github.com/redhat-appstudio/release-service@v0.0.0-20240507143925-083712697924/.tekton/release-service-pull-request.yaml (about) 1 apiVersion: tekton.dev/v1 2 kind: PipelineRun 3 metadata: 4 annotations: 5 build.appstudio.openshift.io/repo: https://github.com/konflux-ci/release-service?rev={{revision}} 6 build.appstudio.redhat.com/commit_sha: '{{revision}}' 7 build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' 8 build.appstudio.redhat.com/target_branch: '{{target_branch}}' 9 pipelinesascode.tekton.dev/max-keep-runs: "3" 10 pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch 11 == "main" 12 creationTimestamp: null 13 labels: 14 appstudio.openshift.io/application: release-service 15 appstudio.openshift.io/component: release-service 16 pipelines.appstudio.openshift.io/type: build 17 name: release-service-on-pull-request 18 namespace: rhtap-release-2-tenant 19 spec: 20 params: 21 - name: dockerfile 22 value: Dockerfile 23 - name: git-url 24 value: '{{source_url}}' 25 - name: image-expires-after 26 value: 5d 27 - name: output-image 28 value: quay.io/redhat-user-workloads/rhtap-release-2-tenant/release-service/release-service:on-pr-{{revision}} 29 - name: path-context 30 value: . 31 - name: revision 32 value: '{{revision}}' 33 pipelineSpec: 34 finally: 35 - name: show-sbom 36 params: 37 - name: IMAGE_URL 38 value: $(tasks.build-container.results.IMAGE_URL) 39 taskRef: 40 params: 41 - name: name 42 value: show-sbom 43 - name: bundle 44 value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:1f90faefa39c2e4965793c1d8321e7d5d99a6c941276a9094a4e0d483a598fca 45 - name: kind 46 value: task 47 resolver: bundles 48 - name: show-summary 49 params: 50 - name: pipelinerun-name 51 value: $(context.pipelineRun.name) 52 - name: git-url 53 value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) 54 - name: image-url 55 value: $(params.output-image) 56 - name: build-task-status 57 value: $(tasks.build-container.status) 58 taskRef: 59 params: 60 - name: name 61 value: summary 62 - name: bundle 63 value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:bdf58a8a6bf10482fff841ce6c78c54e87d306bc6aae9515821c436d26daff35 64 - name: kind 65 value: task 66 resolver: bundles 67 workspaces: 68 - name: workspace 69 workspace: workspace 70 params: 71 - description: Source Repository URL 72 name: git-url 73 type: string 74 - default: "" 75 description: Revision of the Source Repository 76 name: revision 77 type: string 78 - description: Fully Qualified Output Image 79 name: output-image 80 type: string 81 - default: . 82 description: Path to the source code of an application's component from where 83 to build image. 84 name: path-context 85 type: string 86 - default: Dockerfile 87 description: Path to the Dockerfile inside the context specified by parameter 88 path-context 89 name: dockerfile 90 type: string 91 - default: "false" 92 description: Force rebuild image 93 name: rebuild 94 type: string 95 - default: "false" 96 description: Skip checks against built image 97 name: skip-checks 98 type: string 99 - default: "false" 100 description: Execute the build with network isolation 101 name: hermetic 102 type: string 103 - default: "" 104 description: Build dependencies to be prefetched by Cachi2 105 name: prefetch-input 106 type: string 107 - default: "false" 108 description: Java build 109 name: java 110 type: string 111 - default: "" 112 description: Image tag expiration time, time values could be something like 113 1h, 2d, 3w for hours, days, and weeks, respectively. 114 name: image-expires-after 115 - default: "true" 116 description: Build a source image. 