Skip to content

Commit 8946289

Browse files
author
redhat-appstudio
committed
Appstudio update hacbs-probe-payload-oi6f
1 parent cc3ffa9 commit 8946289

2 files changed

Lines changed: 675 additions & 0 deletions

File tree

Lines changed: 338 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,338 @@
1+
apiVersion: tekton.dev/v1beta1
2+
kind: PipelineRun
3+
metadata:
4+
annotations:
5+
build.appstudio.redhat.com/commit_sha: '{{revision}}'
6+
build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}'
7+
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
8+
pipelinesascode.tekton.dev/max-keep-runs: "3"
9+
pipelinesascode.tekton.dev/on-event: '[pull_request]'
10+
pipelinesascode.tekton.dev/on-target-branch: '[main,master]'
11+
creationTimestamp: null
12+
labels:
13+
appstudio.openshift.io/application: ralphtest
14+
appstudio.openshift.io/component: hacbs-probe-payload-oi6f
15+
pipelines.appstudio.openshift.io/type: build
16+
name: hacbs-probe-payload-oi6f-on-pull-request
17+
namespace: ralphjbean-tenant
18+
spec:
19+
params:
20+
- name: dockerfile
21+
value: Dockerfile
22+
- name: git-url
23+
value: '{{repo_url}}'
24+
- name: output-image
25+
value: quay.io/redhat-appstudio/user-workload:on-pr-{{revision}}
26+
- name: path-context
27+
value: .
28+
- name: revision
29+
value: '{{revision}}'
30+
pipelineSpec:
31+
finally:
32+
- name: show-summary
33+
params:
34+
- name: pipeline-run-name
35+
value: $(context.pipelineRun.name)
36+
- name: git-url
37+
value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit)
38+
- name: image-url
39+
value: $(params.output-image)
40+
taskRef:
41+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:245f5017f0a58840212cfd2de0a50844f78b2b2c74976289f34b238bdaa700e5
42+
name: summary
43+
params:
44+
- description: Source Repository URL
45+
name: git-url
46+
type: string
47+
- default: ""
48+
description: Revision of the Source Repository
49+
name: revision
50+
type: string
51+
- description: Fully Qualified Output Image
52+
name: output-image
53+
type: string
54+
- default: .
55+
description: The path to your source code
56+
name: path-context
57+
type: string
58+
- default: Dockerfile
59+
description: Path to the Dockerfile
60+
name: dockerfile
61+
type: string
62+
- default: "false"
63+
description: Force rebuild image
64+
name: rebuild
65+
type: string
66+
- default: "false"
67+
description: Skip checks against built image
68+
name: skip-checks
69+
type: string
70+
- default: "false"
71+
description: Execute the build with network isolation
72+
name: hermetic
73+
type: string
74+
- default: ""
75+
description: Build dependencies to be prefetched by Cachi2
76+
name: prefetch-input
77+
type: string
78+
- default: "false"
79+
description: Java build
80+
name: java
81+
type: string
82+
results:
83+
- description: ""
84+
name: IMAGE_URL
85+
value: $(tasks.build-container.results.IMAGE_URL)
86+
- description: ""
87+
name: IMAGE_DIGEST
88+
value: $(tasks.build-container.results.IMAGE_DIGEST)
89+
- description: ""
90+
name: CHAINS-GIT_URL
91+
value: $(tasks.clone-repository.results.url)
92+
- description: ""
93+
name: CHAINS-GIT_COMMIT
94+
value: $(tasks.clone-repository.results.commit)
95+
- description: ""
96+
name: JAVA_COMMUNITY_DEPENDENCIES
97+
value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES)
98+
tasks:
99+
- name: appstudio-init
100+
params:
101+
- name: image-url
102+
value: $(params.output-image)
103+
- name: rebuild
104+
value: $(params.rebuild)
