diff --git a/.tekton/maestro-pull-request.yaml b/.tekton/maestro-main-pull-request.yaml similarity index 78% rename from .tekton/maestro-pull-request.yaml rename to .tekton/maestro-main-pull-request.yaml index 4d000e47..5aba10bd 100644 --- a/.tekton/maestro-pull-request.yaml +++ b/.tekton/maestro-main-pull-request.yaml @@ -2,19 +2,20 @@ apiVersion: tekton.dev/v1 kind: PipelineRun metadata: annotations: - build.appstudio.openshift.io/repo: https://github.com/openshift-online/maestro?rev={{revision}} + build.appstudio.openshift.io/repo: https://github.com/stolostron/maestro?rev={{revision}} build.appstudio.redhat.com/commit_sha: '{{revision}}' build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main" + pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch + == "main" creationTimestamp: null labels: - appstudio.openshift.io/application: maestro - appstudio.openshift.io/component: maestro + appstudio.openshift.io/application: maestro-main + appstudio.openshift.io/component: maestro-main pipelines.appstudio.openshift.io/type: build - name: maestro-on-pull-request - namespace: maestro-rhtap-tenant + name: maestro-main-on-pull-request + namespace: crt-redhat-acm-tenant spec: params: - name: dockerfile @@ -24,7 +25,7 @@ spec: - name: image-expires-after value: 5d - name: output-image - value: quay.io/redhat-user-workloads/maestro-rhtap-tenant/maestro/maestro:on-pr-{{revision}} + value: quay.io/redhat-user-workloads/crt-redhat-acm-tenant/maestro-main/maestro-main:on-pr-{{revision}} - name: path-context value: . - name: revision @@ -63,6 +64,9 @@ spec: - name: kind value: task resolver: bundles + workspaces: + - name: workspace + workspace: workspace params: - description: Source Repository URL name: git-url @@ -75,11 +79,13 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where to build image. + description: Path to the source code of an application's component from where + to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter path-context + description: Path to the Dockerfile inside the context specified by parameter + path-context name: dockerfile type: string - default: "false" @@ -90,10 +96,6 @@ spec: description: Skip checks against built image name: skip-checks type: string - - default: "true" - description: Skip optional checks, set false if you want to run optional checks - name: skip-optional - type: string - default: "false" description: Execute the build with network isolation name: hermetic @@ -107,12 +109,18 @@ spec: name: java type: string - default: "" - description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "false" description: Build a source image. name: build-source-image type: string + - default: "" + description: Path to a file with build arguments which will be passed to podman + during build + name: build-args-file + type: string results: - description: "" name: IMAGE_URL @@ -138,18 +146,12 @@ spec: value: $(params.rebuild) - name: skip-checks value: $(params.skip-checks) - - name: skip-optional - value: $(params.skip-optional) - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: pipelinerun-uid - value: $(context.pipelineRun.uid) taskRef: params: - name: name value: init - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:07b8eb6a9533525a397c296246d3eb6ec4771b520a1bfee817ce2b7ede25c43d + value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:ad2c6461433b867a5b8c5243048014f71295f4f7b0b684e6289246e37f698204 - name: kind value: task resolver: bundles @@ -191,7 +193,7 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:cd873246e0d830d8b3d0dc76334348474361101487457f65bc02aab9861aad2c + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:befbcd715d146f52e6421a3cce34d1b93ffcb069a0271621c04d4f6f334ddb35 - name: kind value: task resolver: bundles @@ -203,6 +205,8 @@ spec: workspaces: - name: source workspace: workspace + - name: git-basic-auth + workspace: git-auth - name: build-container params: - name: IMAGE @@ -219,6 +223,8 @@ spec: value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) runAfter: - prefetch-dependencies taskRef: @@ -226,7 +232,7 @@ spec: - name: name value: buildah - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.2@sha256:ccd1cebde461112883df1fa2be45d3f81b142e9fb72fb04347840e9830f2a66e + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.2@sha256:19d56a5cb8cf0d208fd9d01925aadce96d95b02fc234089e362b69d8537dc2a5 - name: kind value: task resolver: bundles @@ -249,7 +255,7 @@ spec: - name: name value: source-build - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:399cddeda7b33ef16872d469d0e2bb5f44a3ff0efa7d3cffa4bd9ff7130faea6 + value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:f1784097dad71fa3648bc7ffd9d285ae53a9da51ab8541cfa8871b9fd6d41d0d - name: kind value: task resolver: bundles @@ -278,7 +284,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.4@sha256:566ae0df80f8447558595a996627bf0b5482dc0eaa9fbc33b8154587aed51a05 + value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.4@sha256:0ad98ffb3409f87f94ac7608838a142fed3eace02d7b815c0c63f4232b988e1a - name: kind value: task resolver: bundles @@ -300,7 +306,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.2@sha256:bcc01fe4689fbb87ca335d7efea88ec800e05d8796f0828fca984349b7844b09 + value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.2@sha256:0bf7059322544cec08fae9c159be8c1d4a5d1f2ad145446aa8f169e6cddc0294 - name: kind value: task resolver: bundles @@ -309,15 +315,35 @@ spec: operator: in values: - "false" - - name: sast-snyk-check + - name: ecosystem-cert-preflight-checks + params: + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) runAfter: - build-container + taskRef: + params: + - name: name + value: ecosystem-cert-preflight-checks + - name: bundle + value: quay.io/redhat-appstudio-tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:13a1013abebdd8dc398c41d2c72da41664086d390ea6ab9912905c1dfee08fbf + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + runAfter: + - clone-repository taskRef: params: - name: name value: sast-snyk-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.3@sha256:4ada9949fd195b50e33605ef06bb52a9bfb523d88529392972ac7a051d5bb549 + value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.3@sha256:601cc915a8108bdcd9d55f56d35c21d12a01b577401a175acac4e87d2b1738ae - name: kind value: task resolver: bundles @@ -329,12 +355,29 @@ spec: workspaces: - name: workspace workspace: workspace + - name: clamav-scan params: - name: image-digest value: $(tasks.build-container.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-container.results.IMAGE_URL) - - name: clamav-scan + runAfter: + - build-container + taskRef: + params: + - name: name + value: clamav-scan + - name: bundle + value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.2@sha256:5ec761447580484540a66dc00ac35a4fd0a0c046a6b33904b46727104b9aed2b + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: rpms-signature-scan params: - name: image-digest value: $(tasks.build-container.results.IMAGE_DIGEST) @@ -345,9 +388,9 @@ spec: taskRef: params: - name: name - value: clamav-scan + value: rpms-signature-scan - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.2@sha256:d586428498a2e27ff7c0eb2591181f05e783871db0cc16112acd2e1ee0a77b8b + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:29da92041da40a42ea7a71fb248950c245e800a26112f01370fde0116d41c2b7 - name: kind value: task resolver: bundles @@ -376,4 +419,4 @@ spec: - name: git-auth secret: secretName: '{{ git_auth_secret }}' -status: {} +status: {} \ No newline at end of file diff --git a/.tekton/maestro-push.yaml b/.tekton/maestro-main-push.yaml similarity index 79% rename from .tekton/maestro-push.yaml rename to .tekton/maestro-main-push.yaml index d3d67049..ea8c1d4c 100644 --- a/.tekton/maestro-push.yaml +++ b/.tekton/maestro-main-push.yaml @@ -2,26 +2,27 @@ apiVersion: tekton.dev/v1 kind: PipelineRun metadata: annotations: - build.appstudio.openshift.io/repo: https://github.com/openshift-online/maestro?rev={{revision}} + build.appstudio.openshift.io/repo: https://github.com/stolostron/maestro?rev={{revision}} build.appstudio.redhat.com/commit_sha: '{{revision}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main" + pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch + == "main" creationTimestamp: null labels: - appstudio.openshift.io/application: maestro - appstudio.openshift.io/component: maestro + appstudio.openshift.io/application: maestro-main + appstudio.openshift.io/component: maestro-main pipelines.appstudio.openshift.io/type: build - name: maestro-on-push - namespace: maestro-rhtap-tenant + name: maestro-main-on-push + namespace: crt-redhat-acm-tenant spec: params: - name: dockerfile value: Containerfile.rhtap - name: git-url - value: '{{repo_url}}' + value: '{{source_url}}' - name: output-image - value: quay.io/redhat-user-workloads/maestro-rhtap-tenant/maestro/maestro:{{revision}} + value: quay.io/redhat-user-workloads/crt-redhat-acm-tenant/maestro-main/maestro-main:{{revision}} - name: path-context value: . - name: revision @@ -56,10 +57,13 @@ spec: - name: name value: summary - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:716d50d6f79c119e729a41ddf4eca7ddc521dbfb32cc10c7e1ef1942da887e26 + value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:ac5b078500566c204eaa23e3aea1e2f7e003ac750514198419cb322a2eaf177a - name: kind value: task resolver: bundles + workspaces: + - name: workspace + workspace: workspace params: - description: Source Repository URL name: git-url @@ -72,11 +76,13 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where to build image. + description: Path to the source code of an application's