-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #11 from ralphbean/appstudio-hacbs-probe-payload-vrpk
Appstudio update hacbs-probe-payload-vrpk
- Loading branch information
Showing
2 changed files
with
679 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,340 @@ | ||
| apiVersion: tekton.dev/v1beta1 | ||
| kind: PipelineRun | ||
| metadata: | ||
| annotations: | ||
| build.appstudio.redhat.com/commit_sha: '{{revision}}' | ||
| build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' | ||
| build.appstudio.redhat.com/target_branch: '{{target_branch}}' | ||
| pipelinesascode.tekton.dev/max-keep-runs: "3" | ||
| pipelinesascode.tekton.dev/on-event: '[pull_request]' | ||
| pipelinesascode.tekton.dev/on-target-branch: '[main,master]' | ||
| creationTimestamp: null | ||
| labels: | ||
| appstudio.openshift.io/application: testapp | ||
| appstudio.openshift.io/component: hacbs-probe-payload-vrpk | ||
| pipelines.appstudio.openshift.io/type: build | ||
| name: hacbs-probe-payload-vrpk-on-pull-request | ||
| namespace: ralphjbean | ||
| spec: | ||
| params: | ||
| - name: dockerfile | ||
| value: https://raw.githubusercontent.com/ralphbean/hacbs-probe-payload/build-happy-path/Dockerfile | ||
| - name: git-url | ||
| value: '{{repo_url}}' | ||
| - name: output-image | ||
| value: quay.io/redhat-appstudio/user-workload:on-pr-{{revision}} | ||
| - name: path-context | ||
| value: ./ | ||
| - name: revision | ||
| value: '{{revision}}' | ||
| pipelineSpec: | ||
| finally: | ||
| - name: show-summary | ||
| params: | ||
| - name: pipeline-run-name | ||
| value: $(context.pipelineRun.name) | ||
| - name: git-url | ||
| value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) | ||
| - name: image-url | ||
| value: $(params.output-image) | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:59d49758686c141bd26b3c193e52fd23bb47831c2a5d5872388ad6824684735e | ||
| name: summary | ||
| params: | ||
| - description: Source Repository URL | ||
| name: git-url | ||
| type: string | ||
| - default: "" | ||
| description: Revision of the Source Repository | ||
| name: revision | ||
| type: string | ||
| - description: Fully Qualified Output Image | ||
| name: output-image | ||
| type: string | ||
| - default: . | ||
| description: The path to your source code | ||
| name: path-context | ||
| type: string | ||
| - default: Dockerfile | ||
| description: Path to the Dockerfile | ||
| name: dockerfile | ||
| type: string | ||
| - default: "false" | ||
| description: Force rebuild image | ||
| name: rebuild | ||
| type: string | ||
| - default: "false" | ||
| description: Skip checks against built image | ||
| name: skip-checks | ||
| type: string | ||
| - default: "false" | ||
| description: Java build | ||
| name: java | ||
| type: string | ||
| results: | ||
| - description: "" | ||
| name: IMAGE_URL | ||
| value: $(tasks.build-container.results.IMAGE_URL) | ||
| - description: "" | ||
| name: IMAGE_DIGEST | ||
| value: $(tasks.build-container.results.IMAGE_DIGEST) | ||
| - description: "" | ||
| name: CHAINS-GIT_URL | ||
| value: $(tasks.clone-repository.results.url) | ||
| - description: "" | ||
| name: CHAINS-GIT_COMMIT | ||
| value: $(tasks.clone-repository.results.commit) | ||
| - description: "" | ||
| name: JAVA_COMMUNITY_DEPENDENCIES | ||
| value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) | ||
| tasks: | ||
| - name: appstudio-init | ||
| params: | ||
| - name: image-url | ||
| value: $(params.output-image) | ||
| - name: rebuild | ||
| value: $(params.rebuild) | ||
| - name: skip-checks | ||
| value: $(params.skip-checks) | ||
| - name: pipeline-run-name | ||
