github.com/redhat-appstudio/release-service@v0.0.0-20240507143925-083712697924/.tekton/release-service-push.yaml (about) 1 apiVersion: tekton.dev/v1 2 kind: PipelineRun 3 metadata: 4 annotations: 5 build.appstudio.openshift.io/repo: https://github.com/konflux-ci/release-service?rev={{revision}} 6 build.appstudio.redhat.com/commit_sha: '{{revision}}' 7 build.appstudio.redhat.com/target_branch: '{{target_branch}}' 8 pipelinesascode.tekton.dev/max-keep-runs: "3" 9 pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch 10 == "main" 11 creationTimestamp: null 12 labels: 13 appstudio.openshift.io/application: release-service 14 appstudio.openshift.io/component: release-service 15 pipelines.appstudio.openshift.io/type: build 16 name: release-service-on-push 17 namespace: rhtap-release-2-tenant 18 spec: 19 params: 20 - name: dockerfile 21 value: Dockerfile 22 - name: git-url 23 value: '{{source_url}}' 24 - name: output-image 25 value: quay.io/redhat-user-workloads/rhtap-release-2-tenant/release-service/release-service:{{revision}} 26 - name: path-context 27 value: . 28 - name: revision 29 value: '{{revision}}' 30 pipelineSpec: 31 finally: 32 - name: show-sbom 33 params: 34 - name: IMAGE_URL 35 value: $(tasks.build-container.results.IMAGE_URL) 36 taskRef: 37 params: 38 - name: name 39 value: show-sbom 40 - name: bundle 41 value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:1f90faefa39c2e4965793c1d8321e7d5d99a6c941276a9094a4e0d483a598fca 42 - name: kind 43 value: task 44 resolver: bundles 45 - name: show-summary 46 params: 47 - name: pipelinerun-name 48 value: $(context.pipelineRun.name) 49 - name: git-url 50 value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) 51 - name: image-url 52 value: $(params.output-image) 53 - name: build-task-status 54 value: $(tasks.build-container.status) 55 taskRef: 56 params: 57 - name: name 58 value: summary 59 - name: bundle 60 value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:bdf58a8a6bf10482fff841ce6c78c54e87d306bc6aae9515821c436d26daff35 61 - name: kind 62 value: task 63 resolver: bundles 64 workspaces: 65 - name: workspace 66 workspace: workspace 67 params: 68 - description: Source Repository URL 69 name: git-url 70 type: string 71 - default: "" 72 description: Revision of the Source Repository 73 name: revision 74 type: string 75 - description: Fully Qualified Output Image 76 name: output-image 77 type: string 78 - default: . 79 description: Path to the source code of an application's component from where 80 to build image. 81 name: path-context 82 type: string 83 - default: Dockerfile 84 description: Path to the Dockerfile inside the context specified by parameter 85 path-context 86 name: dockerfile 87 type: string 88 - default: "false" 89 description: Force rebuild image 90 name: rebuild 91 type: string 92 - default: "false" 93 description: Skip checks against built image 94 name: skip-checks 95 type: string 96 - default: "false" 97 description: Execute the build with network isolation 98 name: hermetic 99 type: string 100 - default: "" 101 description: Build dependencies to be prefetched by Cachi2 102 name: prefetch-input 103 type: string 104 - default: "false" 105 description: Java build 106 name: java 107 type: string 108 - default: "" 109 description: Image tag expiration time, time values could be something like 110 1h, 2d, 3w for hours, days, and weeks, respectively. 111 name: image-expires-after 112 - default: "true" 113 description: Build a source image. 