component from where + to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter path-context + description: Path to the Dockerfile inside the context specified by parameter + path-context name: dockerfile type: string - default: "false" @@ -87,10 +93,6 @@ spec: description: Skip checks against built image name: skip-checks type: string - - default: "true" - description: Skip optional checks, set false if you want to run optional checks - name: skip-optional - type: string - default: "false" description: Execute the build with network isolation name: hermetic @@ -104,12 +106,18 @@ spec: name: java type: string - default: "" - description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "false" description: Build a source image. name: build-source-image type: string + - default: "" + description: Path to a file with build arguments which will be passed to podman + during build + name: build-args-file + type: string results: - description: "" name: IMAGE_URL @@ -135,12 +143,6 @@ spec: value: $(params.rebuild) - name: skip-checks value: $(params.skip-checks) - - name: skip-optional - value: $(params.skip-optional) - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: pipelinerun-uid - value: $(context.pipelineRun.uid) taskRef: params: - name: name @@ -188,7 +190,7 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:cd873246e0d830d8b3d0dc76334348474361101487457f65bc02aab9861aad2c + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:566dfa9cf802e78ee26f8aae57c70cb6aa90f84dfdc929e176db4bc67d596df4 - name: kind value: task resolver: bundles @@ -200,6 +202,8 @@ spec: workspaces: - name: source workspace: workspace + - name: git-basic-auth + workspace: git-auth - name: build-container params: - name: IMAGE @@ -216,6 +220,8 @@ spec: value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) runAfter: - prefetch-dependencies taskRef: @@ -223,7 +229,7 @@ spec: - name: name value: buildah - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.2@sha256:ccd1cebde461112883df1fa2be45d3f81b142e9fb72fb04347840e9830f2a66e + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.2@sha256:60c99bd62dbdb0edcd8606639f653adf115433f47f0deb43e7eb3a847c10392f - name: kind value: task resolver: bundles @@ -246,7 +252,7 @@ spec: - name: name value: source-build - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:399cddeda7b33ef16872d469d0e2bb5f44a3ff0efa7d3cffa4bd9ff7130faea6 + value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:a964e3b02902735fe7f6a5398d9a7caddf5c0a7cc9f01792c849ca6d69d5d1a1 - name: kind value: task resolver: bundles @@ -306,9 +312,29 @@ spec: operator: in values: - "false" - - name: sast-snyk-check + - name: ecosystem-cert-preflight-checks + params: + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) runAfter: - build-container + taskRef: + params: + - name: name + value: ecosystem-cert-preflight-checks + - name: bundle + value: quay.io/redhat-appstudio-tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:13a1013abebdd8dc398c41d2c72da41664086d390ea6ab9912905c1dfee08fbf + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + runAfter: + - clone-repository taskRef: params: - name: name @@ -326,12 +352,29 @@ spec: workspaces: - name: workspace workspace: workspace + - name: clamav-scan params: - name: image-digest value: $(tasks.build-container.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-container.results.IMAGE_URL) - - name: clamav-scan + runAfter: + - build-container + taskRef: + params: + - name: name + value: clamav-scan + - name: bundle + value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:3e2891c232dc03fb5c7746fc615e1827afbd6931843e42b19cb8a6c04276ed32 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: rpms-signature-scan params: - name: image-digest value: $(tasks.build-container.results.IMAGE_DIGEST) @@ -342,9 +385,9 @@ spec: taskRef: params: - name: name - value: clamav-scan + value: rpms-signature-scan - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.2@sha256:d586428498a2e27ff7c0eb2591181f05e783871db0cc16112acd2e1ee0a77b8b + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:8f3b23bf1b0ef55cc79d28604d2397a0101ac9c0c42ae26e26532eb2778c801b - name: kind value: task resolver: bundles @@ -373,4 +416,4 @@ spec: - name: git-auth secret: secretName: '{{ git_auth_secret }}' -status: {} +status: {} \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index be014a8d..cd32cb00 100755 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22 AS builder +FROM registry.ci.openshift.org/stolostron/builder:go1.22-linux AS builder ENV SOURCE_DIR=/maestro WORKDIR $SOURCE_DIR @@ -26,4 +26,4 @@ LABEL name="maestro" \ description="maestro API" \ io.k8s.description="maestro API" \ io.k8s.display-name="maestro" \ - io.openshift.tags="maestro" \ No newline at end of file + io.openshift.tags="maestro"