Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions tasks/collectors/collect-collectors-resources/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@ A task result is returned for each resource with the relative path to the stored

| Name | Description | Optional | Default value |
|------------------------|------------------------------------------------------------------|----------|---------------|
| previousRelease | Namespaced name of the previous Release | No | - |
| release | Namespaced name of the Release | No | - |
| collectorsResourceType | The type of resource that contains the collectors | No | - |
| previousRelease | The namespaced name of the previous Release | No | - |
| release | The namespaced name of the Release | No | - |
| collectorsResourceType | The type of resource that contains the collectors | Yes | releaseplan |
| collectorsResource | The namespaced name of the resource that contains the collectors | No | - |
| subdirectory | Subdirectory inside the workspace to be used | Yes | "" |
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,14 @@ metadata:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/tags: release
spec:
description: Tekton task to collect the information related to collectors
description: |-
Tekton task to collect collectors related resources.

The purpose of this task is to collect all the resources related with the collectors feature and supply
them to other tasks in the pipeline by creating json files for each resource. This task is similar
to collect-data but it only collects a subset of the resources. Specifically those related to collectors.

A task result is returned for each resource with the relative path to the stored JSON for it in the workspace.
params:
- name: previousRelease
type: string
Expand Down
6 changes: 3 additions & 3 deletions tasks/collectors/run-collectors/README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# run-collectors

Tekton task to run the collectors defined in a resource passed as parameter. The results are saved in the resultsDir,
one file per collector.
Tekton task to run the collectors defined in a resource passed as parameter. The results are saved in the
resultsDir, one file per collector.

## Parameters

Expand All @@ -12,5 +12,5 @@ one file per collector.
| resultsDir | The relative path in the workspace to save the collector results to | No | - |
| collectorsRepository | Git repository where the collectors will be defined | No | - |
| collectorsRepositoryRevision | Git repository revision | Yes | main |
| releasePath | Path to the json data file of the current in-progress Release | No | - |
| releasePath | Path to the json data file of the current in-progress Release | No | - |
| previousReleasePath | Path to the json data file of the previous successful Release prior to the current one | No | - |
5 changes: 3 additions & 2 deletions tasks/collectors/run-collectors/run-collectors.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,9 @@ metadata:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/tags: release
spec:
description: >-
Tekton task to run collectors defined in a resource passed as parameter
description: |-
Tekton task to run the collectors defined in a resource passed as parameter. The results are saved in the
resultsDir, one file per collector.
params:
- name: collectorsPath
type: string
Expand Down
12 changes: 6 additions & 6 deletions tasks/collectors/save-collectors-results/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@ A tekton task that updates the passed CR status with the contents stored in the

## Parameters

| Name | Description | Optional | Default value |
|----------------|----------------------------------------------------------------------------------------------------------------------|----------|---------------|
| resourceType | The type of resource that is being patched | Yes | release |
| statusKey | The top level key to overwrite in the resource status | Yes | collectors |
| resource | The namespaced name of the resource to be patched | No | - |
| resultsDirPath | Path to the directory containing the result files in the data workspace which will be added to the resource's status | No | - |
| Name | Description | Optional | Default value |
|----------------|------------------------------------------------------------------------------|----------|---------------|
| resourceType | The type of resource that is being patched | Yes | release |
| statusKey | The top level key to overwrite in the resource status | Yes | collectors |
| resource | The namespaced name of the resource to be patched | No | - |
| resultsDirPath | The relative path in the workspace where the collectors results are saved to | No | - |
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,8 @@ metadata:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/tags: release
spec:
description: >-
Tekton task to update the passed CR status with the
collectors results.
description: |-
A tekton task that updates the passed CR status with the contents stored in the files in the resultsDir.
params:
- name: resourceType
description: The type of resource that is being patched
Expand Down
8 changes: 5 additions & 3 deletions tasks/internal/check-embargoed-cves-task/README.md
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
# check-embargoed-cves-task

Checks if any passed CVEs are embargoed. The task will always exit 0 even if something fails. This is because the task result
will not be set if the task fails, and the task result should always be set and propagated back to the cluster that creates the
internal request. The success/failure is handled in the task creating the internal request.
Checks if any passed CVEs are embargoed.
The task will always exit 0 even if something fails. This is because the task result will not be
set if the task fails, and the task result should always be set and propagated back to the cluster
that creates the internal request. The success/failure is handled in the task creating the internal
request.

## Parameters

Expand Down
6 changes: 3 additions & 3 deletions tasks/internal/collect-simple-signing-params/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@ Task to collect parameters for the simple signing pipeline

## Parameters

| Name | Description | Optional | Default value |
|------------------|---------------------------------------------------------------------------------------|----------|--------------------------------------------------------|
| config_map_name | Name of a configmap with pipeline configuration | No | - |
| Name | Description | Optional | Default value |
|-----------------|-------------------------------------------------|----------|---------------|
| config_map_name | Name of a configmap with pipeline configuration | No | - |
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ metadata:
annotations:
tekton.dev/tags: release
spec:
description: |-
Task to collect parameters for the simple signing pipeline
params:
- name: config_map_name
description: Name of a configmap with pipeline configuration
Expand Down
14 changes: 9 additions & 5 deletions tasks/internal/create-advisory-oci-artifact-task/README.md
Original file line number Diff line number Diff line change
@@ -1,11 +1,15 @@
# create-advisory-oci-artifact-task

Creates an oci artifact of an advisory given a Gitlab URL.
The task will always exit 0 even if something fails. This is because the task result will not be
set if the task fails, and the task result should always be set and propagated back to the cluster
that creates the internal request. The success/failure is handled in the task creating the internal
request.

