forked from enterprise-contract/ec-cli
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #13 from cuipinghuo/appstudio-ec-cli-hwah
Appstudio update ec-cli-hwah
- Loading branch information
Showing
2 changed files
with
687 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,344 @@ | ||
| apiVersion: tekton.dev/v1beta1 | ||
| kind: PipelineRun | ||
| metadata: | ||
| annotations: | ||
| build.appstudio.redhat.com/commit_sha: '{{revision}}' | ||
| build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' | ||
| build.appstudio.redhat.com/target_branch: '{{target_branch}}' | ||
| pipelinesascode.tekton.dev/max-keep-runs: "3" | ||
| pipelinesascode.tekton.dev/on-event: '[pull_request]' | ||
| pipelinesascode.tekton.dev/on-target-branch: '[main]' | ||
| creationTimestamp: null | ||
| labels: | ||
| appstudio.openshift.io/application: contract | ||
| appstudio.openshift.io/component: ec-cli-hwah | ||
| pipelines.appstudio.openshift.io/type: build | ||
| name: ec-cli-hwah-on-pull-request | ||
| namespace: qe-chuo-tenant | ||
| spec: | ||
| params: | ||
| - name: dockerfile | ||
| value: ./Dockerfile | ||
| - name: git-url | ||
| value: '{{repo_url}}' | ||
| - name: output-image | ||
| value: quay.io/redhat-appstudio/user-workload:on-pr-{{revision}} | ||
| - name: path-context | ||
| value: . | ||
| - name: revision | ||
| value: '{{revision}}' | ||
| pipelineSpec: | ||
| finally: | ||
| - name: show-summary | ||
| params: | ||
| - name: pipelinerun-name | ||
| value: $(context.pipelineRun.name) | ||
| - name: git-url | ||
| value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) | ||
| - name: image-url | ||
| value: $(params.output-image) | ||
| - name: build-task-status | ||
| value: $(tasks.build-container.status) | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:c0f66b28c338426774e34a8d4a00349fbab798b19df5841a95727148d5ef3c65 | ||
| name: summary | ||
| params: | ||
| - description: Source Repository URL | ||
| name: git-url | ||
| type: string | ||
| - default: "" | ||
| description: Revision of the Source Repository | ||
| name: revision | ||
| type: string | ||
| - description: Fully Qualified Output Image | ||
| name: output-image | ||
| type: string | ||
| - default: . | ||
| description: The path to your source code | ||
| name: path-context | ||
| type: string | ||
| - default: Dockerfile | ||
| description: Path to the Dockerfile | ||
| name: dockerfile | ||
| type: string | ||
| - default: "false" | ||
| description: Force rebuild image | ||
| name: rebuild | ||
| type: string | ||
| - default: "false" | ||
| description: Skip checks against built image | ||
| name: skip-checks | ||
| type: string | ||
| - default: "false" | ||
| description: Execute the build with network isolation | ||
| name: hermetic | ||
| type: string | ||
| - default: "" | ||
| description: Build dependencies to be prefetched by Cachi2 | ||
| name: prefetch-input | ||
| type: string | ||
| - default: "false" | ||
| description: Java build | ||
| name: java | ||
| type: string | ||
| - default: "" | ||
| description: Snyk Token Secret Name | ||
| name: snyk-secret | ||
| type: string | ||
| results: | ||
| - description: "" | ||
| name: IMAGE_URL | ||
| value: $(tasks.build-container.results.IMAGE_URL) | ||
| - description: "" | ||
| name: IMAGE_DIGEST | ||
| value: $(tasks.build-container.results.IMAGE_DIGEST) | ||
| - description: "" | ||
| name: CHAINS-GIT_URL | ||
| value: $(tasks.clone-repository.results.url) | ||
| - description: "" | ||
| name: CHAINS-GIT_COMMIT | ||
| value: $(tasks.clone-repository.results.commit) | ||
| - description: "" | ||
| name: JAVA_COMMUNITY_DEPENDENCIES | ||
