forked from stolostron/multicloud-operators-foundation
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Appstudio update multicloud-manager (stolostron#606) Co-authored-by: redhat-appstudio <[email protected]> * Update RHTAP references (stolostron#609) Co-authored-by: red-hat-trusted-app-pipeline <123456+red-hat-trusted-app-pipeline[bot]@users.noreply.github.com> * Red Hat Trusted App Pipeline update multicloud-manager (stolostron#608) * Appstudio update multicloud-manager * Red Hat Trusted App Pipeline update multicloud-manager --------- Co-authored-by: redhat-appstudio <[email protected]> Co-authored-by: red-hat-trusted-app-pipeline <[email protected]> Co-authored-by: Gurney Buchanan <[email protected]> --------- Co-authored-by: red-hat-trusted-app-pipeline[bot] <126015336+red-hat-trusted-app-pipeline[bot]@users.noreply.github.com> Co-authored-by: redhat-appstudio <[email protected]> Co-authored-by: red-hat-trusted-app-pipeline <123456+red-hat-trusted-app-pipeline[bot]@users.noreply.github.com> Co-authored-by: red-hat-trusted-app-pipeline <[email protected]> Co-authored-by: Gurney Buchanan <[email protected]>
- Loading branch information
6 people
authored
May 16, 2023
1 parent
8fdf173
commit a581bc5
Showing
2 changed files
with
717 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,360 @@ | ||
| apiVersion: tekton.dev/v1beta1 | ||
| kind: PipelineRun | ||
| metadata: | ||
| annotations: | ||
| build.appstudio.openshift.io/repo: https://github.com/stolostron/multicloud-operators-foundation?rev={{revision}} | ||
| build.appstudio.redhat.com/commit_sha: '{{revision}}' | ||
| build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' | ||
| build.appstudio.redhat.com/target_branch: '{{target_branch}}' | ||
| pipelinesascode.tekton.dev/max-keep-runs: "3" | ||
| pipelinesascode.tekton.dev/on-event: '[pull_request]' | ||
| pipelinesascode.tekton.dev/on-target-branch: '[backplane-2.4]' | ||
| creationTimestamp: null | ||
| labels: | ||
| appstudio.openshift.io/application: mce-24 | ||
| appstudio.openshift.io/component: multicloud-manager | ||
| pipelines.appstudio.openshift.io/type: build | ||
| name: multicloud-manager-on-pull-request | ||
| namespace: crt-redhat-acm-tenant | ||
| spec: | ||
| params: | ||
| - name: dockerfile | ||
| value: Dockerfile | ||
| - name: git-url | ||
| value: '{{repo_url}}' | ||
| - name: image-expires-after | ||
| value: 5d | ||
| - name: output-image | ||
| value: quay.io/redhat-user-workloads/crt-redhat-acm-tenant/mce-24/multicloud-manager:on-pr-{{revision}} | ||
| - name: path-context | ||
| value: . | ||
| - name: revision | ||
| value: '{{revision}}' | ||
| pipelineSpec: | ||
| finally: | ||
| - name: show-sbom | ||
| params: | ||
| - name: IMAGE_URL | ||
| value: $(tasks.build-container.results.IMAGE_URL) | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:050bab50254e0377c68d63b6b679decfc655e30cad9ce4b0407fc8468852008d | ||
| name: show-sbom | ||
| - name: show-summary | ||
| params: | ||
| - name: pipelinerun-name | ||
| value: $(context.pipelineRun.name) | ||
| - name: git-url | ||
| value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) | ||
| - name: image-url | ||
| value: $(params.output-image) | ||
| - name: build-task-status | ||
| value: $(tasks.build-container.status) | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:9e21e57456c026c15765db23b986e47fc1394fa5d4823d3038b697971dd1a2bd | ||
| name: summary | ||
| params: | ||
| - description: Source Repository URL | ||
| name: git-url | ||
| type: string | ||
| - default: "" | ||
| description: Revision of the Source Repository | ||
| name: revision | ||
| type: string | ||
| - description: Fully Qualified Output Image | ||
| name: output-image | ||
| type: string | ||
| - default: . | ||
| description: The path to your source code | ||
| name: path-context | ||
| type: string | ||
| - default: Dockerfile | ||
| description: Path to the Dockerfile | ||
| name: dockerfile | ||
| type: string | ||
| - default: "false" | ||
| description: Force rebuild image | ||
| name: rebuild | ||
| type: string | ||
| - default: "false" | ||
| description: Skip checks against built image | ||
| name: skip-checks | ||
