diff --git a/.github/workflows/check-readmes.yaml b/.github/workflows/check-readmes.yaml new file mode 100644 index 0000000000..6a9edf75ed --- /dev/null +++ b/.github/workflows/check-readmes.yaml @@ -0,0 +1,24 @@ +name: Validate PR - check READMEs +'on': + pull_request: + branches: [main] +jobs: + check: + name: Check READMEs + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Check pipeline READMEs + run: | + #!/bin/bash + set -e + + ./hack/generate-pipelines-readme.py + if [[ -n $(git status -s) ]] + then + echo "pipeline READMEs are not up to date, run ./hack/generate-pipelines-readme.py and commit the resulting changes" + git status -s + exit 1 + fi diff --git a/pipelines/docker-build-oci-ta/README.md b/pipelines/docker-build-oci-ta/README.md index fc1a675a98..d7755d3206 100644 --- a/pipelines/docker-build-oci-ta/README.md +++ b/pipelines/docker-build-oci-ta/README.md @@ -162,6 +162,7 @@ |name|description|used in params (taskname:taskrefversion:taskparam) |---|---|---| |IMAGE_DIGEST| Digest of the image just built| deprecated-base-image-check:0.4:IMAGE_DIGEST ; clair-scan:0.1:image-digest ; clamav-scan:0.1:image-digest ; sbom-json-check:0.1:IMAGE_DIGEST ; push-dockerfile:0.1:IMAGE_DIGEST| +|IMAGE_REF| Image reference of the built image| | |IMAGE_URL| Image repository where the built image was pushed| show-sbom:0.1:IMAGE_URL ; deprecated-base-image-check:0.4:IMAGE_URL ; clair-scan:0.1:image-url ; ecosystem-cert-preflight-checks:0.1:image-url ; clamav-scan:0.1:image-url ; sbom-json-check:0.1:IMAGE_URL ; apply-tags:0.1:IMAGE ; push-dockerfile:0.1:IMAGE| |JAVA_COMMUNITY_DEPENDENCIES| The Java dependencies that came from community sources such as Maven central.| | |SBOM_JAVA_COMPONENTS_COUNT| The counting of Java components by publisher in JSON format| | @@ -218,6 +219,7 @@ |name|description|used in params (taskname:taskrefversion:taskparam) |---|---|---| |BUILD_RESULT| Build result.| | +|IMAGE_REF| Image reference of the built image| | |SOURCE_IMAGE_DIGEST| The source image digest.| | |SOURCE_IMAGE_URL| The source image url.| | diff --git a/pipelines/docker-build/README.md b/pipelines/docker-build/README.md index 8485ebf8ee..615f7af08e 100644 --- a/pipelines/docker-build/README.md +++ b/pipelines/docker-build/README.md @@ -161,6 +161,7 @@ |name|description|used in params (taskname:taskrefversion:taskparam) |---|---|---| |IMAGE_DIGEST| Digest of the image just built| deprecated-base-image-check:0.4:IMAGE_DIGEST ; clair-scan:0.1:image-digest ; sast-snyk-check:0.1:image-digest ; clamav-scan:0.1:image-digest ; sbom-json-check:0.1:IMAGE_DIGEST ; push-dockerfile:0.1:IMAGE_DIGEST| +|IMAGE_REF| Image reference of the built image| | |IMAGE_URL| Image repository where the built image was pushed| show-sbom:0.1:IMAGE_URL ; deprecated-base-image-check:0.4:IMAGE_URL ; clair-scan:0.1:image-url ; ecosystem-cert-preflight-checks:0.1:image-url ; sast-snyk-check:0.1:image-url ; clamav-scan:0.1:image-url ; sbom-json-check:0.1:IMAGE_URL ; apply-tags:0.1:IMAGE ; push-dockerfile:0.1:IMAGE| |JAVA_COMMUNITY_DEPENDENCIES| The Java dependencies that came from community sources such as Maven central.| | |SBOM_JAVA_COMPONENTS_COUNT| The counting of Java components by publisher in JSON format| | @@ -211,6 +212,7 @@ |name|description|used in params (taskname:taskrefversion:taskparam) |---|---|---| |BUILD_RESULT| Build result.| | +|IMAGE_REF| Image reference of the built image| | |SOURCE_IMAGE_DIGEST| The source image digest.| | |SOURCE_IMAGE_URL| The source image url.