Skip to content

Commit 653c5f6

Browse files
author
redhat-appstudio
committed
Appstudio update hacbs-probe-payload-vrpk
1 parent 63e83ce commit 653c5f6

2 files changed

Lines changed: 679 additions & 0 deletions

File tree

Lines changed: 340 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,340 @@
1+
apiVersion: tekton.dev/v1beta1
2+
kind: PipelineRun
3+
metadata:
4+
annotations:
5+
build.appstudio.redhat.com/commit_sha: '{{revision}}'
6+
build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}'
7+
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
8+
pipelinesascode.tekton.dev/max-keep-runs: "3"
9+
pipelinesascode.tekton.dev/on-event: '[pull_request]'
10+
pipelinesascode.tekton.dev/on-target-branch: '[main,master]'
11+
creationTimestamp: null
12+
labels:
13+
appstudio.openshift.io/application: testapp
14+
appstudio.openshift.io/component: hacbs-probe-payload-vrpk
15+
pipelines.appstudio.openshift.io/type: build
16+
name: hacbs-probe-payload-vrpk-on-pull-request
17+
namespace: ralphjbean
18+
spec:
19+
params:
20+
- name: dockerfile
21+
value: https://raw.githubusercontent.com/ralphbean/hacbs-probe-payload/build-happy-path/Dockerfile
22+
- name: git-url
23+
value: '{{repo_url}}'
24+
- name: output-image
25+
value: quay.io/redhat-appstudio/user-workload:on-pr-{{revision}}
26+
- name: path-context
27+
value: ./
28+
- name: revision
29+
value: '{{revision}}'
30+
pipelineSpec:
31+
finally:
32+
- name: show-summary
33+
params:
34+
- name: pipeline-run-name
35+
value: $(context.pipelineRun.name)
36+
- name: git-url
37+
value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit)
38+
- name: image-url
39+
value: $(params.output-image)
40+
taskRef:
41+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:59d49758686c141bd26b3c193e52fd23bb47831c2a5d5872388ad6824684735e
42+
name: summary
43+
params:
44+
- description: Source Repository URL
45+
name: git-url
46+
type: string
47+
- default: ""
48+
description: Revision of the Source Repository
49+
name: revision
50+
type: string
51+
- description: Fully Qualified Output Image
52+
name: output-image
53+
type: string
54+
- default: .
55+
description: The path to your source code
56+
name: path-context
57+
type: string
58+
- default: Dockerfile
59+
description: Path to the Dockerfile
60+
name: dockerfile
61+
type: string
62+
- default: "false"
63+
description: Force rebuild image
64+
name: rebuild
65+
type: string
66+
- default: "false"
67+
description: Skip checks against built image
68+
name: skip-checks
69+
type: string
70+
- default: "false"
71+
description: Java build
72+
name: java
73+
type: string
74+
results:
75+
- description: ""
76+
name: IMAGE_URL
77+
value: $(tasks.build-container.results.IMAGE_URL)
78+
- description: ""
79+
name: IMAGE_DIGEST
80+
value: $(tasks.build-container.results.IMAGE_DIGEST)
81+
- description: ""
82+
name: CHAINS-GIT_URL
83+
value: $(tasks.clone-repository.results.url)
84+
- description: ""
85+
name: CHAINS-GIT_COMMIT
86+
value: $(tasks.clone-repository.results.commit)
87+
- description: ""
88+
name: JAVA_COMMUNITY_DEPENDENCIES
89+
value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES)
90+
tasks:
91+
- name: appstudio-init
92+
params:
93+
- name: image-url
94+
value: $(params.output-image)
95+
- name: rebuild
96+
value: $(params.rebuild)
97+
- name: skip-checks
98+
value: $(params.skip-checks)
99+
- name: pipeline-run-name
100+
value: $(context.pipelineRun.name)
101+
taskRef:
102+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:36b763fa2356f1fea668afc45e28b9b4da648cc35066a32fd1ded1ac48c8cd84
