${sbom_repo}@sha256:${sbom_digest}" | tee "$(results.SBOM_BLOB_URL.path)" + computeResources: + limits: + cpu: "4" + memory: 4Gi + requests: + cpu: "1" + memory: 1Gi securityContext: capabilities: add: @@ -613,3 +663,10 @@ spec: name: trusted-ca readOnly: true subPath: ca-bundle.crt + computeResources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi diff --git a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml index ceea84f544..21a5026cdc 100644 --- a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml +++ b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml @@ -204,10 +204,11 @@ spec: - $(params.BUILD_ARGS[*]) computeResources: limits: - memory: 4Gi + cpu: "4" + memory: 8Gi requests: - cpu: 250m - memory: 512Mi + cpu: "1" + memory: 2Gi env: - name: COMMIT_SHA value: $(params.COMMIT_SHA) @@ -494,7 +495,13 @@ spec: name: ssh readOnly: true workingDir: /var/workdir - - computeResources: {} + - computeResources: + limits: + cpu: "2" + memory: 4Gi + requests: + cpu: 500m + memory: 1Gi image: quay.io/redhat-appstudio/syft:v0.105.1@sha256:1910b829997650c696881e5fc2fc654ddf3184c27edb1b2024e9cb2ba51ac431 name: sbom-syft-generate script: | @@ -509,7 +516,13 @@ spec: - mountPath: /shared name: shared workingDir: /var/workdir/source - - computeResources: {} + - computeResources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi image: quay.io/redhat-appstudio/hacbs-jvm-build-request-processor:127ee0c223a2b56a9bd20a6f2eaeed3bd6015f77 name: analyse-dependencies-java-sbom script: | @@ -526,7 +539,13 @@ spec: name: varlibcontainers - mountPath: /shared name: shared - - computeResources: {} + - computeResources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi image: registry.access.redhat.com/ubi9/python-39:1-192.1722518946@sha256:0176b477075984d5a502253f951d2502f0763c551275f9585ac515b9f241d73d name: merge-syft-sboms script: | @@ -561,7 +580,13 @@ spec: securityContext: runAsUser: 0 workingDir: /var/workdir - - computeResources: {} + - computeResources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi image: quay.io/redhat-appstudio/cachi2:0.9.1@sha256:df67f9e063b544a8c49a271359377fed560562615e0278f6d0b9a3485f3f8fad name: merge-cachi2-sbom script: | @@ -575,7 +600,13 @@ spec: securityContext: runAsUser: 0 workingDir: /var/workdir - - computeResources: {} + - computeResources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi image: registry.access.redhat.com/ubi9/python-39:1-192.1722518946@sha256:0176b477075984d5a502253f951d2502f0763c551275f9585ac515b9f241d73d name: create-purl-sbom script: | @@ -593,7 +624,13 @@ spec: securityContext: runAsUser: 0 workingDir: /var/workdir - - computeResources: {} + - computeResources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi image: quay.io/redhat-appstudio/base-images-sbom-script@sha256:667669e3def018f9dbb8eaf8868887a40bc07842221e9a98f6787edcff021840 name: create-base-images-sbom script: | @@ -604,7 +641,14 @@ spec: securityContext: runAsUser: 0 workingDir: /var/workdir - - computeResources: {} + - computeResources: + limits: + cpu: "4" + memory: 4Gi + requests: + cpu: "1" + memory: 1Gi + image: quay.io/konflux-ci/buildah:latest@sha256:3fe211715717eca9eca1f19d326e19dd052c92fc6eb4f2434d8f903fe5b9aeb7 image: quay.io/konflux-ci/buildah:latest@sha256:7d7658b12457107d171f3c1644850e22a22513668484c5e971e6a773542461db name: inject-sbom-and-push script: | @@ -680,7 +724,13 @@ spec: - --type - cyclonedx - $(params.IMAGE) - computeResources: {} + computeResources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi image: quay.io/redhat-appstudio/cosign:v2.1.1@sha256:c883d6f8d39148f2cea71bff4622d196d89df3e510f36c140c097b932f0dd5d5 name: upload-sbom volumeMounts: diff --git a/task/buildah-remote/0.2/buildah-remote.yaml b/task/buildah-remote/0.2/buildah-remote.yaml index 1cc15d4d7f..2b842d3594 100644 --- a/task/buildah-remote/0.2/buildah-remote.yaml +++ b/task/buildah-remote/0.2/buildah-remote.yaml @@ -186,10 +186,11 @@ spec: - $(params.BUILD_ARGS[*]) computeResources: limits: - memory: 4Gi + cpu: "4" + memory: 8Gi requests: - cpu: 250m - memory: 512Mi + cpu: "1" + memory: 2Gi env: - name: COMMIT_SHA value: $(params.COMMIT_SHA) @@ -476,7 +477,13 @@ spec: name: ssh readOnly: true workingDir: $(workspaces.source.path) - - computeResources: {} + - computeResources: + limits: + cpu: "2" + memory: 4Gi + requests: + cpu: 500m + memory: 1Gi image: quay.io/redhat-appstudio/syft:v0.105.1@sha256:1910b829997650c696881e5fc2fc654ddf3184c27edb1b2024e9cb2ba51ac431 name: sbom-syft-generate script: | @@ -491,7 +498,13 @@ spec: - mountPath: /shared name: shared workingDir: $(workspaces.source.path)/source - - computeResources: {} + - computeResources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi image: quay.io/redhat-appstudio/hacbs-jvm-build-request-processor:127ee0c223a2b56a9bd20a6f2eaeed3bd6015f77 name: analyse-dependencies-java-sbom script: | @@ -508,7 +521,13 @@ spec: name: varlibcontainers - mountPath: /shared name: shared - - computeResources: {} + - computeResources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi image: registry.access.redhat.com/ubi9/python-39:1-192.1722518946@sha256:0176b477075984d5a502253f951d2502f0763c551275f9585ac515b9f241d73d name: merge-syft-sboms script: | @@ -543,7 +562,13 @@ spec: securityContext: runAsUser: 0 workingDir: $(workspaces.source.path) - - computeResources: {} + - computeResources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi image: quay.io/redhat-appstudio/cachi2:0.9.1@sha256:df67f9e063b544a8c49a271359377fed560562615e0278f6d0b9a3485f3f8fad name: merge-cachi2-sbom script: | @@ -557,7 +582,13 @@ spec: securityContext: runAsUser: 0 workingDir: $(workspaces.source.path) - - computeResources: {} + - computeResources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi image: registry.access.redhat.com/ubi9/python-39:1-192.1722518946@sha256:0176b477075984d5a502253f951d2502f0763c551275f9585ac515b9f241d73d name: create-purl-sbom script: | @@ -575,7 +606,13 @@ spec: securityContext: runAsUser: 0 workingDir: $(workspaces.source.path) - - computeResources: {} + - computeResources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi image: quay.io/redhat-appstudio/base-images-sbom-script@sha256:667669e3def018f9dbb8eaf8868887a40bc07842221e9a98f6787edcff021840 name: create-base-images-sbom script: | @@ -586,7 +623,13 @@ spec: securityContext: runAsUser: 0 workingDir: $(workspaces.source.path) - - computeResources: {} + - computeResources: + limits: + cpu: "4" + memory: 4Gi + requests: + cpu: "1" + memory: 1Gi image: quay.io/konflux-ci/buildah:latest@sha256:7d7658b12457107d171f3c1644850e22a22513668484c5e971e6a773542461db name: inject-sbom-and-push script: | @@ -662,7 +705,13 @@ spec: - --type - cyclonedx - $(params.IMAGE) - computeResources: {} + computeResources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi image: quay.io/redhat-appstudio/cosign:v2.1.1@sha256:c883d6f8d39148f2cea71bff4622d196d89df3e510f36c140c097b932f0dd5d5 name: upload-sbom volumeMounts: