|
| 1 | +apiVersion: tekton.dev/v1beta1 |
| 2 | +kind: PipelineRun |
| 3 | +metadata: |
| 4 | + annotations: |
| 5 | + build.appstudio.redhat.com/commit_sha: '{{revision}}' |
| 6 | + build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' |
| 7 | + build.appstudio.redhat.com/target_branch: '{{target_branch}}' |
| 8 | + pipelinesascode.tekton.dev/max-keep-runs: "3" |
| 9 | + pipelinesascode.tekton.dev/on-event: '[pull_request]' |
| 10 | + pipelinesascode.tekton.dev/on-target-branch: '[main,master]' |
| 11 | + creationTimestamp: null |
| 12 | + labels: |
| 13 | + appstudio.openshift.io/application: testapp |
| 14 | + appstudio.openshift.io/component: hacbs-probe-payload-vrpk |
| 15 | + pipelines.appstudio.openshift.io/type: build |
| 16 | + name: hacbs-probe-payload-vrpk-on-pull-request |
| 17 | + namespace: ralphjbean |
| 18 | +spec: |
| 19 | + params: |
| 20 | + - name: dockerfile |
| 21 | + value: https://raw.githubusercontent.com/ralphbean/hacbs-probe-payload/build-happy-path/Dockerfile |
| 22 | + - name: git-url |
| 23 | + value: '{{repo_url}}' |
| 24 | + - name: output-image |
| 25 | + value: quay.io/redhat-appstudio/user-workload:on-pr-{{revision}} |
| 26 | + - name: path-context |
| 27 | + value: ./ |
| 28 | + - name: revision |
| 29 | + value: '{{revision}}' |
| 30 | + pipelineSpec: |
| 31 | + finally: |
| 32 | + - name: show-summary |
| 33 | + params: |
| 34 | + - name: pipeline-run-name |
| 35 | + value: $(context.pipelineRun.name) |
| 36 | + - name: git-url |
| 37 | + value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) |
| 38 | + - name: image-url |
| 39 | + value: $(params.output-image) |
| 40 | + taskRef: |
| 41 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:59d49758686c141bd26b3c193e52fd23bb47831c2a5d5872388ad6824684735e |
| 42 | + name: summary |
| 43 | + params: |
| 44 | + - description: Source Repository URL |
| 45 | + name: git-url |
| 46 | + type: string |
| 47 | + - default: "" |
| 48 | + description: Revision of the Source Repository |
| 49 | + name: revision |
| 50 | + type: string |
| 51 | + - description: Fully Qualified Output Image |
| 52 | + name: output-image |
| 53 | + type: string |
| 54 | + - default: . |
| 55 | + description: The path to your source code |
| 56 | + name: path-context |
| 57 | + type: string |
| 58 | + - default: Dockerfile |
| 59 | + description: Path to the Dockerfile |
| 60 | + name: dockerfile |
| 61 | + type: string |
| 62 | + - default: "false" |
| 63 | + description: Force rebuild image |
| 64 | + name: rebuild |
| 65 | + type: string |
| 66 | + - default: "false" |
| 67 | + description: Skip checks against built image |
| 68 | + name: skip-checks |
| 69 | + type: string |
| 70 | + - default: "false" |
| 71 | + description: Java build |
| 72 | + name: java |
| 73 | + type: string |
| 74 | + results: |
| 75 | + - description: "" |
| 76 | + name: IMAGE_URL |
| 77 | + value: $(tasks.build-container.results.IMAGE_URL) |
| 78 | + - description: "" |
| 79 | + name: IMAGE_DIGEST |
| 80 | + value: $(tasks.build-container.results.IMAGE_DIGEST) |
| 81 | + - description: "" |
| 82 | + name: CHAINS-GIT_URL |
| 83 | + value: $(tasks.clone-repository.results.url) |
| 84 | + - description: "" |
| 85 | + name: CHAINS-GIT_COMMIT |
| 86 | + value: $(tasks.clone-repository.results.commit) |
| 87 | + - description: "" |
| 88 | + name: JAVA_COMMUNITY_DEPENDENCIES |
| 89 | + value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) |
| 90 | + tasks: |
| 91 | + - name: appstudio-init |
| 92 | + params: |
| 93 | + - name: image-url |
| 94 | + value: $(params.output-image) |
| 95 | + - name: rebuild |
| 96 | + value: $(params.rebuild) |
| 97 | + - name: skip-checks |
| 98 | + value: $(params.skip-checks) |
| 99 | + - name: pipeline-run-name |
| 100 | + value: $(context.pipelineRun.name) |
| 101 | + taskRef: |
| 102 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:36b763fa2356f1fea668afc45e28b9b4da648cc35066a32fd1ded1ac48c8cd84 |
| 103 | + name: init |
| 104 | + - name: clone-repository |
| 105 | + params: |
| 106 | + - name: url |
| 107 | + value: $(params.git-url) |
| 108 | + - name: revision |
| 109 | + value: $(params.revision) |