114 name: build-source-image 115 type: string 116 - default: "" 117 description: Path to a file with build arguments which will be passed to podman 118 during build 119 name: build-args-file 120 type: string 121 results: 122 - description: "" 123 name: IMAGE_URL 124 value: $(tasks.build-container.results.IMAGE_URL) 125 - description: "" 126 name: IMAGE_DIGEST 127 value: $(tasks.build-container.results.IMAGE_DIGEST) 128 - description: "" 129 name: CHAINS-GIT_URL 130 value: $(tasks.clone-repository.results.url) 131 - description: "" 132 name: CHAINS-GIT_COMMIT 133 value: $(tasks.clone-repository.results.commit) 134 - description: "" 135 name: JAVA_COMMUNITY_DEPENDENCIES 136 value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) 137 tasks: 138 - name: init 139 params: 140 - name: image-url 141 value: $(params.output-image) 142 - name: rebuild 143 value: $(params.rebuild) 144 - name: skip-checks 145 value: $(params.skip-checks) 146 taskRef: 147 params: 148 - name: name 149 value: init 150 - name: bundle 151 value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:686109bd8088258f73211618824aee5d3cf9e370f65fa3e85d361790a54260ef 152 - name: kind 153 value: task 154 resolver: bundles 155 - name: clone-repository 156 params: 157 - name: url 158 value: $(params.git-url) 159 - name: revision 160 value: $(params.revision) 161 runAfter: 162 - init 163 taskRef: 164 params: 165 - name: name 166 value: git-clone 167 - name: bundle 168 value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:30709df067659a407968154fd39e99763823d8ecfc6b5cd00a55b68818ec94ba 169 - name: kind 170 value: task 171 resolver: bundles 172 when: 173 - input: $(tasks.init.results.build) 174 operator: in 175 values: 176 - "true" 177 workspaces: 178 - name: output 179 workspace: workspace 180 - name: basic-auth 181 workspace: git-auth 182 - name: prefetch-dependencies 183 params: 184 - name: input 185 value: $(params.prefetch-input) 186 runAfter: 187 - clone-repository 188 taskRef: 189 params: 190 - name: name 191 value: prefetch-dependencies 192 - name: bundle 193 value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:c6fdbf404dc61bf8cf8bec5fc4d7fb15f37ba62f1684de0c68bfbad5723c0052 194 - name: kind 195 value: task 196 resolver: bundles 197 when: 198 - input: $(params.hermetic) 199 operator: in 200 values: 201 - "true" 202 workspaces: 203 - name: source 204 workspace: workspace 205 - name: git-basic-auth 206 workspace: git-auth 207 - name: build-container 208 params: 209 - name: IMAGE 210 value: $(params.output-image) 211 - name: DOCKERFILE 212 value: $(params.dockerfile) 213 - name: CONTEXT 214 value: $(params.path-context) 215 - name: HERMETIC 216 value: $(params.hermetic) 217 - name: PREFETCH_INPUT 218 value: $(params.prefetch-input) 219 - name: IMAGE_EXPIRES_AFTER 220 value: $(params.image-expires-after) 221 - name: COMMIT_SHA 222 value: $(tasks.clone-repository.results.commit) 223 - name: BUILD_ARGS_FILE 224 value: $(params.build-args-file) 225 runAfter: 226 - prefetch-dependencies 227 taskRef: 228 params: 229 - name: name 230 value: buildah 231 - name: bundle 232 value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:7e5f19d3aa233b9becf90d1ca01697486dc1acb1f1d6d2a0b8d1a1cc07c66249 233 - name: kind 234 value: task 235 resolver: bundles 236 when: 237 - input: $(tasks.init.results.build) 238 operator: in 239 values: 240 - "true" 241 workspaces: 242 - name: source 243 workspace: workspace 244 - name: inspect-image 245 params: 246 - name: IMAGE_URL 247 value: $(tasks.build-container.results.IMAGE_URL) 248 - name: IMAGE_DIGEST 249 value: $(tasks.build-container.results.IMAGE_DIGEST) 250 runAfter: 251 - build-container 252 taskRef: 253 params: 254 - name: name 255 value: inspect-image 256 - name: bundle 257 value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:919438843ea5368ec0c41c6b5f92363add4423118f9cd6ccf16bf23160fabc90 258 - name: kind 259 value: task 260 resolver: bundles 261 when: 262 - input: $(params.skip-checks) 263 operator: in 264 values: 265 - "false" 266 workspaces: 267 - name: source 268 workspace: workspace 269 - name: build-source-image 270 params: 271 - name: BINARY_IMAGE 272 value: $(params.output-image) 273 - name: BASE_IMAGES 274 value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) 