enclave/operators/openshift-pipelines-operator-rh/clair_import_pipeline.yaml at 147088780fcd18b7705741f89b2f70c92fa0a03f · rh-ecosystem-edge/enclave · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
---
- name: Get OpenShift CLI image from OpenShift release
  ansible.builtin.command: >
    {{ workingDir }}/bin/oc adm release info --registry-config={{ pullSecretPath }} --image-for cli
    quay.io/openshift-release-dev/ocp-release:{{ mgmt_openshift_version }}-x86_64
  register: r_oc_cli_image
  changed_when: false

- name: Set image facts
  ansible.builtin.set_fact:
    oc_cli_image: "{{ r_oc_cli_image.stdout }}"

- name: Create Clair Import ServiceAccount
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: v1
      kind: ServiceAccount
      metadata:
        name: clair-import
        namespace: openshift-pipelines

- name: Create Clair Import Task
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: tekton.dev/v1
      kind: Task
      metadata:
        name: clair-import
        namespace: openshift-pipelines
      spec:
        results:
          - name: exit-code
            description: "Success of clair import (exit code)"
          - name: status-report
            description: "Report of clair import"
        steps:
          - name: clair-import
            image: "{{ oc_cli_image }}"
            script: |
                #!/bin/bash
                set -uo pipefail

                clair_pod_name=$(oc get pods -n quay-enterprise -l quay-component=clair-app -o name | cut -d/ -f2)
                if oc exec -n quay-enterprise "$clair_pod_name" -- \
                /bin/sh -c "
                  curl -L -o /tmp/updates.json.gz http://{{ quayHostname }}/clair/updates.json.gz
                  /usr/bin/clairctl --config /clair/config.yaml import-updaters /tmp/updates.json.gz
                " > "$(results.status-report.path)" 2>&1; then
                  rc=0
                else
                  rc=$?
                fi
                echo "$rc" > "$(results.exit-code.path)"
                exit "$rc"

- name: Create Clair Import Pipeline
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: tekton.dev/v1
      kind: Pipeline
      metadata:
        name: clair-import
        namespace: openshift-pipelines
      spec:
        tasks:
          - name: clair-import
            taskRef:
              name: clair-import
        results:
          - name: exit-code
            value: $(tasks.clair-import.results.exit-code)
          - name: status-report
            value: $(tasks.clair-import.results.status-report)
        timeout: "1h"