|
| 1 | +apiVersion: tekton.dev/v1beta1 |
| 2 | +kind: PipelineRun |
| 3 | +metadata: |
| 4 | + annotations: |
| 5 | + build.appstudio.redhat.com/commit_sha: '{{revision}}' |
| 6 | + build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' |
| 7 | + build.appstudio.redhat.com/target_branch: '{{target_branch}}' |
| 8 | + pipelinesascode.tekton.dev/max-keep-runs: "3" |
| 9 | + pipelinesascode.tekton.dev/on-event: '[pull_request]' |
| 10 | + pipelinesascode.tekton.dev/on-target-branch: '[main,master]' |
| 11 | + creationTimestamp: null |
| 12 | + labels: |
| 13 | + appstudio.openshift.io/application: ralphtest |
| 14 | + appstudio.openshift.io/component: hacbs-probe-payload-oi6f |
| 15 | + pipelines.appstudio.openshift.io/type: build |
| 16 | + name: hacbs-probe-payload-oi6f-on-pull-request |
| 17 | + namespace: ralphjbean-tenant |
| 18 | +spec: |
| 19 | + params: |
| 20 | + - name: dockerfile |
| 21 | + value: Dockerfile |
| 22 | + - name: git-url |
| 23 | + value: '{{repo_url}}' |
| 24 | + - name: output-image |
| 25 | + value: quay.io/redhat-appstudio/user-workload:on-pr-{{revision}} |
| 26 | + - name: path-context |
| 27 | + value: . |
| 28 | + - name: revision |
| 29 | + value: '{{revision}}' |
| 30 | + pipelineSpec: |
| 31 | + finally: |
| 32 | + - name: show-summary |
| 33 | + params: |
| 34 | + - name: pipeline-run-name |
| 35 | + value: $(context.pipelineRun.name) |
| 36 | + - name: git-url |
| 37 | + value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) |
| 38 | + - name: image-url |
| 39 | + value: $(params.output-image) |
| 40 | + taskRef: |
| 41 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:245f5017f0a58840212cfd2de0a50844f78b2b2c74976289f34b238bdaa700e5 |
| 42 | + name: summary |
| 43 | + params: |
| 44 | + - description: Source Repository URL |
| 45 | + name: git-url |
| 46 | + type: string |
| 47 | + - default: "" |
| 48 | + description: Revision of the Source Repository |
| 49 | + name: revision |
| 50 | + type: string |
| 51 | + - description: Fully Qualified Output Image |
| 52 | + name: output-image |
| 53 | + type: string |
| 54 | + - default: . |
| 55 | + description: The path to your source code |
| 56 | + name: path-context |
| 57 | + type: string |
| 58 | + - default: Dockerfile |
| 59 | + description: Path to the Dockerfile |
| 60 | + name: dockerfile |
| 61 | + type: string |
| 62 | + - default: "false" |
| 63 | + description: Force rebuild image |
| 64 | + name: rebuild |
| 65 | + type: string |
| 66 | + - default: "false" |
| 67 | + description: Skip checks against built image |
| 68 | + name: skip-checks |
| 69 | + type: string |
| 70 | + - default: "false" |
| 71 | + description: Execute the build with network isolation |
| 72 | + name: hermetic |
| 73 | + type: string |
| 74 | + - default: "" |
| 75 | + description: Build dependencies to be prefetched by Cachi2 |
| 76 | + name: prefetch-input |
| 77 | + type: string |
| 78 | + - default: "false" |
| 79 | + description: Java build |
| 80 | + name: java |
| 81 | + type: string |
| 82 | + results: |
| 83 | + - description: "" |
| 84 | + name: IMAGE_URL |
| 85 | + value: $(tasks.build-container.results.IMAGE_URL) |
| 86 | + - description: "" |
| 87 | + name: IMAGE_DIGEST |
| 88 | + value: $(tasks.build-container.results.IMAGE_DIGEST) |
| 89 | + - description: "" |
| 90 | + name: CHAINS-GIT_URL |
| 91 | + value: $(tasks.clone-repository.results.url) |
| 92 | + - description: "" |
| 93 | + name: CHAINS-GIT_COMMIT |
| 94 | + value: $(tasks.clone-repository.results.commit) |
| 95 | + - description: "" |
| 96 | + name: JAVA_COMMUNITY_DEPENDENCIES |
| 97 | + value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) |
| 98 | + tasks: |
| 99 | + - name: appstudio-init |
| 100 | + params: |
| 101 | + - name: image-url |
| 102 | + value: $(params.output-image) |
| 103 | + - name: rebuild |
| 104 | + value: $(params.rebuild) |
| 105 | + - name: skip-checks |
| 106 | + value: $(params.skip-checks) |
| 107 | + - name: pipeline-run-name |
| 108 | + value: $(context.pipelineRun.name) |
| 109 | + taskRef: |