117 name: build-source-image 118 type: string 119 - default: "" 120 description: Path to a file with build arguments which will be passed to podman 121 during build 122 name: build-args-file 123 type: string 124 results: 125 - description: "" 126 name: IMAGE_URL 127 value: $(tasks.build-container.results.IMAGE_URL) 128 - description: "" 129 name: IMAGE_DIGEST 130 value: $(tasks.build-container.results.IMAGE_DIGEST) 131 - description: "" 132 name: CHAINS-GIT_URL 133 value: $(tasks.clone-repository.results.url) 134 - description: "" 135 name: CHAINS-GIT_COMMIT 136 value: $(tasks.clone-repository.results.commit) 137 - description: "" 138 name: JAVA_COMMUNITY_DEPENDENCIES 139 value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) 140 tasks: 141 - name: init 142 params: 143 - name: image-url 144 value: $(params.output-image) 145 - name: rebuild 146 value: $(params.rebuild) 147 - name: skip-checks 148 value: $(params.skip-checks) 149 taskRef: 150 params: 151 - name: name 152 value: init 153 - name: bundle 154 value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:686109bd8088258f73211618824aee5d3cf9e370f65fa3e85d361790a54260ef 155 - name: kind 156 value: task 157 resolver: bundles 158 - name: clone-repository 159 params: 160 - name: url 161 value: $(params.git-url) 162 - name: revision 163 value: $(params.revision) 164 runAfter: 165 - init 166 taskRef: 167 params: 168 - name: name 169 value: git-clone 170 - name: bundle 171 value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:30709df067659a407968154fd39e99763823d8ecfc6b5cd00a55b68818ec94ba 172 - name: kind 173 value: task 174 resolver: bundles 175 when: 176 - input: $(tasks.init.results.build) 177 operator: in 178 values: 179 - "true" 180 workspaces: 181 - name: output 182 workspace: workspace 183 - name: basic-auth 184 workspace: git-auth 185 - name: prefetch-dependencies 186 params: 187 - name: input 188 value: $(params.prefetch-input) 189 runAfter: 190 - clone-repository 191 taskRef: 192 params: 193 - name: name 194 value: prefetch-dependencies 195 - name: bundle 196 value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:c6fdbf404dc61bf8cf8bec5fc4d7fb15f37ba62f1684de0c68bfbad5723c0052 197 - name: kind 198 value: task 199 resolver: bundles 200 when: 201 - input: $(params.hermetic) 202 operator: in 203 values: 204 - "true" 205 workspaces: 206 - name: source 207 workspace: workspace 208 - name: git-basic-auth 209 workspace: git-auth 210 - name: build-container 211 params: 212 - name: IMAGE 213 value: $(params.output-image) 214 - name: DOCKERFILE 215 value: $(params.dockerfile) 216 - name: CONTEXT 217 value: $(params.path-context) 218 - name: HERMETIC 219 value: $(params.hermetic) 220 - name: PREFETCH_INPUT 221 value: $(params.prefetch-input) 222 - name: IMAGE_EXPIRES_AFTER 223 value: $(params.image-expires-after) 224 - name: COMMIT_SHA 225 value: $(tasks.clone-repository.results.commit) 226 - name: BUILD_ARGS_FILE 227 value: $(params.build-args-file) 228 runAfter: 229 - prefetch-dependencies 230 taskRef: 231 params: 232 - name: name 233 value: buildah 234 - name: bundle 235 value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:7e5f19d3aa233b9becf90d1ca01697486dc1acb1f1d6d2a0b8d1a1cc07c66249 236 - name: kind 237 value: task 238 resolver: bundles 239 when: 240 - input: $(tasks.init.results.build) 241 operator: in 242 values: 243 - "true" 244 workspaces: 245 - name: source 246 workspace: workspace 247 - name: inspect-image 248 params: 249 - name: IMAGE_URL 250 value: $(tasks.build-container.results.IMAGE_URL) 251 - name: IMAGE_DIGEST 252 value: $(tasks.build-container.results.IMAGE_DIGEST) 253 runAfter: 254 - build-container 255 taskRef: 256 params: 257 - name: name 258 value: inspect-image 259 - name: bundle 260 value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:919438843ea5368ec0c41c6b5f92363add4423118f9cd6ccf16bf23160fabc90 261 - name: kind 262 value: task 263 resolver: bundles 264 when: 265 - input: $(params.skip-checks) 266 operator: in 267 values: 268 - "false" 269 workspaces: 270 - name: source 271 workspace: workspace 272 - name: build-source-image 273 params: 274 - name: BINARY_IMAGE 275 value: $(params.output-image) 276 - name: BASE_IMAGES 277 value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) 