| value: $(context.pipelineRun.name) | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:36b763fa2356f1fea668afc45e28b9b4da648cc35066a32fd1ded1ac48c8cd84 | ||
| name: init | ||
| - name: clone-repository | ||
| params: | ||
| - name: url | ||
| value: $(params.git-url) | ||
| - name: revision | ||
| value: $(params.revision) | ||
| runAfter: | ||
| - appstudio-init | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:5e409aeff2f143a0d368dc8c53d1f4d8b9fc5be83f7111a99d0d367487655229 | ||
| name: git-clone | ||
| when: | ||
| - input: $(tasks.appstudio-init.results.build) | ||
| operator: in | ||
| values: | ||
| - "true" | ||
| workspaces: | ||
| - name: output | ||
| workspace: workspace | ||
| - name: basic-auth | ||
| workspace: git-auth | ||
| - name: appstudio-configure-build | ||
| runAfter: | ||
| - clone-repository | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-configure-build:0.1@sha256:003eb89ebe3e51d88b93baaabd8ab66eaf479aad00ad71a9571b12f7b428adc9 | ||
| name: configure-build | ||
| when: | ||
| - input: $(tasks.appstudio-init.results.build) | ||
| operator: in | ||
| values: | ||
| - "true" | ||
| workspaces: | ||
| - name: source | ||
| workspace: workspace | ||
| - name: registry-auth | ||
| workspace: registry-auth | ||
| - name: prefetch-dependencies | ||
| params: | ||
| - name: package-type | ||
| value: gomod | ||
| - name: package-path | ||
| value: $(params.path-context) | ||
| runAfter: | ||
| - appstudio-configure-build | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:10d7ac70a9950b655328c4b57c42290afea115e2a0f0d5e0b399f62d2325a22c | ||
| name: prefetch-dependencies | ||
| when: | ||
| - input: $(tasks.clone-repository.results.hermetic-build) | ||
| operator: in | ||
| values: | ||
| - "true" | ||
| workspaces: | ||
| - name: source | ||
| workspace: workspace | ||
| - name: build-container | ||
| params: | ||
| - name: IMAGE | ||
| value: $(params.output-image) | ||
| - name: DOCKERFILE | ||
| value: $(params.dockerfile) | ||
| - name: CONTEXT | ||
| value: $(params.path-context) | ||
| - name: BUILD_EXTRA_ARGS | ||
| value: $(tasks.appstudio-configure-build.results.buildah-auth-param) | ||
| - name: PUSH_EXTRA_ARGS | ||
| value: $(tasks.appstudio-configure-build.results.buildah-auth-param) | ||
| - name: HERMETIC_BUILD | ||
| value: $(tasks.clone-repository.results.hermetic-build) | ||
| runAfter: | ||
| - prefetch-dependencies | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:997d7a1c1bcac31726ecfb2fc8b8ff34e73b3b2786d2c519e711fcb0ca151ee0 | ||
| name: buildah | ||
| when: | ||
| - input: $(tasks.appstudio-init.results.build) | ||
| operator: in | ||
| values: | ||
| - "true" | ||
| workspaces: | ||
| - name: source | ||
| workspace: workspace | ||
| - name: sanity-inspect-image | ||
| params: | ||
| - name: IMAGE_URL | ||
| value: $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) | ||
| runAfter: | ||
| - build-container | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-inspect-image:0.1@sha256:1ff8cea8259a415a7ca6de7d47ade692813721653f89166f549e732cecaf2dcf | ||
| name: sanity-inspect-image | ||
| when: | ||
| - input: $(params.skip-checks) | ||
| operator: in | ||
| values: | ||
| - "false" | ||
| workspaces: | ||
| - name: workspace | ||
| workspace: workspace | ||
| - name: sanity-label-check | ||
| runAfter: | ||
| - sanity-inspect-image | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-label-check:0.1@sha256:1f0fe138843308648f11132749e6ec08a3ffdf1d60bee63c7df53bf5927bff0e | ||
| name: sanity-label-check | ||
| when: | ||
| - input: $(params.skip-checks) | ||
| operator: in | ||
| values: | ||
