diff --git a/.tekton/devfile-sample-python-basic-wqyg-pull-request.yaml b/.tekton/devfile-sample-python-basic-wqyg-pull-request.yaml new file mode 100644 index 0000000000..ba77d35a44 --- /dev/null +++ b/.tekton/devfile-sample-python-basic-wqyg-pull-request.yaml @@ -0,0 +1,339 @@ +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-event: '[pull_request]' + pipelinesascode.tekton.dev/on-target-branch: '[main,master]' + creationTimestamp: null + labels: + appstudio.openshift.io/application: my-application + appstudio.openshift.io/component: devfile-sample-python-basic-wqyg + pipelines.appstudio.openshift.io/type: build + name: devfile-sample-python-basic-wqyg-on-pull-request + namespace: mkovarik +spec: + params: + - name: git-url + value: '{{repo_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/redhat-appstudio/user-workload:on-pr-{{revision}} + - name: dockerfile + value: https://raw.githubusercontent.com/Michkov-test/devfile-sample-python-basic/main/docker/Dockerfile + - name: path-context + value: ./ + pipelineSpec: + finally: + - name: show-summary + params: + - name: pipeline-run-name + value: $(context.pipelineRun.name) + - name: git-url + value: $(params.git-url) + - name: image-url + value: $(params.output-image) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:59d49758686c141bd26b3c193e52fd23bb47831c2a5d5872388ad6824684735e + name: summary + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: The path to your source code + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile + name: dockerfile + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "true" + description: Enable HACBS tasks + name: hacbs + type: string + - default: "false" + description: Java build + name: java + type: string + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + - description: "" + name: JAVA_COMMUNITY_DEPENDENCIES + value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) + tasks: + - name: appstudio-init + params: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: hacbs + value: $(params.hacbs) + - name: pipeline-run-name + value: $(context.pipelineRun.name) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:aa9c545f70d0618a5d119addedf3136619914c923cb67740283c11219f3f3a1e + name: init + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + runAfter: + - appstudio-init + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:6c94dfd9dae1e625d448ebfc0fde94a9f1d7f2c07feaa1691d3ee241fd9cc027 + name: git-clone + when: + - input: $(tasks.appstudio-init.results.build) + operator: in + values: + - "true" + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + - name: appstudio-configure-build + runAfter: + - clone-repository + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-configure-build:0.1@sha256:9f8b5438fda511507e51a0372b4d85892d6f695bd4f54ce067e1c1a1fbc70b30 + name: configure-build + when: + - input: $(tasks.appstudio-init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: registry-auth + workspace: registry-auth + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: BUILD_EXTRA_ARGS + value: $(tasks.appstudio-configure-build.results.buildah-auth-param) + - name: PUSH_EXTRA_ARGS + value: $(tasks.appstudio-configure-build.results.buildah-auth-param) + runAfter: + - appstudio-configure-build + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:7c34fb1f3564c32e38c165e65720762b41a68d125b53215651c95296d584d162 + name: buildah + when: + - input: $(tasks.appstudio-init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: sanity-inspect-image + params: + - name: IMAGE_URL + value: $(params.output-image) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-inspect-image:0.1@sha256:de97f40b767e6b74eb52130e62736178df7ec80021e7e5f04a9da617666bc8b8 + name: sanity-inspect-image + when: + - input: $(params.hacbs) + operator: in + values: + - "true" + workspaces: + - name: workspace + workspace: workspace + - name: sanity-label-check + runAfter: + - sanity-inspect-image + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-label-check:0.1@sha256:3bd4633b70548dd0055068a970322811b3a96a8a5d98d0b483c748d37135a7a5 + name: sanity-label-check + when: + - input: $(params.hacbs) + operator: in + values: + - "true" + workspaces: + - name: workspace + workspace: workspace + - name: sanity-optional-label-check + params: + - name: POLICY_NAMESPACE + value: optional_checks + runAfter: + - sanity-inspect-image + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-label-check:0.1@sha256:3bd4633b70548dd0055068a970322811b3a96a8a5d98d0b483c748d37135a7a5 + name: sanity-label-check + when: + - input: $(params.hacbs) + operator: in + values: + - "true" + workspaces: + - name: workspace + workspace: workspace + - name: deprecated-base-image-check + params: + - name: IMAGE_REGISTRY + value: registry.access.redhat.com + - name: IMAGE_REPOSITORY + value: $(tasks.sanity-inspect-image.results.BASE_IMAGE_REPOSITORY) + runAfter: + - sanity-inspect-image + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.1@sha256:a7e8f82a7c5c4b2e8bf86338f8aedf44b5606daf591462b9aa5adb35f7df6cac + name: deprecated-image-check + when: + - input: $(params.hacbs) + operator: in + values: + - "true" + workspaces: + - name: sanity-ws + workspace: workspace + - name: get-clair-results + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-get-clair-scan:0.1@sha256:f5259b6194f73e43f8f1d8ec8f7cd7466209fbf8aaf8b8ac4cf653fc54fc6b3b + name: get-clair-scan + when: + - input: $(params.hacbs) + operator: in + values: + - "true" + workspaces: + - name: clair-ws + workspace: workspace + - name: registry-auth + workspace: registry-auth + - name: conftest-clair + runAfter: + - get-clair-results + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-conftest-clair:0.1@sha256:afd12c004c1e4f0a86f117fc1fee85ab19c9f090e281e2e0db0c0c14adecff35 + name: conftest-clair + when: + - input: $(params.hacbs) + operator: in + values: + - "true" + workspaces: + - name: conftest-ws + workspace: workspace + - name: sast-snyk-check + runAfter: + - clone-repository + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:3da394c1123a31a7a3c38e51dc7035e4f468998f6b160d8873d6e9634b6caa6b + name: sast-snyk-check + when: + - input: $(params.hacbs) + operator: in + values: + - "true" + workspaces: + - name: workspace + workspace: workspace + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:641d749124ff7d80a67e0890198b211db08be77da074deb0e8f206ebfade19db + name: clamav-scan + when: + - input: $(params.hacbs) + operator: in + values: + - "true" + workspaces: + - name: registry-auth + workspace: registry-auth + - name: sbom-json-check + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:9d228fedb0429e4ae6f383e9355615823e0684a36ab3c2453a3f3cd56f518944 + name: sbom-json-check + when: + - input: $(params.hacbs) + operator: in + values: + - "true" + workspaces: + - name: workspace + workspace: workspace + workspaces: + - name: workspace + - name: registry-auth + optional: true + - name: git-auth + optional: true + workspaces: + - name: workspace + volumeClaimTemplate: + metadata: + creationTimestamp: null + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: {} + - name: registry-auth + secret: + secretName: redhat-appstudio-registry-pull-secret +status: {} diff --git a/.tekton/devfile-sample-python-basic-wqyg-push.yaml b/.tekton/devfile-sample-python-basic-wqyg-push.yaml new file mode 100644 index 0000000000..85f55b2e33 --- /dev/null +++ b/.tekton/devfile-sample-python-basic-wqyg-push.yaml @@ -0,0 +1,338 @@ +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-event: '[push]' + pipelinesascode.tekton.dev/on-target-branch: '[main,master]' + creationTimestamp: null + labels: + appstudio.openshift.io/application: my-application + appstudio.openshift.io/component: devfile-sample-python-basic-wqyg + pipelines.appstudio.openshift.io/type: build + name: devfile-sample-python-basic-wqyg-on-push + namespace: mkovarik +spec: + params: + - name: git-url + value: '{{repo_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/redhat-appstudio/user-workload:{{revision}} + - name: dockerfile + value: https://raw.githubusercontent.com/Michkov-test/devfile-sample-python-basic/main/docker/Dockerfile + - name: path-context + value: ./ + pipelineSpec: + finally: + - name: show-summary + params: + - name: pipeline-run-name + value: $(context.pipelineRun.name) + - name: git-url + value: $(params.git-url) + - name: image-url + value: $(params.output-image) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:59d49758686c141bd26b3c193e52fd23bb47831c2a5d5872388ad6824684735e + name: summary + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: The path to your source code + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile + name: dockerfile + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "true" + description: Enable HACBS tasks + name: hacbs + type: string + - default: "false" + description: Java build + name: java + type: string + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + - description: "" + name: JAVA_COMMUNITY_DEPENDENCIES + value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) + tasks: + - name: appstudio-init + params: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: hacbs + value: $(params.hacbs) + - name: pipeline-run-name + value: $(context.pipelineRun.name) + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:aa9c545f70d0618a5d119addedf3136619914c923cb67740283c11219f3f3a1e + name: init + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + runAfter: + - appstudio-init + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:6c94dfd9dae1e625d448ebfc0fde94a9f1d7f2c07feaa1691d3ee241fd9cc027 + name: git-clone + when: + - input: $(tasks.appstudio-init.results.build) + operator: in + values: + - "true" + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + - name: appstudio-configure-build + runAfter: + - clone-repository + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-configure-build:0.1@sha256:9f8b5438fda511507e51a0372b4d85892d6f695bd4f54ce067e1c1a1fbc70b30 + name: configure-build + when: + - input: $(tasks.appstudio-init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: registry-auth + workspace: registry-auth + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: BUILD_EXTRA_ARGS + value: $(tasks.appstudio-configure-build.results.buildah-auth-param) + - name: PUSH_EXTRA_ARGS + value: $(tasks.appstudio-configure-build.results.buildah-auth-param) + runAfter: + - appstudio-configure-build + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:7c34fb1f3564c32e38c165e65720762b41a68d125b53215651c95296d584d162 + name: buildah + when: + - input: $(tasks.appstudio-init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: sanity-inspect-image + params: + - name: IMAGE_URL + value: $(params.output-image) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-inspect-image:0.1@sha256:de97f40b767e6b74eb52130e62736178df7ec80021e7e5f04a9da617666bc8b8 + name: sanity-inspect-image + when: + - input: $(params.hacbs) + operator: in + values: + - "true" + workspaces: + - name: workspace + workspace: workspace + - name: sanity-label-check + runAfter: + - sanity-inspect-image + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-label-check:0.1@sha256:3bd4633b70548dd0055068a970322811b3a96a8a5d98d0b483c748d37135a7a5 + name: sanity-label-check + when: + - input: $(params.hacbs) + operator: in + values: + - "true" + workspaces: + - name: workspace + workspace: workspace + - name: sanity-optional-label-check + params: + - name: POLICY_NAMESPACE + value: optional_checks + runAfter: + - sanity-inspect-image + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-label-check:0.1@sha256:3bd4633b70548dd0055068a970322811b3a96a8a5d98d0b483c748d37135a7a5 + name: sanity-label-check + when: + - input: $(params.hacbs) + operator: in + values: + - "true" + workspaces: + - name: workspace + workspace: workspace + - name: deprecated-base-image-check + params: + - name: IMAGE_REGISTRY + value: registry.access.redhat.com + - name: IMAGE_REPOSITORY + value: $(tasks.sanity-inspect-image.results.BASE_IMAGE_REPOSITORY) + runAfter: + - sanity-inspect-image + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.1@sha256:a7e8f82a7c5c4b2e8bf86338f8aedf44b5606daf591462b9aa5adb35f7df6cac + name: deprecated-image-check + when: + - input: $(params.hacbs) + operator: in + values: + - "true" + workspaces: + - name: sanity-ws + workspace: workspace + - name: get-clair-results + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-get-clair-scan:0.1@sha256:f5259b6194f73e43f8f1d8ec8f7cd7466209fbf8aaf8b8ac4cf653fc54fc6b3b + name: get-clair-scan + when: + - input: $(params.hacbs) + operator: in + values: + - "true" + workspaces: + - name: clair-ws + workspace: workspace + - name: registry-auth + workspace: registry-auth + - name: conftest-clair + runAfter: + - get-clair-results + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-conftest-clair:0.1@sha256:afd12c004c1e4f0a86f117fc1fee85ab19c9f090e281e2e0db0c0c14adecff35 + name: conftest-clair + when: + - input: $(params.hacbs) + operator: in + values: + - "true" + workspaces: + - name: conftest-ws + workspace: workspace + - name: sast-snyk-check + runAfter: + - clone-repository + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:3da394c1123a31a7a3c38e51dc7035e4f468998f6b160d8873d6e9634b6caa6b + name: sast-snyk-check + when: + - input: $(params.hacbs) + operator: in + values: + - "true" + workspaces: + - name: workspace + workspace: workspace + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:641d749124ff7d80a67e0890198b211db08be77da074deb0e8f206ebfade19db + name: clamav-scan + when: + - input: $(params.hacbs) + operator: in + values: + - "true" + workspaces: + - name: registry-auth + workspace: registry-auth + - name: sbom-json-check + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:9d228fedb0429e4ae6f383e9355615823e0684a36ab3c2453a3f3cd56f518944 + name: sbom-json-check + when: + - input: $(params.hacbs) + operator: in + values: + - "true" + workspaces: + - name: workspace + workspace: workspace + workspaces: + - name: workspace + - name: registry-auth + optional: true + - name: git-auth + optional: true + workspaces: + - name: workspace + volumeClaimTemplate: + metadata: + creationTimestamp: null + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: {} + - name: registry-auth + secret: + secretName: redhat-appstudio-registry-pull-secret +status: {}