103+
name: init
104+
- name: clone-repository
105+
params:
106+
- name: url
107+
value: $(params.git-url)
108+
- name: revision
109+
value: $(params.revision)
110+
runAfter:
111+
- appstudio-init
112+
taskRef:
113+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:5e409aeff2f143a0d368dc8c53d1f4d8b9fc5be83f7111a99d0d367487655229
114+
name: git-clone
115+
when:
116+
- input: $(tasks.appstudio-init.results.build)
117+
operator: in
118+
values:
119+
- "true"
120+
workspaces:
121+
- name: output
122+
workspace: workspace
123+
- name: basic-auth
124+
workspace: git-auth
125+
- name: appstudio-configure-build
126+
runAfter:
127+
- clone-repository
128+
taskRef:
129+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-configure-build:0.1@sha256:003eb89ebe3e51d88b93baaabd8ab66eaf479aad00ad71a9571b12f7b428adc9
130+
name: configure-build
131+
when:
132+
- input: $(tasks.appstudio-init.results.build)
133+
operator: in
134+
values:
135+
- "true"
136+
workspaces:
137+
- name: source
138+
workspace: workspace
139+
- name: registry-auth
140+
workspace: registry-auth
141+
- name: prefetch-dependencies
142+
params:
143+
- name: package-type
144+
value: gomod
145+
- name: package-path
146+
value: $(params.path-context)
147+
runAfter:
148+
- appstudio-configure-build
149+
taskRef:
150+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:10d7ac70a9950b655328c4b57c42290afea115e2a0f0d5e0b399f62d2325a22c
151+
name: prefetch-dependencies
152+
when:
153+
- input: $(tasks.clone-repository.results.hermetic-build)
154+
operator: in
155+
values:
156+
- "true"
157+
workspaces:
158+
- name: source
159+
workspace: workspace
160+
- name: build-container
161+
params:
162+
- name: IMAGE
163+
value: $(params.output-image)
164+
- name: DOCKERFILE
165+
value: $(params.dockerfile)
166+
- name: CONTEXT
167+
value: $(params.path-context)
168+
- name: BUILD_EXTRA_ARGS
169+
value: $(tasks.appstudio-configure-build.results.buildah-auth-param)
170+
- name: PUSH_EXTRA_ARGS
171+
value: $(tasks.appstudio-configure-build.results.buildah-auth-param)
172+
- name: HERMETIC_BUILD
173+
value: $(tasks.clone-repository.results.hermetic-build)
174+
runAfter:
175+
- prefetch-dependencies
176+
taskRef:
177+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:997d7a1c1bcac31726ecfb2fc8b8ff34e73b3b2786d2c519e711fcb0ca151ee0
178+
name: buildah
179+
when:
180+
- input: $(tasks.appstudio-init.results.build)
181+
operator: in
182+
values:
183+
- "true"
184+
workspaces:
185+
- name: source
186+
workspace: workspace
187+
- name: sanity-inspect-image
188+
params:
189+
- name: IMAGE_URL
190+
value: $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)
191+
runAfter:
192+
- build-container
193+
taskRef:
194+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-inspect-image:0.1@sha256:1ff8cea8259a415a7ca6de7d47ade692813721653f89166f549e732cecaf2dcf
195+
name: sanity-inspect-image
196+
when:
197+
- input: $(params.skip-checks)
198+
operator: in
199+
values:
200+
- "false"
201+
workspaces:
202+
- name: workspace
203+
workspace: workspace
204+
- name: sanity-label-check
205+
runAfter:
206+
- sanity-inspect-image
207+
taskRef:
208+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-label-check:0.1@sha256:1f0fe138843308648f11132749e6ec08a3ffdf1d60bee63c7df53bf5927bff0e
209+
name: sanity-label-check
210+
when:
211+
- input: $(params.skip-checks)
212+
operator: in
213+
values:
214+
- "false"
215+
workspaces:
216+
- name: workspace
217+
workspace: workspace
