Skip to content

Commit c2b72e9

Browse files
jstouracjstourac
committed
qwer
1 parent 18ed8c8 commit c2b72e9

File tree

2 files changed

+189
-8
lines changed

2 files changed

+189
-8
lines changed

.tekton/jupyter-minimal-ubi9-python-3-11-pull-request.yaml

Lines changed: 97 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -10,12 +10,12 @@ metadata:
1010
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
1111
pipelinesascode.tekton.dev/cancel-in-progress: "true"
1212
pipelinesascode.tekton.dev/max-keep-runs: '3'
13-
pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
14-
== "main" && ( "jupyter/minimal/ubi9-python-3.11/Pipfile.lock".pathChanged()
15-
|| "jupyter/minimal/ubi9-python-3.11/start-notebook.sh".pathChanged() || "jupyter/utils/***".pathChanged()
16-
|| ".tekton/jupyter-minimal-ubi9-python-3-11-pull-request.yaml".pathChanged()
17-
|| "jupyter/minimal/ubi9-python-3.11/Dockerfile.cpu".pathChanged() ) && has(body.repository)
18-
&& body.repository.full_name == "opendatahub-io/notebooks"
13+
# pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
14+
# == "main" && ( "jupyter/minimal/ubi9-python-3.11/Pipfile.lock".pathChanged()
15+
# || "jupyter/minimal/ubi9-python-3.11/start-notebook.sh".pathChanged() || "jupyter/utils/***".pathChanged()
16+
# || ".tekton/jupyter-minimal-ubi9-python-3-11-pull-request.yaml".pathChanged()
17+
# || "jupyter/minimal/ubi9-python-3.11/Dockerfile.cpu".pathChanged() ) && has(body.repository)
18+
# && body.repository.full_name == "opendatahub-io/notebooks"
1919
creationTimestamp: null
2020
labels:
2121
appstudio.openshift.io/application: notebooks
@@ -598,6 +598,97 @@ spec:
598598
operator: in
599599
values:
600600
- "false"
601+
- name: check-image-software
602+
params:
603+
- name: IMAGE_URL
604+
value: $(tasks.build-image-index.results.IMAGE_URL)
605+
# - name: PLATFORM
606+
# value: $(tasks.build-image-index.results.IMAGE_URL)
607+
- name: CHAINS-GIT_URL
608+
value: $(tasks.clone-repository.results.url)
609+
- name: CHAINS-GIT_COMMIT
610+
value: $(tasks.clone-repository.results.commit)
611+
- name: COSIGN_VERSION
612+
value: v2.4.3
613+
runAfter:
614+
- build-image-index
615+
# taskRef:
616+
# params:
617+
# - name: name
618+
# value: show-sbom
619+
# - name: bundle
620+
# value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:04f15cbce548e1db7770eee3f155ccb2cc0140a6c371dc67e9a34d83673ea0c0
621+
# - name: kind
622+
# value: task
623+
# resolver: bundles
624+
taskSpec:
625+
params:
626+
- name: IMAGE_URL
627+
# - name: PLATFORM
628+
- name: CHAINS-GIT_URL
629+
- name: CHAINS-GIT_COMMIT
630+
- name: COSIGN_VERSION
631+
results:
632+
- name: CHECK_OUTPUT
633+
description: Check output
634+
steps:
635+
- name: check-image-software
636+
image: registry.redhat.io/openshift4/ose-cli:latest
637+
env:
638+
- name: IMAGE_URL
639+
value: $(params.IMAGE_URL)
640+
# - name: PLATFORM
641+
# value: $(params.PLATFORM)
642+
- name: GIT_URL
643+
value: $(params.CHAINS-GIT_URL)
644+
- name: GIT_COMMIT
645+
value: $(params.CHAINS-GIT_COMMIT)
646+
- name: COSIGN_VERSION
647+
value: $(params.COSIGN_VERSION)
648+
script: |
649+
#!/bin/bash
650+
echo "Hello world, Stuchy!"
651+
env
652+
wget --output-document=cosign "https://github.com/sigstore/cosign/releases/download/${COSIGN_VERSION}/cosign-linux-amd64"
653+
chmod a+x cosign
654+
./cosign download sbom $PLATFORM_ARG $IMAGE_URL 2>>err
655+
656+
download_sbom_with_retry() {
657+
status=-1
658+
max_try=5
659+
wait_sec=2
660+
661+
PLATFORM_ARG="${1}"
662+
for run in $(seq 1 ${max_try}); do
663+
status=0
664+
cosign download sbom $PLATFORM_ARG $IMAGE_URL 2>>err
665+
status=$?
666+
if [ "$status" -eq 0 ]; then
667+
break
668+
fi
669+
sleep $wait_sec
670+
done
671+
if [ "$status" -ne 0 ]; then
672+
echo "Failed to get SBOM after ${max_try} tries" >&2
673+
cat err >&2
674+
fi
675+
}
676+
677+
RAW_OUTPUT=$(skopeo inspect --no-tags --raw docker://${IMAGE_URL})
678+
if [ "$(jq 'has("manifests")' <<< "$RAW_OUTPUT")" == "true" ] ; then
679+
# Multi arch
680+
ARCHES=$(jq -r '.manifests[].platform.architecture' <<< $RAW_OUTPUT)
681+
else
682+
ARCHES=""
683+
fi
684+
685+
if [ -z "${ARCHES}" ] ; then
686+
# single arch image
687+
download_sbom_with_retry ""
688+
else
689+
download_sbom_with_retry " --platform=${PLATFORM} "
690+
fi
691+
601692
workspaces:
602693
- name: git-auth
603694
optional: true