278 runAfter: 279 - build-container 280 taskRef: 281 params: 282 - name: name 283 value: source-build 284 - name: bundle 285 value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:90dc9c66eb0123b5e5ff8a1b8c3891e91f0e952899e427eeca79b635fe81a348 286 - name: kind 287 value: task 288 resolver: bundles 289 when: 290 - input: $(tasks.init.results.build) 291 operator: in 292 values: 293 - "true" 294 - input: $(params.build-source-image) 295 operator: in 296 values: 297 - "true" 298 workspaces: 299 - name: workspace 300 workspace: workspace 301 - name: deprecated-base-image-check 302 params: 303 - name: BASE_IMAGES_DIGESTS 304 value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) 305 - name: IMAGE_URL 306 value: $(tasks.build-container.results.IMAGE_URL) 307 - name: IMAGE_DIGEST 308 value: $(tasks.build-container.results.IMAGE_DIGEST) 309 runAfter: 310 - build-container 311 taskRef: 312 params: 313 - name: name 314 value: deprecated-image-check 315 - name: bundle 316 value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.4@sha256:6b1b325de0af29b6e9a0696f4d2b669a1e6a046941726cc97c5e42785aad870c 317 - name: kind 318 value: task 319 resolver: bundles 320 when: 321 - input: $(params.skip-checks) 322 operator: in 323 values: 324 - "false" 325 - name: clair-scan 326 params: 327 - name: image-digest 328 value: $(tasks.build-container.results.IMAGE_DIGEST) 329 - name: image-url 330 value: $(tasks.build-container.results.IMAGE_URL) 331 runAfter: 332 - build-container 333 taskRef: 334 params: 335 - name: name 336 value: clair-scan 337 - name: bundle 338 value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:a6107f78e5fa9e087992f11d788701e4241d9875b153def796fb3bf257c3b7fd 339 - name: kind 340 value: task 341 resolver: bundles 342 when: 343 - input: $(params.skip-checks) 344 operator: in 345 values: 346 - "false" 347 - name: sast-snyk-check 348 runAfter: 349 - clone-repository 350 taskRef: 351 params: 352 - name: name 353 value: sast-snyk-check 354 - name: bundle 355 value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:b3d2d07394ff983d5f2578c294cd8c4e9428fecc801495feeb929d932c10f740 356 - name: kind 357 value: task 358 resolver: bundles 359 when: 360 - input: $(params.skip-checks) 361 operator: in 362 values: 363 - "false" 364 workspaces: 365 - name: workspace 366 workspace: workspace 367 - name: clamav-scan 368 params: 369 - name: image-digest 370 value: $(tasks.build-container.results.IMAGE_DIGEST) 371 - name: image-url 372 value: $(tasks.build-container.results.IMAGE_URL) 373 runAfter: 374 - build-container 375 taskRef: 376 params: 377 - name: name 378 value: clamav-scan 379 - name: bundle 380 value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:6ba32717bd837ca0d5714b518cc4530e1f1d5bef137df54c02b0c2151b9d217e 381 - name: kind 382 value: task 383 resolver: bundles 384 when: 385 - input: $(params.skip-checks) 386 operator: in 387 values: 388 - "false" 389 - name: sbom-json-check 390 params: 391 - name: IMAGE_URL 392 value: $(tasks.build-container.results.IMAGE_URL) 393 - name: IMAGE_DIGEST 394 value: $(tasks.build-container.results.IMAGE_DIGEST) 395 runAfter: 396 - build-container 397 taskRef: 398 params: 399 - name: name 400 value: sbom-json-check 401 - name: bundle 402 value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:dbd467a0507cff1981d3c98f683339feaab1b387c5b5fbf1ff957e9be2e27027 403 - name: kind 404 value: task 405 resolver: bundles 406 when: 407 - input: $(params.skip-checks) 408 operator: in 409 values: 410 - "false" 411 workspaces: 412 - name: workspace 413 - name: git-auth 414 optional: true 415 taskRunTemplate: {} 416 workspaces: 417 - name: workspace 418 volumeClaimTemplate: 419 metadata: 420 creationTimestamp: null 421 spec: 422 accessModes: 423 - ReadWriteOnce 424 resources: 425 requests: 426 storage: 1Gi 427 status: {} 428 - name: git-auth 429 secret: 430 secretName: '{{ git_auth_secret }}' 431 status: {}