From 52b471acca63ee47de8539ca32bf67369e4bfedb Mon Sep 17 00:00:00 2001 From: ccronca Date: Fri, 16 Aug 2024 12:21:05 +0200 Subject: [PATCH 1/2] fix(KONFLUX-3663): format Tekton PipelineRun files Format PipelineRun files with yq for consistent indentation and format Signed-off-by: ccronca --- ...-global-hub-agent-globalhub-1-3-pull-request.yaml | 12 ++++-------- ...icluster-global-hub-agent-globalhub-1-3-push.yaml | 12 ++++-------- ...lobal-hub-manager-globalhub-1-3-pull-request.yaml | 12 ++++-------- ...luster-global-hub-manager-globalhub-1-3-push.yaml | 12 ++++-------- ...obal-hub-operator-globalhub-1-3-pull-request.yaml | 12 ++++-------- ...uster-global-hub-operator-globalhub-1-3-push.yaml | 12 ++++-------- 6 files changed, 24 insertions(+), 48 deletions(-) diff --git a/.tekton/multicluster-global-hub-agent-globalhub-1-3-pull-request.yaml b/.tekton/multicluster-global-hub-agent-globalhub-1-3-pull-request.yaml index bf3483642..160b72b07 100644 --- a/.tekton/multicluster-global-hub-agent-globalhub-1-3-pull-request.yaml +++ b/.tekton/multicluster-global-hub-agent-globalhub-1-3-pull-request.yaml @@ -7,8 +7,7 @@ metadata: build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch - == "main" + pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main" creationTimestamp: null labels: appstudio.openshift.io/application: release-globalhub-1-3 @@ -79,13 +78,11 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where - to build image. + description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context + description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" @@ -109,8 +106,7 @@ spec: name: java type: string - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "false" description: Build a source image. diff --git a/.tekton/multicluster-global-hub-agent-globalhub-1-3-push.yaml b/.tekton/multicluster-global-hub-agent-globalhub-1-3-push.yaml index 4975762c2..64727eae9 100644 --- a/.tekton/multicluster-global-hub-agent-globalhub-1-3-push.yaml +++ b/.tekton/multicluster-global-hub-agent-globalhub-1-3-push.yaml @@ -6,8 +6,7 @@ metadata: build.appstudio.redhat.com/commit_sha: '{{revision}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch - == "release-2.12" + pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "release-2.12" creationTimestamp: null labels: appstudio.openshift.io/application: release-globalhub-1-3 @@ -76,13 +75,11 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where - to build image. + description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context + description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" @@ -106,8 +103,7 @@ spec: name: java type: string - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "false" description: Build a source image. diff --git a/.tekton/multicluster-global-hub-manager-globalhub-1-3-pull-request.yaml b/.tekton/multicluster-global-hub-manager-globalhub-1-3-pull-request.yaml index d2f07e13d..d31c44eb3 100644 --- a/.tekton/multicluster-global-hub-manager-globalhub-1-3-pull-request.yaml +++ b/.tekton/multicluster-global-hub-manager-globalhub-1-3-pull-request.yaml @@ -7,8 +7,7 @@ metadata: build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch - == "main" + pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main" creationTimestamp: null labels: appstudio.openshift.io/application: release-globalhub-1-3 @@ -79,13 +78,11 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where - to build image. + description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context + description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" @@ -109,8 +106,7 @@ spec: name: java type: string - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "false" description: Build a source image. diff --git a/.tekton/multicluster-global-hub-manager-globalhub-1-3-push.yaml b/.tekton/multicluster-global-hub-manager-globalhub-1-3-push.yaml index cae336ac5..b3615f474 100644 --- a/.tekton/multicluster-global-hub-manager-globalhub-1-3-push.yaml +++ b/.tekton/multicluster-global-hub-manager-globalhub-1-3-push.yaml @@ -6,8 +6,7 @@ metadata: build.appstudio.redhat.com/commit_sha: '{{revision}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch - == "release-2.12" + pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "release-2.12" creationTimestamp: null labels: appstudio.openshift.io/application: release-globalhub-1-3 @@ -76,13 +75,11 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where - to build image. + description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context + description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" @@ -106,8 +103,7 @@ spec: name: java type: string - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "false" description: Build a source image. diff --git a/.tekton/multicluster-global-hub-operator-globalhub-1-3-pull-request.yaml b/.tekton/multicluster-global-hub-operator-globalhub-1-3-pull-request.yaml index ebc97e74c..5fb8446d3 100644 --- a/.tekton/multicluster-global-hub-operator-globalhub-1-3-pull-request.yaml +++ b/.tekton/multicluster-global-hub-operator-globalhub-1-3-pull-request.yaml @@ -7,8 +7,7 @@ metadata: build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch - == "main" + pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main" creationTimestamp: null labels: appstudio.openshift.io/application: release-globalhub-1-3 @@ -79,13 +78,11 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where - to build image. + description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context + description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" @@ -109,8 +106,7 @@ spec: name: java type: string - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "false" description: Build a source