github.com/redhat-appstudio/release-service@v0.0.0-20240507045911-a8558ef3422a/.tekton/release-service-push.yaml (about) 1 apiVersion: tekton.dev/v1beta1 2 kind: PipelineRun 3 metadata: 4 annotations: 5 build.appstudio.openshift.io/repo: https://github.com/redhat-appstudio/release-service?rev={{revision}} 6 build.appstudio.redhat.com/commit_sha: '{{revision}}' 7 build.appstudio.redhat.com/target_branch: '{{target_branch}}' 8 pipelinesascode.tekton.dev/max-keep-runs: "3" 9 pipelinesascode.tekton.dev/on-event: '[push]' 10 pipelinesascode.tekton.dev/on-target-branch: '[main]' 11 creationTimestamp: null 12 labels: 13 appstudio.openshift.io/application: release-service 14 appstudio.openshift.io/component: release-service 15 pipelines.appstudio.openshift.io/type: build 16 name: release-service-on-push 17 namespace: rhtap-release-2-tenant 18 spec: 19 params: 20 - name: dockerfile 21 value: Dockerfile 22 - name: git-url 23 value: '{{repo_url}}' 24 - name: output-image 25 value: quay.io/redhat-user-workloads/rhtap-release-2-tenant/release-service/release-service:{{revision}} 26 - name: path-context 27 value: . 28 - name: revision 29 value: '{{revision}}' 30 - name: build-source-image 31 value: 'true' 32 pipelineSpec: 33 finally: 34 - name: show-sbom 35 params: 36 - name: IMAGE_URL 37 value: $(tasks.build-container.results.IMAGE_URL) 38 taskRef: 39 params: 40 - name: name 41 value: show-sbom 42 - name: bundle 43 value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:1f90faefa39c2e4965793c1d8321e7d5d99a6c941276a9094a4e0d483a598fca 44 - name: kind 45 value: task 46 resolver: bundles 47 - name: show-summary 48 params: 49 - name: pipelinerun-name 50 value: $(context.pipelineRun.name) 51 - name: git-url 52 value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) 53 - name: image-url 54 value: $(params.output-image) 55 - name: build-task-status 56 value: $(tasks.build-container.status) 57 taskRef: 58 params: 59 - name: name 60 value: summary 61 - name: bundle 62 value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:bdf58a8a6bf10482fff841ce6c78c54e87d306bc6aae9515821c436d26daff35 63 - name: kind 64 value: task 65 resolver: bundles 66 params: 67 - description: Source Repository URL 68 name: git-url 69 type: string 70 - default: "" 71 description: Revision of the Source Repository 72 name: revision 73 type: string 74 - description: Fully Qualified Output Image 75 name: output-image 76 type: string 77 - default: . 78 description: Path to the source code of an application's component from where 79 to build image. 80 name: path-context 81 type: string 82 - default: Dockerfile 83 description: Path to the Dockerfile inside the context specified by parameter 84 path-context 85 name: dockerfile 86 type: string 87 - default: "false" 88 description: Force rebuild image 89 name: rebuild 90 type: string 91 - default: "false" 92 description: Skip checks against built image 93 name: skip-checks 94 type: string 95 - default: "false" 96 description: Execute the build with network isolation 97 name: hermetic 98 type: string 99 - default: "" 100 description: Build dependencies to be prefetched by Cachi2 101 name: prefetch-input 102 type: string 103 - default: "false" 104 description: Java build 105 name: java 106 type: string 107 - default: "" 108 description: Image tag expiration time, time values could be something like 109 1h, 2d, 3w for hours, days, and weeks, respectively. 110 name: image-expires-after 111 - default: "true" 112 description: Build a source image. 113 name: build-source-image 114 type: string 115 results: 116 - description: "" 117 name: IMAGE_URL 118 value: $(tasks.build-container.results.IMAGE_URL) 119 - description: "" 120 name: IMAGE_DIGEST 121 value: $(tasks.build-container.results.IMAGE_DIGEST) 122 - description: "" 123 name: CHAINS-GIT_URL 124 value: $(tasks.clone-repository.results.url) 125 - description: "" 126 name: CHAINS-GIT_COMMIT 127 value: $(tasks.clone-repository.results.commit) 128 - description: "" 129 name: JAVA_COMMUNITY_DEPENDENCIES 130 value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) 131 tasks: 132 - name: init 133 params: 134 - name: image-url 135 value: $(params.output-image) 136 - name: rebuild 137 value: $(params.rebuild) 138 - name: skip-checks 139 value: $(params.skip-checks) 140 taskRef: 141 params: 142 - name: name 143 value: init 144 - name: bundle 145 value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:686109bd8088258f73211618824aee5d3cf9e370f65fa3e85d361790a54260ef 146 - name: kind 147 value: task 148 resolver: bundles 149 - name: clone-repository 150 params: 151 - name: url 152 value: $(params.git-url) 153 - name: revision 154 value: $(params.revision) 155 runAfter: 156 - init 157 taskRef: 158 params: 159 - name: name 160 value: git-clone 161 - name: bundle 162 value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:30709df067659a407968154fd39e99763823d8ecfc6b5cd00a55b68818ec94ba 163 - name: kind 164 value: task 165 resolver: bundles 166 when: 167 - input: $(tasks.init.results.build) 168 operator: in 169 values: 170 - "true" 171 workspaces: 172 - name: output 173 workspace: workspace 174 - name: basic-auth 175 workspace: git-auth 176 - name: prefetch-dependencies 177 params: 178 - name: input 179 value: $(params.prefetch-input) 180 runAfter: 181 - clone-repository 182 taskRef: 183 params: 184 - name: name 185 value: prefetch-dependencies 186 - name: bundle 187 value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:c6fdbf404dc61bf8cf8bec5fc4d7fb15f37ba62f1684de0c68bfbad5723c0052 188 - name: kind 189 value: task 190 resolver: bundles 191 when: 192 - input: $(params.hermetic) 193 operator: in 194 values: 195 - "true" 196 workspaces: 197 - name: source 198 workspace: workspace 199 - name: build-container 200 params: 201 - name: IMAGE 202 value: $(params.output-image) 203 - name: DOCKERFILE 204 value: $(params.dockerfile) 205 - name: CONTEXT 206 value: $(params.path-context) 207 - name: HERMETIC 208 value: $(params.hermetic) 209 - name: PREFETCH_INPUT 210 value: $(params.prefetch-input) 211 - name: IMAGE_EXPIRES_AFTER 212 value: $(params.image-expires-after) 213 - name: COMMIT_SHA 214 value: $(tasks.clone-repository.results.commit) 215 runAfter: 216 - prefetch-dependencies 217 taskRef: 218 params: 219 - name: name 220 value: buildah 221 - name: bundle 222 value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:7e5f19d3aa233b9becf90d1ca01697486dc1acb1f1d6d2a0b8d1a1cc07c66249 223 - name: kind 224 value: task 225 resolver: bundles 226 when: 227 - input: $(tasks.init.results.build) 228 operator: in 229 values: 230 - "true" 231 workspaces: 232 - name: source 233 workspace: workspace 234 - name: inspect-image 235 params: 236 - name: IMAGE_URL 237 value: $(tasks.build-container.results.IMAGE_URL) 238 - name: IMAGE_DIGEST 239 value: $(tasks.build-container.results.IMAGE_DIGEST) 240 runAfter: 241 - build-container 242 taskRef: 243 params: 244 - name: name 245 value: inspect-image 246 - name: bundle 247 value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:919438843ea5368ec0c41c6b5f92363add4423118f9cd6ccf16bf23160fabc90 248 - name: kind 249 value: task 250 resolver: bundles 251 when: 252 - input: $(params.skip-checks) 253 operator: in 254 values: 255 - "false" 256 workspaces: 257 - name: source 258 workspace: workspace 259 - name: build-source-image 260 params: 261 - name: BINARY_IMAGE 262 value: $(params.output-image) 263 - name: BASE_IMAGES 264 value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) 265 runAfter: 266 - build-container 267 taskRef: 268 params: 269 - name: name 270 value: source-build 271 - name: bundle 272 value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:90dc9c66eb0123b5e5ff8a1b8c3891e91f0e952899e427eeca79b635fe81a348 273 - name: kind 274 value: task 275 resolver: bundles 276 when: 277 - input: $(tasks.init.results.build) 278 operator: in 279 values: 280 - "true" 281 - input: $(params.build-source-image) 282 operator: in 283 values: 284 - "true" 285 workspaces: 286 - name: workspace 287 workspace: workspace 288 - name: deprecated-base-image-check 289 params: 290 - name: BASE_IMAGES_DIGESTS 291 value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) 292 - name: IMAGE_URL 293 value: $(tasks.build-container.results.IMAGE_URL) 294 - name: IMAGE_DIGEST 295 value: $(tasks.build-container.results.IMAGE_DIGEST) 296 taskRef: 297 params: 298 - name: name 299 value: deprecated-image-check 300 - name: bundle 301 value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.4@sha256:6b1b325de0af29b6e9a0696f4d2b669a1e6a046941726cc97c5e42785aad870c 302 - name: kind 303 value: task 304 resolver: bundles 305 when: 306 - input: $(params.skip-checks) 307 operator: in 308 values: 309 - "false" 310 - name: clair-scan 311 params: 312 - name: image-digest 313 value: $(tasks.build-container.results.IMAGE_DIGEST) 314 - name: image-url 315 value: $(tasks.build-container.results.IMAGE_URL) 316 runAfter: 317 - build-container 318 taskRef: 319 params: 320 - name: name 321 value: clair-scan 322 - name: bundle 323 value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:a6107f78e5fa9e087992f11d788701e4241d9875b153def796fb3bf257c3b7fd 324 - name: kind 325 value: task 326 resolver: bundles 327 when: 328 - input: $(params.skip-checks) 329 operator: in 330 values: 331 - "false" 332 - name: sast-snyk-check 333 runAfter: 334 - clone-repository 335 taskRef: 336 params: 337 - name: name 338 value: sast-snyk-check 339 - name: bundle 340 value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:b3d2d07394ff983d5f2578c294cd8c4e9428fecc801495feeb929d932c10f740 341 - name: kind 342 value: task 343 resolver: bundles 344 when: 345 - input: $(params.skip-checks) 346 operator: in 347 values: 348 - "false" 349 workspaces: 350 - name: workspace 351 workspace: workspace 352 - name: clamav-scan 353 params: 354 - name: image-digest 355 value: $(tasks.build-container.results.IMAGE_DIGEST) 356 - name: image-url 357 value: $(tasks.build-container.results.IMAGE_URL) 358 runAfter: 359 - build-container 360 taskRef: 361 params: 362 - name: name 363 value: clamav-scan 364 - name: bundle 365 value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:6ba32717bd837ca0d5714b518cc4530e1f1d5bef137df54c02b0c2151b9d217e 366 - name: kind 367 value: task 368 resolver: bundles 369 when: 370 - input: $(params.skip-checks) 371 operator: in 372 values: 373 - "false" 374 - name: sbom-json-check 375 params: 376 - name: IMAGE_URL 377 value: $(tasks.build-container.results.IMAGE_URL) 378 - name: IMAGE_DIGEST 379 value: $(tasks.build-container.results.IMAGE_DIGEST) 380 runAfter: 381 - build-container 382 taskRef: 383 params: 384 - name: name 385 value: sbom-json-check 386 - name: bundle 387 value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:dbd467a0507cff1981d3c98f683339feaab1b387c5b5fbf1ff957e9be2e27027 388 - name: kind 389 value: task 390 resolver: bundles 391 when: 392 - input: $(params.skip-checks) 393 operator: in 394 values: 395 - "false" 396 workspaces: 397 - name: workspace 398 - name: git-auth 399 optional: true 400 workspaces: 401 - name: workspace 402 volumeClaimTemplate: 403 metadata: 404 creationTimestamp: null 405 spec: 406 accessModes: 407 - ReadWriteOnce 408 resources: 409 requests: 410 storage: 1Gi 411 status: {} 412 - name: git-auth 413 secret: 414 secretName: '{{ git_auth_secret }}' 415 status: {}