| 110 | + runAfter: |
| 111 | + - appstudio-init |
| 112 | + taskRef: |
| 113 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:5e409aeff2f143a0d368dc8c53d1f4d8b9fc5be83f7111a99d0d367487655229 |
| 114 | + name: git-clone |
| 115 | + when: |
| 116 | + - input: $(tasks.appstudio-init.results.build) |
| 117 | + operator: in |
| 118 | + values: |
| 119 | + - "true" |
| 120 | + workspaces: |
| 121 | + - name: output |
| 122 | + workspace: workspace |
| 123 | + - name: basic-auth |
| 124 | + workspace: git-auth |
| 125 | + - name: appstudio-configure-build |
| 126 | + runAfter: |
| 127 | + - clone-repository |
| 128 | + taskRef: |
| 129 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-configure-build:0.1@sha256:003eb89ebe3e51d88b93baaabd8ab66eaf479aad00ad71a9571b12f7b428adc9 |
| 130 | + name: configure-build |
| 131 | + when: |
| 132 | + - input: $(tasks.appstudio-init.results.build) |
| 133 | + operator: in |
| 134 | + values: |
| 135 | + - "true" |
| 136 | + workspaces: |
| 137 | + - name: source |
| 138 | + workspace: workspace |
| 139 | + - name: registry-auth |
| 140 | + workspace: registry-auth |
| 141 | + - name: prefetch-dependencies |
| 142 | + params: |
| 143 | + - name: package-type |
| 144 | + value: gomod |
| 145 | + - name: package-path |
| 146 | + value: $(params.path-context) |
| 147 | + runAfter: |
| 148 | + - appstudio-configure-build |
| 149 | + taskRef: |
| 150 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:10d7ac70a9950b655328c4b57c42290afea115e2a0f0d5e0b399f62d2325a22c |
| 151 | + name: prefetch-dependencies |
| 152 | + when: |
| 153 | + - input: $(tasks.clone-repository.results.hermetic-build) |
| 154 | + operator: in |
| 155 | + values: |
| 156 | + - "true" |
| 157 | + workspaces: |
| 158 | + - name: source |
| 159 | + workspace: workspace |
| 160 | + - name: build-container |
| 161 | + params: |
| 162 | + - name: IMAGE |
| 163 | + value: $(params.output-image) |
| 164 | + - name: DOCKERFILE |
| 165 | + value: $(params.dockerfile) |
| 166 | + - name: CONTEXT |
| 167 | + value: $(params.path-context) |
| 168 | + - name: BUILD_EXTRA_ARGS |
| 169 | + value: $(tasks.appstudio-configure-build.results.buildah-auth-param) |
| 170 | + - name: PUSH_EXTRA_ARGS |
| 171 | + value: $(tasks.appstudio-configure-build.results.buildah-auth-param) |
| 172 | + - name: HERMETIC_BUILD |
| 173 | + value: $(tasks.clone-repository.results.hermetic-build) |
| 174 | + runAfter: |
| 175 | + - prefetch-dependencies |
| 176 | + taskRef: |
| 177 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:997d7a1c1bcac31726ecfb2fc8b8ff34e73b3b2786d2c519e711fcb0ca151ee0 |
| 178 | + name: buildah |
| 179 | + when: |
| 180 | + - input: $(tasks.appstudio-init.results.build) |
| 181 | + operator: in |
| 182 | + values: |
| 183 | + - "true" |
| 184 | + workspaces: |
| 185 | + - name: source |
| 186 | + workspace: workspace |
| 187 | + - name: sanity-inspect-image |
| 188 | + params: |
| 189 | + - name: IMAGE_URL |
| 190 | + value: $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) |
| 191 | + runAfter: |
| 192 | + - build-container |
| 193 | + taskRef: |
| 194 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-inspect-image:0.1@sha256:1ff8cea8259a415a7ca6de7d47ade692813721653f89166f549e732cecaf2dcf |
| 195 | + name: sanity-inspect-image |
| 196 | + when: |
| 197 | + - input: $(params.skip-checks) |
| 198 | + operator: in |
| 199 | + values: |
| 200 | + - "false" |
| 201 | + workspaces: |
| 202 | + - name: workspace |
| 203 | + workspace: workspace |
| 204 | + - name: sanity-label-check |
| 205 | + runAfter: |
| 206 | + - sanity-inspect-image |
| 207 | + taskRef: |
| 208 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-label-check:0.1@sha256:1f0fe138843308648f11132749e6ec08a3ffdf1d60bee63c7df53bf5927bff0e |
| 209 | + name: sanity-label-check |
| 210 | + when: |
| 211 | + - input: $(params.skip-checks) |
| 212 | + operator: in |
| 213 | + values: |
| 214 | + - "false" |
| 215 | + workspaces: |
| 216 | + - name: workspace |
| 217 | + workspace: workspace |
| 218 | + - name: sanity-optional-label-check |
| 219 | + params: |
| 220 | + - name: POLICY_NAMESPACE |
| 221 | + value: optional_checks |
