-
Notifications
You must be signed in to change notification settings - Fork 133
Expand file tree
/
Copy pathpublish-index-image-task.yaml
More file actions
85 lines (84 loc) · 2.55 KB
/
Copy pathpublish-index-image-task.yaml
File metadata and controls
85 lines (84 loc) · 2.55 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
---
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: publish-index-image-task
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/tags: release
spec:
description: |-
Tekton task to publish a built FBC index image using skopeo
params:
- name: sourceIndex
type: string
description: sourceIndex signing image
- name: targetIndex
type: string
description: targetIndex signing image
- name: retries
type: string
default: "0"
description: Number of skopeo retries
- name: publishingCredentials
type: string
default: "fbc-publishing-credentials"
description: The credentials used to access the registries
- name: requestUpdateTimeout
type: string
default: "360"
description: Max seconds waiting for the status update
- name: caTrustConfigMapName
type: string
description: The name of the ConfigMap to read CA bundle data from
default: trusted-ca
- name: caTrustConfigMapKey
type: string
description: The name of the key in the ConfigMap that contains the CA bundle data
default: ca-bundle.crt
results:
- name: requestMessage
volumes:
- name: publishing-credentials
secret:
secretName: $(params.publishingCredentials)
defaultMode: 0444
- name: trusted-ca
configMap:
name: $(params.caTrustConfigMapName)
items:
- key: $(params.caTrustConfigMapKey)
path: ca-bundle.crt
optional: true
stepTemplate:
volumeMounts:
- name: trusted-ca
mountPath: /mnt/trusted-ca
readOnly: true
steps:
- name: publish-index-image
volumeMounts:
- name: publishing-credentials
mountPath: /mnt/publishingCredentials
securityContext:
runAsUser: 1001
image: >-
quay.io/jluza/release-service-utils:RELEASE-1989
imagePullPolicy: Always
computeResources:
limits:
memory: 64Mi
requests:
memory: 64Mi
cpu: 400m
script: |
#!/usr/bin/env bash
set -euo pipefail
python3 -m publish_index_image \
--source-index "$(params.sourceIndex)" \
--target-index "$(params.targetIndex)" \
--retries "$(params.retries)" \
--source-credential-path /mnt/publishingCredentials/sourceIndexCredential \
--target-credential-path /mnt/publishingCredentials/targetIndexCredential | \
awk '{printf "%s", (NR==1 ? "" : ORS) $0}' | \
tee "$(results.requestMessage.path)"