-
Notifications
You must be signed in to change notification settings - Fork 140
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: cmoulliard <[email protected]>
- Loading branch information
1 parent
55381c4
commit 04a09b1
Showing
3 changed files
with
562 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| # build-paketo-ubi-builder task | ||
|
|
||
| The `build-paketo-ubi-builder` task builds an ubi image for a paketo builder using as input the [builder.toml](https://buildpacks.io/docs/reference/config/builder-config/) file. The image is build using the pack tool packaged part of the [paketo-container](https://github.com/konflux-ci/paketo-container/) image. | ||
| The task also produces the SBOM which is signed and added to the image. | ||
|
|
||
| ## Parameters | ||
| | name | description | default value | required | | ||
| |----------------------|-------------------------------------------------------------------------------------|----------------------------------------------------------------------------|----------| | ||
| | BUILD_ARGS | Array of --build-arg values ("arg=value" strings) | [] | false | | ||
| | BUILDER_NAME | Name of the paketo builder image containing the tools as: pack, jam, create-package | quay.io/redhat-user-workloads/konflux-build-pipeli-tenant/paketo-container | false | | ||
| | CACHI2_ARTIFACT | The Trusted Artifact URI pointing to the artifact with the prefetched dependencies. | "" | false | | ||
| | CONTEXT | Path to the directory to use as context. | . | false | | ||
| | HERMETIC | Determines if build will be executed without network access. | false | false | | ||
| | IMAGE | Reference of the image buildah will produce. | | true | | ||
| | PLATFORM | The platform to build on | | true | | ||
| | SOURCE_ARTIFACT | The Trusted Artifact URI pointing to the artifact with the application source code. | | true | | ||
| | SOURCE_CODE_DIR | The subpath of the application source code. | "." | true | | ||
| | STORAGE_DRIVER | Storage driver to configure for buildah | vfs | false | | ||
| | TLSVERIFY | Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) | true | false | | ||
| | caTrustConfigMapKey | The name of the key in the ConfigMap that contains the CA bundle data. | ca-bundle.crt | false | | ||
| | caTrustConfigMapName | The name of the ConfigMap to read CA bundle data from. | trusted-ca | false | | ||
|
|
||
| ## Results | ||
| |name|description| | ||
| |---|---| | ||
| |BASE_IMAGES_DIGESTS|Digests of the base images used for build| | ||
| |IMAGE_DIGEST|Digest of the image just built| | ||
| |IMAGE_REF|Image reference of the built image| | ||
| |IMAGE_URL|Image repository and tag where the built image was pushed| | ||
| |SBOM_BLOB_URL|Reference of SBOM blob digest to enable digest-based verification from provenance| |
Oops, something went wrong.