From c6019f95754f7638e92fd168f459458fb8c042c2 Mon Sep 17 00:00:00 2001 From: konflux-internal-p02 Date: Thu, 12 Dec 2024 09:58:15 +0000 Subject: [PATCH] Konflux Internal p02 update odh-ml-pipelines-driver-v2-17 Signed-off-by: konflux-internal-p02 --- ...l-pipelines-driver-v2-17-pull-request.yaml | 233 +++++++++++--- .../odh-ml-pipelines-driver-v2-17-push.yaml | 299 +++++++++++------- 2 files changed, 362 insertions(+), 170 deletions(-) diff --git a/.tekton/odh-ml-pipelines-driver-v2-17-pull-request.yaml b/.tekton/odh-ml-pipelines-driver-v2-17-pull-request.yaml index 73d4e58d85d..56f5b0878eb 100644 --- a/.tekton/odh-ml-pipelines-driver-v2-17-pull-request.yaml +++ b/.tekton/odh-ml-pipelines-driver-v2-17-pull-request.yaml @@ -7,8 +7,9 @@ metadata: build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "rhoai-2.17" - creationTimestamp: + pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch + == "rhoai-2.17" + creationTimestamp: null labels: appstudio.openshift.io/application: rhoai-v2-17 appstudio.openshift.io/component: odh-ml-pipelines-driver-v2-17 @@ -29,8 +30,6 @@ spec: value: backend/Dockerfile.konflux.driver - name: path-context value: . - - name: prefetch-input - value: '{"type": "gomod", "path": "."}' pipelineSpec: description: | This pipeline is ideal for building container images from a Containerfile while reducing network traffic. @@ -51,6 +50,28 @@ spec: - name: kind value: task resolver: bundles + - name: show-summary + params: + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: git-url + value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) + - name: image-url + value: $(params.output-image) + - name: build-task-status + value: $(tasks.build-image-index.status) + taskRef: + params: + - name: name + value: summary + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:870d9a04d9784840a90b7bf6817cd0d0c4edfcda04b1ba1868cae625a3c3bfcc + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace params: - description: Source Repository URL name: git-url @@ -63,11 +84,13 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where to build image. + description: Path to the source code of an application's component from where + to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter path-context + description: Path to the Dockerfile inside the context specified by parameter + path-context name: dockerfile type: string - default: "false" @@ -78,7 +101,7 @@ spec: description: Skip checks against built image name: skip-checks type: string - - default: "true" + - default: "false" description: Execute the build with network isolation name: hermetic type: string @@ -87,7 +110,8 @@ spec: name: prefetch-input type: string - default: "" - description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "false" description: Build a source image. @@ -132,7 +156,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:0523b51c28375a3f222da91690e22eff11888ebc98a0c73c468af44762265c69 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:60063fefe88e111d129cb59caff97c912722927c8a0f750253553d4c527a2396 - name: kind value: task resolver: bundles @@ -142,18 +166,14 @@ spec: value: $(params.git-url) - name: revision value: $(params.revision) - - name: ociStorage - value: $(params.output-image).git - - name: ociArtifactExpiresAfter - value: $(params.image-expires-after) runAfter: - init taskRef: params: - name: name - value: git-clone-oci-ta + value: git-clone - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:8ab0c7a7ac4a4c59740a24304e17cc64fe8745376d19396c4660fc0e1a957a1b + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:d091a9e19567a4cbdc5acd57903c71ba71dc51d749a4ba7477e689608851e981 - name: kind value: task resolver: bundles @@ -163,30 +183,33 @@ spec: values: - "true" workspaces: + - name: output + workspace: workspace - name: basic-auth workspace: git-auth - name: prefetch-dependencies params: - name: input value: $(params.prefetch-input) - - name: SOURCE_ARTIFACT - value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - - name: ociStorage - value: $(params.output-image).prefetch - - name: ociArtifactExpiresAfter - value: $(params.image-expires-after) runAfter: - clone-repository taskRef: params: - name: name - value: prefetch-dependencies-oci-ta + value: prefetch-dependencies - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:3e51d7c477ba00bd0c7de2d8f89269131646d2582e631b9aee91fb4b022d4555 + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:53fc6d82b06534878e509f3e37f05b818f38fba01729dd1fbee6f97a9562c1ed - name: kind value: task resolver: bundles + when: + - input: $(params.prefetch-input) + operator: notin + values: + - "" workspaces: + - name: source + workspace: workspace - name: git-basic-auth