Skip to content

Commit

Permalink
Merge pull request #1364 from kubev2v/appstudio-forklift-console-plugin
Browse files Browse the repository at this point in the history
Red Hat Konflux update forklift-console-plugin
  • Loading branch information
yaacov authored Oct 27, 2024
2 parents 9b5df88 + e55eb39 commit 0a307f8
Show file tree
Hide file tree
Showing 2 changed files with 58 additions and 14 deletions.
36 changes: 29 additions & 7 deletions .tekton/forklift-console-plugin-pull-request.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,6 @@ metadata:
namespace: rh-mtv-1-tenant
spec:
params:
- name: build-source-image
value: "true"
# Add again when KFLUXBUGS-1508 is fixed
# - name: prefetch-input
# value: '{"type": "npm", "path": "."}'
- name: git-url
value: '{{source_url}}'
- name: revision
Expand All @@ -36,6 +31,11 @@ spec:
- name: path-context
value: .
pipelineSpec:
description: |
This pipeline is ideal for building container images from a Containerfile while maintaining trust after pipeline customization.
_Uses `buildah` to create a container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks.
This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-oci-ta?tab=tags)_
finally:
- name: show-sbom
params:
Expand Down Expand Up @@ -225,7 +225,7 @@ spec:
- name: name
value: buildah-oci-ta
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:43aecf28e07b3cdf74f85524354b665ea584f2282a1f40ec32f64c6a9b036cd3
value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:2a0c67ea7d5d82b4ec47930c12397f94b3af0b3855d8e5ad9f6e088c93e42bf0
- name: kind
value: task
resolver: bundles
Expand Down Expand Up @@ -372,7 +372,7 @@ spec:
- name: name
value: sast-snyk-check-oci-ta
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:92af5ba1bb9d6bf442c8d3b317ada71d44a9c1ab59959a37bbb5d163205a104f
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.2@sha256:7e99a122bc9e84fd9fb29062e825d3345177337d2448dcb50324f86ec5560c7a
- name: kind
value: task
resolver: bundles
Expand Down Expand Up @@ -441,6 +441,28 @@ spec:
- name: kind
value: task
resolver: bundles
- name: rpms-signature-scan
params:
- name: image-url
value: $(tasks.build-image-index.results.IMAGE_URL)
- name: image-digest
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
runAfter:
- build-image-index
taskRef:
params:
- name: name
value: rpms-signature-scan
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:7aa4d3c95e2b963e82fdda392f7cb3d61e3dab035416cf4a3a34e43cf3c9c9b8
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
workspaces:
- name: git-auth
optional: true
Expand Down
36 changes: 29 additions & 7 deletions .tekton/forklift-console-plugin-push.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,6 @@ metadata:
namespace: rh-mtv-1-tenant
spec:
params:
- name: build-source-image
value: "true"
# Add again when KFLUXBUGS-1508 is fixed
# - name: prefetch-input
# value: '{"type": "npm", "path": "."}'
- name: git-url
value: '{{source_url}}'
- name: revision
Expand All @@ -33,6 +28,11 @@ spec:
- name: path-context
value: .
pipelineSpec:
description: |
This pipeline is ideal for building container images from a Containerfile while maintaining trust after pipeline customization.
_Uses `buildah` to create a container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks.
This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-oci-ta?tab=tags)_
finally:
- name: show-sbom
params:
Expand Down Expand Up @@ -222,7 +222,7 @@ spec:
- name: name
value: buildah-oci-ta
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:43aecf28e07b3cdf74f85524354b665ea584f2282a1f40ec32f64c6a9b036cd3
value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:2a0c67ea7d5d82b4ec47930c12397f94b3af0b3855d8e5ad9f6e088c93e42bf0
- name: kind
value: task
resolver: bundles
Expand Down Expand Up @@ -369,7 +369,7 @@ spec:
- name: name
value: sast-snyk-check-oci-ta
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:92af5ba1bb9d6bf442c8d3b317ada71d44a9c1ab59959a37bbb5d163205a104f
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.2@sha256:7e99a122bc9e84fd9fb29062e825d3345177337d2448dcb50324f86ec5560c7a
- name: kind
value: task
resolver: bundles
Expand Down Expand Up @@ -438,6 +438,28 @@ spec:
- name: kind
value: task
resolver: bundles
- name: rpms-signature-scan
params:
- name: image-url
value: $(tasks.build-image-index.results.IMAGE_URL)
- name: image-digest
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
runAfter:
- build-image-index
taskRef:
params:
- name: name
value: rpms-signature-scan
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:7aa4d3c95e2b963e82fdda392f7cb3d61e3dab035416cf4a3a34e43cf3c9c9b8
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
workspaces:
- name: git-auth
optional: true
Expand Down

0 comments on commit 0a307f8

Please sign in to comment.