From dd33949d098e32daa61f14ad2edf8ba6046429a2 Mon Sep 17 00:00:00 2001
From: Luiz Carvalho <lucarval@redhat.com>
Date: Mon, 29 Jan 2024 15:12:52 -0500
Subject: [PATCH] Re-enable EC Task checks

Ref: https://issues.redhat.com/browse/EC-359

Signed-off-by: Luiz Carvalho <lucarval@redhat.com>
---
 .tekton/pull-request.yaml    | 17 +++++++-------
 .tekton/push.yaml            |  8 +++++++
 .tekton/tasks/ec-checks.yaml | 44 +++++++++++++++---------------------
 3 files changed, 34 insertions(+), 35 deletions(-)

diff --git a/.tekton/pull-request.yaml b/.tekton/pull-request.yaml
index 9a02608ce5..05b9c2648d 100644
--- a/.tekton/pull-request.yaml
+++ b/.tekton/pull-request.yaml
@@ -201,15 +201,14 @@ spec:
         workspaces:
           - name: source
             workspace: workspace
-      # This will be re-enabled as part of https://issues.redhat.com/browse/EC-332
-      # - name: ec-task-checks
-      #   runAfter:
-      #     - fetch-repository
-      #   taskRef:
-      #     name: ec-checks
-      #   workspaces:
-      #     - name: source
-      #       workspace: workspace
+      - name: ec-task-checks
+        runAfter:
+          - fetch-repository
+        taskRef:
+          name: ec-checks
+        workspaces:
+          - name: source
+            workspace: workspace
       - name: check-task-migration-md
         runAfter:
           - fetch-repository
diff --git a/.tekton/push.yaml b/.tekton/push.yaml
index 3142d5e264..6f7c5fcc13 100644
--- a/.tekton/push.yaml
+++ b/.tekton/push.yaml
@@ -36,6 +36,14 @@ spec:
         workspaces:
           - name: output
             workspace: workspace
+      - name: ec-task-checks
+        runAfter:
+          - clone-repository
+        taskRef:
+          name: ec-checks
+        workspaces:
+          - name: source
+            workspace: workspace
       - name: build-container
         params:
           - name: IMAGE
diff --git a/.tekton/tasks/ec-checks.yaml b/.tekton/tasks/ec-checks.yaml
index 0d76854ea3..90f2859b94 100644
--- a/.tekton/tasks/ec-checks.yaml
+++ b/.tekton/tasks/ec-checks.yaml
@@ -25,34 +25,26 @@ spec:
   - name: validate-all-tasks
     workingDir: "$(workspaces.source.path)/source"
     image: quay.io/enterprise-contract/ec-cli:snapshot
-    command: [ec]
-    args:
-      - validate
-      - definition
-      - "--file"
-      - "./all_tasks-ec"
-      - "--policy"
-      - "git::https://github.com/enterprise-contract/ec-policies//policy/task"
-      - "--policy"
-      - "git::https://github.com/enterprise-contract/ec-policies//policy/lib"
-      - "--data"
-      - "git::https://github.com/release-engineering/rhtap-ec-policy//data"
-      - "--strict"
+    script: |
+      set -euo pipefail
+
+      # Generate list of file parameters, e.g. --file=foo.yaml --file=bar.yaml
+      files=$(find all_tasks-ec -name '*.yaml' -printf '--file=%p ')
+
+      policy='enterprise-contract-service/redhat-trusted-tasks'
+
+      ec validate input --policy "${policy}" --output yaml --strict=true ${files}
   - name: validate-build-tasks
     workingDir: "$(workspaces.source.path)/source"
     image: quay.io/enterprise-contract/ec-cli:snapshot
-    command: [ec]
-    args:
-      - validate
-      - definition
-      - "--file"
-      - "./build_tasks-ec"
-      - "--policy"
-      - "git::https://github.com/enterprise-contract/ec-policies//policy/build_task"
-      - "--policy"
-      - "git::https://github.com/enterprise-contract/ec-policies//policy/lib"
-      - "--data"
-      - "git::https://github.com/release-engineering/rhtap-ec-policy//data"
-      - "--strict"
+    script: |
+      set -euo pipefail
+
+      # Generate list of file parameters, e.g. --file=foo.yaml --file=bar.yaml
+      files=$(find build_tasks-ec -name '*.yaml' -printf '--file=%p ')
+
+      policy='./policies/build-tasks.yaml'
+
+      ec validate input --policy "${policy}" --output yaml --strict=true ${files}
   workspaces:
     - name: source