Skip to content

Commit

Permalink
chore(RHTAPWATCH-717): update image reference in tekton-tools
Browse files Browse the repository at this point in the history 
update image reference in tekton-tools

Signed-off-by: Avi Biton <[email protected]>
  • Loading branch information
@avi-biton
avi-biton committed Feb 5, 2024
1 parent 3fb4a4a commit 7aa8f25
Show file tree
Hide file tree
Showing 2 changed files with 360 additions and 277 deletions.
310 changes: 33 additions & 277 deletions .tekton/tools-pull-request.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ metadata:
pipelinesascode.tekton.dev/max-keep-runs: "3"
pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
== "main"
pipelinesascode.tekton.dev/task: tasks/create-pull-request.yaml
creationTimestamp: null
labels:
appstudio.openshift.io/application: tools
Expand All @@ -30,40 +31,9 @@ spec:
value: .
- name: revision
value: '{{revision}}'
- name: pr-url
value: '{{body.head_commit.url}}'
pipelineSpec:
finally:
- name: show-sbom
params:
- name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL)
taskRef:
params:
- name: name
value: show-sbom
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:82737c8d365c620295fa526d21a481d4614f657800175ddc0ccd7846c54207f8
- name: kind
value: task
resolver: bundles
- name: show-summary
params:
- name: pipelinerun-name
value: $(context.pipelineRun.name)
- name: git-url
value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit)
- name: image-url
value: $(params.output-image)
- name: build-task-status
value: $(tasks.build-container.status)
taskRef:
params:
- name: name
value: summary
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:f65a69aaf71cbab382eff685eee522ad35068a4d91d233e76cef7d42ff15a686
- name: kind
value: task
resolver: bundles
params:
- description: Source Repository URL
name: git-url
Expand All @@ -72,67 +42,6 @@ spec:
description: Revision of the Source Repository
name: revision
type: string
- description: Fully Qualified Output Image
name: output-image
type: string
- default: .
description: Path to the source code of an application's component from where
to build image.
name: path-context
type: string
- default: Dockerfile
description: Path to the Dockerfile inside the context specified by parameter
path-context
name: dockerfile
type: string
- default: "false"
description: Force rebuild image
name: rebuild
type: string
- default: "false"
description: Skip checks against built image
name: skip-checks
type: string
- default: "true"
description: Skip optional checks, set false if you want to run optional checks
name: skip-optional
type: string
- default: "false"
description: Execute the build with network isolation
name: hermetic
type: string
- default: ""
description: Build dependencies to be prefetched by Cachi2
name: prefetch-input
type: string
- default: "false"
description: Java build
name: java
type: string
- default: ""
description: Image tag expiration time, time values could be something like
1h, 2d, 3w for hours, days, and weeks, respectively.
name: image-expires-after
- default: "false"
description: Build a source image.
name: build-source-image
type: string
results:
- description: ""
name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL)
- description: ""
name: IMAGE_DIGEST
value: $(tasks.build-container.results.IMAGE_DIGEST)
- description: ""
name: CHAINS-GIT_URL
value: $(tasks.clone-repository.results.url)
- description: ""
name: CHAINS-GIT_COMMIT
value: $(tasks.clone-repository.results.commit)
- description: ""
name: JAVA_COMMUNITY_DEPENDENCIES
value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES)
tasks:
- name: init
params:
Expand Down Expand Up @@ -184,199 +93,46 @@ spec:
workspace: workspace
- name: basic-auth
workspace: git-auth
- name: prefetch-dependencies
params:
- name: input
value: $(params.prefetch-input)
- name: test
runAfter:
- clone-repository
taskRef:
params:
- name: name
value: prefetch-dependencies
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:0b7bec23b6c08f37138a86e569835842763b3aa42f4455fd70ba3986350e07c7
- name: kind
value: task
resolver: bundles