275 runAfter: 276 - build-container 277 taskRef: 278 params: 279 - name: name 280 value: source-build 281 - name: bundle 282 value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:90dc9c66eb0123b5e5ff8a1b8c3891e91f0e952899e427eeca79b635fe81a348 283 - name: kind 284 value: task 285 resolver: bundles 286 when: 287 - input: $(tasks.init.results.build) 288 operator: in 289 values: 290 - "true" 291 - input: $(params.build-source-image) 292 operator: in 293 values: 294 - "true" 295 workspaces: 296 - name: workspace 297 workspace: workspace 298 - name: deprecated-base-image-check 299 params: 300 - name: BASE_IMAGES_DIGESTS 301 value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) 302 - name: IMAGE_URL 303 value: $(tasks.build-container.results.IMAGE_URL) 304 - name: IMAGE_DIGEST 305 value: $(tasks.build-container.results.IMAGE_DIGEST) 306 taskRef: 307 params: 308 - name: name 309 value: deprecated-image-check 310 - name: bundle 311 value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.4@sha256:6b1b325de0af29b6e9a0696f4d2b669a1e6a046941726cc97c5e42785aad870c 312 - name: kind 313 value: task 314 resolver: bundles 315 when: 316 - input: $(params.skip-checks) 317 operator: in 318 values: 319 - "false" 320 - name: clair-scan 321 params: 322 - name: image-digest 323 value: $(tasks.build-container.results.IMAGE_DIGEST) 324 - name: image-url 325 value: $(tasks.build-container.results.IMAGE_URL) 326 runAfter: 327 - build-container 328 taskRef: 329 params: 330 - name: name 331 value: clair-scan 332 - name: bundle 333 value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:a6107f78e5fa9e087992f11d788701e4241d9875b153def796fb3bf257c3b7fd 334 - name: kind 335 value: task 336 resolver: bundles 337 when: 338 - input: $(params.skip-checks) 339 operator: in 340 values: 341 - "false" 342 - name: sast-snyk-check 343 runAfter: 344 - clone-repository 345 taskRef: 346 params: 347 - name: name 348 value: sast-snyk-check 349 - name: bundle 350 value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:b3d2d07394ff983d5f2578c294cd8c4e9428fecc801495feeb929d932c10f740 351 - name: kind 352 value: task 353 resolver: bundles 354 when: 355 - input: $(params.skip-checks) 356 operator: in 357 values: 358 - "false" 359 workspaces: 360 - name: workspace 361 workspace: workspace 362 - name: clamav-scan 363 params: 364 - name: image-digest 365 value: $(tasks.build-container.results.IMAGE_DIGEST) 366 - name: image-url 367 value: $(tasks.build-container.results.IMAGE_URL) 368 runAfter: 369 - build-container 370 taskRef: 371 params: 372 - name: name 373 value: clamav-scan 374 - name: bundle 375 value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:6ba32717bd837ca0d5714b518cc4530e1f1d5bef137df54c02b0c2151b9d217e 376 - name: kind 377 value: task 378 resolver: bundles 379 when: 380 - input: $(params.skip-checks) 381 operator: in 382 values: 383 - "false" 384 - name: sbom-json-check 385 params: 386 - name: IMAGE_URL 387 value: $(tasks.build-container.results.IMAGE_URL) 388 - name: IMAGE_DIGEST 389 value: $(tasks.build-container.results.IMAGE_DIGEST) 390 runAfter: 391 - build-container 392 taskRef: 393 params: 394 - name: name 395 value: sbom-json-check 396 - name: bundle 397 value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:dbd467a0507cff1981d3c98f683339feaab1b387c5b5fbf1ff957e9be2e27027 398 - name: kind 399 value: task 400 resolver: bundles 401 when: 402 - input: $(params.skip-checks) 403 operator: in 404 values: 405 - "false" 406 workspaces: 407 - name: workspace 408 - name: git-auth 409 optional: true 410 taskRunTemplate: {} 411 workspaces: 412 - name: workspace 413 volumeClaimTemplate: 414 metadata: 415 creationTimestamp: null 416 spec: 417 accessModes: 418 - ReadWriteOnce 419 resources: 420 requests: 421 storage: 1Gi 422 status: {} 423 - name: git-auth 424 secret: 425 secretName: '{{ git_auth_secret }}' 426 status: {}