diff --git a/pipelines/gitops-pull-request-rhtap/README.md b/pipelines/gitops-pull-request-rhtap/README.md index d8a32daf7..c0dcc0e70 100644 --- a/pipelines/gitops-pull-request-rhtap/README.md +++ b/pipelines/gitops-pull-request-rhtap/README.md @@ -3,11 +3,11 @@ ## Parameters |name|description|default value|used in (taskname:taskrefversion:taskparam)| |---|---|---|---| -|ec-policy-configuration| Enterprise Contract policy to validate against| github.com/enterprise-contract/config//default| verify-enteprise-contract:0.1:POLICY_CONFIGURATION| -|ec-public-key| The public key that EC should use to verify signatures| k8s://$(context.pipelineRun.namespace)/cosign-pub| verify-enteprise-contract:0.1:PUBLIC_KEY ; download-sboms:0.1:PUBLIC_KEY| -|ec-rekor-host| The Rekor host that EC should use to look up transparency logs| http://rekor-server.rhtap-tas.svc| verify-enteprise-contract:0.1:REKOR_HOST ; download-sboms:0.1:REKOR_HOST| -|ec-strict| Should EC violations cause the pipeline to fail?| true| verify-enteprise-contract:0.1:STRICT| -|ec-tuf-mirror| The TUF mirror that EC should use| http://tuf.rhtap-tas.svc| verify-enteprise-contract:0.1:TUF_MIRROR ; download-sboms:0.1:TUF_MIRROR| +|ec-policy-configuration| Enterprise Contract policy to validate against| github.com/enterprise-contract/config//default| verify-enterprise-contract:0.1:POLICY_CONFIGURATION| +|ec-public-key| The public key that EC should use to verify signatures| k8s://$(context.pipelineRun.namespace)/cosign-pub| verify-enterprise-contract:0.1:PUBLIC_KEY ; download-sboms:0.1:PUBLIC_KEY| +|ec-rekor-host| The Rekor host that EC should use to look up transparency logs| http://rekor-server.rhtap-tas.svc| verify-enterprise-contract:0.1:REKOR_HOST ; download-sboms:0.1:REKOR_HOST| +|ec-strict| Should EC violations cause the pipeline to fail?| true| verify-enterprise-contract:0.1:STRICT| +|ec-tuf-mirror| The TUF mirror that EC should use| http://tuf.rhtap-tas.svc| verify-enterprise-contract:0.1:TUF_MIRROR ; download-sboms:0.1:TUF_MIRROR| |fail-if-trustification-not-configured| Should the pipeline fail when there are SBOMs to upload but Trustification is not properly configured (i.e. the secret is missing or doesn't have all the required keys)?| true| upload-sboms-to-trustification:0.1:FAIL_IF_TRUSTIFICATION_NOT_CONFIGURED| |git-url| Gitops repo url| None| clone-repository:0.1:url| |revision| Gitops repo revision| | clone-repository:0.1:revision| @@ -87,7 +87,7 @@ ### gather-deploy-images:0.1 task results |name|description|used in params (taskname:taskrefversion:taskparam) |---|---|---| -|IMAGES_TO_VERIFY| The images to be verified, in a format compatible with https://github.com/konflux-ci/build-definitions/tree/main/task/verify-enterprise-contract/0.1. When there are no images to verify, this is an empty string. | verify-enteprise-contract:0.1:IMAGES| +|IMAGES_TO_VERIFY| The images to be verified, in a format compatible with https://github.com/konflux-ci/build-definitions/tree/main/task/verify-enterprise-contract/0.1. When there are no images to verify, this is an empty string. | verify-enterprise-contract:0.1:IMAGES| ### gather-deploy-images:0.1 task results |name|description|used in params (taskname:taskrefversion:taskparam) |---|---|---| diff --git a/pipelines/gitops-pull-request-rhtap/gitops-pull-request.yaml b/pipelines/gitops-pull-request-rhtap/gitops-pull-request.yaml index 03a851c9d..4aba62469 100644 --- a/pipelines/gitops-pull-request-rhtap/gitops-pull-request.yaml +++ b/pipelines/gitops-pull-request-rhtap/gitops-pull-request.yaml @@ -78,7 +78,7 @@ spec: - name: source workspace: workspace - - name: verify-enteprise-contract + - name: verify-enterprise-contract params: - name: IMAGES value: $(tasks.get-images-to-verify.results.IMAGES_TO_VERIFY) diff --git a/task/update-infra-deployments/0.1/update-infra-deployments.yaml b/task/update-infra-deployments/0.1/update-infra-deployments.yaml index a5577c447..cc29b1cc5 100644 --- a/task/update-infra-deployments/0.1/update-infra-deployments.yaml +++ b/task/update-infra-deployments/0.1/update-infra-deployments.yaml @@ -148,7 +148,7 @@ spec: logger = logging.getLogger("updater") EXPIRE_MINUTES_AS_SECONDS = int(os.environ.get('GITHUBAPP_TOKEN_EXPIRATION_MINUTES', 10)) * 60 - # TODO support github enteprise + # TODO support github enterprise GITHUB_API_URL = os.environ["GITHUB_API_URL"] ORIGIN_REPO = os.environ["ORIGIN_REPO"]