diff --git a/.tekton/pipeline-build.yaml b/.tekton/pipeline-build.yaml deleted file mode 100644 index 246fd9a..0000000 --- a/.tekton/pipeline-build.yaml +++ /dev/null @@ -1,454 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: Pipeline -metadata: - name: pipeline-build -spec: - - params: - - name: git-url - description: Source Repository URL - type: string - - - name: revision - description: Revision of the Source Repository - type: string - default: "" - - - name: output-image - description: Fully Qualified Output Image - type: string - - - name: path-context - description: Path to the source code of an application's component from where to build image. - type: string - default: . - - - name: dockerfile - description: Path to the Dockerfile inside the context specified by parameter path-context - type: string - default: Dockerfile - - - name: rebuild - description: Force rebuild image - type: string - default: "false" - - - name: skip-checks - description: Skip checks against built image - type: string - default: "false" - - - name: hermetic - description: Execute the build with network isolation - type: string - default: "false" - - - name: prefetch-input - description: Build dependencies to be prefetched by Cachi2 - type: string - default: "" - - - name: image-expires-after - description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. - default: "" - - - name: build-args - description: Array of --build-arg values ("arg=value" strings) for buildah - type: array - default: [] - - - name: build-args-file - description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file - type: string - default: "" - - - name: tag-prefix - description: Prefix added to additional tags - type: string - default: "" - - results: - - name: IMAGE_URL - description: "" - value: $(tasks.build-container.results.IMAGE_URL) - - - name: IMAGE_DIGEST - description: "" - value: $(tasks.build-container.results.IMAGE_DIGEST) - - - name: CHAINS-GIT_URL - description: "" - value: $(tasks.clone-repository.results.url) - - - name: CHAINS-GIT_COMMIT - description: "" - value: $(tasks.clone-repository.results.commit) - - tasks: - - name: init - params: - - name: image-url - value: $(params.output-image) - - - name: rebuild - value: $(params.rebuild) - - - name: skip-checks - value: $(params.skip-checks) - taskRef: - resolver: bundles - params: - - name: name - value: init - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:0523b51c28375a3f222da91690e22eff11888ebc98a0c73c468af44762265c69 - - - name: kind - value: task - - - name: clone-repository - params: - - name: url - value: $(params.git-url) - - - name: revision - value: $(params.revision) - - - name: ociStorage - value: $(params.output-image).git - - - name: ociArtifactExpiresAfter - value: $(params.image-expires-after) - runAfter: - - init - taskRef: - resolver: bundles - params: - - name: name - value: git-clone-oci-ta - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:8ab0c7a7ac4a4c59740a24304e17cc64fe8745376d19396c4660fc0e1a957a1b - - - name: kind - value: task - - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: basic-auth - workspace: git-auth - - - name: prefetch-dependencies - params: - - name: input - value: $(params.prefetch-input) - - - name: SOURCE_ARTIFACT - value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - - - name: ociStorage - value: $(params.output-image).prefetch - - - name: ociArtifactExpiresAfter - value: $(params.image-expires-after) - runAfter: - - clone-repository - taskRef: - resolver: bundles - params: - - name: name - value: prefetch-dependencies-oci-ta - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:3e51d7c477ba00bd0c7de2d8f89269131646d2582e631b9aee91fb4b022d4555 - - - name: kind - value: task - workspaces: - - name: git-basic-auth - workspace: git-auth - - - name: netrc - workspace: netrc - - - name: build-container - params: - - name: IMAGE - value: $(params.output-image) - - - name: DOCKERFILE - value: $(params.dockerfile) - - - name: CONTEXT - value: $(params.path-context) - - - name: HERMETIC - value: $(params.hermetic) - - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - - name: BUILD_ARGS - value: - - $(params.build-args[*]) - - - name: BUILD_ARGS_FILE - value: $(params.build-args-file) - - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - runAfter: - - prefetch-dependencies - taskRef: - resolver: bundles - params: - - name: name - value: buildah-oci-ta - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:decef0e000a05daad9dd43b707c8b3a96b6125ff5a4ee096fd3e8c23a2881b9e - - - name: kind - value: task - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - - - name: deprecated-base-image-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - resolver: bundles - params: - - name: name - value: deprecated-image-check - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:5a1a165fa02270f0a947d8a2131ee9d8be0b8e9d34123828c2bef589e504ee84 - - - name: kind - value: task - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - - name: clair-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - resolver: bundles - params: - - name: name - value: clair-scan - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:0a5421111e7092740398691d5bd7c125cc0896f29531d19414bb5724ae41692a - - - name: kind - value: task - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - - name: ecosystem-cert-preflight-checks - params: - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - resolver: bundles - params: - - name: name - value: ecosystem-cert-preflight-checks - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:df8a25a3431a70544172ed4844f9d0c6229d39130633960729f825a031a7dea9 - - - name: kind - value: task - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sast-snyk-check - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - runAfter: - - build-container - taskRef: - resolver: bundles - params: - - name: name - value: sast-snyk-check-oci-ta - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:1119722a2d31b831d1aa336fd8cced0a5016c95466b6b59a58bbf3585735850f - - - name: kind - value: task - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - - name: clamav-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - resolver: bundles - params: - - name: name - value: clamav-scan - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:6e08cf608240f57442ca5458f3c0dade3558f4f2953be8ea939232f5d5378d58 - - - name: kind - value: task - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - - name: apply-tags - params: - - name: IMAGE - value: $(tasks.build-container.results.IMAGE_URL) - - - name: ADDITIONAL_TAGS - value: - - $(params.tag-prefix)$(tasks.clone-repository.results.short-commit) - runAfter: - - build-container - taskRef: - resolver: bundles - params: - - name: name - value: apply-tags - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:87fd7fc0e937aad1a8db9b6e377d7e444f53394dafde512d68adbea6966a4702 - - - name: kind - value: task - - - name: push-dockerfile - params: - - name: IMAGE - value: $(tasks.build-container.results.IMAGE_URL) - - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - - - name: DOCKERFILE - value: $(params.dockerfile) - - - name: CONTEXT - value: $(params.path-context) - - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - runAfter: - - build-container - taskRef: - resolver: bundles - params: - - name: name - value: push-dockerfile-oci-ta - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:08ef41d6a98608bd5f1de75d77f015f520911a278d1875e174b88b9d04db2441 - - - name: kind - value: task - - - name: rpms-signature-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - resolver: bundles - params: - - name: name - value: rpms-signature-scan - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:8f3b23bf1b0ef55cc79d28604d2397a0101ac9c0c42ae26e26532eb2778c801b - - - name: kind - value: task - - finally: - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - resolver: bundles - params: - - name: name - value: show-sbom - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 - - - name: kind - value: task - diff --git a/.tekton/pull_request.yaml b/.tekton/pull_request.yaml index cbe8606..8ae40ef 100644 --- a/.tekton/pull_request.yaml +++ b/.tekton/pull_request.yaml @@ -8,6 +8,7 @@ metadata: build.appstudio.redhat.com/target_branch: '{{ target_branch }}' pipelinesascode.tekton.dev/max-keep-runs: "3" pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main" + pipelinesascode.tekton.dev/pipeline: "https://raw.githubusercontent.com/project-koku/koku-ci/main/pipelines/pipeline-build.yaml" creationTimestamp: null labels: diff --git a/.tekton/push.yaml b/.tekton/push.yaml index ac43073..922f141 100644 --- a/.tekton/push.yaml +++ b/.tekton/push.yaml @@ -7,6 +7,7 @@ metadata: build.appstudio.redhat.com/target_branch: '{{ target_branch }}' pipelinesascode.tekton.dev/max-keep-runs: "3" pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main" + pipelinesascode.tekton.dev/pipeline: "https://raw.githubusercontent.com/project-koku/koku-ci/main/pipelines/pipeline-build.yaml" creationTimestamp: null labels: @@ -15,7 +16,7 @@ metadata: pipelines.appstudio.openshift.io/type: build namespace: cost-mgmt-dev-tenant - name: koku-daily-push + name: koku-daily-on-push spec: params: