-
Notifications
You must be signed in to change notification settings - Fork 61
Expand file tree
/
Copy pathrequired_tasks.yml
More file actions
119 lines (117 loc) · 3.84 KB
/
Copy pathrequired_tasks.yml
File metadata and controls
119 lines (117 loc) · 3.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
---
# https://conforma.dev/docs/policy/packages/release_tasks.html
pipeline-required-tasks:
fbc:
- effective_on: "2025-05-01T00:00:00Z"
tasks:
- [buildah, buildah-10gb, buildah-6gb, buildah-8gb, buildah-remote, buildah-oci-ta, buildah-remote-oci-ta]
- deprecated-image-check
- [fbc-fips-check, fbc-fips-check-oci-ta, fbc-fips-check-matrix-based-oci-ta]
- [fbc-related-image-check, validate-fbc]
- fbc-target-index-pruning-check
- [git-clone, git-clone-oci-ta]
- init
docker:
- effective_on: "2025-04-01T00:00:00Z"
tasks:
- [buildah, buildah-remote, buildah-oci-ta, buildah-remote-oci-ta]
- [clair-scan, roxctl-scan]
- clamav-scan
- deprecated-image-check
- [git-clone, git-clone-oci-ta]
- init
- [prefetch-dependencies, prefetch-dependencies-oci-ta]
- rpms-signature-scan
- [sast-shell-check, sast-shell-check-oci-ta]
- [sast-snyk-check, sast-snyk-check-oci-ta]
- [sast-unicode-check, sast-unicode-check-oci-ta]
- [source-build, source-build-oci-ta]
generic:
- effective_on: "2025-04-01T00:00:00Z"
tasks:
- [buildah, buildah-remote, buildah-oci-ta, buildah-remote-oci-ta]
- [clair-scan, roxctl-scan]
- clamav-scan
- deprecated-image-check
- [git-clone, git-clone-oci-ta]
- init
- [prefetch-dependencies, prefetch-dependencies-oci-ta]
- rpms-signature-scan
- [sast-shell-check, sast-shell-check-oci-ta]
- [sast-snyk-check, sast-snyk-check-oci-ta]
- [sast-unicode-check, sast-unicode-check-oci-ta]
- [source-build, source-build-oci-ta]
nodejs:
- effective_on: "2025-04-01T00:00:00Z"
tasks:
- [clair-scan, roxctl-scan]
- clamav-scan
- deprecated-image-check
- [git-clone, git-clone-oci-ta]
- init
- [prefetch-dependencies, prefetch-dependencies-oci-ta]
- rpms-signature-scan
- s2i-nodejs
- [sast-shell-check, sast-shell-check-oci-ta]
- [sast-snyk-check, sast-snyk-check-oci-ta]
- [sast-unicode-check, sast-unicode-check-oci-ta]
- [source-build, source-build-oci-ta]
rpm:
- effective_on: "2025-04-15T00:00:00Z"
tasks:
- init
- git-clone-oci-ta
- get-rpm-sources
- calculate-deps
- rpmbuild
- import-to-quay
- check-noarch
oci-copy:
- effective_on: "2025-04-01T00:00:00Z"
tasks:
- init
- git-clone-oci-ta
- oci-copy-oci-ta
- sast-snyk-check-oci-ta
modelcar:
- effective_on: "2025-04-01T00:00:00Z"
tasks:
- init
- git-clone-oci-ta
- modelcar-oci-ta
- sast-snyk-check-oci-ta
helm:
- effective_on: "2025-12-01T00:00:00Z"
tasks:
- init
- git-clone-oci-ta
- prefetch-dependencies-oci-ta
- build-helm-chart-oci-ta
- source-build-oci-ta
- sast-shell-check-oci-ta
- sast-unicode-check-oci-ta
disk-image:
- effective_on: "2026-05-28T00:00:00Z"
tasks:
- init
- git-clone-oci-ta
- prefetch-dependencies-oci-ta
- build-vm-image
- build-image-index
- sast-shell-check-oci-ta
- sast-snyk-check-oci-ta
- sast-unicode-check-oci-ta
# https://conforma.dev/docs/policy/packages/release_tasks.html
required-tasks:
- effective_on: "2025-04-01T00:00:00Z"
tasks:
- [clair-scan, roxctl-scan]
- clamav-scan
- [git-clone, git-clone-oci-ta]
- init
- [prefetch-dependencies, prefetch-dependencies-oci-ta]
- rpms-signature-scan
- [sast-shell-check, sast-shell-check-oci-ta]
- [sast-snyk-check, sast-snyk-check-oci-ta]
- [sast-unicode-check, sast-unicode-check-oci-ta]
- [source-build, source-build-oci-ta]