218+
- name: sanity-optional-label-check
219+
params:
220+
- name: POLICY_NAMESPACE
221+
value: optional_checks
222+
runAfter:
223+
- sanity-inspect-image
224+
taskRef:
225+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-label-check:0.1@sha256:1f0fe138843308648f11132749e6ec08a3ffdf1d60bee63c7df53bf5927bff0e
226+
name: sanity-label-check
227+
when:
228+
- input: $(params.skip-checks)
229+
operator: in
230+
values:
231+
- "false"
232+
workspaces:
233+
- name: workspace
234+
workspace: workspace
235+
- name: deprecated-base-image-check
236+
params:
237+
- name: BASE_IMAGES_DIGESTS
238+
value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS)
239+
taskRef:
240+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.1@sha256:f95f72700fe06ea9a285687827199944b1d4a44b83757beb4073569c5beaf3cf
241+
name: deprecated-image-check
242+
when:
243+
- input: $(params.skip-checks)
244+
operator: in
245+
values:
246+
- "false"
247+
workspaces:
248+
- name: sanity-ws
249+
workspace: workspace
250+
- name: clair-scan
251+
params:
252+
- name: image-digest
253+
value: $(tasks.build-container.results.IMAGE_DIGEST)
254+
- name: image-url
255+
value: $(tasks.build-container.results.IMAGE_URL)
256+
runAfter:
257+
- build-container
258+
taskRef:
259+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:4f65b7f26953460d26370d66538c0cdc4b978f35093dc3b38af8b496b563a944
260+
name: clair-scan
261+
when:
262+
- input: $(params.skip-checks)
263+
operator: in
264+
values:
265+
- "false"
266+
workspaces:
267+
- name: registry-auth
268+
workspace: registry-auth
269+
- name: sast-snyk-check
270+
runAfter:
271+
- clone-repository
272+
taskRef:
273+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:29aa45fef5d67f0be2a89dc954ce8fa406236901d4dfcebfba88338221c4627e
274+
name: sast-snyk-check
275+
when:
276+
- input: $(params.skip-checks)
277+
operator: in
278+
values:
279+
- "false"
280+
workspaces:
281+
- name: workspace
282+
workspace: workspace
283+
- name: clamav-scan
284+
params:
285+
- name: image-digest
286+
value: $(tasks.build-container.results.IMAGE_DIGEST)
287+
- name: image-url
288+
value: $(tasks.build-container.results.IMAGE_URL)
289+
runAfter:
290+
- build-container
291+
taskRef:
292+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:64b52d3e33cdb539f1d3759f432782eaed5c812bea04296f509cfa2d81247c8d
293+
name: clamav-scan
294+
when:
295+
- input: $(params.skip-checks)
296+
operator: in
297+
values:
298+
- "false"
299+
workspaces:
300+
- name: registry-auth
301+
workspace: registry-auth
302+
- name: sbom-json-check
303+
params:
304+
- name: IMAGE_URL
305+
value: $(tasks.build-container.results.IMAGE_URL)
306+
runAfter:
307+
- build-container
308+
taskRef:
309+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:9d228fedb0429e4ae6f383e9355615823e0684a36ab3c2453a3f3cd56f518944
310+
name: sbom-json-check
311+
when:
312+
- input: $(params.skip-checks)
313+
operator: in
314+
values:
315+
- "false"
316+
workspaces:
317+
- name: workspace
318+
workspace: workspace
319+
workspaces:
320+
- name: workspace
321+
- name: registry-auth
322+
optional: true
323+
- name: git-auth
324+
optional: true
325+
workspaces:
326+
- name: workspace
327+
volumeClaimTemplate:
328+
metadata:
329+
creationTimestamp: null
330+
spec:
331+
accessModes:
332+
- ReadWriteOnce
333+
resources:
334+
requests:
335+
storage: 1Gi
336+
status: {}
337+
- name: registry-auth
338+
secret:
339+
secretName: redhat-appstudio-registry-pull-secret
340+
status: {}

0 commit comments

Comments
 (0)