| - "false" | ||
| workspaces: | ||
| - name: workspace | ||
| workspace: workspace | ||
| - name: sanity-optional-label-check | ||
| params: | ||
| - name: POLICY_NAMESPACE | ||
| value: optional_checks | ||
| runAfter: | ||
| - sanity-inspect-image | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-label-check:0.1@sha256:1f0fe138843308648f11132749e6ec08a3ffdf1d60bee63c7df53bf5927bff0e | ||
| name: sanity-label-check | ||
| when: | ||
| - input: $(params.skip-checks) | ||
| operator: in | ||
| values: | ||
| - "false" | ||
| workspaces: | ||
| - name: workspace | ||
| workspace: workspace | ||
| - name: deprecated-base-image-check | ||
| params: | ||
| - name: BASE_IMAGES_DIGESTS | ||
| value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.1@sha256:f95f72700fe06ea9a285687827199944b1d4a44b83757beb4073569c5beaf3cf | ||
| name: deprecated-image-check | ||
| when: | ||
| - input: $(params.skip-checks) | ||
| operator: in | ||
| values: | ||
| - "false" | ||
| workspaces: | ||
| - name: sanity-ws | ||
| workspace: workspace | ||
| - name: clair-scan | ||
| params: | ||
| - name: image-digest | ||
| value: $(tasks.build-container.results.IMAGE_DIGEST) | ||
| - name: image-url | ||
| value: $(tasks.build-container.results.IMAGE_URL) | ||
| runAfter: | ||
| - build-container | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:4f65b7f26953460d26370d66538c0cdc4b978f35093dc3b38af8b496b563a944 | ||
| name: clair-scan | ||
| when: | ||
| - input: $(params.skip-checks) | ||
| operator: in | ||
| values: | ||
| - "false" | ||
| workspaces: | ||
| - name: registry-auth | ||
| workspace: registry-auth | ||
| - name: sast-snyk-check | ||
| runAfter: | ||
| - clone-repository | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:29aa45fef5d67f0be2a89dc954ce8fa406236901d4dfcebfba88338221c4627e | ||
| name: sast-snyk-check | ||
| when: | ||
| - input: $(params.skip-checks) | ||
| operator: in | ||
| values: | ||
| - "false" | ||
| workspaces: | ||
| - name: workspace | ||
| workspace: workspace | ||
| - name: clamav-scan | ||
| params: | ||
| - name: image-digest | ||
| value: $(tasks.build-container.results.IMAGE_DIGEST) | ||
| - name: image-url | ||
| value: $(tasks.build-container.results.IMAGE_URL) | ||
| runAfter: | ||
| - build-container | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:64b52d3e33cdb539f1d3759f432782eaed5c812bea04296f509cfa2d81247c8d | ||
| name: clamav-scan | ||
| when: | ||
| - input: $(params.skip-checks) | ||
| operator: in | ||
| values: | ||
| - "false" | ||
| workspaces: | ||
| - name: registry-auth | ||
| workspace: registry-auth | ||
| - name: sbom-json-check | ||
| params: | ||
| - name: IMAGE_URL | ||
| value: $(tasks.build-container.results.IMAGE_URL) | ||
| runAfter: | ||
| - build-container | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:9d228fedb0429e4ae6f383e9355615823e0684a36ab3c2453a3f3cd56f518944 | ||
| name: sbom-json-check | ||
| when: | ||
| - input: $(params.skip-checks) | ||
| operator: in | ||
| values: | ||
| - "false" | ||
| workspaces: | ||
| - name: workspace | ||
| workspace: workspace | ||
| workspaces: | ||
| - name: workspace | ||
| - name: registry-auth | ||
| optional: true | ||
| - name: git-auth | ||
| optional: true | ||
| workspaces: | ||
| - name: workspace | ||
| volumeClaimTemplate: | ||
| metadata: | ||
| creationTimestamp: null | ||
| spec: | ||
| accessModes: | ||
| - ReadWriteOnce | ||
| resources: | ||
| requests: | ||
| storage: 1Gi | ||
| status: {} | ||
| - name: registry-auth | ||
| secret: | ||
| secretName: redhat-appstudio-registry-pull-secret | ||
| status: {} |
Oops, something went wrong.