| 222 | + runAfter: |
| 223 | + - sanity-inspect-image |
| 224 | + taskRef: |
| 225 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-label-check:0.1@sha256:1f0fe138843308648f11132749e6ec08a3ffdf1d60bee63c7df53bf5927bff0e |
| 226 | + name: sanity-label-check |
| 227 | + when: |
| 228 | + - input: $(params.skip-checks) |
| 229 | + operator: in |
| 230 | + values: |
| 231 | + - "false" |
| 232 | + workspaces: |
| 233 | + - name: workspace |
| 234 | + workspace: workspace |
| 235 | + - name: deprecated-base-image-check |
| 236 | + params: |
| 237 | + - name: BASE_IMAGES_DIGESTS |
| 238 | + value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) |
| 239 | + taskRef: |
| 240 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.1@sha256:f95f72700fe06ea9a285687827199944b1d4a44b83757beb4073569c5beaf3cf |
| 241 | + name: deprecated-image-check |
| 242 | + when: |
| 243 | + - input: $(params.skip-checks) |
| 244 | + operator: in |
| 245 | + values: |
| 246 | + - "false" |
| 247 | + workspaces: |
| 248 | + - name: sanity-ws |
| 249 | + workspace: workspace |
| 250 | + - name: clair-scan |
| 251 | + params: |
| 252 | + - name: image-digest |
| 253 | + value: $(tasks.build-container.results.IMAGE_DIGEST) |
| 254 | + - name: image-url |
| 255 | + value: $(tasks.build-container.results.IMAGE_URL) |
| 256 | + runAfter: |
| 257 | + - build-container |
| 258 | + taskRef: |
| 259 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:4f65b7f26953460d26370d66538c0cdc4b978f35093dc3b38af8b496b563a944 |
| 260 | + name: clair-scan |
| 261 | + when: |
| 262 | + - input: $(params.skip-checks) |
| 263 | + operator: in |
| 264 | + values: |
| 265 | + - "false" |
| 266 | + workspaces: |
| 267 | + - name: registry-auth |
| 268 | + workspace: registry-auth |
| 269 | + - name: sast-snyk-check |
| 270 | + runAfter: |
| 271 | + - clone-repository |
| 272 | + taskRef: |
| 273 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:29aa45fef5d67f0be2a89dc954ce8fa406236901d4dfcebfba88338221c4627e |
| 274 | + name: sast-snyk-check |
| 275 | + when: |
| 276 | + - input: $(params.skip-checks) |
| 277 | + operator: in |
| 278 | + values: |
| 279 | + - "false" |
| 280 | + workspaces: |
| 281 | + - name: workspace |
| 282 | + workspace: workspace |
| 283 | + - name: clamav-scan |
| 284 | + params: |
| 285 | + - name: image-digest |
| 286 | + value: $(tasks.build-container.results.IMAGE_DIGEST) |
| 287 | + - name: image-url |
| 288 | + value: $(tasks.build-container.results.IMAGE_URL) |
| 289 | + runAfter: |
| 290 | + - build-container |
| 291 | + taskRef: |
| 292 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:64b52d3e33cdb539f1d3759f432782eaed5c812bea04296f509cfa2d81247c8d |
| 293 | + name: clamav-scan |
| 294 | + when: |
| 295 | + - input: $(params.skip-checks) |
| 296 | + operator: in |
| 297 | + values: |
| 298 | + - "false" |
| 299 | + workspaces: |
| 300 | + - name: registry-auth |
| 301 | + workspace: registry-auth |
| 302 | + - name: sbom-json-check |
| 303 | + params: |
| 304 | + - name: IMAGE_URL |
| 305 | + value: $(tasks.build-container.results.IMAGE_URL) |
| 306 | + runAfter: |
| 307 | + - build-container |
| 308 | + taskRef: |
| 309 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:9d228fedb0429e4ae6f383e9355615823e0684a36ab3c2453a3f3cd56f518944 |
| 310 | + name: sbom-json-check |
| 311 | + when: |
| 312 | + - input: $(params.skip-checks) |
| 313 | + operator: in |
| 314 | + values: |
| 315 | + - "false" |
| 316 | + workspaces: |
| 317 | + - name: workspace |
| 318 | + workspace: workspace |
| 319 | + workspaces: |
| 320 | + - name: workspace |
| 321 | + - name: registry-auth |
| 322 | + optional: true |
| 323 | + - name: git-auth |
| 324 | + optional: true |
| 325 | + workspaces: |
| 326 | + - name: workspace |
| 327 | + volumeClaimTemplate: |
| 328 | + metadata: |
| 329 | + creationTimestamp: null |
| 330 | + spec: |
| 331 | + accessModes: |
| 332 | + - ReadWriteOnce |
| 333 | + resources: |
| 334 | + requests: |
| 335 | + storage: 1Gi |
| 336 | + status: {} |
| 337 | + - name: registry-auth |
| 338 | + secret: |
| 339 | + secretName: redhat-appstudio-registry-pull-secret |
| 340 | +status: {} |
0 commit comments