| type: string | ||
| - default: "false" | ||
| description: Execute the build with network isolation | ||
| name: hermetic | ||
| type: string | ||
| - default: "" | ||
| description: Build dependencies to be prefetched by Cachi2 | ||
| name: prefetch-input | ||
| type: string | ||
| - default: "false" | ||
| description: Java build | ||
| name: java | ||
| type: string | ||
| - default: "" | ||
| description: Snyk Token Secret Name | ||
| name: snyk-secret | ||
| type: string | ||
| - default: "" | ||
| description: Image tag expiration time, time values could be something like | ||
| 1h, 2d, 3w for hours, days, and weeks, respectively. | ||
| name: image-expires-after | ||
| results: | ||
| - description: "" | ||
| name: IMAGE_URL | ||
| value: $(tasks.build-container.results.IMAGE_URL) | ||
| - description: "" | ||
| name: IMAGE_DIGEST | ||
| value: $(tasks.build-container.results.IMAGE_DIGEST) | ||
| - description: "" | ||
| name: CHAINS-GIT_URL | ||
| value: $(tasks.clone-repository.results.url) | ||
| - description: "" | ||
| name: CHAINS-GIT_COMMIT | ||
| value: $(tasks.clone-repository.results.commit) | ||
| - description: "" | ||
| name: JAVA_COMMUNITY_DEPENDENCIES | ||
| value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) | ||
| tasks: | ||
| - name: init | ||
| params: | ||
| - name: image-url | ||
| value: $(params.output-image) | ||
| - name: rebuild | ||
| value: $(params.rebuild) | ||
| - name: skip-checks | ||
| value: $(params.skip-checks) | ||
| - name: pipelinerun-name | ||
| value: $(context.pipelineRun.name) | ||
| - name: pipelinerun-uid | ||
| value: $(context.pipelineRun.uid) | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:8c06b307b7f74622503b80ff0b81ffda63129959f52f8ed8f753d8ab98f38411 | ||
| name: init | ||
| - name: clone-repository | ||
| params: | ||
| - name: url | ||
| value: $(params.git-url) | ||
| - name: revision | ||
| value: $(params.revision) | ||
| runAfter: | ||
| - init | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:458f4853a01c3273bd76076ac1b015d5f901e70fb4b776f788b577adb25bf5f8 | ||
| name: git-clone | ||
| when: | ||
| - input: $(tasks.init.results.build) | ||
| operator: in | ||
| values: | ||
| - "true" | ||
| workspaces: | ||
| - name: output | ||
| workspace: workspace | ||
| - name: basic-auth | ||
| workspace: git-auth | ||
| - name: prefetch-dependencies | ||
| params: | ||
| - name: input | ||
| value: $(params.prefetch-input) | ||
| runAfter: | ||
| - clone-repository | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:a7f4bb77c2e3949fa782f45c8ac9aa7f91cdde45dbc8ad408770eb902d830a0a | ||
| name: prefetch-dependencies | ||
| when: | ||
| - input: $(params.hermetic) | ||
| operator: in | ||
| values: | ||
| - "true" | ||
| workspaces: | ||
| - name: source | ||
| workspace: workspace | ||
| - name: build-container | ||
| params: | ||
| - name: IMAGE | ||
| value: $(params.output-image) | ||
| - name: DOCKERFILE | ||
| value: $(params.dockerfile) | ||
| - name: CONTEXT | ||
| value: $(params.path-context) | ||
| - name: DOCKER_AUTH | ||
| value: $(tasks.init.results.container-registry-secret) | ||
| - name: HERMETIC | ||
| value: $(params.hermetic) | ||
| - name: PREFETCH_INPUT | ||
| value: $(params.prefetch-input) | ||
| - name: IMAGE_EXPIRES_AFTER | ||
| value: $(params.image-expires-after) | ||
| runAfter: | ||
| - prefetch-dependencies | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:0852e61c1018d7f7a47ac2bd63fbda1d3d2247392624c2176ec341e343386b7c | ||
| name: buildah | ||
| when: | ||
| - input: $(tasks.init.results.build) | ||
| operator: in | ||
| values: | ||
| - "true" | ||
| workspaces: | ||
| - name: source | ||
| workspace: workspace | ||
| - name: inspect-image | ||
| params: | ||
| - name: IMAGE_URL | ||
| value: $(tasks.build-container.results.IMAGE_URL) | ||
| - name: IMAGE_DIGEST | ||
| value: $(tasks.build-container.results.IMAGE_DIGEST) | ||
| - name: DOCKER_AUTH | ||
| value: $(tasks.init.results.container-registry-secret) | ||
| runAfter: | ||
| - build-container | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:f7f3f86256f12d151463133d6c4ffc667087a87281ff2bc67c53c29f6463cd99 | ||
| name: inspect-image | ||
| when: | ||
| - input: $(params.skip-checks) | ||
| operator: in | ||
| values: | ||
| - "false" | ||
| workspaces: | ||
| - name: source | ||
| workspace: workspace | ||
| - name: label-check | ||
| runAfter: | ||
| - inspect-image | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:76dee4b8c534986f98ab7d6e89aea14582faf0f1128a09a7f058a4f059d0fcf0 | ||
| name: label-check | ||
| when: | ||
| - input: $(params.skip-checks) | ||
| operator: in | ||
| values: | ||
| - "false" | ||
| workspaces: | ||
| - name: workspace | ||
| workspace: workspace | ||
| - name: optional-label-check | ||
| params: | ||
| - name: POLICY_NAMESPACE | ||
| value: optional_checks | ||
| runAfter: | ||
| - inspect-image | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:76dee4b8c534986f98ab7d6e89aea14582faf0f1128a09a7f058a4f059d0fcf0 | ||
| name: label-check | ||
| when: | ||
| - input: $(params.skip-checks) | ||
| operator: in | ||
| values: | ||
| - "false" | ||
| workspaces: | ||
| - name: workspace | ||
| workspace: workspace | ||
| - name: deprecated-base-image-check | ||
| params: | ||
| - name: BASE_IMAGES_DIGESTS | ||
| value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.2@sha256:f6ad9c9b2a019d28e712287cf3cb5fe42df3078a02af0db75f0e76e6060063ca | ||
| name: deprecated-image-check | ||
| when: | ||
| - input: $(params.skip-checks) | ||
| operator: in | ||
| values: | ||
| - "false" | ||
| workspaces: | ||
| - name: test-ws | ||
| workspace: workspace | ||
| - name: clair-scan | ||
| params: | ||
| - name: image-digest | ||
| value: $(tasks.build-container.results.IMAGE_DIGEST) | ||
| - name: image-url | ||
| value: $(tasks.build-container.results.IMAGE_URL) | ||
| - name: docker-auth | ||
| value: $(tasks.init.results.container-registry-secret) | ||
| runAfter: | ||
| - build-container | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:e654ebb13c0b6d98cde388dfd33e258b7368eea5a5a37f3b2edfef7a3e23ffc2 | ||
| name: clair-scan | ||
| when: | ||
| - input: $(params.skip-checks) | ||
| operator: in | ||
| values: | ||
| - "false" | ||
| - name: sast-snyk-check | ||
| params: | ||
| - name: SNYK_SECRET | ||
| value: $(params.snyk-secret) | ||
| runAfter: | ||
| - clone-repository | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:1bafbb8bb1f41985be67a622080b022d2a6ff8b51b606f7002069df7e79d0cff | ||
| name: sast-snyk-check | ||
| when: | ||
| - input: $(params.skip-checks) | ||
| operator: in | ||
| values: | ||
| - "false" | ||
| - input: $(params.snyk-secret) | ||
| operator: notin | ||
| values: | ||
| - "" | ||
| workspaces: | ||
| - name: workspace | ||
| workspace: workspace | ||
| - name: clamav-scan | ||
| params: | ||
| - name: image-digest | ||
| value: $(tasks.build-container.results.IMAGE_DIGEST) | ||
| - name: image-url | ||
| value: $(tasks.build-container.results.IMAGE_URL) | ||
| - name: docker-auth | ||
| value: $(tasks.init.results.container-registry-secret) | ||
| runAfter: | ||
| - build-container | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:2317e03a1bc713cbfb1f7ad40b3bec587f00ec55ca6a6ae2fc33f921908c6d96 | ||
| name: clamav-scan | ||
| when: | ||
| - input: $(params.skip-checks) | ||
| operator: in | ||
| values: | ||
| - "false" | ||
| - name: sbom-json-check | ||
| params: | ||
| - name: IMAGE_URL | ||
| value: $(tasks.build-container.results.IMAGE_URL) | ||
| - name: IMAGE_DIGEST | ||
| value: $(tasks.build-container.results.IMAGE_DIGEST) | ||
| runAfter: | ||
| - build-container | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:3fe90c210a4df9c98d5a32a2eeeaa36ca4a5c8a199d56b512076ffca9d3db483 | ||
| name: sbom-json-check | ||
| when: | ||
| - input: $(params.skip-checks) | ||
| operator: in | ||
| values: | ||
| - "false" | ||
| workspaces: | ||
| - name: workspace | ||
| - name: git-auth | ||
| optional: true | ||
| workspaces: | ||
| - name: workspace | ||
| volumeClaimTemplate: | ||
| metadata: | ||
| creationTimestamp: null | ||
| spec: | ||
| accessModes: | ||
| - ReadWriteOnce | ||
| resources: | ||
| requests: | ||
| storage: 1Gi | ||
| status: {} | ||
| - name: git-auth | ||
| secret: | ||
| secretName: '{{ git_auth_secret }}' | ||
| status: {} |
Oops, something went wrong.