| 110 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:f9e8e66798d02afee87ff13c8d5a0d4bb2667c05a7010fbd286a4afa319c7323 |
| 111 | + name: init |
| 112 | + - name: clone-repository |
| 113 | + params: |
| 114 | + - name: url |
| 115 | + value: $(params.git-url) |
| 116 | + - name: revision |
| 117 | + value: $(params.revision) |
| 118 | + runAfter: |
| 119 | + - appstudio-init |
| 120 | + taskRef: |
| 121 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:f4e37778cba00296606ddfbc1c58181330899cafcaa1ee41c75a7cf8bed312f0 |
| 122 | + name: git-clone |
| 123 | + when: |
| 124 | + - input: $(tasks.appstudio-init.results.build) |
| 125 | + operator: in |
| 126 | + values: |
| 127 | + - "true" |
| 128 | + workspaces: |
| 129 | + - name: output |
| 130 | + workspace: workspace |
| 131 | + - name: basic-auth |
| 132 | + workspace: git-auth |
| 133 | + - name: appstudio-configure-build |
| 134 | + runAfter: |
| 135 | + - clone-repository |
| 136 | + taskRef: |
| 137 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-configure-build:0.1@sha256:787d29329a2ea1b618ddf0ec4cb208d7f3dbc5c969c6e61ea920fb063b09a477 |
| 138 | + name: configure-build |
| 139 | + when: |
| 140 | + - input: $(tasks.appstudio-init.results.build) |
| 141 | + operator: in |
| 142 | + values: |
| 143 | + - "true" |
| 144 | + workspaces: |
| 145 | + - name: source |
| 146 | + workspace: workspace |
| 147 | + - name: prefetch-dependencies |
| 148 | + params: |
| 149 | + - name: input |
| 150 | + value: $(params.prefetch-input) |
| 151 | + runAfter: |
| 152 | + - appstudio-configure-build |
| 153 | + taskRef: |
| 154 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:d2f044dc2b9646007c6ae7298fac50971a7a2460e933980313fd689c76226233 |
| 155 | + name: prefetch-dependencies |
| 156 | + when: |
| 157 | + - input: $(params.hermetic) |
| 158 | + operator: in |
| 159 | + values: |
| 160 | + - "true" |
| 161 | + workspaces: |
| 162 | + - name: source |
| 163 | + workspace: workspace |
| 164 | + - name: build-container |
| 165 | + params: |
| 166 | + - name: IMAGE |
| 167 | + value: $(params.output-image) |
| 168 | + - name: DOCKERFILE |
| 169 | + value: $(params.dockerfile) |
| 170 | + - name: CONTEXT |
| 171 | + value: $(params.path-context) |
| 172 | + - name: BUILD_EXTRA_ARGS |
| 173 | + value: $(tasks.appstudio-configure-build.results.buildah-auth-param) |
| 174 | + - name: PUSH_EXTRA_ARGS |
| 175 | + value: $(tasks.appstudio-configure-build.results.buildah-auth-param) |
| 176 | + - name: HERMETIC |
| 177 | + value: $(params.hermetic) |
| 178 | + - name: PREFETCH_INPUT |
| 179 | + value: $(params.prefetch-input) |
| 180 | + runAfter: |
| 181 | + - prefetch-dependencies |
| 182 | + taskRef: |
| 183 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:b4a1cf097be6b9c411ad3a1fdb4a48e598f92fce01627c4f5f0d85ee28767784 |
| 184 | + name: buildah |
| 185 | + when: |
| 186 | + - input: $(tasks.appstudio-init.results.build) |
| 187 | + operator: in |
| 188 | + values: |
| 189 | + - "true" |
| 190 | + workspaces: |
| 191 | + - name: source |
| 192 | + workspace: workspace |
| 193 | + - name: sanity-inspect-image |
| 194 | + params: |
| 195 | + - name: IMAGE_URL |
| 196 | + value: $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) |
| 197 | + runAfter: |
| 198 | + - build-container |
| 199 | + taskRef: |
| 200 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-inspect-image:0.1@sha256:1ff8cea8259a415a7ca6de7d47ade692813721653f89166f549e732cecaf2dcf |
| 201 | + name: sanity-inspect-image |
| 202 | + when: |
| 203 | + - input: $(params.skip-checks) |
| 204 | + operator: in |
| 205 | + values: |
| 206 | + - "false" |
| 207 | + workspaces: |
| 208 | + - name: workspace |
| 209 | + workspace: workspace |
| 210 | + - name: sanity-label-check |
| 211 | + runAfter: |
| 212 | + - sanity-inspect-image |
| 213 | + taskRef: |
| 214 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-label-check:0.1@sha256:710e07f1e38d93ac740b056c4bd7a962df5ad1b09cece5923fae0fde47f9fa76 |
| 215 | + name: sanity-label-check |
| 216 | + when: |
| 217 | + - input: $(params.skip-checks) |
| 218 | + operator: in |
| 219 | + values: |
| 220 | + - "false" |
| 221 | + workspaces: |