105+
- name: skip-checks
106+
value: $(params.skip-checks)
107+
- name: pipeline-run-name
108+
value: $(context.pipelineRun.name)
109+
taskRef:
110+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:f9e8e66798d02afee87ff13c8d5a0d4bb2667c05a7010fbd286a4afa319c7323
111+
name: init
112+
- name: clone-repository
113+
params:
114+
- name: url
115+
value: $(params.git-url)
116+
- name: revision
117+
value: $(params.revision)
118+
runAfter:
119+
- appstudio-init
120+
taskRef:
121+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:f4e37778cba00296606ddfbc1c58181330899cafcaa1ee41c75a7cf8bed312f0
122+
name: git-clone
123+
when:
124+
- input: $(tasks.appstudio-init.results.build)
125+
operator: in
126+
values:
127+
- "true"
128+
workspaces:
129+
- name: output
130+
workspace: workspace
131+
- name: basic-auth
132+
workspace: git-auth
133+
- name: appstudio-configure-build
134+
runAfter:
135+
- clone-repository
136+
taskRef:
137+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-configure-build:0.1@sha256:787d29329a2ea1b618ddf0ec4cb208d7f3dbc5c969c6e61ea920fb063b09a477
138+
name: configure-build
139+
when:
140+
- input: $(tasks.appstudio-init.results.build)
141+
operator: in
142+
values:
143+
- "true"
144+
workspaces:
145+
- name: source
146+
workspace: workspace
147+
- name: prefetch-dependencies
148+
params:
149+
- name: input
150+
value: $(params.prefetch-input)
151+
runAfter:
152+
- appstudio-configure-build
153+
taskRef:
154+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:d2f044dc2b9646007c6ae7298fac50971a7a2460e933980313fd689c76226233
155+
name: prefetch-dependencies
156+
when:
157+
- input: $(params.hermetic)
158+
operator: in
159+
values:
160+
- "true"
161+
workspaces:
162+
- name: source
163+
workspace: workspace
164+
- name: build-container
165+
params:
166+
- name: IMAGE
167+
value: $(params.output-image)
168+
- name: DOCKERFILE
169+
value: $(params.dockerfile)
170+
- name: CONTEXT
171+
value: $(params.path-context)
172+
- name: BUILD_EXTRA_ARGS
173+
value: $(tasks.appstudio-configure-build.results.buildah-auth-param)
174+
- name: PUSH_EXTRA_ARGS
175+
value: $(tasks.appstudio-configure-build.results.buildah-auth-param)
176+
- name: HERMETIC
177+
value: $(params.hermetic)
178+
- name: PREFETCH_INPUT
179+
value: $(params.prefetch-input)
180+
runAfter:
181+
- prefetch-dependencies
182+
taskRef:
183+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:b4a1cf097be6b9c411ad3a1fdb4a48e598f92fce01627c4f5f0d85ee28767784
184+
name: buildah
185+
when:
186+
- input: $(tasks.appstudio-init.results.build)
187+
operator: in
188+
values:
189+
- "true"
190+
workspaces:
191+
- name: source
192+
workspace: workspace
193+
- name: sanity-inspect-image
194+
params:
195+
- name: IMAGE_URL
196+
value: $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)
197+
runAfter:
198+
- build-container
199+
taskRef:
200+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-inspect-image:0.1@sha256:1ff8cea8259a415a7ca6de7d47ade692813721653f89166f549e732cecaf2dcf
201+
name: sanity-inspect-image
202+
when:
203+
- input: $(params.skip-checks)
204+
operator: in
205+
values:
206+
- "false"
207+
workspaces:
208+
- name: workspace
209+
workspace: workspace
210+
- name: sanity-label-check
211+
runAfter:
212+
- sanity-inspect-image
213+
taskRef:
214+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-label-check:0.1@sha256:710e07f1e38d93ac740b056c4bd7a962df5ad1b09cece5923fae0fde47f9fa76
215+
name: sanity-label-check
216+
when:
217+
- input: $(params.skip-checks)
218+
operator: in
219+
values:
220+
- "false"
221+
workspaces:
222+
- name: workspace
223+
workspace: workspace
224+
- name: sanity-optional-label-check
225+
params:
226+
- name: POLICY_NAMESPACE
227+
value: optional_checks
228+
runAfter:
229+
- sanity-inspect-image
230+
taskRef:
231+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-label-check:0.1@sha256:710e07f1e38d93ac740b056c4bd7a962df5ad1b09cece5923fae0fde47f9fa76
232+
name: sanity-label-check
233+
when:
234+
- input: $(params.skip-checks)
235+
operator: in
236+
values:
237+
- "false"
238+
workspaces:
239+
- name: workspace
240+
workspace: workspace
241+
- name: deprecated-base-image-check
242+
params:
243+
- name: BASE_IMAGES_DIGESTS
244+
value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS)
245+
taskRef:
246+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.1@sha256:268fd657c069d12b6b24d8e02ce6f0330e2a02e53dce787724445591a90682cd
247+
name: deprecated-image-check
248+
when:
249+
- input: $(params.skip-checks)
250+
operator: in
251+
values:
252+
- "false"
253+
workspaces:
254+
- name: sanity-ws
255+
workspace: workspace
256+
- name: clair-scan
257+
params:
258+
- name: image-digest
259+
value: $(tasks.build-container.results.IMAGE_DIGEST)
260+
- name: image-url
261+
value: $(tasks.build-container.results.IMAGE_URL)
262+
runAfter:
263+
- build-container
264+
taskRef:
265+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:10b191f72ca767c787f0d7f66f46f5ad3117123ee185e8c57b73667358a7b3a6
266+
name: clair-scan
267+
when:
268+
- input: $(params.skip-checks)
269+
operator: in
270+
values:
271+
- "false"
272+
- name: sast-snyk-check
273+
runAfter:
274+
- clone-repository
275+
taskRef:
276+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:e4986a1fdf0a7dbb96514fcbe68267d82ee42676c246fd33af19740f966aed00
277+
name: sast-snyk-check
278+
when:
279+
- input: $(params.skip-checks)
280+
operator: in
281+
values:
282+
- "false"
283+
workspaces:
284+
- name: workspace
285+
workspace: workspace
286+
- name: clamav-scan
287+
params:
288+
- name: image-digest
289+
value: $(tasks.build-container.results.IMAGE_DIGEST)
290+
- name: image-url
291+
value: $(tasks.build-container.results.IMAGE_URL)
292+
runAfter:
293+
- build-container
294+
taskRef:
295+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:2e19ce2503a8471878fe070364066328e4f2912205ee4aaaf9d66a30037d1cb7
296+
name: clamav-scan
297+
when:
298+
- input: $(params.skip-checks)
299+
operator: in
300+
values:
301+
- "false"
302+
- name: sbom-json-check
303+
params:
304+
- name: IMAGE_URL
305+
value: $(tasks.build-container.results.IMAGE_URL)
306+
runAfter:
307+
- build-container
308+
taskRef:
309+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:631b875a9e265d48a1f00d21e51560c175bc7aafb4358b6525785d4ecc685d69
310+
name: sbom-json-check
311+
when:
312+
- input: $(params.skip-checks)
313+
operator: in
314+
values:
315+
- "false"
316+
workspaces:
317+
- name: workspace
318+
workspace: workspace
319+
workspaces:
320+
- name: workspace
321+
- name: git-auth
322+
optional: true
323+
workspaces:
324+
- name: workspace
325+
volumeClaimTemplate:
326+
metadata:
327+
creationTimestamp: null
328+
spec:
329+
accessModes:
330+
- ReadWriteOnce
331+
resources:
332+
requests:
333+
storage: 1Gi
334+
status: {}
335+
- name: git-auth
336+
secret:
337+
secretName: '{{ git_auth_secret }}'
338+
status: {}

0 commit comments

Comments
 (0)