when:
- input: $(params.hermetic)
operator: in
values:
- "true"
workspaces:
- name: source
- name: artifacts
workspace: workspace
- name: build-container
params:
- name: IMAGE
value: $(params.output-image)
- name: DOCKERFILE
value: $(params.dockerfile)
- name: CONTEXT
value: $(params.path-context)
- name: HERMETIC
value: $(params.hermetic)
- name: PREFETCH_INPUT
value: $(params.prefetch-input)
- name: IMAGE_EXPIRES_AFTER
value: $(params.image-expires-after)
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit)
runAfter:
- prefetch-dependencies
taskRef:
params:
- name: name
value: buildah
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:351af2c0e5eeb92a5d6d4083847c1559475b596cda7671f489756d5302a4c847
- name: kind
value: task
resolver: bundles
when:
- input: $(tasks.init.results.build)
operator: in
values:
- "true"
workspaces:
- name: source
workspace: workspace
- name: build-source-image
params:
- name: BINARY_IMAGE
value: $(params.output-image)
- name: BASE_IMAGES
value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS)
runAfter:
- build-container
taskRef:
params:
- name: name
value: source-build
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:3ad20adff4aa5cd153695b115133cb7c71c87f095af02fae5932396b1c72eb00
- name: kind
value: task
resolver: bundles
when:
- input: $(tasks.init.results.build)
operator: in
values:
- "true"
- input: $(params.build-source-image)
operator: in
values:
- "true"
workspaces:
- name: workspace
workspace: workspace
- name: deprecated-base-image-check
params:
- name: BASE_IMAGES_DIGESTS
value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS)
runAfter:
- build-container
taskRef:
params:
- name: name
value: deprecated-image-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.3@sha256:a299ff57d97f3924020634625dfb9bbc66547124ca23a3396e338c645f7b4a8e
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
- name: clair-scan
params:
- name: image-digest
value: $(tasks.build-container.results.IMAGE_DIGEST)
- name: image-url
value: $(tasks.build-container.results.IMAGE_URL)
runAfter:
- build-container
taskRef:
params:
- name: name
value: clair-scan
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:63b42c0fc23d05e26776a0e7c4f0ab00750096ebfe1eed9a7ba96f8b27713fbf
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
- name: sast-snyk-check
taskSpec:
steps:
- name: test-step
image: registry.access.redhat.com/ubi9/ubi
script: |
#!/usr/bin/env bash
set -ex
echo "test"
pwd
ls -laR
- name: update-image-ref
runAfter:
- clone-repository
taskRef:
params:
- name: name
value: sast-snyk-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:47515cb119225bba55c593876610bd890f8efcbb66bb57fb0c0881ddd47ce558
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
workspaces:
- name: workspace
- name: artifacts
workspace: workspace
- name: clamav-scan
params:
- name: image-digest
value: $(tasks.build-container.results.IMAGE_DIGEST)
- name: image-url
value: $(tasks.build-container.results.IMAGE_URL)
runAfter:
- build-container
taskRef:
params:
- name: name
value: clamav-scan
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:353fa2cda9855217cfcec3303973b666a10f384795630cf0eb13b874c24b0f7a
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
- name: sbom-json-check
name: create-pull-request
kind: Task
params:
- name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL)
- name: IMAGE_DIGEST
value: $(tasks.build-container.results.IMAGE_DIGEST)
runAfter:
- build-container
taskRef:
params:
- name: name
value: sbom-json-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:bf49861b3bbee2129e8d1b5966fc2a7c3f259d96a5fcef5674d05c9cb21ab540
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
- name: ORIGIN_REPO
value: $(params.git-url)
- name: REVISION
value: $(params.revision)
- name: ARTIFACTS_PATH
value: /workspace/artifacts/source
- name: TARGET_GH_REPO
value: redhat-appstudio/tekton-tools
- name: PR_URL
value: $(params.pr-url)
- name: SCRIPT
value: |
set -x
echo "test"
workspaces:
- name: workspace
- name: git-auth
Expand Down
Loading

0 comments on commit 7aa8f25

Please sign in to comment.