| value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) | ||
| tasks: | ||
| - name: init | ||
| params: | ||
| - name: image-url | ||
| value: $(params.output-image) | ||
| - name: rebuild | ||
| value: $(params.rebuild) | ||
| - name: skip-checks | ||
| value: $(params.skip-checks) | ||
| - name: pipelinerun-name | ||
| value: $(context.pipelineRun.name) | ||
| - name: pipelinerun-uid | ||
| value: $(context.pipelineRun.uid) | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:5ce77110e2a49407a69a7922042dc0859f7e8f5f75dc0cd0bcc2d17860469bdb | ||
| name: init | ||
| - name: clone-repository | ||
| params: | ||
| - name: url | ||
| value: $(params.git-url) | ||
| - name: revision | ||
| value: $(params.revision) | ||
| runAfter: | ||
| - init | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:f4e37778cba00296606ddfbc1c58181330899cafcaa1ee41c75a7cf8bed312f0 | ||
| name: git-clone | ||
| when: | ||
| - input: $(tasks.init.results.build) | ||
| operator: in | ||
| values: | ||
| - "true" | ||
| workspaces: | ||
| - name: output | ||
| workspace: workspace | ||
| - name: basic-auth | ||
| workspace: git-auth | ||
| - name: prefetch-dependencies | ||
| params: | ||
| - name: input | ||
| value: $(params.prefetch-input) | ||
| runAfter: | ||
| - clone-repository | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:bebbf6521a5a203410d6b0da5da366a5aa9bdd63522d7bf3f641e81b8cc2ba2d | ||
| name: prefetch-dependencies | ||
| when: | ||
| - input: $(params.hermetic) | ||
| operator: in | ||
| values: | ||
| - "true" | ||
| workspaces: | ||
| - name: source | ||
| workspace: workspace | ||
| - name: build-container | ||
| params: | ||
| - name: IMAGE | ||
| value: $(params.output-image) | ||
| - name: DOCKERFILE | ||
| value: $(params.dockerfile) | ||
| - name: CONTEXT | ||
| value: $(params.path-context) | ||
| - name: DOCKER_AUTH | ||
| value: $(tasks.init.results.container-registry-secret) | ||
| - name: HERMETIC | ||
| value: $(params.hermetic) | ||
| - name: PREFETCH_INPUT | ||
| value: $(params.prefetch-input) | ||
| runAfter: | ||
| - prefetch-dependencies | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:c3712257615d206ef40013bf1c5c681670fc8f7fd6aac9fa4c86f7afeff627ef | ||
| name: buildah | ||
| when: | ||
| - input: $(tasks.init.results.build) | ||
| operator: in | ||
| values: | ||
| - "true" | ||
| workspaces: | ||
| - name: source | ||
| workspace: workspace | ||
| - name: sanity-inspect-image | ||
| params: | ||
| - name: IMAGE_URL | ||
| value: $(tasks.build-container.results.IMAGE_URL) | ||
| - name: IMAGE_DIGEST | ||
| value: $(tasks.build-container.results.IMAGE_DIGEST) | ||
| - name: DOCKER_AUTH | ||
| value: $(tasks.init.results.container-registry-secret) | ||
| runAfter: | ||
| - build-container | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-inspect-image:0.1@sha256:fd4efd9d12eea3a8d47532c4226e685618845d0ba95abb98e008020243d96301 | ||
| name: sanity-inspect-image | ||
| when: | ||
| - input: $(params.skip-checks) | ||
| operator: in | ||
| values: | ||
| - "false" | ||
| workspaces: | ||
| - name: source | ||
| workspace: workspace | ||
| - name: sanity-label-check | ||
| runAfter: | ||
| - sanity-inspect-image | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-label-check:0.1@sha256:534770bf7a7c10277ab5f9c1e7b766abbffb343cc864dd9545aecc5278257dc3 | ||
| name: sanity-label-check | ||
| when: | ||
| - input: $(params.skip-checks) | ||
| operator: in | ||
| values: | ||
| - "false" | ||
| workspaces: | ||
| - name: workspace | ||
| workspace: workspace | ||
| - name: sanity-optional-label-check | ||
| params: | ||
