-
Notifications
You must be signed in to change notification settings - Fork 133
Expand file tree
/
Copy pathinspect-target-index-task.yaml
More file actions
71 lines (69 loc) · 2.16 KB
/
Copy pathinspect-target-index-task.yaml
File metadata and controls
71 lines (69 loc) · 2.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
---
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: inspect-target-index-task
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/tags: release
spec:
description: |-
Tekton task to inspect a built FBC target index image using skopeo
params:
- name: targetIndex
type: string
description: Target Image pullspec to be inspected
- name: inspectCredentials
type: string
default: "fbc-publishing-credentials"
description: The credentials used to access the registries
- name: caTrustConfigMapName
type: string
description: The name of the ConfigMap to read CA bundle data from
default: trusted-ca
- name: caTrustConfigMapKey
type: string
description: The name of the key in the ConfigMap that contains the CA bundle data
default: ca-bundle.crt
results:
- name: requestMessage
volumes:
- name: inspect-credentials
secret:
secretName: $(params.inspectCredentials)
defaultMode: 0444
- name: trusted-ca
configMap:
name: $(params.caTrustConfigMapName)
items:
- key: $(params.caTrustConfigMapKey)
path: ca-bundle.crt
optional: true
stepTemplate:
volumeMounts:
- name: trusted-ca
mountPath: /mnt/trusted-ca
readOnly: true
steps:
- name: inspect-image
volumeMounts:
- name: inspect-credentials
mountPath: /mnt/inspectCredentials
securityContext:
runAsUser: 1001
image: >-
quay.io/konflux-ci/release-service-utils@sha256:5546fa78d3c88d7b6a2e8cff8902f7757f00541d0bbaf113b9f293133894afa3
computeResources:
limits:
memory: 64Mi
requests:
memory: 64Mi
cpu: 400m
script: |
#!/usr/bin/env bash
set -euo pipefail
PATH=/bin:/usr/bin:/usr/local/bin
export PATH
TARGET_INDEX_CREDENTIALS="$(cat /mnt/inspectCredentials/targetIndexCredential)"
skopeo inspect --creds "${TARGET_INDEX_CREDENTIALS}" "docker://$(params.targetIndex)" \
| jq -c '{ "digest": .Digest, "labels": .Labels }' | tee "$(results.requestMessage.path)"