Skip to content

Commit befc65d

Browse files
gbenhaimgbenhaim
authored
Merge pull request #3 from redhat-appstudio/appstudio-migration-dashboard
Red Hat Trusted App Pipeline update migration-dashboard
2 parents 328f728 + b868ba1 commit befc65d

File tree

2 files changed

+729
-0
lines changed

2 files changed

+729
-0
lines changed

.tekton/migration-dashboard-pull-request.yaml

Lines changed: 366 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,366 @@
1+
apiVersion: tekton.dev/v1beta1
2+
kind: PipelineRun
3+
metadata:
4+
annotations:
5+
build.appstudio.openshift.io/repo: https://github.com/redhat-appstudio/migration?rev={{revision}}
6+
build.appstudio.redhat.com/commit_sha: '{{revision}}'
7+
build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}'
8+
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
9+
pipelinesascode.tekton.dev/max-keep-runs: "3"
10+
pipelinesascode.tekton.dev/on-event: '[pull_request]'
11+
pipelinesascode.tekton.dev/on-target-branch: '[main]'
12+
creationTimestamp: null
13+
labels:
14+
appstudio.openshift.io/application: migration-dashboard
15+
appstudio.openshift.io/component: migration-dashboard
16+
pipelines.appstudio.openshift.io/type: build
17+
name: migration-dashboard-on-pull-request
18+
namespace: rhtap-migration-tenant
19+
spec:
20+
params:
21+
- name: dockerfile
22+
value: Dockerfile
23+
- name: git-url
24+
value: '{{repo_url}}'
25+
- name: image-expires-after
26+
value: 5d
27+
- name: output-image
28+
value: quay.io/redhat-user-workloads/rhtap-migration-tenant/migration-dashboard/migration-dashboard:on-pr-{{revision}}
29+
- name: path-context
30+
value: dashboard
31+
- name: revision
32+
value: '{{revision}}'
33+
pipelineSpec:
34+
finally:
35+
- name: show-sbom
36+
params:
37+
- name: IMAGE_URL
38+
value: $(tasks.build-container.results.IMAGE_URL)
39+
taskRef:
40+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:050bab50254e0377c68d63b6b679decfc655e30cad9ce4b0407fc8468852008d
41+
name: show-sbom
42+
- name: show-summary
43+
params:
44+
- name: pipelinerun-name
45+
value: $(context.pipelineRun.name)
46+
- name: git-url
47+
value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit)
48+
- name: image-url
49+
value: $(params.output-image)
50+
- name: build-task-status
51+
value: $(tasks.build-container.status)
52+
taskRef:
53+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:303f8e8fb23cfe651574acce03593b21fcd2e332dc2b7fb88b290d4546479449
54+
name: summary
55+
params:
56+
- description: Source Repository URL
57+
name: git-url
58+
type: string
59+
- default: ""
60+
description: Revision of the Source Repository
61+
name: revision
62+
type: string
63+
- description: Fully Qualified Output Image
64+
name: output-image
65+
type: string
66+
- default: .
67+
description: The path to your source code
68+
name: path-context
69+
type: string
70+
- default: Dockerfile
71+
description: Path to the Dockerfile
72+
name: dockerfile
73+
type: string
74+
- default: "false"
75+
description: Force rebuild image
76+
name: rebuild
77+
type: string
78+
- default: "false"
79+
description: Skip checks against built image
80+
name: skip-checks
81+
type: string
82+
- default: "true"
83+
description: Skip optional checks, set false if you want to run optional checks
84+
name: skip-optional
85+
type: string
86+
- default: "false"
87+
description: Execute the build with network isolation
88+
name: hermetic
89+
type: string
90+
- default: ""
91+
description: Build dependencies to be prefetched by Cachi2
92+
name: prefetch-input
93+
type: string
94+
- default: "false"
95+
description: Java build
96+
name: java
97+
type: string
98+
- default: ""
99+
description: Snyk Token Secret Name
100+
name: snyk-secret
101+
type: string
102+
- default: ""
103+
description: Image tag expiration time, time values could be something like
104+
1h, 2d, 3w for hours, days, and weeks, respectively.
105+
name: image-expires-after
106+
results:
107+
- description: ""
108+
name: IMAGE_URL
109+
value: $(tasks.build-container.results.IMAGE_URL)
110+
- description: ""
111+
name: IMAGE_DIGEST
112+
value: $(tasks.build-container.results.IMAGE_DIGEST)
113+
- description: ""
114+
name: CHAINS-GIT_URL
115+
value: $(tasks.clone-repository.results.url)
116+
- description: ""
117+
name: CHAINS-GIT_COMMIT
118+
value: $(tasks.clone-repository.results.commit)
119+
- description: ""
120+
name: JAVA_COMMUNITY_DEPENDENCIES
121+
value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES)
122+
tasks:
123+
- name: init
124+
params:
125+
- name: image-url
126+
value: $(params.output-image)
127+
- name: rebuild
128+
value: $(params.rebuild)
129+
- name: skip-checks
