github.com/redhat-appstudio/release-service@v0.0.0-20240507045911-a8558ef3422a/.tekton/release-service-pull-request.yaml (about) 1 apiVersion: tekton.dev/v1beta1 2 kind: PipelineRun 3 metadata: 4 annotations: 5 build.appstudio.openshift.io/repo: https://github.com/redhat-appstudio/release-service?rev={{revision}} 6 build.appstudio.redhat.com/commit_sha: '{{revision}}' 7 build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' 8 build.appstudio.redhat.com/target_branch: '{{target_branch}}' 9 pipelinesascode.tekton.dev/max-keep-runs: "3" 10 pipelinesascode.tekton.dev/on-event: '[pull_request]' 11 pipelinesascode.tekton.dev/on-target-branch: '[main]' 12 creationTimestamp: null 13 labels: 14 appstudio.openshift.io/application: release-service 15 appstudio.openshift.io/component: release-service 16 pipelines.appstudio.openshift.io/type: build 17 name: release-service-on-pull-request 18 namespace: rhtap-release-2-tenant 19 spec: 20 params: 21 - name: dockerfile 22 value: Dockerfile 23 - name: git-url 24 value: '{{repo_url}}' 25 - name: image-expires-after 26 value: 5d 27 - name: output-image 28 value: quay.io/redhat-user-workloads/rhtap-release-2-tenant/release-service/release-service:on-pr-{{revision}} 29 - name: path-context 30 value: . 31 - name: revision 32 value: '{{revision}}' 33 - name: build-source-image 34 value: 'true' 35 pipelineSpec: 36 finally: 37 - name: show-sbom 38 params: 39 - name: IMAGE_URL 40 value: $(tasks.build-container.results.IMAGE_URL) 41 taskRef: 42 params: 43 - name: name 44 value: show-sbom 45 - name: bundle 46 value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:1f90faefa39c2e4965793c1d8321e7d5d99a6c941276a9094a4e0d483a598fca 47 - name: kind 48 value: task 49 resolver: bundles 50 - name: show-summary 51 params: 52 - name: pipelinerun-name 53 value: $(context.pipelineRun.name) 54 - name: git-url 55 value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) 56 - name: image-url 57 value: $(params.output-image) 58 - name: build-task-status 59 value: $(tasks.build-container.status) 60 taskRef: 61 params: 62 - name: name 63 value: summary 64 - name: bundle 65 value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:bdf58a8a6bf10482fff841ce6c78c54e87d306bc6aae9515821c436d26daff35 66 - name: kind 67 value: task 68 resolver: bundles 69 params: 70 - description: Source Repository URL 71 name: git-url 72 type: string 73 - default: "" 74 description: Revision of the Source Repository 75 name: revision 76 type: string 77 - description: Fully Qualified Output Image 78 name: output-image 79 type: string 80 - default: . 81 description: Path to the source code of an application's component from where 82 to build image. 83 name: path-context 84 type: string 85 - default: Dockerfile 86 description: Path to the Dockerfile inside the context specified by parameter 87 path-context 88 name: dockerfile 89 type: string 90 - default: "false" 91 description: Force rebuild image 92 name: rebuild 93 type: string 94 - default: "false" 95 description: Skip checks against built image 96 name: skip-checks 97 type: string 98 - default: "false" 99 description: Execute the build with network isolation 100 name: hermetic 101 type: string 102 - default: "" 103 description: Build dependencies to be prefetched by Cachi2 104 name: prefetch-input 105 type: string 106 - default: "false" 107 description: Java build 108 name: java 109 type: string 110 - default: "" 111 description: Image tag expiration time, time values could be something like 112 1h, 2d, 3w for hours, days, and weeks, respectively. 113 name: image-expires-after 114 - default: "true" 115 description: Build a source image. 