workspace: git-auth - name: netrc @@ -212,18 +235,14 @@ spec: - $(params.build-args[*]) - name: BUILD_ARGS_FILE value: $(params.build-args-file) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - prefetch-dependencies taskRef: params: - name: name - value: buildah-oci-ta + value: buildah - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:decef0e000a05daad9dd43b707c8b3a96b6125ff5a4ee096fd3e8c23a2881b9e + value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.2@sha256:ae8dcd146ac80f5b3f9fece916b5125417fc7db1b37ec176068f9cd0801cebfb - name: kind value: task resolver: bundles @@ -232,6 +251,9 @@ spec: operator: in values: - "true" + workspaces: + - name: source + workspace: workspace - name: build-image-index params: - name: IMAGE @@ -252,7 +274,7 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:a89c141c8d35b2e9d9904c92c9b128f7ccf36681adac7f7422b4537b8bb077e7 + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:37328a4b2fc686435531ba423c26c2051822a4e70b06088c4d8eaf0e8fa6d65b - name: kind value: task resolver: bundles @@ -265,18 +287,14 @@ spec: params: - name: BINARY_IMAGE value: $(params.output-image) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - build-image-index taskRef: params: - name: name - value: source-build-oci-ta + value: source-build - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:26278e5373a726594975a9ec2f177a67e3674bbf905d7d317b9ea60ca7993978 + value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:bacd55a3caa34a30bcf51c00f3f719cb3f783e325257f04c27a91f688cbe9644 - name: kind value: task resolver: bundles @@ -289,6 +307,9 @@ spec: operator: in values: - "true" + workspaces: + - name: workspace + workspace: workspace - name: deprecated-base-image-check params: - name: IMAGE_URL @@ -359,18 +380,14 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - build-image-index taskRef: params: - name: name - value: sast-snyk-check-oci-ta + value: sast-snyk-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:1119722a2d31b831d1aa336fd8cced0a5016c95466b6b59a58bbf3585735850f + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.3@sha256:0d2db16b8f8eabdfedbaa6ecaffd93aa6fd5ad4e8c7c1c1aa5d49cf010c7a87f - name: kind value: task resolver: bundles @@ -379,6 +396,9 @@ spec: operator: in values: - "false" + workspaces: + - name: workspace + workspace: workspace - name: clamav-scan params: - name: image-digest @@ -392,7 +412,29 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:b4f450f1447b166da671f1d5819ab5a1485083e5c27ab91f7d8b7a2ff994c8c2 + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:6e08cf608240f57442ca5458f3c0dade3558f4f2953be8ea939232f5d5378d58 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-coverity-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - coverity-availability-check + taskRef: + params: + - name: name + value: sast-coverity-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.1@sha256:6d0bead975a9e9ce9dac98edb0a3c3908dbae3882df2775fc8760c6bb4f41f8c - name: kind value: task resolver: bundles @@ -401,6 +443,86 @@ spec: operator: in values: - "false" + - input: $(tasks.coverity-availability-check.results.STATUS) + operator: in + values: + - success + workspaces: + - name: workspace + workspace: workspace + - name: coverity-availability-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: coverity-availability-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.1@sha256:c24a1c5c2e1e9e13027d9f35c27c4757fb317877a0b86e9d23928dc4ec49921d + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: sast-shell-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-shell-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:2de060c734b4a0c804525f6ff57d4a5e4a380b7e1475676582282563202f8014 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: sast-unicode-check + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-unicode-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:f2fb1a902f1a33119e89333fd326d406ba595f384a80987ca51ad46777e22b25 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace - name: apply-tags params: - name: IMAGE @@ -412,7 +534,7 @@ spec: - name: name value: apply-tags - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:87fd7fc0e937aad1a8db9b6e377d7e444f53394dafde512d68adbea6966a4702 + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:0767c115d4ba4854d106c9cdfabdc1f1298bc2742a3fea4fefbac4b9c5873d6e - name: kind value: task resolver: bundles @@ -426,19 +548,20 @@ spec: value: $(params.dockerfile) - name: CONTEXT value: $(params.path-context) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) runAfter: - build-image-index taskRef: params: - name: name - value: push-dockerfile-oci-ta + value: push-dockerfile - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:08ef41d6a98608bd5f1de75d77f015f520911a278d1875e174b88b9d04db2441 + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:48bb2ee92ea528b28c0814c9cc126021e499a081b69431987a774561e9ac8047 - name: kind value: task resolver: bundles + workspaces: + - name: workspace + workspace: workspace - name: rpms-signature-scan params: - name: image-url @@ -452,7 +575,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:8f3b23bf1b0ef55cc79d28604d2397a0101ac9c0c42ae26e26532eb2778c801b + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:71c220bdc11e6308c79693d134f8799de02929549fec523ccc4f0cff1e314e14 - name: kind value: task resolver: bundles @@ -462,12 +585,24 @@ spec: values: - "false" workspaces: + - name: workspace - name: git-auth optional: true - name: netrc optional: true taskRunTemplate: {} workspaces: + - name: workspace + volumeClaimTemplate: + metadata: + creationTimestamp: null + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: {} - name: git-auth secret: secretName: '{{ git_auth_secret }}' diff --git a/.tekton/odh-ml-pipelines-driver-v2-17-push.yaml b/.tekton/odh-ml-pipelines-driver-v2-17-push.yaml index 53604093e37..ff91b9ac3f2 100644 --- a/.tekton/odh-ml-pipelines-driver-v2-17-push.yaml +++ b/.tekton/odh-ml-pipelines-driver-v2-17-push.yaml @@ -6,12 +6,9 @@ metadata: build.appstudio.redhat.com/commit_sha: '{{revision}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - build.appstudio.openshift.io/build-nudge-files: "build/operator-nudging.yaml" - pipelinesascode.tekton.dev/on-cel-expression: | - event == "push" - && target_branch == "rhoai-2.17" - && ( !".tekton/**".pathChanged() || ".tekton/odh-ml-pipelines-driver-v2-17-push.yaml".pathChanged() ) - creationTimestamp: + pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch + == "rhoai-2.17" + creationTimestamp: null labels: appstudio.openshift.io/application: rhoai-v2-17 appstudio.openshift.io/component: odh-ml-pipelines-driver-v2-17 @@ -25,13 +22,11 @@ spec: - name: revision value: '{{revision}}' - name: output-image - value: quay.io/rhoai/odh-ml-pipelines-driver-rhel8:{{target_branch}} + value: quay.io/redhat-user-workloads/rhoai-tenant/odh-ml-pipelines-driver-v2-17:{{revision}} - name: dockerfile value: backend/Dockerfile.konflux.driver - name: path-context value: . - - name: prefetch-input - value: '{"type": "gomod", "path": "."}' pipelineSpec: description: | This pipeline is ideal for building container images from a Containerfile while reducing network traffic. @@ -52,28 +47,28 @@ spec: - name: kind value: task resolver: bundles - - name: send-slack-notification + - name: show-summary params: - - name: message - value: "$(tasks.rhoai-init.results.slack-message-failure-text)" - - name: secret-name - value: rhoai-konflux-secret - - name: key-name - value: slack-webhook + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: git-url + value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) + - name: image-url + value: $(params.output-image) + - name: build-task-status + value: $(tasks.build-image-index.status) taskRef: params: - name: name - value: slack-webhook-notification + value: summary - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-slack-webhook-notification:0.1@sha256:dc17b70633363d78414b8c06dc1660d25742935f106a6116995638e1210c2730 + value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:870d9a04d9784840a90b7bf6817cd0d0c4edfcda04b1ba1868cae625a3c3bfcc - name: kind value: task resolver: bundles - when: - - input: $(tasks.status) - operator: in - values: - - "Failed" + workspaces: + - name: workspace + workspace: workspace params: - description: Source Repository URL name: git-url @@ -86,11 +81,13 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where to build image. + description: Path to the source code of an application's component from where + to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter path-context + description: Path to the Dockerfile inside the context specified by parameter + path-context name: dockerfile type: string - default: "false" @@ -101,7 +98,7 @@ spec: description: Skip checks against built image name: skip-checks type: string - - default: "true" + - default: "false" description: Execute the build with network isolation name: hermetic type: string @@ -110,9 +107,10 @@ spec: name: prefetch-input type: string - default: "" - description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - - default: "true" + - default: "false" description: Build a source image. name: build-source-image type: string @@ -142,45 +140,6 @@ spec: name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository.results.commit) tasks: - - name: rhoai-init - params: - - name: pipelinerun-name - value: "$(context.pipelineRun.name)" - taskSpec: - results: - - description: Notification text to be posted to slack - name: slack-message-failure-text - steps: - - image: quay.io/rhoai-konflux/alpine:latest - name: rhoai-init - env: - - name: slack_message - valueFrom: - secretKeyRef: - name: rhoai-konflux-secret - key: slack-component-failure-notification - script: | - pipelinerun_name=$(params.pipelinerun-name) - target_branch={{target_branch}} - echo "pipelinerun-name = $pipelinerun_name" - - application_name=${target_branch/rhoai-/} - application_name=rhoai-v${application_name/./-} - echo "application-name = $application_name" - - component_name=${pipelinerun_name/-on-*/} - echo "component-name = $component_name" - - KONFLUX_SERVER="https://konflux.apps.stone-prod-p02.hjvn.p1.openshiftapps.com" - build_url="${KONFLUX_SERVER}/application-pipeline/workspaces/rhoai/applications/${application_name}/pipelineruns/${pipelinerun_name}/logs" - - build_time="$(date +%Y-%m-%dT%H:%M:%S)" - - slack_message=${slack_message/__BUILD__URL__/$build_url} - slack_message=${slack_message/__PIPELINERUN__NAME__/$pipelinerun_name} - slack_message=${slack_message/__BUILD__TIME__/$build_time} - - echo -en "${slack_message}" > "$(results.slack-message-failure-text.path)" - name: init params: - name: image-url @@ -194,30 +153,24 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:0523b51c28375a3f222da91690e22eff11888ebc98a0c73c468af44762265c69 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:60063fefe88e111d129cb59caff97c912722927c8a0f750253553d4c527a2396 - name: kind value: task resolver: bundles - runAfter: - - rhoai-init - name: clone-repository params: - name: url value: $(params.git-url) - name: revision value: $(params.revision) - - name: ociStorage - value: $(params.output-image).git - - name: ociArtifactExpiresAfter - value: $(params.image-expires-after) runAfter: - init taskRef: params: - name: name - value: git-clone-oci-ta + value: git-clone - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:8ab0c7a7ac4a4c59740a24304e17cc64fe8745376d19396c4660fc0e1a957a1b + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:d091a9e19567a4cbdc5acd57903c71ba71dc51d749a4ba7477e689608851e981 - name: kind value: task resolver: bundles @@ -227,30 +180,33 @@ spec: values: - "true" workspaces: + - name: output + workspace: workspace - name: basic-auth workspace: git-auth - name: prefetch-dependencies params: - name: input value: $(params.prefetch-input) - - name: SOURCE_ARTIFACT - value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - - name: ociStorage - value: $(params.output-image).prefetch - - name: ociArtifactExpiresAfter - value: $(params.image-expires-after) runAfter: - clone-repository taskRef: params: - name: name - value: prefetch-dependencies-oci-ta + value: prefetch-dependencies - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:3e51d7c477ba00bd0c7de2d8f89269131646d2582e631b9aee91fb4b022d4555 + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:53fc6d82b06534878e509f3e37f05b818f38fba01729dd1fbee6f97a9562c1ed - name: kind value: task resolver: bundles + when: + - input: $(params.prefetch-input) + operator: notin + values: + - "" workspaces: + - name: source + workspace: workspace - name: git-basic-auth workspace: git-auth - name: netrc @@ -276,26 +232,14 @@ spec: - $(params.build-args[*]) - name: BUILD_ARGS_FILE value: $(params.build-args-file) - - name: LABELS - value: - - version=v2.17.0 - - url=$(params.git-url) - - release=$(tasks.clone-repository.results.commit-timestamp) - - git.url=$(params.git-url) - - git.commit=$(params.revision) - - io.openshift.tags=odh-ml-pipelines-driver - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - prefetch-dependencies taskRef: params: - name: name - value: buildah-oci-ta + value: buildah - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:decef0e000a05daad9dd43b707c8b3a96b6125ff5a4ee096fd3e8c23a2881b9e + value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.2@sha256:ae8dcd146ac80f5b3f9fece916b5125417fc7db1b37ec176068f9cd0801cebfb - name: kind value: task resolver: bundles @@ -304,6 +248,9 @@ spec: operator: in values: - "true" + workspaces: + - name: source + workspace: workspace - name: build-image-index params: - name: IMAGE @@ -324,7 +271,7 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:a89c141c8d35b2e9d9904c92c9b128f7ccf36681adac7f7422b4537b8bb077e7 + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:37328a4b2fc686435531ba423c26c2051822a4e70b06088c4d8eaf0e8fa6d65b - name: kind value: task resolver: bundles @@ -337,18 +284,14 @@ spec: params: - name: BINARY_IMAGE value: $(params.output-image) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - build-image-index