| - name: POLICY_NAMESPACE | ||
| value: optional_checks | ||
| runAfter: | ||
| - sanity-inspect-image | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-label-check:0.1@sha256:534770bf7a7c10277ab5f9c1e7b766abbffb343cc864dd9545aecc5278257dc3 | ||
| name: sanity-label-check | ||
| when: | ||
| - input: $(params.skip-checks) | ||
| operator: in | ||
| values: | ||
| - "false" | ||
| workspaces: | ||
| - name: workspace | ||
| workspace: workspace | ||
| - name: deprecated-base-image-check | ||
| params: | ||
| - name: BASE_IMAGES_DIGESTS | ||
| value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.1@sha256:28d724dd6f6c365b2a839d9e52baac91559fd78c160774769c1ec724301f78d4 | ||
| name: deprecated-image-check | ||
| when: | ||
| - input: $(params.skip-checks) | ||
| operator: in | ||
| values: | ||
| - "false" | ||
| workspaces: | ||
| - name: sanity-ws | ||
| workspace: workspace | ||
| - name: clair-scan | ||
| params: | ||
| - name: image-digest | ||
| value: $(tasks.build-container.results.IMAGE_DIGEST) | ||
| - name: image-url | ||
| value: $(tasks.build-container.results.IMAGE_URL) | ||
| - name: docker-auth | ||
| value: $(tasks.init.results.container-registry-secret) | ||
| runAfter: | ||
| - build-container | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:fba8170329ab00b864ee7d16e0358df4c4386880e10894fd7bbbb1457112477b | ||
| name: clair-scan | ||
| when: | ||
| - input: $(params.skip-checks) | ||
| operator: in | ||
| values: | ||
| - "false" | ||
| - name: sast-snyk-check | ||
| params: | ||
| - name: SNYK_SECRET | ||
| value: $(params.snyk-secret) | ||
| runAfter: | ||
| - clone-repository | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:566ce8367b92261d637ecac245a66e3d7177d8d375948ba0fc74dbc7a55d674d | ||
| name: sast-snyk-check | ||
| when: | ||
| - input: $(params.skip-checks) | ||
| operator: in | ||
| values: | ||
| - "false" | ||
| - input: $(params.snyk-secret) | ||
| operator: notin | ||
| values: | ||
| - "" | ||
| workspaces: | ||
| - name: workspace | ||
| workspace: workspace | ||
| - name: clamav-scan | ||
| params: | ||
| - name: image-digest | ||
| value: $(tasks.build-container.results.IMAGE_DIGEST) | ||
| - name: image-url | ||
| value: $(tasks.build-container.results.IMAGE_URL) | ||
| - name: docker-auth | ||
| value: $(tasks.init.results.container-registry-secret) | ||
| runAfter: | ||
| - build-container | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:28b425322aa84f988c6c4f8d503787b3fb301668b2ad6728846b8f8c45ba012b | ||
| name: clamav-scan | ||
| when: | ||
| - input: $(params.skip-checks) | ||
| operator: in | ||
| values: | ||
| - "false" | ||
| - name: sbom-json-check | ||
| params: | ||
| - name: IMAGE_URL | ||
| value: $(tasks.build-container.results.IMAGE_URL) | ||
| - name: IMAGE_DIGEST | ||
| value: $(tasks.build-container.results.IMAGE_DIGEST) | ||
| runAfter: | ||
| - build-container | ||
| taskRef: | ||
| bundle: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:ce6a0932da9b41080108284d1366fc2de8374fca5137500138e16ad9e04610c6 | ||
| name: sbom-json-check | ||
| when: | ||
| - input: $(params.skip-checks) | ||
| operator: in | ||
| values: | ||
| - "false" | ||
| workspaces: | ||
| - name: workspace | ||
| - name: git-auth | ||
| optional: true | ||
| workspaces: | ||
| - name: workspace | ||
| volumeClaimTemplate: | ||
| metadata: | ||
| creationTimestamp: null | ||
| spec: | ||
| accessModes: | ||
| - ReadWriteOnce | ||
| resources: | ||
| requests: | ||
| storage: 1Gi | ||
| status: {} | ||
| - name: git-auth | ||
| secret: | ||
| secretName: '{{ git_auth_secret }}' | ||
| status: {} |
Oops, something went wrong.