feat(ISV-5130): optionally enable SBOM processing

Signed-off-by: Martin Jediny <[email protected]>
konflux-ci · Nov 18, 2024 · 09955fb · 09955fb
1 parent edb7fa5
commit 09955fb
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 6 deletions.
diff --git a/pipelines/rh-advisories/rh-advisories.yaml b/pipelines/rh-advisories/rh-advisories.yaml
@@ -543,6 +543,10 @@ spec:
       runAfter:
         - collect-data
     - name: create-product-sbom
+      when:
+        - input: "$(tasks.collect-atlas-params.results.secretName)"
+          operator: notin
+          values: [""]
       params:
         - name: dataJsonPath
           value: "$(tasks.collect-data.results.data)"
@@ -561,6 +565,10 @@ spec:
       runAfter:
         - check-data-keys
     - name: upload-product-sbom
+      when:
+        - input: "$(tasks.collect-atlas-params.results.secretName)"
+          operator: notin
+          values: [""]
       params:
         - name: sbomDir
           value: "$(tasks.create-product-sbom.results.productSBOMPath)"

diff --git a/pipelines/rh-push-to-registry-redhat-io/rh-push-to-registry-redhat-io.yaml b/pipelines/rh-push-to-registry-redhat-io/rh-push-to-registry-redhat-io.yaml
@@ -258,6 +258,10 @@ spec:
       runAfter:
         - collect-data
     - name: create-product-sbom
+      when:
+        - input: "$(tasks.collect-atlas-params.results.secretName)"
+          operator: notin
+          values: [""]
       params:
         - name: dataJsonPath
           value: "$(tasks.collect-data.results.data)"
@@ -276,6 +280,10 @@ spec:
       runAfter:
         - check-data-keys
     - name: upload-product-sbom
+      when:
+        - input: "$(tasks.collect-atlas-params.results.secretName)"
+          operator: notin
+          values: [""]
       params:
         - name: sbomDir
           value: "$(tasks.create-product-sbom.results.productSBOMPath)"

diff --git a/tasks/collect-atlas-params/collect-atlas-params.yaml b/tasks/collect-atlas-params/collect-atlas-params.yaml
@@ -52,11 +52,11 @@ spec:
 
         atlasServer=$(jq -r '.atlas.server' "$DATA_FILE")
         if [ "$atlasServer" = "null" ]; then
-            echo "ERROR: The JSON file does not contain the 'atlasServer' field."
-            exit 1
-        fi
-
-        if [ "$atlasServer" = "stage" ]; then
+            # In this case, SBOM processing will be skipped.
+            bombasticApiUrl=""
+            ssoTokenUrl=""
+            secretName=""
+        elif [ "$atlasServer" = "stage" ]; then
             bombasticApiUrl="https://sbom.atlas.release.stage.devshift.net"
             ssoTokenUrl="https://auth.stage.redhat.com/auth/realms/EmployeeIDP/protocol/openid-connect/token"
             secretName="atlas-staging-sso-secret"
@@ -65,7 +65,7 @@ spec:
             ssoTokenUrl="https://auth.redhat.com/auth/realms/EmployeeIDP/protocol/openid-connect/token"
             secretName="atlas-prod-sso-secret"
         else
-            echo "ERROR: Unknown Atlas server value '$atlasServer'. Expected 'stage' or 'production'."
+            echo "ERROR: Unknown .atlas.server value '$atlasServer'. Expected 'stage' or 'production'."
             exit 1
         fi