## Parameters

| Name | Description | Optional | Default value |
|-------------------------------------------------|----------------------------------------------------------------------------------------------------|----------|-------------------------------------------------------|
| advisory_url | the url of the advisory | No | - |
| internalRequestPipelineRunName | Name of the PipelineRun that called this task | No | - |
| trusted_artifacts_dockerconfig_json_secret_name | The name of the secret that contains to dockerconfig json to use for trusted artifact operations | Yes | quay-token-konflux-release-trusted-artifacts-secret |
| Name | Description | Optional | Default value |
|-------------------------------------------------|--------------------------------------------------------------------------------------------------|----------|-----------------------------------------------------|
| advisory_url | the url of the advisory | No | - |
| internalRequestPipelineRunName | Name of the PipelineRun that called this task | No | - |
| trusted_artifacts_dockerconfig_json_secret_name | The name of the secret that contains to dockerconfig json to use for trusted artifact operations | Yes | quay-token-konflux-release-trusted-artifacts-secret |
10 changes: 6 additions & 4 deletions tasks/internal/create-advisory-task/README.md
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
# create-advisory-task

Pushes an advisory yaml to a Git repository. The task will always exit 0 even if something fails. This is because the task result
will not be set if the task fails, and the task result should always be set and propagated back to the cluster that creates the
internal request. The success/failure is handled in the task creating the internal request.
Pushes an advisory yaml to a Git repository.
The task will always exit 0 even if something fails. This is because the task result will not be
set if the task fails, and the task result should always be set and propagated back to the cluster
that creates the internal request. The success/failure is handled in the task creating the internal
request.

## Parameters

Expand All @@ -11,8 +13,8 @@ internal request. The success/failure is handled in the task creating the intern
| advisory_json | String containing a JSON representation of the advisory data (e.g. '{"product_id":123,"type":"RHSA"}') | No | - |
| application | Application being released | No | - |
| origin | The origin workspace where the release CR comes from. This is used to determine the advisory path | No | - |
| contentType | The contentType of the release artifact. One of [image|binary|generic] | Yes | image |
| config_map_name | The name of the configMap that contains the signing key | No | - |
| advisory_secret_name | The name of the secret that contains the advisory creation metadata | No | - |
| errata_secret_name | The name of the secret that contains the errata service account metadata | No | - |
| internalRequestPipelineRunName | Name of the PipelineRun that called this task | No | - |
| contentType | The contentType of the release artifact. One of [image|binary|generic] | Yes | image |
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ spec:
- name: advisory_json
type: string
description: |
String containing a JSON representation of the advisory data (e.g. '{"product_id":123,"type":"RHSA"}').
String containing a JSON representation of the advisory data (e.g. '{"product_id":123,"type":"RHSA"}')
- name: application
type: string
description: Application being released
Expand Down
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
# filter-already-released-advisory-images-task

This internal Tekton task filters out images from a snapshot if they have already
been published in an advisory stored in a GitLab repository.
It returns a list of component names that still need to be released (i.e., not found in any advisory).
Filters out images from a snapshot if they are already published in an advisory
stored in the GitLab advisory repo. Returns a list of component names
that still need to be released (i.e., not found in any advisory).

## Parameters

| Name | Description | Optional | Default value |
|--------------------------------|--------------------------------------------------------------------------------------------------------|----------|---------------|
| snapshot_json | String containing the full JSON representation of the snapshot spec | No | - |
| origin | The origin workspace for the release CR (used to locate advisories) | No | - |
| advisory_secret_name | Name of the secret containing GitLab repo and token information | No | - |
| internalRequestPipelineRunName | Name of the PipelineRun that called this task | No | - |
| Name | Description | Optional | Default value |
|--------------------------------|-------------------------------------------------------------------|----------|---------------|
| snapshot | Base64 string of gzipped JSON representation of the snapshot spec | No | - |
| origin | The origin workspace for the release CR | No | - |
| advisory_secret_name | Name of the secret containing advisory metadata | No | - |
| internalRequestPipelineRunName | Name of the PipelineRun that requested this task | No | - |
3 changes: 1 addition & 2 deletions tasks/internal/get-advisory-severity/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,9 @@ releaseNotesImages. For each CVE, the overall impact it is looked at. If the OSI
impact for the specific affected component, that is used instead of the overall impact. The highest
impact from all of the CVEs is returned as a task result.


## Parameters

| Name | Description | Optional | Default value |
|--------------------------------|-------------------------------------------------------|----------|---------------|
| releaseNotesImages | Json array of image specific details for the advisory | No | - |
| internalRequestPipelineRunName | Name of the PipelineRun that called this task | No | - |
| internalRequestPipelineRunName | name of the PipelineRun that called this task | No | - |
Loading