| | diff --git a/pipelines/java-builder/README.md b/pipelines/java-builder/README.md index 180cb68224..dd98c77eec 100644 --- a/pipelines/java-builder/README.md +++ b/pipelines/java-builder/README.md @@ -180,6 +180,7 @@ |---|---|---| |BASE_IMAGES_DIGESTS| Digests of the base images used for build| | |IMAGE_DIGEST| Digest of the image just built| deprecated-base-image-check:0.4:IMAGE_DIGEST ; clair-scan:0.1:image-digest ; sast-snyk-check:0.1:image-digest ; clamav-scan:0.1:image-digest ; sbom-json-check:0.1:IMAGE_DIGEST ; push-dockerfile:0.1:IMAGE_DIGEST| +|IMAGE_REF| Image reference of the built image| | |IMAGE_URL| Image repository where the built image was pushed| show-sbom:0.1:IMAGE_URL ; deprecated-base-image-check:0.4:IMAGE_URL ; clair-scan:0.1:image-url ; ecosystem-cert-preflight-checks:0.1:image-url ; sast-snyk-check:0.1:image-url ; clamav-scan:0.1:image-url ; sbom-json-check:0.1:IMAGE_URL ; apply-tags:0.1:IMAGE ; push-dockerfile:0.1:IMAGE| |JAVA_COMMUNITY_DEPENDENCIES| The Java dependencies that came from community sources such as Maven central.| | |SBOM_JAVA_COMPONENTS_COUNT| The counting of Java components by publisher in JSON format| | @@ -196,6 +197,7 @@ |name|description|used in params (taskname:taskrefversion:taskparam) |---|---|---| |BUILD_RESULT| Build result.| | +|IMAGE_REF| Image reference of the built image| | |SOURCE_IMAGE_DIGEST| The source image digest.| | |SOURCE_IMAGE_URL| The source image url.| | diff --git a/pipelines/nodejs-builder/README.md b/pipelines/nodejs-builder/README.md index 212097cc60..8c61c28eee 100644 --- a/pipelines/nodejs-builder/README.md +++ b/pipelines/nodejs-builder/README.md @@ -180,6 +180,7 @@ |---|---|---| |BASE_IMAGES_DIGESTS| Digests of the base images used for build| | |IMAGE_DIGEST| Digest of the image just built| deprecated-base-image-check:0.4:IMAGE_DIGEST ; clair-scan:0.1:image-digest ; sast-snyk-check:0.1:image-digest ; clamav-scan:0.1:image-digest ; sbom-json-check:0.1:IMAGE_DIGEST ; push-dockerfile:0.1:IMAGE_DIGEST| +|IMAGE_REF| Image reference of the built image| | |IMAGE_URL| Image repository where the built image was pushed| show-sbom:0.1:IMAGE_URL ; deprecated-base-image-check:0.4:IMAGE_URL ; clair-scan:0.1:image-url ; ecosystem-cert-preflight-checks:0.1:image-url ; sast-snyk-check:0.1:image-url ; clamav-scan:0.1:image-url ; sbom-json-check:0.1:IMAGE_URL ; apply-tags:0.1:IMAGE ; push-dockerfile:0.1:IMAGE| ### sast-snyk-check:0.1 task results |name|description|used in params (taskname:taskrefversion:taskparam) @@ -194,6 +195,7 @@ |name|description|used in params (taskname:taskrefversion:taskparam) |---|---|---| |BUILD_RESULT| Build result.| | +|IMAGE_REF| Image reference of the built image| | |SOURCE_IMAGE_DIGEST| The source image digest.| | |SOURCE_IMAGE_URL| The source image url.| | diff --git a/pipelines/tekton-bundle-builder/README.md b/pipelines/tekton-bundle-builder/README.md index e3ae7475f2..0f7d36f8b0 100644 --- a/pipelines/tekton-bundle-builder/README.md +++ b/pipelines/tekton-bundle-builder/README.md @@ -148,6 +148,7 @@ |name|description|used in params (taskname:taskrefversion:taskparam) |---|---|---| |IMAGE_DIGEST| Digest of the image just built| clair-scan:0.1:image-digest ; sast-snyk-check:0.1:image-digest ; sbom-json-check:0.1:IMAGE_DIGEST ; push-dockerfile:0.1:IMAGE_DIGEST| +|IMAGE_REF| Image reference of the built image| | |IMAGE_URL| Image repository where the built image was pushed with tag only| clair-scan:0.1:image-url ; ecosystem-cert-preflight-checks:0.1:image-url ; sast-snyk-check:0.1:image-url ; sbom-json-check:0.1:IMAGE_URL ; apply-tags:0.1:IMAGE ; push-dockerfile:0.1:IMAGE| ## Workspaces