.tekton/jupyter-minimal-ubi9-python-3-11-push.yaml

Lines changed: 92 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,8 @@ metadata:
99
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
1010
pipelinesascode.tekton.dev/cancel-in-progress: "false"
1111
pipelinesascode.tekton.dev/max-keep-runs: '3'
12-
pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
13-
== "main" && has(body.repository) && body.repository.full_name == "opendatahub-io/notebooks"
12+
# pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
13+
# == "main" && has(body.repository) && body.repository.full_name == "opendatahub-io/notebooks"
1414
creationTimestamp: null
1515
labels:
1616
appstudio.openshift.io/application: notebooks
@@ -593,6 +593,96 @@ spec:
593593
operator: in
594594
values:
595595
- "false"
596+
- name: check-image-software
597+
params:
598+
- name: IMAGE_URL
599+
value: $(tasks.build-image-index.results.IMAGE_URL)
600+
# - name: PLATFORM
601+
# value: $(tasks.build-image-index.results.IMAGE_URL)
602+
- name: CHAINS-GIT_URL
603+
value: $(tasks.clone-repository.results.url)
604+
- name: CHAINS-GIT_COMMIT
605+
value: $(tasks.clone-repository.results.commit)
606+
- name: COSIGN_VERSION
607+
value: v2.4.3
608+
runAfter:
609+
- build-image-index
610+
# taskRef:
611+
# params:
612+
# - name: name
613+
# value: show-sbom
614+
# - name: bundle
615+
# value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:04f15cbce548e1db7770eee3f155ccb2cc0140a6c371dc67e9a34d83673ea0c0
616+
# - name: kind
617+
# value: task
618+
# resolver: bundles
619+
taskSpec:
620+
params:
621+
- name: IMAGE_URL
622+
# - name: PLATFORM
623+
- name: CHAINS-GIT_URL
624+
- name: CHAINS-GIT_COMMIT
625+
- name: COSIGN_VERSION
626+
results:
627+
- name: CHECK_OUTPUT
628+
description: Check output
629+
steps:
630+
- name: check-image-software
631+
image: registry.redhat.io/openshift4/ose-cli:latest
632+
env:
633+
- name: IMAGE_URL
634+
value: $(params.IMAGE_URL)
635+
# - name: PLATFORM
636+
# value: $(params.PLATFORM)
637+
- name: GIT_URL
638+
value: $(params.CHAINS-GIT_URL)
639+
- name: GIT_COMMIT
640+
value: $(params.CHAINS-GIT_COMMIT)
641+
- name: COSIGN_VERSION
642+
value: $(params.COSIGN_VERSION)
643+
script: |
644+
#!/bin/bash
645+
echo "Hello world, Stuchy!"
646+
env
647+
wget --output-document=cosign "https://github.com/sigstore/cosign/releases/download/${COSIGN_VERSION}/cosign-linux-amd64"
648+
chmod a+x cosign
649+
./cosign download sbom $PLATFORM_ARG $IMAGE_URL 2>>err
650+
651+
download_sbom_with_retry() {
652+
status=-1
653+
max_try=5
654+
wait_sec=2
655+
656+
PLATFORM_ARG="${1}"
657+
for run in $(seq 1 ${max_try}); do
658+
status=0
659+
cosign download sbom $PLATFORM_ARG $IMAGE_URL 2>>err
660+
status=$?
661+
if [ "$status" -eq 0 ]; then
662+
break
663+
fi
664+
sleep $wait_sec
665+
done
666+
if [ "$status" -ne 0 ]; then
667+
echo "Failed to get SBOM after ${max_try} tries" >&2
668+
cat err >&2
669+
fi
670+
}
671+
672+
RAW_OUTPUT=$(skopeo inspect --no-tags --raw docker://${IMAGE_URL})
673+
if [ "$(jq 'has("manifests")' <<< "$RAW_OUTPUT")" == "true" ] ; then
674+
# Multi arch
675+
ARCHES=$(jq -r '.manifests[].platform.architecture' <<< $RAW_OUTPUT)
676+
else
677+
ARCHES=""
678+
fi
679+
680+
if [ -z "${ARCHES}" ] ; then
681+
# single arch image
682+
download_sbom_with_retry ""
683+
else
684+
download_sbom_with_retry " --platform=${PLATFORM} "
685+
fi
596686
workspaces:
597687
- name: git-auth
598688
optional: true

0 commit comments

Comments
 (0)