diff --git a/.tekton/pipeline-build.yaml b/.tekton/pipeline-build.yaml deleted file mode 100644 index 72fdb69..0000000 --- a/.tekton/pipeline-build.yaml +++ /dev/null @@ -1,453 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: Pipeline -metadata: - name: pipeline-build -spec: - - params: - - name: git-url - description: Source Repository URL - type: string - - - name: revision - description: Revision of the Source Repository - type: string - default: "" - - - name: output-image - description: Fully Qualified Output Image - type: string - - - name: path-context - description: Path to the source code of an application's component from where to build image. - type: string - default: . - - - name: dockerfile - description: Path to the Dockerfile inside the context specified by parameter path-context - type: string - default: Dockerfile - - - name: rebuild - description: Force rebuild image - type: string - default: "false" - - - name: skip-checks - description: Skip checks against built image - type: string - default: "false" - - - name: hermetic - description: Execute the build with network isolation - type: string - default: "false" - - - name: prefetch-input - description: Build dependencies to be prefetched by Cachi2 - type: string - default: "" - - - name: image-expires-after - description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. - default: "" - - - name: build-args - description: Array of --build-arg values ("arg=value" strings) for buildah - type: array - default: [] - - - name: build-args-file - description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file - type: string - default: "" - - - name: tag-prefix - description: Prefix added to additional tags - type: string - default: "" - - results: - - name: IMAGE_URL - description: "" - value: $(tasks.build-container.results.IMAGE_URL) - - - name: IMAGE_DIGEST - description: "" - value: $(tasks.build-container.results.IMAGE_DIGEST) - - - name: CHAINS-GIT_URL - description: "" - value: $(tasks.clone-repository.results.url) - - - name: CHAINS-GIT_COMMIT - description: "" - value: $(tasks.clone-repository.results.commit) - - tasks: - - name: init - params: - - name: image-url - value: $(params.output-image) - - - name: rebuild - value: $(params.rebuild) - - - name: skip-checks - value: $(params.skip-checks) - taskRef: - resolver: bundles - params: - - name: name - value: init - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:90dda596d44b3f861889da2fba161dff34c6116fe76c3989e3f84262ea0f29cd - - - name: kind - value: task - - - name: clone-repository - params: - - name: url - value: $(params.git-url) - - - name: revision - value: $(params.revision) - - - name: ociStorage - value: $(params.output-image).git - - - name: ociArtifactExpiresAfter - value: $(params.image-expires-after) - runAfter: - - init - taskRef: - resolver: bundles - params: - - name: name - value: git-clone-oci-ta - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:0cf39c32d86900dce3f7d53f828826dd96ad917c5f4c0b01fb1865346601447d - - - name: kind - value: task - - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: basic-auth - workspace: git-auth - - - name: prefetch-dependencies - params: - - name: input - value: $(params.prefetch-input) - - - name: SOURCE_ARTIFACT - value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - - - name: ociStorage - value: $(params.output-image).prefetch - - - name: ociArtifactExpiresAfter - value: $(params.image-expires-after) - runAfter: - - clone-repository - taskRef: - resolver: bundles - params: - - name: name - value: prefetch-dependencies-oci-ta - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:2c9d502b106ec88eb9926ccfdb774609d8ae2894d56559b0e75ee9deaaec3646 - - - name: kind - value: task - workspaces: - - name: git-basic-auth - workspace: git-auth - - - name: netrc - workspace: netrc - - - name: build-container - params: - - name: IMAGE - value: $(params.output-image) - - - name: DOCKERFILE - value: $(params.dockerfile) - - - name: CONTEXT - value: $(params.path-context) - - - name: HERMETIC - value: $(params.hermetic) - - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - - name: BUILD_ARGS - value: - - $(params.build-args[*]) - - - name: BUILD_ARGS_FILE - value: $(params.build-args-file) - - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - runAfter: - - prefetch-dependencies - taskRef: - resolver: bundles - params: - - name: name - value: buildah-oci-ta - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:234dc22d721913f08560cb033b384e5d98ff6d2e92713ea69159bd89bc3dec2b - - - name: kind - value: task - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - - - name: deprecated-base-image-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - resolver: bundles - params: - - name: name - value: deprecated-image-check - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:f8efb0b22692fad908a1a75f8d5c0b6ed3b0bcd2a9853577e7be275e5bac1bb8 - - - name: kind - value: task - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - - name: clair-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - resolver: bundles - params: - - name: name - value: clair-scan - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:e428b37d253621365ffb24d4053e5f3141988ae6a30fce1c8ba73b7211396eb0 - - - name: kind - value: task - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - - name: ecosystem-cert-preflight-checks - params: - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - resolver: bundles - params: - - name: name - value: ecosystem-cert-preflight-checks - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:df8a25a3431a70544172ed4844f9d0c6229d39130633960729f825a031a7dea9 - - - name: kind - value: task - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sast-snyk-check - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - runAfter: - - build-container - taskRef: - resolver: bundles - params: - - name: name - value: sast-snyk-check-oci-ta - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:6d232347739a0366dcfc4e40afbcb5d1937dd3fea8952afb1bd6a4b0c5d1c1f5 - - - name: kind - value: task - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - - name: clamav-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - resolver: bundles - params: - - name: name - value: clamav-scan - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:d78221853f7ff2befc6669dd0eeb91e6611ae84ac7754150ea0f071d92ff41cb - - - name: kind - value: task - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - - name: apply-tags - params: - - name: IMAGE - value: $(tasks.build-container.results.IMAGE_URL) - - - name: ADDITIONAL_TAGS - value: - - $(params.tag-prefix)$(tasks.clone-repository.results.short-commit) - runAfter: - - build-container - taskRef: - resolver: bundles - params: - - name: name - value: apply-tags - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:2c2d88c07623b2d25163994ded6e9f29205ea5bbab090f4c86379739940028b9 - - - name: kind - value: task - - - name: push-dockerfile - params: - - name: IMAGE - value: $(tasks.build-container.results.IMAGE_URL) - - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - - - name: DOCKERFILE - value: $(params.dockerfile) - - - name: CONTEXT - value: $(params.path-context) - - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - runAfter: - - build-container - taskRef: - resolver: bundles - params: - - name: name - value: push-dockerfile-oci-ta - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:d3d7bfda98e475476f0665d76c7762236310e299dfaeb96776dc72dc93dbfd94 - - - name: kind - value: task - - - name: rpms-signature-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - resolver: bundles - params: - - name: name - value: rpms-signature-scan - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:9e33cbc0128aa1a34d6996c87fceac03a6aa05d1c18564a73abbb9b6a710fd6a - - - name: kind - value: task - - finally: - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - resolver: bundles - params: - - name: name - value: show-sbom - - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 - - - name: kind - value: task diff --git a/.tekton/pull_request.yaml b/.tekton/pull_request.yaml index 10c6682..bb27b3e 100644 --- a/.tekton/pull_request.yaml +++ b/.tekton/pull_request.yaml @@ -8,6 +8,7 @@ metadata: build.appstudio.redhat.com/target_branch: '{{ target_branch }}' pipelinesascode.tekton.dev/max-keep-runs: "3" pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main" + pipelinesascode.tekton.dev/pipeline: "https://raw.githubusercontent.com/project-koku/koku-ci/main/pipelines/pipeline-build.yaml" creationTimestamp: null labels: diff --git a/.tekton/push.yaml b/.tekton/push.yaml index 1325493..aa35e08 100644 --- a/.tekton/push.yaml +++ b/.tekton/push.yaml @@ -7,6 +7,7 @@ metadata: build.appstudio.redhat.com/target_branch: '{{ target_branch }}' pipelinesascode.tekton.dev/max-keep-runs: "3" pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main" + pipelinesascode.tekton.dev/pipeline: "https://raw.githubusercontent.com/project-koku/koku-ci/main/pipelines/pipeline-build.yaml" creationTimestamp: null labels: @@ -15,7 +16,7 @@ metadata: pipelines.appstudio.openshift.io/type: build namespace: cost-mgmt-dev-tenant - name: koku-report-emailer-push + name: koku-report-emailer-on-push spec: params: