From a171711412481f3896af0556ed60347a2d54a02f Mon Sep 17 00:00:00 2001 From: redhat-appstudio Date: Thu, 6 Apr 2023 11:58:36 +0000 Subject: [PATCH 1/5] Appstudio update devfile-sample-java-springboot-basic-y3fx --- ...va-springboot-basic-y3fx-pull-request.yaml | 344 ++++++++++++++++++ ...ample-java-springboot-basic-y3fx-push.yaml | 343 +++++++++++++++++ 2 files changed, 687 insertions(+) create mode 100644 .tekton/devfile-sample-java-springboot-basic-y3fx-pull-request.yaml create mode 100644 .tekton/devfile-sample-java-springboot-basic-y3fx-push.yaml diff --git a/.tekton/devfile-sample-java-springboot-basic-y3fx-pull-request.yaml b/.tekton/devfile-sample-java-springboot-basic-y3fx-pull-request.yaml new file mode 100644 index 00000000..4b23d6af --- /dev/null +++ b/.tekton/devfile-sample-java-springboot-basic-y3fx-pull-request.yaml @@ -0,0 +1,344 @@ +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-event: '[pull_request]' + pipelinesascode.tekton.dev/on-target-branch: '[main]' + creationTimestamp: null + labels: + appstudio.openshift.io/application: my-app-1 + appstudio.openshift.io/component: devfile-sample-java-springboot-basic-y3fx + pipelines.appstudio.openshift.io/type: build + name: devfile-sample-java-springboot-basic-y3fx-on-pull-request + namespace: marialeonova-tenant +spec: + params: + - name: dockerfile + value: docker/Dockerfile + - name: git-url + value: '{{repo_url}}' + - name: output-image + value: quay.io/redhat-appstudio/user-workload:on-pr-{{revision}} + - name: path-context + value: . + - name: revision + value: '{{revision}}' + pipelineSpec: + finally: + - name: show-summary + params: + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: git-url + value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) + - name: image-url + value: $(params.output-image) + - name: build-task-status + value: $(tasks.build-container.status) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:c0f66b28c338426774e34a8d4a00349fbab798b19df5841a95727148d5ef3c65 + name: summary + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: The path to your source code + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile + name: dockerfile + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched by Cachi2 + name: prefetch-input + type: string + - default: "false" + description: Java build + name: java + type: string + - default: "" + description: Snyk Token Secret Name + name: snyk-secret + type: string + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + - description: "" + name: JAVA_COMMUNITY_DEPENDENCIES + value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) + tasks: + - name: init + params: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: skip-checks + value: $(params.skip-checks) + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: pipelinerun-uid + value: $(context.pipelineRun.uid) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:5ce77110e2a49407a69a7922042dc0859f7e8f5f75dc0cd0bcc2d17860469bdb + name: init + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + runAfter: + - init + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:f4e37778cba00296606ddfbc1c58181330899cafcaa1ee41c75a7cf8bed312f0 + name: git-clone + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + runAfter: + - clone-repository + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:6090a9a142a1eefe30b098f41a48e0e6387e185892e5a7c004607efcbe986db9 + name: prefetch-dependencies + when: + - input: $(params.hermetic) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: DOCKER_AUTH + value: $(tasks.init.results.container-registry-secret) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + runAfter: + - prefetch-dependencies + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:7c72b89f87b138e3543f96769047b3e6b8f5c5b0d325f61eb0c0711ecfdeb8ce + name: buildah + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: inspect-image + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: DOCKER_AUTH + value: $(tasks.init.results.container-registry-secret) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:ab8d8d2083f16f1e74cf971868d4dd350fc9749ba80119996dc11b98d3616ab9 + name: inspect-image + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: source + workspace: workspace + - name: label-check + runAfter: + - inspect-image + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:cbdc39e7462ed983d782827fbe135076450132f7476260b830b290c4067af7c5 + name: label-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: optional-label-check + params: + - name: POLICY_NAMESPACE + value: optional_checks + runAfter: + - inspect-image + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:cbdc39e7462ed983d782827fbe135076450132f7476260b830b290c4067af7c5 + name: label-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: deprecated-base-image-check + params: + - name: BASE_IMAGES_DIGESTS + value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.1@sha256:9263d860ffac00384de986e034755d1bbf80cd7b138d642c4b8d230946670f4d + name: deprecated-image-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: test-ws + workspace: workspace + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + - name: docker-auth + value: $(tasks.init.results.container-registry-secret) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:1b71542275a9ef3113524668d146154cbc8b16de7f6edf741d0dca7c40192c59 + name: clair-scan + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + params: + - name: SNYK_SECRET + value: $(params.snyk-secret) + runAfter: + - clone-repository + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:caabbe332e8417c48f98eac8d58373df57a5d9d676815a6a152e0fed4102baa6 + name: sast-snyk-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - input: $(params.snyk-secret) + operator: notin + values: + - "" + workspaces: + - name: workspace + workspace: workspace + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + - name: docker-auth + value: $(tasks.init.results.container-registry-secret) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:d01c942c140ef0264888bea2bb5c31c1044fdd6459aef3f23669b8518dc278d7 + name: clamav-scan + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sbom-json-check + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:32397db2f972c1bf9d2479f067d5169b65dec381f0152373c86b56bb4dab35e6 + name: sbom-json-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + - name: git-auth + optional: true + workspaces: + - name: workspace + volumeClaimTemplate: + metadata: + creationTimestamp: null + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: {} + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} diff --git a/.tekton/devfile-sample-java-springboot-basic-y3fx-push.yaml b/.tekton/devfile-sample-java-springboot-basic-y3fx-push.yaml new file mode 100644 index 00000000..68e5a749 --- /dev/null +++ b/.tekton/devfile-sample-java-springboot-basic-y3fx-push.yaml @@ -0,0 +1,343 @@ +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-event: '[push]' + pipelinesascode.tekton.dev/on-target-branch: '[main]' + creationTimestamp: null + labels: + appstudio.openshift.io/application: my-app-1 + appstudio.openshift.io/component: devfile-sample-java-springboot-basic-y3fx + pipelines.appstudio.openshift.io/type: build + name: devfile-sample-java-springboot-basic-y3fx-on-push + namespace: marialeonova-tenant +spec: + params: + - name: dockerfile + value: docker/Dockerfile + - name: git-url + value: '{{repo_url}}' + - name: output-image + value: quay.io/redhat-appstudio/user-workload:{{revision}} + - name: path-context + value: . + - name: revision + value: '{{revision}}' + pipelineSpec: + finally: + - name: show-summary + params: + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: git-url + value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) + - name: image-url + value: $(params.output-image) + - name: build-task-status + value: $(tasks.build-container.status) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:c0f66b28c338426774e34a8d4a00349fbab798b19df5841a95727148d5ef3c65 + name: summary + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: The path to your source code + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile + name: dockerfile + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched by Cachi2 + name: prefetch-input + type: string + - default: "false" + description: Java build + name: java + type: string + - default: "" + description: Snyk Token Secret Name + name: snyk-secret + type: string + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + - description: "" + name: JAVA_COMMUNITY_DEPENDENCIES + value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) + tasks: + - name: init + params: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: skip-checks + value: $(params.skip-checks) + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: pipelinerun-uid + value: $(context.pipelineRun.uid) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:5ce77110e2a49407a69a7922042dc0859f7e8f5f75dc0cd0bcc2d17860469bdb + name: init + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + runAfter: + - init + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:f4e37778cba00296606ddfbc1c58181330899cafcaa1ee41c75a7cf8bed312f0 + name: git-clone + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + runAfter: + - clone-repository + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:6090a9a142a1eefe30b098f41a48e0e6387e185892e5a7c004607efcbe986db9 + name: prefetch-dependencies + when: + - input: $(params.hermetic) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: DOCKER_AUTH + value: $(tasks.init.results.container-registry-secret) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + runAfter: + - prefetch-dependencies + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:7c72b89f87b138e3543f96769047b3e6b8f5c5b0d325f61eb0c0711ecfdeb8ce + name: buildah + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: inspect-image + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: DOCKER_AUTH + value: $(tasks.init.results.container-registry-secret) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:ab8d8d2083f16f1e74cf971868d4dd350fc9749ba80119996dc11b98d3616ab9 + name: inspect-image + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: source + workspace: workspace + - name: label-check + runAfter: + - inspect-image + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:cbdc39e7462ed983d782827fbe135076450132f7476260b830b290c4067af7c5 + name: label-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: optional-label-check + params: + - name: POLICY_NAMESPACE + value: optional_checks + runAfter: + - inspect-image + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:cbdc39e7462ed983d782827fbe135076450132f7476260b830b290c4067af7c5 + name: label-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: deprecated-base-image-check + params: + - name: BASE_IMAGES_DIGESTS + value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.1@sha256:9263d860ffac00384de986e034755d1bbf80cd7b138d642c4b8d230946670f4d + name: deprecated-image-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: test-ws + workspace: workspace + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + - name: docker-auth + value: $(tasks.init.results.container-registry-secret) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:1b71542275a9ef3113524668d146154cbc8b16de7f6edf741d0dca7c40192c59 + name: clair-scan + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + params: + - name: SNYK_SECRET + value: $(params.snyk-secret) + runAfter: + - clone-repository + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:caabbe332e8417c48f98eac8d58373df57a5d9d676815a6a152e0fed4102baa6 + name: sast-snyk-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - input: $(params.snyk-secret) + operator: notin + values: + - "" + workspaces: + - name: workspace + workspace: workspace + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + - name: docker-auth + value: $(tasks.init.results.container-registry-secret) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:d01c942c140ef0264888bea2bb5c31c1044fdd6459aef3f23669b8518dc278d7 + name: clamav-scan + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sbom-json-check + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:32397db2f972c1bf9d2479f067d5169b65dec381f0152373c86b56bb4dab35e6 + name: sbom-json-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + - name: git-auth + optional: true + workspaces: + - name: workspace + volumeClaimTemplate: + metadata: + creationTimestamp: null + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: {} + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} From db89b5bc4b6058cb6723ea8734508d843fc95078 Mon Sep 17 00:00:00 2001 From: red-hat-trusted-app-pipeline <123456+red-hat-trusted-app-pipeline[bot]@users.noreply.github.com> Date: Fri, 28 Apr 2023 21:25:02 +0000 Subject: [PATCH 2/5] Update RHTAP references --- ...va-springboot-basic-y3fx-pull-request.yaml | 26 +++++++++---------- ...ample-java-springboot-basic-y3fx-push.yaml | 26 +++++++++---------- 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/.tekton/devfile-sample-java-springboot-basic-y3fx-pull-request.yaml b/.tekton/devfile-sample-java-springboot-basic-y3fx-pull-request.yaml index 4b23d6af..6f9b7e33 100644 --- a/.tekton/devfile-sample-java-springboot-basic-y3fx-pull-request.yaml +++ b/.tekton/devfile-sample-java-springboot-basic-y3fx-pull-request.yaml @@ -40,7 +40,7 @@ spec: - name: build-task-status value: $(tasks.build-container.status) taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:c0f66b28c338426774e34a8d4a00349fbab798b19df5841a95727148d5ef3c65 + bundle: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:9e21e57456c026c15765db23b986e47fc1394fa5d4823d3038b697971dd1a2bd name: summary params: - description: Source Repository URL @@ -115,7 +115,7 @@ spec: - name: pipelinerun-uid value: $(context.pipelineRun.uid) taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:5ce77110e2a49407a69a7922042dc0859f7e8f5f75dc0cd0bcc2d17860469bdb + bundle: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:8c06b307b7f74622503b80ff0b81ffda63129959f52f8ed8f753d8ab98f38411 name: init - name: clone-repository params: @@ -126,7 +126,7 @@ spec: runAfter: - init taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:f4e37778cba00296606ddfbc1c58181330899cafcaa1ee41c75a7cf8bed312f0 + bundle: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:458f4853a01c3273bd76076ac1b015d5f901e70fb4b776f788b577adb25bf5f8 name: git-clone when: - input: $(tasks.init.results.build) @@ -145,7 +145,7 @@ spec: runAfter: - clone-repository taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:6090a9a142a1eefe30b098f41a48e0e6387e185892e5a7c004607efcbe986db9 + bundle: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:99f1b1e382ce23efe0017bd60584104bc1e23195c1fed6c37e92863600964d58 name: prefetch-dependencies when: - input: $(params.hermetic) @@ -172,7 +172,7 @@ spec: runAfter: - prefetch-dependencies taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:7c72b89f87b138e3543f96769047b3e6b8f5c5b0d325f61eb0c0711ecfdeb8ce + bundle: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:e5db4074db556616219bab54aa1af1d45d63e4e97fbc26699d1214553655ce8d name: buildah when: - input: $(tasks.init.results.build) @@ -193,7 +193,7 @@ spec: runAfter: - build-container taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:ab8d8d2083f16f1e74cf971868d4dd350fc9749ba80119996dc11b98d3616ab9 + bundle: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:2ce2b3ff81e7a3b39833d87d0e3532db58f34514e22a924523ea71bd42462051 name: inspect-image when: - input: $(params.skip-checks) @@ -207,7 +207,7 @@ spec: runAfter: - inspect-image taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:cbdc39e7462ed983d782827fbe135076450132f7476260b830b290c4067af7c5 + bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:7745da55171bc0cb62454136ed829997a408187d95365c482568f05430dbc8c8 name: label-check when: - input: $(params.skip-checks) @@ -224,7 +224,7 @@ spec: runAfter: - inspect-image taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:cbdc39e7462ed983d782827fbe135076450132f7476260b830b290c4067af7c5 + bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:7745da55171bc0cb62454136ed829997a408187d95365c482568f05430dbc8c8 name: label-check when: - input: $(params.skip-checks) @@ -239,7 +239,7 @@ spec: - name: BASE_IMAGES_DIGESTS value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.1@sha256:9263d860ffac00384de986e034755d1bbf80cd7b138d642c4b8d230946670f4d + bundle: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.2@sha256:515c90c06479d5a61da87fe852a6ebe4e90021791d7387af67d39e0ee2352c83 name: deprecated-image-check when: - input: $(params.skip-checks) @@ -260,7 +260,7 @@ spec: runAfter: - build-container taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:1b71542275a9ef3113524668d146154cbc8b16de7f6edf741d0dca7c40192c59 + bundle: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:21ee481413570713f056921b699c99cb12cccfd8f0cad5509dd92fbfa9d35b4d name: clair-scan when: - input: $(params.skip-checks) @@ -274,7 +274,7 @@ spec: runAfter: - clone-repository taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:caabbe332e8417c48f98eac8d58373df57a5d9d676815a6a152e0fed4102baa6 + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:fb4d3a1f562f1915a9c3b2af621d7b2c2f35716a744177d3499a9b37ce204d6f name: sast-snyk-check when: - input: $(params.skip-checks) @@ -299,7 +299,7 @@ spec: runAfter: - build-container taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:d01c942c140ef0264888bea2bb5c31c1044fdd6459aef3f23669b8518dc278d7 + bundle: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:0ca454a52d3c67bf6911deef0dde819bb97383f5cf568ebe0c843296054dc5f9 name: clamav-scan when: - input: $(params.skip-checks) @@ -315,7 +315,7 @@ spec: runAfter: - build-container taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:32397db2f972c1bf9d2479f067d5169b65dec381f0152373c86b56bb4dab35e6 + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:84f5442d6991f0c01cd2f06435d7a066ed6643e9e6e86864a3256c5461295077 name: sbom-json-check when: - input: $(params.skip-checks) diff --git a/.tekton/devfile-sample-java-springboot-basic-y3fx-push.yaml b/.tekton/devfile-sample-java-springboot-basic-y3fx-push.yaml index 68e5a749..112c0c4e 100644 --- a/.tekton/devfile-sample-java-springboot-basic-y3fx-push.yaml +++ b/.tekton/devfile-sample-java-springboot-basic-y3fx-push.yaml @@ -39,7 +39,7 @@ spec: - name: build-task-status value: $(tasks.build-container.status) taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:c0f66b28c338426774e34a8d4a00349fbab798b19df5841a95727148d5ef3c65 + bundle: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:9e21e57456c026c15765db23b986e47fc1394fa5d4823d3038b697971dd1a2bd name: summary params: - description: Source Repository URL @@ -114,7 +114,7 @@ spec: - name: pipelinerun-uid value: $(context.pipelineRun.uid) taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:5ce77110e2a49407a69a7922042dc0859f7e8f5f75dc0cd0bcc2d17860469bdb + bundle: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:8c06b307b7f74622503b80ff0b81ffda63129959f52f8ed8f753d8ab98f38411 name: init - name: clone-repository params: @@ -125,7 +125,7 @@ spec: runAfter: - init taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:f4e37778cba00296606ddfbc1c58181330899cafcaa1ee41c75a7cf8bed312f0 + bundle: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:458f4853a01c3273bd76076ac1b015d5f901e70fb4b776f788b577adb25bf5f8 name: git-clone when: - input: $(tasks.init.results.build) @@ -144,7 +144,7 @@ spec: runAfter: - clone-repository taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:6090a9a142a1eefe30b098f41a48e0e6387e185892e5a7c004607efcbe986db9 + bundle: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:99f1b1e382ce23efe0017bd60584104bc1e23195c1fed6c37e92863600964d58 name: prefetch-dependencies when: - input: $(params.hermetic) @@ -171,7 +171,7 @@ spec: runAfter: - prefetch-dependencies taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:7c72b89f87b138e3543f96769047b3e6b8f5c5b0d325f61eb0c0711ecfdeb8ce + bundle: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:e5db4074db556616219bab54aa1af1d45d63e4e97fbc26699d1214553655ce8d name: buildah when: - input: $(tasks.init.results.build) @@ -192,7 +192,7 @@ spec: runAfter: - build-container taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:ab8d8d2083f16f1e74cf971868d4dd350fc9749ba80119996dc11b98d3616ab9 + bundle: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:2ce2b3ff81e7a3b39833d87d0e3532db58f34514e22a924523ea71bd42462051 name: inspect-image when: - input: $(params.skip-checks) @@ -206,7 +206,7 @@ spec: runAfter: - inspect-image taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:cbdc39e7462ed983d782827fbe135076450132f7476260b830b290c4067af7c5 + bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:7745da55171bc0cb62454136ed829997a408187d95365c482568f05430dbc8c8 name: label-check when: - input: $(params.skip-checks) @@ -223,7 +223,7 @@ spec: runAfter: - inspect-image taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:cbdc39e7462ed983d782827fbe135076450132f7476260b830b290c4067af7c5 + bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:7745da55171bc0cb62454136ed829997a408187d95365c482568f05430dbc8c8 name: label-check when: - input: $(params.skip-checks) @@ -238,7 +238,7 @@ spec: - name: BASE_IMAGES_DIGESTS value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.1@sha256:9263d860ffac00384de986e034755d1bbf80cd7b138d642c4b8d230946670f4d + bundle: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.2@sha256:515c90c06479d5a61da87fe852a6ebe4e90021791d7387af67d39e0ee2352c83 name: deprecated-image-check when: - input: $(params.skip-checks) @@ -259,7 +259,7 @@ spec: runAfter: - build-container taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:1b71542275a9ef3113524668d146154cbc8b16de7f6edf741d0dca7c40192c59 + bundle: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:21ee481413570713f056921b699c99cb12cccfd8f0cad5509dd92fbfa9d35b4d name: clair-scan when: - input: $(params.skip-checks) @@ -273,7 +273,7 @@ spec: runAfter: - clone-repository taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:caabbe332e8417c48f98eac8d58373df57a5d9d676815a6a152e0fed4102baa6 + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:fb4d3a1f562f1915a9c3b2af621d7b2c2f35716a744177d3499a9b37ce204d6f name: sast-snyk-check when: - input: $(params.skip-checks) @@ -298,7 +298,7 @@ spec: runAfter: - build-container taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:d01c942c140ef0264888bea2bb5c31c1044fdd6459aef3f23669b8518dc278d7 + bundle: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:0ca454a52d3c67bf6911deef0dde819bb97383f5cf568ebe0c843296054dc5f9 name: clamav-scan when: - input: $(params.skip-checks) @@ -314,7 +314,7 @@ spec: runAfter: - build-container taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:32397db2f972c1bf9d2479f067d5169b65dec381f0152373c86b56bb4dab35e6 + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:84f5442d6991f0c01cd2f06435d7a066ed6643e9e6e86864a3256c5461295077 name: sbom-json-check when: - input: $(params.skip-checks) From 588982ded1bdd61a855746d331ace87ce807b1df Mon Sep 17 00:00:00 2001 From: redhat-appstudio Date: Tue, 2 May 2023 12:04:47 +0000 Subject: [PATCH 3/5] Appstudio update devfile-sample-java-springboot-basic-jyga --- ...va-springboot-basic-jyga-pull-request.yaml | 351 ++++++++++++++++++ ...ample-java-springboot-basic-jyga-push.yaml | 350 +++++++++++++++++ 2 files changed, 701 insertions(+) create mode 100644 .tekton/devfile-sample-java-springboot-basic-jyga-pull-request.yaml create mode 100644 .tekton/devfile-sample-java-springboot-basic-jyga-push.yaml diff --git a/.tekton/devfile-sample-java-springboot-basic-jyga-pull-request.yaml b/.tekton/devfile-sample-java-springboot-basic-jyga-pull-request.yaml new file mode 100644 index 00000000..9243597e --- /dev/null +++ b/.tekton/devfile-sample-java-springboot-basic-jyga-pull-request.yaml @@ -0,0 +1,351 @@ +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-event: '[pull_request]' + pipelinesascode.tekton.dev/on-target-branch: '[main]' + creationTimestamp: null + labels: + appstudio.openshift.io/application: my-app-1 + appstudio.openshift.io/component: devfile-sample-java-springboot-basic-jyga + pipelines.appstudio.openshift.io/type: build + name: devfile-sample-java-springboot-basic-jyga-on-pull-request + namespace: mleonova-tenant +spec: + params: + - name: dockerfile + value: docker/Dockerfile + - name: git-url + value: '{{repo_url}}' + - name: output-image + value: quay.io/redhat-user-workloads/mleonova-tenant/my-app-1/devfile-sample-java-springboot-basic-jyga:on-pr-{{revision}} + - name: path-context + value: . + - name: revision + value: '{{revision}}' + pipelineSpec: + finally: + - name: show-sbom + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:050bab50254e0377c68d63b6b679decfc655e30cad9ce4b0407fc8468852008d + name: show-sbom + - name: show-summary + params: + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: git-url + value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) + - name: image-url + value: $(params.output-image) + - name: build-task-status + value: $(tasks.build-container.status) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:9e21e57456c026c15765db23b986e47fc1394fa5d4823d3038b697971dd1a2bd + name: summary + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: The path to your source code + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile + name: dockerfile + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched by Cachi2 + name: prefetch-input + type: string + - default: "false" + description: Java build + name: java + type: string + - default: "" + description: Snyk Token Secret Name + name: snyk-secret + type: string + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + - description: "" + name: JAVA_COMMUNITY_DEPENDENCIES + value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) + tasks: + - name: init + params: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: skip-checks + value: $(params.skip-checks) + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: pipelinerun-uid + value: $(context.pipelineRun.uid) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:8c06b307b7f74622503b80ff0b81ffda63129959f52f8ed8f753d8ab98f38411 + name: init + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + runAfter: + - init + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:458f4853a01c3273bd76076ac1b015d5f901e70fb4b776f788b577adb25bf5f8 + name: git-clone + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + runAfter: + - clone-repository + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:99f1b1e382ce23efe0017bd60584104bc1e23195c1fed6c37e92863600964d58 + name: prefetch-dependencies + when: + - input: $(params.hermetic) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: DOCKER_AUTH + value: $(tasks.init.results.container-registry-secret) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + runAfter: + - prefetch-dependencies + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:e5db4074db556616219bab54aa1af1d45d63e4e97fbc26699d1214553655ce8d + name: buildah + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: inspect-image + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: DOCKER_AUTH + value: $(tasks.init.results.container-registry-secret) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:2ce2b3ff81e7a3b39833d87d0e3532db58f34514e22a924523ea71bd42462051 + name: inspect-image + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: source + workspace: workspace + - name: label-check + runAfter: + - inspect-image + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:7745da55171bc0cb62454136ed829997a408187d95365c482568f05430dbc8c8 + name: label-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: optional-label-check + params: + - name: POLICY_NAMESPACE + value: optional_checks + runAfter: + - inspect-image + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:7745da55171bc0cb62454136ed829997a408187d95365c482568f05430dbc8c8 + name: label-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: deprecated-base-image-check + params: + - name: BASE_IMAGES_DIGESTS + value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.2@sha256:515c90c06479d5a61da87fe852a6ebe4e90021791d7387af67d39e0ee2352c83 + name: deprecated-image-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: test-ws + workspace: workspace + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + - name: docker-auth + value: $(tasks.init.results.container-registry-secret) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:21ee481413570713f056921b699c99cb12cccfd8f0cad5509dd92fbfa9d35b4d + name: clair-scan + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + params: + - name: SNYK_SECRET + value: $(params.snyk-secret) + runAfter: + - clone-repository + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:fb4d3a1f562f1915a9c3b2af621d7b2c2f35716a744177d3499a9b37ce204d6f + name: sast-snyk-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - input: $(params.snyk-secret) + operator: notin + values: + - "" + workspaces: + - name: workspace + workspace: workspace + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + - name: docker-auth + value: $(tasks.init.results.container-registry-secret) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:0ca454a52d3c67bf6911deef0dde819bb97383f5cf568ebe0c843296054dc5f9 + name: clamav-scan + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sbom-json-check + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:84f5442d6991f0c01cd2f06435d7a066ed6643e9e6e86864a3256c5461295077 + name: sbom-json-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + - name: git-auth + optional: true + workspaces: + - name: workspace + volumeClaimTemplate: + metadata: + creationTimestamp: null + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: {} + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} diff --git a/.tekton/devfile-sample-java-springboot-basic-jyga-push.yaml b/.tekton/devfile-sample-java-springboot-basic-jyga-push.yaml new file mode 100644 index 00000000..8f2cd36b --- /dev/null +++ b/.tekton/devfile-sample-java-springboot-basic-jyga-push.yaml @@ -0,0 +1,350 @@ +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-event: '[push]' + pipelinesascode.tekton.dev/on-target-branch: '[main]' + creationTimestamp: null + labels: + appstudio.openshift.io/application: my-app-1 + appstudio.openshift.io/component: devfile-sample-java-springboot-basic-jyga + pipelines.appstudio.openshift.io/type: build + name: devfile-sample-java-springboot-basic-jyga-on-push + namespace: mleonova-tenant +spec: + params: + - name: dockerfile + value: docker/Dockerfile + - name: git-url + value: '{{repo_url}}' + - name: output-image + value: quay.io/redhat-user-workloads/mleonova-tenant/my-app-1/devfile-sample-java-springboot-basic-jyga:{{revision}} + - name: path-context + value: . + - name: revision + value: '{{revision}}' + pipelineSpec: + finally: + - name: show-sbom + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:050bab50254e0377c68d63b6b679decfc655e30cad9ce4b0407fc8468852008d + name: show-sbom + - name: show-summary + params: + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: git-url + value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) + - name: image-url + value: $(params.output-image) + - name: build-task-status + value: $(tasks.build-container.status) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:9e21e57456c026c15765db23b986e47fc1394fa5d4823d3038b697971dd1a2bd + name: summary + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: The path to your source code + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile + name: dockerfile + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched by Cachi2 + name: prefetch-input + type: string + - default: "false" + description: Java build + name: java + type: string + - default: "" + description: Snyk Token Secret Name + name: snyk-secret + type: string + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + - description: "" + name: JAVA_COMMUNITY_DEPENDENCIES + value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) + tasks: + - name: init + params: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: skip-checks + value: $(params.skip-checks) + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: pipelinerun-uid + value: $(context.pipelineRun.uid) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:8c06b307b7f74622503b80ff0b81ffda63129959f52f8ed8f753d8ab98f38411 + name: init + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + runAfter: + - init + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:458f4853a01c3273bd76076ac1b015d5f901e70fb4b776f788b577adb25bf5f8 + name: git-clone + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + runAfter: + - clone-repository + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:99f1b1e382ce23efe0017bd60584104bc1e23195c1fed6c37e92863600964d58 + name: prefetch-dependencies + when: + - input: $(params.hermetic) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: DOCKER_AUTH + value: $(tasks.init.results.container-registry-secret) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + runAfter: + - prefetch-dependencies + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:e5db4074db556616219bab54aa1af1d45d63e4e97fbc26699d1214553655ce8d + name: buildah + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: inspect-image + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: DOCKER_AUTH + value: $(tasks.init.results.container-registry-secret) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:2ce2b3ff81e7a3b39833d87d0e3532db58f34514e22a924523ea71bd42462051 + name: inspect-image + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: source + workspace: workspace + - name: label-check + runAfter: + - inspect-image + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:7745da55171bc0cb62454136ed829997a408187d95365c482568f05430dbc8c8 + name: label-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: optional-label-check + params: + - name: POLICY_NAMESPACE + value: optional_checks + runAfter: + - inspect-image + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:7745da55171bc0cb62454136ed829997a408187d95365c482568f05430dbc8c8 + name: label-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: deprecated-base-image-check + params: + - name: BASE_IMAGES_DIGESTS + value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.2@sha256:515c90c06479d5a61da87fe852a6ebe4e90021791d7387af67d39e0ee2352c83 + name: deprecated-image-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: test-ws + workspace: workspace + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + - name: docker-auth + value: $(tasks.init.results.container-registry-secret) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:21ee481413570713f056921b699c99cb12cccfd8f0cad5509dd92fbfa9d35b4d + name: clair-scan + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + params: + - name: SNYK_SECRET + value: $(params.snyk-secret) + runAfter: + - clone-repository + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:fb4d3a1f562f1915a9c3b2af621d7b2c2f35716a744177d3499a9b37ce204d6f + name: sast-snyk-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - input: $(params.snyk-secret) + operator: notin + values: + - "" + workspaces: + - name: workspace + workspace: workspace + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + - name: docker-auth + value: $(tasks.init.results.container-registry-secret) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:0ca454a52d3c67bf6911deef0dde819bb97383f5cf568ebe0c843296054dc5f9 + name: clamav-scan + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sbom-json-check + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:84f5442d6991f0c01cd2f06435d7a066ed6643e9e6e86864a3256c5461295077 + name: sbom-json-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + - name: git-auth + optional: true + workspaces: + - name: workspace + volumeClaimTemplate: + metadata: + creationTimestamp: null + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: {} + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} From 2fa59e1248add924c87281db1451e0228e4310d1 Mon Sep 17 00:00:00 2001 From: redhat-appstudio Date: Wed, 10 May 2023 06:47:33 +0000 Subject: [PATCH 4/5] Appstudio update devfile-sample-java-springboot-basic-fkuf --- ...va-springboot-basic-fkuf-pull-request.yaml | 359 ++++++++++++++++++ ...ample-java-springboot-basic-fkuf-push.yaml | 356 +++++++++++++++++ 2 files changed, 715 insertions(+) create mode 100644 .tekton/devfile-sample-java-springboot-basic-fkuf-pull-request.yaml create mode 100644 .tekton/devfile-sample-java-springboot-basic-fkuf-push.yaml diff --git a/.tekton/devfile-sample-java-springboot-basic-fkuf-pull-request.yaml b/.tekton/devfile-sample-java-springboot-basic-fkuf-pull-request.yaml new file mode 100644 index 00000000..2dc28698 --- /dev/null +++ b/.tekton/devfile-sample-java-springboot-basic-fkuf-pull-request.yaml @@ -0,0 +1,359 @@ +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-event: '[pull_request]' + pipelinesascode.tekton.dev/on-target-branch: '[main]' + creationTimestamp: null + labels: + appstudio.openshift.io/application: my-app-2 + appstudio.openshift.io/component: devfile-sample-java-springboot-basic-fkuf + pipelines.appstudio.openshift.io/type: build + name: devfile-sample-java-springboot-basic-fkuf-on-pull-request + namespace: mleonova-tenant +spec: + params: + - name: dockerfile + value: docker/Dockerfile + - name: git-url + value: '{{repo_url}}' + - name: image-expires-after + value: 5d + - name: output-image + value: quay.io/redhat-user-workloads/mleonova-tenant/my-app-2/devfile-sample-java-springboot-basic-fkuf:on-pr-{{revision}} + - name: path-context + value: . + - name: revision + value: '{{revision}}' + pipelineSpec: + finally: + - name: show-sbom + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:050bab50254e0377c68d63b6b679decfc655e30cad9ce4b0407fc8468852008d + name: show-sbom + - name: show-summary + params: + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: git-url + value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) + - name: image-url + value: $(params.output-image) + - name: build-task-status + value: $(tasks.build-container.status) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:9e21e57456c026c15765db23b986e47fc1394fa5d4823d3038b697971dd1a2bd + name: summary + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: The path to your source code + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile + name: dockerfile + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched by Cachi2 + name: prefetch-input + type: string + - default: "false" + description: Java build + name: java + type: string + - default: "" + description: Snyk Token Secret Name + name: snyk-secret + type: string + - default: "" + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. + name: image-expires-after + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + - description: "" + name: JAVA_COMMUNITY_DEPENDENCIES + value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) + tasks: + - name: init + params: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: skip-checks + value: $(params.skip-checks) + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: pipelinerun-uid + value: $(context.pipelineRun.uid) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:8c06b307b7f74622503b80ff0b81ffda63129959f52f8ed8f753d8ab98f38411 + name: init + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + runAfter: + - init + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:458f4853a01c3273bd76076ac1b015d5f901e70fb4b776f788b577adb25bf5f8 + name: git-clone + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + runAfter: + - clone-repository + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:a7f4bb77c2e3949fa782f45c8ac9aa7f91cdde45dbc8ad408770eb902d830a0a + name: prefetch-dependencies + when: + - input: $(params.hermetic) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: DOCKER_AUTH + value: $(tasks.init.results.container-registry-secret) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + runAfter: + - prefetch-dependencies + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:0852e61c1018d7f7a47ac2bd63fbda1d3d2247392624c2176ec341e343386b7c + name: buildah + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: inspect-image + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: DOCKER_AUTH + value: $(tasks.init.results.container-registry-secret) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:f7f3f86256f12d151463133d6c4ffc667087a87281ff2bc67c53c29f6463cd99 + name: inspect-image + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: source + workspace: workspace + - name: label-check + runAfter: + - inspect-image + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:76dee4b8c534986f98ab7d6e89aea14582faf0f1128a09a7f058a4f059d0fcf0 + name: label-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: optional-label-check + params: + - name: POLICY_NAMESPACE + value: optional_checks + runAfter: + - inspect-image + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:76dee4b8c534986f98ab7d6e89aea14582faf0f1128a09a7f058a4f059d0fcf0 + name: label-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: deprecated-base-image-check + params: + - name: BASE_IMAGES_DIGESTS + value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.2@sha256:f6ad9c9b2a019d28e712287cf3cb5fe42df3078a02af0db75f0e76e6060063ca + name: deprecated-image-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: test-ws + workspace: workspace + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + - name: docker-auth + value: $(tasks.init.results.container-registry-secret) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:e654ebb13c0b6d98cde388dfd33e258b7368eea5a5a37f3b2edfef7a3e23ffc2 + name: clair-scan + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + params: + - name: SNYK_SECRET + value: $(params.snyk-secret) + runAfter: + - clone-repository + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:1bafbb8bb1f41985be67a622080b022d2a6ff8b51b606f7002069df7e79d0cff + name: sast-snyk-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - input: $(params.snyk-secret) + operator: notin + values: + - "" + workspaces: + - name: workspace + workspace: workspace + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + - name: docker-auth + value: $(tasks.init.results.container-registry-secret) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:2317e03a1bc713cbfb1f7ad40b3bec587f00ec55ca6a6ae2fc33f921908c6d96 + name: clamav-scan + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sbom-json-check + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:3fe90c210a4df9c98d5a32a2eeeaa36ca4a5c8a199d56b512076ffca9d3db483 + name: sbom-json-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + - name: git-auth + optional: true + workspaces: + - name: workspace + volumeClaimTemplate: + metadata: + creationTimestamp: null + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: {} + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} diff --git a/.tekton/devfile-sample-java-springboot-basic-fkuf-push.yaml b/.tekton/devfile-sample-java-springboot-basic-fkuf-push.yaml new file mode 100644 index 00000000..65069ceb --- /dev/null +++ b/.tekton/devfile-sample-java-springboot-basic-fkuf-push.yaml @@ -0,0 +1,356 @@ +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-event: '[push]' + pipelinesascode.tekton.dev/on-target-branch: '[main]' + creationTimestamp: null + labels: + appstudio.openshift.io/application: my-app-2 + appstudio.openshift.io/component: devfile-sample-java-springboot-basic-fkuf + pipelines.appstudio.openshift.io/type: build + name: devfile-sample-java-springboot-basic-fkuf-on-push + namespace: mleonova-tenant +spec: + params: + - name: dockerfile + value: docker/Dockerfile + - name: git-url + value: '{{repo_url}}' + - name: output-image + value: quay.io/redhat-user-workloads/mleonova-tenant/my-app-2/devfile-sample-java-springboot-basic-fkuf:{{revision}} + - name: path-context + value: . + - name: revision + value: '{{revision}}' + pipelineSpec: + finally: + - name: show-sbom + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:050bab50254e0377c68d63b6b679decfc655e30cad9ce4b0407fc8468852008d + name: show-sbom + - name: show-summary + params: + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: git-url + value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) + - name: image-url + value: $(params.output-image) + - name: build-task-status + value: $(tasks.build-container.status) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:9e21e57456c026c15765db23b986e47fc1394fa5d4823d3038b697971dd1a2bd + name: summary + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: The path to your source code + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile + name: dockerfile + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched by Cachi2 + name: prefetch-input + type: string + - default: "false" + description: Java build + name: java + type: string + - default: "" + description: Snyk Token Secret Name + name: snyk-secret + type: string + - default: "" + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. + name: image-expires-after + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + - description: "" + name: JAVA_COMMUNITY_DEPENDENCIES + value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) + tasks: + - name: init + params: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: skip-checks + value: $(params.skip-checks) + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: pipelinerun-uid + value: $(context.pipelineRun.uid) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:8c06b307b7f74622503b80ff0b81ffda63129959f52f8ed8f753d8ab98f38411 + name: init + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + runAfter: + - init + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:458f4853a01c3273bd76076ac1b015d5f901e70fb4b776f788b577adb25bf5f8 + name: git-clone + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + runAfter: + - clone-repository + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:a7f4bb77c2e3949fa782f45c8ac9aa7f91cdde45dbc8ad408770eb902d830a0a + name: prefetch-dependencies + when: + - input: $(params.hermetic) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: DOCKER_AUTH + value: $(tasks.init.results.container-registry-secret) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + runAfter: + - prefetch-dependencies + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:0852e61c1018d7f7a47ac2bd63fbda1d3d2247392624c2176ec341e343386b7c + name: buildah + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: inspect-image + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: DOCKER_AUTH + value: $(tasks.init.results.container-registry-secret) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:f7f3f86256f12d151463133d6c4ffc667087a87281ff2bc67c53c29f6463cd99 + name: inspect-image + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: source + workspace: workspace + - name: label-check + runAfter: + - inspect-image + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:76dee4b8c534986f98ab7d6e89aea14582faf0f1128a09a7f058a4f059d0fcf0 + name: label-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: optional-label-check + params: + - name: POLICY_NAMESPACE + value: optional_checks + runAfter: + - inspect-image + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:76dee4b8c534986f98ab7d6e89aea14582faf0f1128a09a7f058a4f059d0fcf0 + name: label-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: deprecated-base-image-check + params: + - name: BASE_IMAGES_DIGESTS + value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.2@sha256:f6ad9c9b2a019d28e712287cf3cb5fe42df3078a02af0db75f0e76e6060063ca + name: deprecated-image-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: test-ws + workspace: workspace + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + - name: docker-auth + value: $(tasks.init.results.container-registry-secret) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:e654ebb13c0b6d98cde388dfd33e258b7368eea5a5a37f3b2edfef7a3e23ffc2 + name: clair-scan + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + params: + - name: SNYK_SECRET + value: $(params.snyk-secret) + runAfter: + - clone-repository + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:1bafbb8bb1f41985be67a622080b022d2a6ff8b51b606f7002069df7e79d0cff + name: sast-snyk-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - input: $(params.snyk-secret) + operator: notin + values: + - "" + workspaces: + - name: workspace + workspace: workspace + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + - name: docker-auth + value: $(tasks.init.results.container-registry-secret) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:2317e03a1bc713cbfb1f7ad40b3bec587f00ec55ca6a6ae2fc33f921908c6d96 + name: clamav-scan + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sbom-json-check + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:3fe90c210a4df9c98d5a32a2eeeaa36ca4a5c8a199d56b512076ffca9d3db483 + name: sbom-json-check + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + - name: git-auth + optional: true + workspaces: + - name: workspace + volumeClaimTemplate: + metadata: + creationTimestamp: null + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: {} + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} From 9537d70f277432f9b472f3ebc128a914d324dfa8 Mon Sep 17 00:00:00 2001 From: redhat-appstudio Date: Tue, 16 May 2023 17:59:47 +0000 Subject: [PATCH 5/5] Appstudio purge devfile-sample-java-springboot-basic-fkuf --- ...va-springboot-basic-fkuf-pull-request.yaml | 359 ------------------ ...ample-java-springboot-basic-fkuf-push.yaml | 356 ----------------- 2 files changed, 715 deletions(-) delete mode 100644 .tekton/devfile-sample-java-springboot-basic-fkuf-pull-request.yaml delete mode 100644 .tekton/devfile-sample-java-springboot-basic-fkuf-push.yaml diff --git a/.tekton/devfile-sample-java-springboot-basic-fkuf-pull-request.yaml b/.tekton/devfile-sample-java-springboot-basic-fkuf-pull-request.yaml deleted file mode 100644 index 2dc28698..00000000 --- a/.tekton/devfile-sample-java-springboot-basic-fkuf-pull-request.yaml +++ /dev/null @@ -1,359 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: PipelineRun -metadata: - annotations: - build.appstudio.redhat.com/commit_sha: '{{revision}}' - build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' - build.appstudio.redhat.com/target_branch: '{{target_branch}}' - pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-event: '[pull_request]' - pipelinesascode.tekton.dev/on-target-branch: '[main]' - creationTimestamp: null - labels: - appstudio.openshift.io/application: my-app-2 - appstudio.openshift.io/component: devfile-sample-java-springboot-basic-fkuf - pipelines.appstudio.openshift.io/type: build - name: devfile-sample-java-springboot-basic-fkuf-on-pull-request - namespace: mleonova-tenant -spec: - params: - - name: dockerfile - value: docker/Dockerfile - - name: git-url - value: '{{repo_url}}' - - name: image-expires-after - value: 5d - - name: output-image - value: quay.io/redhat-user-workloads/mleonova-tenant/my-app-2/devfile-sample-java-springboot-basic-fkuf:on-pr-{{revision}} - - name: path-context - value: . - - name: revision - value: '{{revision}}' - pipelineSpec: - finally: - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:050bab50254e0377c68d63b6b679decfc655e30cad9ce4b0407fc8468852008d - name: show-sbom - - name: show-summary - params: - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: git-url - value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - - name: image-url - value: $(params.output-image) - - name: build-task-status - value: $(tasks.build-container.status) - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:9e21e57456c026c15765db23b986e47fc1394fa5d4823d3038b697971dd1a2bd - name: summary - params: - - description: Source Repository URL - name: git-url - type: string - - default: "" - description: Revision of the Source Repository - name: revision - type: string - - description: Fully Qualified Output Image - name: output-image - type: string - - default: . - description: The path to your source code - name: path-context - type: string - - default: Dockerfile - description: Path to the Dockerfile - name: dockerfile - type: string - - default: "false" - description: Force rebuild image - name: rebuild - type: string - - default: "false" - description: Skip checks against built image - name: skip-checks - type: string - - default: "false" - description: Execute the build with network isolation - name: hermetic - type: string - - default: "" - description: Build dependencies to be prefetched by Cachi2 - name: prefetch-input - type: string - - default: "false" - description: Java build - name: java - type: string - - default: "" - description: Snyk Token Secret Name - name: snyk-secret - type: string - - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. - name: image-expires-after - results: - - description: "" - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - description: "" - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - - description: "" - name: CHAINS-GIT_URL - value: $(tasks.clone-repository.results.url) - - description: "" - name: CHAINS-GIT_COMMIT - value: $(tasks.clone-repository.results.commit) - - description: "" - name: JAVA_COMMUNITY_DEPENDENCIES - value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) - tasks: - - name: init - params: - - name: image-url - value: $(params.output-image) - - name: rebuild - value: $(params.rebuild) - - name: skip-checks - value: $(params.skip-checks) - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: pipelinerun-uid - value: $(context.pipelineRun.uid) - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:8c06b307b7f74622503b80ff0b81ffda63129959f52f8ed8f753d8ab98f38411 - name: init - - name: clone-repository - params: - - name: url - value: $(params.git-url) - - name: revision - value: $(params.revision) - runAfter: - - init - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:458f4853a01c3273bd76076ac1b015d5f901e70fb4b776f788b577adb25bf5f8 - name: git-clone - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: output - workspace: workspace - - name: basic-auth - workspace: git-auth - - name: prefetch-dependencies - params: - - name: input - value: $(params.prefetch-input) - runAfter: - - clone-repository - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:a7f4bb77c2e3949fa782f45c8ac9aa7f91cdde45dbc8ad408770eb902d830a0a - name: prefetch-dependencies - when: - - input: $(params.hermetic) - operator: in - values: - - "true" - workspaces: - - name: source - workspace: workspace - - name: build-container - params: - - name: IMAGE - value: $(params.output-image) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: DOCKER_AUTH - value: $(tasks.init.results.container-registry-secret) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - runAfter: - - prefetch-dependencies - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:0852e61c1018d7f7a47ac2bd63fbda1d3d2247392624c2176ec341e343386b7c - name: buildah - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: source - workspace: workspace - - name: inspect-image - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: DOCKER_AUTH - value: $(tasks.init.results.container-registry-secret) - runAfter: - - build-container - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:f7f3f86256f12d151463133d6c4ffc667087a87281ff2bc67c53c29f6463cd99 - name: inspect-image - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: source - workspace: workspace - - name: label-check - runAfter: - - inspect-image - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:76dee4b8c534986f98ab7d6e89aea14582faf0f1128a09a7f058a4f059d0fcf0 - name: label-check - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - workspace: workspace - - name: optional-label-check - params: - - name: POLICY_NAMESPACE - value: optional_checks - runAfter: - - inspect-image - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:76dee4b8c534986f98ab7d6e89aea14582faf0f1128a09a7f058a4f059d0fcf0 - name: label-check - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - workspace: workspace - - name: deprecated-base-image-check - params: - - name: BASE_IMAGES_DIGESTS - value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.2@sha256:f6ad9c9b2a019d28e712287cf3cb5fe42df3078a02af0db75f0e76e6060063ca - name: deprecated-image-check - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: test-ws - workspace: workspace - - name: clair-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - - name: docker-auth - value: $(tasks.init.results.container-registry-secret) - runAfter: - - build-container - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:e654ebb13c0b6d98cde388dfd33e258b7368eea5a5a37f3b2edfef7a3e23ffc2 - name: clair-scan - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sast-snyk-check - params: - - name: SNYK_SECRET - value: $(params.snyk-secret) - runAfter: - - clone-repository - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:1bafbb8bb1f41985be67a622080b022d2a6ff8b51b606f7002069df7e79d0cff - name: sast-snyk-check - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - input: $(params.snyk-secret) - operator: notin - values: - - "" - workspaces: - - name: workspace - workspace: workspace - - name: clamav-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - - name: docker-auth - value: $(tasks.init.results.container-registry-secret) - runAfter: - - build-container - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:2317e03a1bc713cbfb1f7ad40b3bec587f00ec55ca6a6ae2fc33f921908c6d96 - name: clamav-scan - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sbom-json-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:3fe90c210a4df9c98d5a32a2eeeaa36ca4a5c8a199d56b512076ffca9d3db483 - name: sbom-json-check - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - - name: git-auth - optional: true - workspaces: - - name: workspace - volumeClaimTemplate: - metadata: - creationTimestamp: null - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - status: {} - - name: git-auth - secret: - secretName: '{{ git_auth_secret }}' -status: {} diff --git a/.tekton/devfile-sample-java-springboot-basic-fkuf-push.yaml b/.tekton/devfile-sample-java-springboot-basic-fkuf-push.yaml deleted file mode 100644 index 65069ceb..00000000 --- a/.tekton/devfile-sample-java-springboot-basic-fkuf-push.yaml +++ /dev/null @@ -1,356 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: PipelineRun -metadata: - annotations: - build.appstudio.redhat.com/commit_sha: '{{revision}}' - build.appstudio.redhat.com/target_branch: '{{target_branch}}' - pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-event: '[push]' - pipelinesascode.tekton.dev/on-target-branch: '[main]' - creationTimestamp: null - labels: - appstudio.openshift.io/application: my-app-2 - appstudio.openshift.io/component: devfile-sample-java-springboot-basic-fkuf - pipelines.appstudio.openshift.io/type: build - name: devfile-sample-java-springboot-basic-fkuf-on-push - namespace: mleonova-tenant -spec: - params: - - name: dockerfile - value: docker/Dockerfile - - name: git-url - value: '{{repo_url}}' - - name: output-image - value: quay.io/redhat-user-workloads/mleonova-tenant/my-app-2/devfile-sample-java-springboot-basic-fkuf:{{revision}} - - name: path-context - value: . - - name: revision - value: '{{revision}}' - pipelineSpec: - finally: - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:050bab50254e0377c68d63b6b679decfc655e30cad9ce4b0407fc8468852008d - name: show-sbom - - name: show-summary - params: - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: git-url - value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - - name: image-url - value: $(params.output-image) - - name: build-task-status - value: $(tasks.build-container.status) - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:9e21e57456c026c15765db23b986e47fc1394fa5d4823d3038b697971dd1a2bd - name: summary - params: - - description: Source Repository URL - name: git-url - type: string - - default: "" - description: Revision of the Source Repository - name: revision - type: string - - description: Fully Qualified Output Image - name: output-image - type: string - - default: . - description: The path to your source code - name: path-context - type: string - - default: Dockerfile - description: Path to the Dockerfile - name: dockerfile - type: string - - default: "false" - description: Force rebuild image - name: rebuild - type: string - - default: "false" - description: Skip checks against built image - name: skip-checks - type: string - - default: "false" - description: Execute the build with network isolation - name: hermetic - type: string - - default: "" - description: Build dependencies to be prefetched by Cachi2 - name: prefetch-input - type: string - - default: "false" - description: Java build - name: java - type: string - - default: "" - description: Snyk Token Secret Name - name: snyk-secret - type: string - - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. - name: image-expires-after - results: - - description: "" - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - description: "" - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - - description: "" - name: CHAINS-GIT_URL - value: $(tasks.clone-repository.results.url) - - description: "" - name: CHAINS-GIT_COMMIT - value: $(tasks.clone-repository.results.commit) - - description: "" - name: JAVA_COMMUNITY_DEPENDENCIES - value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) - tasks: - - name: init - params: - - name: image-url - value: $(params.output-image) - - name: rebuild - value: $(params.rebuild) - - name: skip-checks - value: $(params.skip-checks) - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: pipelinerun-uid - value: $(context.pipelineRun.uid) - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:8c06b307b7f74622503b80ff0b81ffda63129959f52f8ed8f753d8ab98f38411 - name: init - - name: clone-repository - params: - - name: url - value: $(params.git-url) - - name: revision - value: $(params.revision) - runAfter: - - init - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:458f4853a01c3273bd76076ac1b015d5f901e70fb4b776f788b577adb25bf5f8 - name: git-clone - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: output - workspace: workspace - - name: basic-auth - workspace: git-auth - - name: prefetch-dependencies - params: - - name: input - value: $(params.prefetch-input) - runAfter: - - clone-repository - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:a7f4bb77c2e3949fa782f45c8ac9aa7f91cdde45dbc8ad408770eb902d830a0a - name: prefetch-dependencies - when: - - input: $(params.hermetic) - operator: in - values: - - "true" - workspaces: - - name: source - workspace: workspace - - name: build-container - params: - - name: IMAGE - value: $(params.output-image) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: DOCKER_AUTH - value: $(tasks.init.results.container-registry-secret) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - runAfter: - - prefetch-dependencies - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:0852e61c1018d7f7a47ac2bd63fbda1d3d2247392624c2176ec341e343386b7c - name: buildah - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: source - workspace: workspace - - name: inspect-image - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: DOCKER_AUTH - value: $(tasks.init.results.container-registry-secret) - runAfter: - - build-container - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:f7f3f86256f12d151463133d6c4ffc667087a87281ff2bc67c53c29f6463cd99 - name: inspect-image - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: source - workspace: workspace - - name: label-check - runAfter: - - inspect-image - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:76dee4b8c534986f98ab7d6e89aea14582faf0f1128a09a7f058a4f059d0fcf0 - name: label-check - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - workspace: workspace - - name: optional-label-check - params: - - name: POLICY_NAMESPACE - value: optional_checks - runAfter: - - inspect-image - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:76dee4b8c534986f98ab7d6e89aea14582faf0f1128a09a7f058a4f059d0fcf0 - name: label-check - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - workspace: workspace - - name: deprecated-base-image-check - params: - - name: BASE_IMAGES_DIGESTS - value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.2@sha256:f6ad9c9b2a019d28e712287cf3cb5fe42df3078a02af0db75f0e76e6060063ca - name: deprecated-image-check - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: test-ws - workspace: workspace - - name: clair-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - - name: docker-auth - value: $(tasks.init.results.container-registry-secret) - runAfter: - - build-container - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:e654ebb13c0b6d98cde388dfd33e258b7368eea5a5a37f3b2edfef7a3e23ffc2 - name: clair-scan - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sast-snyk-check - params: - - name: SNYK_SECRET - value: $(params.snyk-secret) - runAfter: - - clone-repository - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:1bafbb8bb1f41985be67a622080b022d2a6ff8b51b606f7002069df7e79d0cff - name: sast-snyk-check - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - input: $(params.snyk-secret) - operator: notin - values: - - "" - workspaces: - - name: workspace - workspace: workspace - - name: clamav-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - - name: docker-auth - value: $(tasks.init.results.container-registry-secret) - runAfter: - - build-container - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:2317e03a1bc713cbfb1f7ad40b3bec587f00ec55ca6a6ae2fc33f921908c6d96 - name: clamav-scan - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sbom-json-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - bundle: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:3fe90c210a4df9c98d5a32a2eeeaa36ca4a5c8a199d56b512076ffca9d3db483 - name: sbom-json-check - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - - name: git-auth - optional: true - workspaces: - - name: workspace - volumeClaimTemplate: - metadata: - creationTimestamp: null - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - status: {} - - name: git-auth - secret: - secretName: '{{ git_auth_secret }}' -status: {}