116 name: build-source-image 117 type: string 118 results: 119 - description: "" 120 name: IMAGE_URL 121 value: $(tasks.build-container.results.IMAGE_URL) 122 - description: "" 123 name: IMAGE_DIGEST 124 value: $(tasks.build-container.results.IMAGE_DIGEST) 125 - description: "" 126 name: CHAINS-GIT_URL 127 value: $(tasks.clone-repository.results.url) 128 - description: "" 129 name: CHAINS-GIT_COMMIT 130 value: $(tasks.clone-repository.results.commit) 131 - description: "" 132 name: JAVA_COMMUNITY_DEPENDENCIES 133 value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) 134 tasks: 135 - name: init 136 params: 137 - name: image-url 138 value: $(params.output-image) 139 - name: rebuild 140 value: $(params.rebuild) 141 - name: skip-checks 142 value: $(params.skip-checks) 143 taskRef: 144 params: 145 - name: name 146 value: init 147 - name: bundle 148 value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:686109bd8088258f73211618824aee5d3cf9e370f65fa3e85d361790a54260ef 149 - name: kind 150 value: task 151 resolver: bundles 152 - name: clone-repository 153 params: 154 - name: url 155 value: $(params.git-url) 156 - name: revision 157 value: $(params.revision) 158 runAfter: 159 - init 160 taskRef: 161 params: 162 - name: name 163 value: git-clone 164 - name: bundle 165 value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:30709df067659a407968154fd39e99763823d8ecfc6b5cd00a55b68818ec94ba 166 - name: kind 167 value: task 168 resolver: bundles 169 when: 170 - input: $(tasks.init.results.build) 171 operator: in 172 values: 173 - "true" 174 workspaces: 175 - name: output 176 workspace: workspace 177 - name: basic-auth 178 workspace: git-auth 179 - name: prefetch-dependencies 180 params: 181 - name: input 182 value: $(params.prefetch-input) 183 runAfter: 184 - clone-repository 185 taskRef: 186 params: 187 - name: name 188 value: prefetch-dependencies 189 - name: bundle 190 value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:c6fdbf404dc61bf8cf8bec5fc4d7fb15f37ba62f1684de0c68bfbad5723c0052 191 - name: kind 192 value: task 193 resolver: bundles 194 when: 195 - input: $(params.hermetic) 196 operator: in 197 values: 198 - "true" 199 workspaces: 200 - name: source 201 workspace: workspace 202 - name: build-container 203 params: 204 - name: IMAGE 205 value: $(params.output-image) 206 - name: DOCKERFILE 207 value: $(params.dockerfile) 208 - name: CONTEXT 209 value: $(params.path-context) 210 - name: HERMETIC 211 value: $(params.hermetic) 212 - name: PREFETCH_INPUT 213 value: $(params.prefetch-input) 214 - name: IMAGE_EXPIRES_AFTER 215 value: $(params.image-expires-after) 216 - name: COMMIT_SHA 217 value: $(tasks.clone-repository.results.commit) 218 runAfter: 219 - prefetch-dependencies 220 taskRef: 221 params: 222 - name: name 223 value: buildah 224 - name: bundle 225 value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:7e5f19d3aa233b9becf90d1ca01697486dc1acb1f1d6d2a0b8d1a1cc07c66249 226 - name: kind 227 value: task 228 resolver: bundles 229 when: 230 - input: $(tasks.init.results.build) 231 operator: in 232 values: 233 - "true" 234 workspaces: 235 - name: source 236 workspace: workspace 237 - name: inspect-image 238 params: 239 - name: IMAGE_URL 240 value: $(tasks.build-container.results.IMAGE_URL) 241 - name: IMAGE_DIGEST 242 value: $(tasks.build-container.results.IMAGE_DIGEST) 243 runAfter: 244 - build-container 245 taskRef: 246 params: 247 - name: name 248 value: inspect-image 249 - name: bundle 250 value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:919438843ea5368ec0c41c6b5f92363add4423118f9cd6ccf16bf23160fabc90 251 - name: kind 252 value: task 253 resolver: bundles 254 when: 255 - input: $(params.skip-checks) 256 operator: in 257 values: 258 - "false" 259 workspaces: 260 - name: source 261 workspace: workspace 262 - name: build-source-image 263 params: 264 - name: BINARY_IMAGE 265 value: $(params.output-image) 266 - name: BASE_IMAGES 267 value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) 268 runAfter: 269 - build-container 270 taskRef: 271 params: 272 - name: name 273 value: source-build 274 - name: bundle 275 value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:90dc9c66eb0123b5e5ff8a1b8c3891e91f0e952899e427eeca79b635fe81a348 276 - name: kind 277 value: task 278 resolver: bundles 279 when: 280 - input: $(tasks.init.results.build) 281 operator: in 282 values: 283 - "true" 284 - input: $(params.build-source-image) 285 operator: in 286 values: 287 - "true" 288 workspaces: 289 - name: workspace 290 workspace: workspace 291 - name: deprecated-base-image-check 292 params: 293 - name: BASE_IMAGES_DIGESTS 294 value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) 295 - name: IMAGE_URL 296 value: $(tasks.build-container.results.IMAGE_URL) 297 - name: IMAGE_DIGEST 298 value: $(tasks.build-container.results.IMAGE_DIGEST) 299 taskRef: 300 params: 301 - name: name 302 value: deprecated-image-check 303 - name: bundle 304 value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.4@sha256:6b1b325de0af29b6e9a0696f4d2b669a1e6a046941726cc97c5e42785aad870c 305 - name: kind 306 value: task 307 resolver: bundles 308 when: 309 - input: $(params.skip-checks) 310 operator: in 311 values: 312 - "false" 313 - name: clair-scan 314 params: 315 - name: image-digest 316 value: $(tasks.build-container.results.IMAGE_DIGEST) 317 - name: image-url 318 value: $(tasks.build-container.results.IMAGE_URL) 319 runAfter: 320 - build-container 321 taskRef: 322 params: 323 - name: name 324 value: clair-scan 325 - name: bundle 326 value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:a6107f78e5fa9e087992f11d788701e4241d9875b153def796fb3bf257c3b7fd 327 - name: kind 328 value: task 329 resolver: bundles 330 when: 331 - input: $(params.skip-checks) 332 operator: in 333 values: 334 - "false" 335 - name: sast-snyk-check 336 runAfter: 337 - clone-repository 338 taskRef: 339 params: 340 - name: name 341 value: sast-snyk-check 342 - name: bundle 343 value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:b3d2d07394ff983d5f2578c294cd8c4e9428fecc801495feeb929d932c10f740 344 - name: kind 345 value: task 346 resolver: bundles 347 when: 348 - input: $(params.skip-checks) 349 operator: in 350 values: 351 - "false" 352 workspaces: 353 - name: workspace 354 workspace: workspace 355 - name: clamav-scan 356 params: 357 - name: image-digest 358 value: $(tasks.build-container.results.IMAGE_DIGEST) 359 - name: image-url 360 value: $(tasks.build-container.results.IMAGE_URL) 361 runAfter: 362 - build-container 363 taskRef: 364 params: 365 - name: name 366 value: clamav-scan 367 - name: bundle 368 value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:6ba32717bd837ca0d5714b518cc4530e1f1d5bef137df54c02b0c2151b9d217e 369 - name: kind 370 value: task 371 resolver: bundles 372 when: 373 - input: $(params.skip-checks) 374 operator: in 375 values: 376 - "false" 377 - name: sbom-json-check 378 params: 379 - name: IMAGE_URL 380 value: $(tasks.build-container.results.IMAGE_URL) 381 - name: IMAGE_DIGEST 382 value: $(tasks.build-container.results.IMAGE_DIGEST) 383 runAfter: 384 - build-container 385 taskRef: 386 params: 387 - name: name 388 value: sbom-json-check 389 - name: bundle 390 value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:dbd467a0507cff1981d3c98f683339feaab1b387c5b5fbf1ff957e9be2e27027 391 - name: kind 392 value: task 393 resolver: bundles 394 when: 395 - input: $(params.skip-checks) 396 operator: in 397 values: 398 - "false" 399 workspaces: 400 - name: workspace 401 - name: git-auth 402 optional: true 403 workspaces: 404 - name: workspace 405 volumeClaimTemplate: 406 metadata: 407 creationTimestamp: null 408 spec: 409 accessModes: 410 - ReadWriteOnce 411 resources: 412 requests: 413 storage: 1Gi 414 status: {} 415 - name: git-auth 416 secret: 417 secretName: '{{ git_auth_secret }}' 418 status: {}