-
Notifications
You must be signed in to change notification settings - Fork 133
Expand file tree
/
Copy pathcreate-advisory-task.yaml
More file actions
126 lines (126 loc) · 4.74 KB
/
Copy pathcreate-advisory-task.yaml
File metadata and controls
126 lines (126 loc) · 4.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
---
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: create-advisory-task
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/tags: release
spec:
description: |
Pushes an advisory yaml to a Git repository.
The task will always exit 0 even if something fails. This is because the task result will not be
set if the task fails, and the task result should always be set and propagated back to the cluster
that creates the internal request. The success/failure is handled in the task creating the internal
request.
params:
- name: advisory_json
type: string
description: |
String containing a JSON representation of the advisory data (e.g. '{"product_id":123,"type":"RHSA"}')
- name: componentGroup
type: string
description: ComponentGroup being released
- name: origin
type: string
description: |
The origin workspace where the release CR comes from.
This is used to determine the advisory path
- name: config_map_name
type: string
description: The name of the configMap that contains the signing key
- name: advisory_secret_name
type: string
description: The name of the secret that contains the advisory creation metadata
- name: errata_secret_name
type: string
description: The name of the secret that contains the errata service account metadata
- name: internalRequestPipelineRunName
type: string
description: Name of the PipelineRun that called this task
- name: contentType
type: string
description: The contentType of the release artifact. One of [image|binary|generic|rpm|disk-image]
default: "image"
- name: caTrustConfigMapName
type: string
description: The name of the ConfigMap to read CA bundle data from
default: trusted-ca
- name: caTrustConfigMapKey
type: string
description: The name of the key in the ConfigMap that contains the CA bundle data
default: ca-bundle.crt
results:
- name: result
description: Success if the task succeeds, the error otherwise
- name: advisory_url
description: The advisory url if the task succeeds, empty string otherwise
- name: advisory_internal_url
description: The advisory internal url if the task succeeds, empty string otherwise
- name: internalRequestPipelineRunName
description: Name of the PipelineRun that called this task
- name: internalRequestTaskRunName
description: Name of this Task Run to be made available to caller
volumes:
- name: advisory-secret
secret:
secretName: $(params.advisory_secret_name)
defaultMode: 0444
- name: errata-secret
secret:
secretName: $(params.errata_secret_name)
defaultMode: 0444
- name: trusted-ca
configMap:
name: $(params.caTrustConfigMapName)
items:
- key: $(params.caTrustConfigMapKey)
path: ca-bundle.crt
optional: true
stepTemplate:
volumeMounts:
- name: trusted-ca
mountPath: /mnt/trusted-ca
readOnly: true
securityContext:
runAsUser: 1001
steps:
- name: create-advisory
image: quay.io/konflux-ci/release-service-utils@sha256:71a99d12d920fcc157e08e5dc9894fbc4bce42328e9c2f58dc53411278858d91
computeResources:
limits:
memory: 512Mi
requests:
memory: 512Mi
cpu: '1' # 1 is the max allowed by at least the staging cluster
volumeMounts:
- name: advisory-secret
mountPath: /mnt/advisory_secret
- name: errata-secret
mountPath: /mnt/errata_secret
env:
- name: ADVISORY_JSON
value: $(params.advisory_json)
- name: PARAM_COMPONENT_GROUP
value: $(params.componentGroup)
- name: PARAM_ORIGIN
value: $(params.origin)
- name: PARAM_CONFIG_MAP_NAME
value: $(params.config_map_name)
- name: PARAM_CONTENT_TYPE
value: $(params.contentType)
- name: PARAM_INTERNAL_REQUEST_PIPELINE_RUN_NAME
value: $(params.internalRequestPipelineRunName)
- name: PARAM_TASK_RUN_NAME
value: $(context.taskRun.name)
- name: RESULT_RESULT
value: $(results.result.path)
- name: RESULT_ADVISORY_URL
value: $(results.advisory_url.path)
- name: RESULT_ADVISORY_INTERNAL_URL
value: $(results.advisory_internal_url.path)
- name: RESULT_INTERNAL_REQUEST_PIPELINE_RUN_NAME
value: $(results.internalRequestPipelineRunName.path)
- name: RESULT_INTERNAL_REQUEST_TASK_RUN_NAME
value: $(results.internalRequestTaskRunName.path)
command: ["/home/scripts/python/tasks/internal/create_advisory.py"]