| 222 | + - name: workspace |
| 223 | + workspace: workspace |
| 224 | + - name: sanity-optional-label-check |
| 225 | + params: |
| 226 | + - name: POLICY_NAMESPACE |
| 227 | + value: optional_checks |
| 228 | + runAfter: |
| 229 | + - sanity-inspect-image |
| 230 | + taskRef: |
| 231 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-label-check:0.1@sha256:710e07f1e38d93ac740b056c4bd7a962df5ad1b09cece5923fae0fde47f9fa76 |
| 232 | + name: sanity-label-check |
| 233 | + when: |
| 234 | + - input: $(params.skip-checks) |
| 235 | + operator: in |
| 236 | + values: |
| 237 | + - "false" |
| 238 | + workspaces: |
| 239 | + - name: workspace |
| 240 | + workspace: workspace |
| 241 | + - name: deprecated-base-image-check |
| 242 | + params: |
| 243 | + - name: BASE_IMAGES_DIGESTS |
| 244 | + value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) |
| 245 | + taskRef: |
| 246 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.1@sha256:268fd657c069d12b6b24d8e02ce6f0330e2a02e53dce787724445591a90682cd |
| 247 | + name: deprecated-image-check |
| 248 | + when: |
| 249 | + - input: $(params.skip-checks) |
| 250 | + operator: in |
| 251 | + values: |
| 252 | + - "false" |
| 253 | + workspaces: |
| 254 | + - name: sanity-ws |
| 255 | + workspace: workspace |
| 256 | + - name: clair-scan |
| 257 | + params: |
| 258 | + - name: image-digest |
| 259 | + value: $(tasks.build-container.results.IMAGE_DIGEST) |
| 260 | + - name: image-url |
| 261 | + value: $(tasks.build-container.results.IMAGE_URL) |
| 262 | + runAfter: |
| 263 | + - build-container |
| 264 | + taskRef: |
| 265 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:10b191f72ca767c787f0d7f66f46f5ad3117123ee185e8c57b73667358a7b3a6 |
| 266 | + name: clair-scan |
| 267 | + when: |
| 268 | + - input: $(params.skip-checks) |
| 269 | + operator: in |
| 270 | + values: |
| 271 | + - "false" |
| 272 | + - name: sast-snyk-check |
| 273 | + runAfter: |
| 274 | + - clone-repository |
| 275 | + taskRef: |
| 276 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:e4986a1fdf0a7dbb96514fcbe68267d82ee42676c246fd33af19740f966aed00 |
| 277 | + name: sast-snyk-check |
| 278 | + when: |
| 279 | + - input: $(params.skip-checks) |
| 280 | + operator: in |
| 281 | + values: |
| 282 | + - "false" |
| 283 | + workspaces: |
| 284 | + - name: workspace |
| 285 | + workspace: workspace |
| 286 | + - name: clamav-scan |
| 287 | + params: |
| 288 | + - name: image-digest |
| 289 | + value: $(tasks.build-container.results.IMAGE_DIGEST) |
| 290 | + - name: image-url |
| 291 | + value: $(tasks.build-container.results.IMAGE_URL) |
| 292 | + runAfter: |
| 293 | + - build-container |
| 294 | + taskRef: |
| 295 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:2e19ce2503a8471878fe070364066328e4f2912205ee4aaaf9d66a30037d1cb7 |
| 296 | + name: clamav-scan |
| 297 | + when: |
| 298 | + - input: $(params.skip-checks) |
| 299 | + operator: in |
| 300 | + values: |
| 301 | + - "false" |
| 302 | + - name: sbom-json-check |
| 303 | + params: |
| 304 | + - name: IMAGE_URL |
| 305 | + value: $(tasks.build-container.results.IMAGE_URL) |
| 306 | + runAfter: |
| 307 | + - build-container |
| 308 | + taskRef: |
| 309 | + bundle: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:631b875a9e265d48a1f00d21e51560c175bc7aafb4358b6525785d4ecc685d69 |
| 310 | + name: sbom-json-check |
| 311 | + when: |
| 312 | + - input: $(params.skip-checks) |
| 313 | + operator: in |
| 314 | + values: |
| 315 | + - "false" |
| 316 | + workspaces: |
| 317 | + - name: workspace |
| 318 | + workspace: workspace |
| 319 | + workspaces: |
| 320 | + - name: workspace |
| 321 | + - name: git-auth |
| 322 | + optional: true |
| 323 | + workspaces: |
| 324 | + - name: workspace |
| 325 | + volumeClaimTemplate: |
| 326 | + metadata: |
| 327 | + creationTimestamp: null |
| 328 | + spec: |
| 329 | + accessModes: |
| 330 | + - ReadWriteOnce |
| 331 | + resources: |
| 332 | + requests: |
| 333 | + storage: 1Gi |
| 334 | + status: {} |
| 335 | + - name: git-auth |
| 336 | + secret: |
| 337 | + secretName: '{{ git_auth_secret }}' |
| 338 | +status: {} |
0 commit comments