image. diff --git a/.tekton/multicluster-global-hub-operator-globalhub-1-3-push.yaml b/.tekton/multicluster-global-hub-operator-globalhub-1-3-push.yaml index 37f0b9fad..46c547cff 100644 --- a/.tekton/multicluster-global-hub-operator-globalhub-1-3-push.yaml +++ b/.tekton/multicluster-global-hub-operator-globalhub-1-3-push.yaml @@ -6,8 +6,7 @@ metadata: build.appstudio.redhat.com/commit_sha: '{{revision}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch - == "release-2.12" + pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "release-2.12" creationTimestamp: null labels: appstudio.openshift.io/application: release-globalhub-1-3 @@ -76,13 +75,11 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where - to build image. + description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context + description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" @@ -106,8 +103,7 @@ spec: name: java type: string - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "false" description: Build a source image. From 11066050c60ce2e8be2f9d494cdee16cba357852 Mon Sep 17 00:00:00 2001 From: ccronca Date: Fri, 16 Aug 2024 12:21:06 +0200 Subject: [PATCH 2/2] fix(KONFLUX-3663): upload SAST results to quay.io Configure the SAST task to upload SARIF results to quay.io for long-term storage Signed-off-by: ccronca --- ...luster-global-hub-agent-globalhub-1-3-pull-request.yaml | 7 ++++++- .../multicluster-global-hub-agent-globalhub-1-3-push.yaml | 7 ++++++- ...ster-global-hub-manager-globalhub-1-3-pull-request.yaml | 7 ++++++- ...multicluster-global-hub-manager-globalhub-1-3-push.yaml | 7 ++++++- ...ter-global-hub-operator-globalhub-1-3-pull-request.yaml | 7 ++++++- ...ulticluster-global-hub-operator-globalhub-1-3-push.yaml | 7 ++++++- 6 files changed, 36 insertions(+), 6 deletions(-) diff --git a/.tekton/multicluster-global-hub-agent-globalhub-1-3-pull-request.yaml b/.tekton/multicluster-global-hub-agent-globalhub-1-3-pull-request.yaml index 160b72b07..22f9c95d4 100644 --- a/.tekton/multicluster-global-hub-agent-globalhub-1-3-pull-request.yaml +++ b/.tekton/multicluster-global-hub-agent-globalhub-1-3-pull-request.yaml @@ -343,7 +343,7 @@ spec: - "false" - name: sast-snyk-check runAfter: - - clone-repository + - build-container taskRef: params: - name: name @@ -361,6 +361,11 @@ spec: workspaces: - name: workspace workspace: workspace + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) - name: clamav-scan params: - name: image-digest diff --git a/.tekton/multicluster-global-hub-agent-globalhub-1-3-push.yaml b/.tekton/multicluster-global-hub-agent-globalhub-1-3-push.yaml index 64727eae9..ac966ff03 100644 --- a/.tekton/multicluster-global-hub-agent-globalhub-1-3-push.yaml +++ b/.tekton/multicluster-global-hub-agent-globalhub-1-3-push.yaml @@ -340,7 +340,7 @@ spec: - "false" - name: sast-snyk-check runAfter: - - clone-repository + - build-container taskRef: params: - name: name @@ -358,6 +358,11 @@ spec: workspaces: - name: workspace workspace: workspace + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) - name: clamav-scan params: - name: image-digest diff --git a/.tekton/multicluster-global-hub-manager-globalhub-1-3-pull-request.yaml b/.tekton/multicluster-global-hub-manager-globalhub-1-3-pull-request.yaml index d31c44eb3..c15d77935 100644 --- a/.tekton/multicluster-global-hub-manager-globalhub-1-3-pull-request.yaml +++ b/.tekton/multicluster-global-hub-manager-globalhub-1-3-pull-request.yaml @@ -343,7 +343,7 @@ spec: - "false" - name: sast-snyk-check runAfter: - - clone-repository + - build-container taskRef: params: - name: name @@ -361,6 +361,11 @@ spec: workspaces: - name: workspace workspace: workspace + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) - name: clamav-scan params: - name: image-digest diff --git a/.tekton/multicluster-global-hub-manager-globalhub-1-3-push.yaml b/.tekton/multicluster-global-hub-manager-globalhub-1-3-push.yaml index b3615f474..4ec0a8f90 100644 --- a/.tekton/multicluster-global-hub-manager-globalhub-1-3-push.yaml +++ b/.tekton/multicluster-global-hub-manager-globalhub-1-3-push.yaml @@ -340,7 +340,7 @@ spec: - "false" - name: sast-snyk-check runAfter: - - clone-repository + - build-container taskRef: params: - name: name @@ -358,6 +358,11 @@ spec: workspaces: - name: workspace workspace: workspace + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) - name: clamav-scan params: - name: image-digest diff --git a/.tekton/multicluster-global-hub-operator-globalhub-1-3-pull-request.yaml b/.tekton/multicluster-global-hub-operator-globalhub-1-3-pull-request.yaml index 5fb8446d3..05f073967 100644 --- a/.tekton/multicluster-global-hub-operator-globalhub-1-3-pull-request.yaml +++ b/.tekton/multicluster-global-hub-operator-globalhub-1-3-pull-request.yaml @@ -343,7 +343,7 @@ spec: - "false" - name: sast-snyk-check runAfter: - - clone-repository + - build-container taskRef: params: - name: name @@ -361,6 +361,11 @@ spec: workspaces: - name: workspace workspace: workspace + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) - name: clamav-scan params: - name: image-digest diff --git a/.tekton/multicluster-global-hub-operator-globalhub-1-3-push.yaml b/.tekton/multicluster-global-hub-operator-globalhub-1-3-push.yaml index 46c547cff..7c7b55511 100644 --- a/.tekton/multicluster-global-hub-operator-globalhub-1-3-push.yaml +++ b/.tekton/multicluster-global-hub-operator-globalhub-1-3-push.yaml @@ -340,7 +340,7 @@ spec: - "false" - name: sast-snyk-check runAfter: - - clone-repository + - build-container taskRef: params: - name: name @@ -358,6 +358,11 @@ spec: workspaces: - name: workspace workspace: workspace + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) - name: clamav-scan params: - name: image-digest