taskRef: params: - name: name - value: source-build-oci-ta + value: source-build - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:26278e5373a726594975a9ec2f177a67e3674bbf905d7d317b9ea60ca7993978 + value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:bacd55a3caa34a30bcf51c00f3f719cb3f783e325257f04c27a91f688cbe9644 - name: kind value: task resolver: bundles @@ -361,6 +304,9 @@ spec: operator: in values: - "true" + workspaces: + - name: workspace + workspace: workspace - name: deprecated-base-image-check params: - name: IMAGE_URL @@ -431,18 +377,14 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - build-image-index taskRef: params: - name: name - value: sast-snyk-check-oci-ta + value: sast-snyk-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:1119722a2d31b831d1aa336fd8cced0a5016c95466b6b59a58bbf3585735850f + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.3@sha256:0d2db16b8f8eabdfedbaa6ecaffd93aa6fd5ad4e8c7c1c1aa5d49cf010c7a87f - name: kind value: task resolver: bundles @@ -451,6 +393,9 @@ spec: operator: in values: - "false" + workspaces: + - name: workspace + workspace: workspace - name: clamav-scan params: - name: image-digest @@ -464,7 +409,29 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:b4f450f1447b166da671f1d5819ab5a1485083e5c27ab91f7d8b7a2ff994c8c2 + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:6e08cf608240f57442ca5458f3c0dade3558f4f2953be8ea939232f5d5378d58 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-coverity-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - coverity-availability-check + taskRef: + params: + - name: name + value: sast-coverity-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.1@sha256:6d0bead975a9e9ce9dac98edb0a3c3908dbae3882df2775fc8760c6bb4f41f8c - name: kind value: task resolver: bundles @@ -473,13 +440,90 @@ spec: operator: in values: - "false" + - input: $(tasks.coverity-availability-check.results.STATUS) + operator: in + values: + - success + workspaces: + - name: workspace + workspace: workspace + - name: coverity-availability-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: coverity-availability-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.1@sha256:c24a1c5c2e1e9e13027d9f35c27c4757fb317877a0b86e9d23928dc4ec49921d + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: sast-shell-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-shell-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:2de060c734b4a0c804525f6ff57d4a5e4a380b7e1475676582282563202f8014 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: sast-unicode-check + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-unicode-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:f2fb1a902f1a33119e89333fd326d406ba595f384a80987ca51ad46777e22b25 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace - name: apply-tags params: - name: IMAGE value: $(tasks.build-image-index.results.IMAGE_URL) - - name: ADDITIONAL_TAGS - value: - - '{{target_branch}}-{{revision}}' runAfter: - build-image-index taskRef: @@ -487,7 +531,7 @@ spec: - name: name value: apply-tags - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:87fd7fc0e937aad1a8db9b6e377d7e444f53394dafde512d68adbea6966a4702 + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:0767c115d4ba4854d106c9cdfabdc1f1298bc2742a3fea4fefbac4b9c5873d6e - name: kind value: task resolver: bundles @@ -501,19 +545,20 @@ spec: value: $(params.dockerfile) - name: CONTEXT value: $(params.path-context) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) runAfter: - build-image-index taskRef: params: - name: name - value: push-dockerfile-oci-ta + value: push-dockerfile - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:08ef41d6a98608bd5f1de75d77f015f520911a278d1875e174b88b9d04db2441 + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:48bb2ee92ea528b28c0814c9cc126021e499a081b69431987a774561e9ac8047 - name: kind value: task resolver: bundles + workspaces: + - name: workspace + workspace: workspace - name: rpms-signature-scan params: - name: image-url @@ -527,7 +572,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:8f3b23bf1b0ef55cc79d28604d2397a0101ac9c0c42ae26e26532eb2778c801b + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:71c220bdc11e6308c79693d134f8799de02929549fec523ccc4f0cff1e314e14 - name: kind value: task resolver: bundles @@ -537,12 +582,24 @@ spec: values: - "false" workspaces: + - name: workspace - name: git-auth optional: true - name: netrc optional: true taskRunTemplate: {} workspaces: + - name: workspace + volumeClaimTemplate: + metadata: + creationTimestamp: null + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: {} - name: git-auth secret: secretName: '{{ git_auth_secret }}'