forked from konflux-ci/build-definitions
-
Notifications
You must be signed in to change notification settings - Fork 0
/
all-tasks.yaml
34 lines (34 loc) · 1.18 KB
/
all-tasks.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
---
# These policies are meant to be applied to all of the Tasks in this repo.
sources:
- policy:
- oci::quay.io/enterprise-contract/ec-task-policy:latest
data:
- oci::quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles:latest
- github.com/release-engineering/rhtap-ec-policy//data
ruleData:
allowed_trusted_artifacts_workspaces:
- git-basic-auth
- basic-auth
- ssh-directory
- netrc
required_task_results:
# Certain EC rules rely on the presence of these results when validating an image.
- task: clair-scan
result: CLAIR_SCAN_RESULT
version: "0.1"
- task: clair-scan
result: SCAN_OUTPUT
- task: rpms-signature-scan
result: RPMS_DATA
config:
include:
- kind
- results
- step_image_registries
- trusted_artifacts
exclude:
# https://issues.redhat.com/browse/KFLUXBUGS-1111
- step_image_registries.step_images_permitted:generate-odcs-compose/noversion
# https://issues.redhat.com/browse/KFLUXBUGS-1110
- step_image_registries.step_images_permitted:verify-signed-rpms/noversion