130+
value: $(params.skip-checks)
131+
- name: skip-optional
132+
value: $(params.skip-optional)
133+
- name: pipelinerun-name
134+
value: $(context.pipelineRun.name)
135+
- name: pipelinerun-uid
136+
value: $(context.pipelineRun.uid)
137+
taskRef:
138+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:3c91ed3f7c9e48210fea7e8d9965a580034bbad740ff5e6bdb1123b930eead14
139+
name: init
140+
- name: clone-repository
141+
params:
142+
- name: url
143+
value: $(params.git-url)
144+
- name: revision
145+
value: $(params.revision)
146+
runAfter:
147+
- init
148+
taskRef:
149+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:458f4853a01c3273bd76076ac1b015d5f901e70fb4b776f788b577adb25bf5f8
150+
name: git-clone
151+
when:
152+
- input: $(tasks.init.results.build)
153+
operator: in
154+
values:
155+
- "true"
156+
workspaces:
157+
- name: output
158+
workspace: workspace
159+
- name: basic-auth
160+
workspace: git-auth
161+
- name: prefetch-dependencies
162+
params:
163+
- name: input
164+
value: $(params.prefetch-input)
165+
runAfter:
166+
- clone-repository
167+
taskRef:
168+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:2ff6954b7065cd09daffb2703f22860fd57c7cbd0f22cf3365f16991007b770d
169+
name: prefetch-dependencies
170+
when:
171+
- input: $(params.hermetic)
172+
operator: in
173+
values:
174+
- "true"
175+
workspaces:
176+
- name: source
177+
workspace: workspace
178+
- name: build-container
179+
params:
180+
- name: IMAGE
181+
value: $(params.output-image)
182+
- name: DOCKERFILE
183+
value: $(params.dockerfile)
184+
- name: CONTEXT
185+
value: $(params.path-context)
186+
- name: DOCKER_AUTH
187+
value: $(tasks.init.results.container-registry-secret)
188+
- name: HERMETIC
189+
value: $(params.hermetic)
190+
- name: PREFETCH_INPUT
191+
value: $(params.prefetch-input)
192+
- name: IMAGE_EXPIRES_AFTER
193+
value: $(params.image-expires-after)
194+
runAfter:
195+
- prefetch-dependencies
196+
taskRef:
197+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:943f06e80a84fa0212ec9fc3288f95e4cc3989aa7c93310b73e30f17712e9720
198+
name: buildah
199+
when:
200+
- input: $(tasks.init.results.build)
201+
operator: in
202+
values:
203+
- "true"
204+
workspaces:
205+
- name: source
206+
workspace: workspace
207+
- name: inspect-image
208+
params:
209+
- name: IMAGE_URL
210+
value: $(tasks.build-container.results.IMAGE_URL)
211+
- name: IMAGE_DIGEST
212+
value: $(tasks.build-container.results.IMAGE_DIGEST)
213+
- name: DOCKER_AUTH
214+
value: $(tasks.init.results.container-registry-secret)
215+
runAfter:
216+
- build-container
217+
taskRef:
218+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:8b5cbfe4f39b63d4909eb2abe0700a538975c4a4c42e6fec113945a6009af298
219+
name: inspect-image
220+
when:
221+
- input: $(params.skip-checks)
222+
operator: in
223+
values:
224+
- "false"
225+
workspaces:
226+
- name: source
227+
workspace: workspace
228+
- name: label-check
229+
runAfter:
230+
- inspect-image
231+
taskRef:
232+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:d5815b438362ba74eb44e7367bcab15b180c9f9351b801283511da356f3559f0
233+
name: label-check
234+
when:
235+
- input: $(params.skip-checks)
236+
operator: in
237+
values:
238+
- "false"
239+
workspaces:
240+
- name: workspace
241+
workspace: workspace
242+
- name: optional-label-check
243+
params:
244+
- name: POLICY_NAMESPACE
245+
value: optional_checks
246+
runAfter:
247+
- inspect-image
248+
taskRef:
249+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:d5815b438362ba74eb44e7367bcab15b180c9f9351b801283511da356f3559f0
250+
name: label-check
251+
when:
252+
- input: $(params.skip-optional)
253+
operator: in
254+
values:
255+
- "false"
256+
workspaces:
257+
- name: workspace
258+
workspace: workspace
259+
- name: deprecated-base-image-check
260+
params:
261+
- name: BASE_IMAGES_DIGESTS
262+
value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS)
263+
taskRef:
264+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.2@sha256:5ccacaaec39f94550b3f92595908d2fae972116138fb7ac8b072b5f26808b000
265+
name: deprecated-image-check
266+
when:
267+
- input: $(params.skip-checks)
268+
operator: in
269+
values:
270+
- "false"
271+
workspaces:
272+
- name: test-ws
273+
workspace: workspace
274+
- name: clair-scan
275+
params:
276+
- name: image-digest
277+
value: $(tasks.build-container.results.IMAGE_DIGEST)
278+
- name: image-url
279+
value: $(tasks.build-container.results.IMAGE_URL)
280+
- name: docker-auth
281+
value: $(tasks.init.results.container-registry-secret)
282+
runAfter:
283+
- build-container
284+
taskRef:
285+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:b558491e419dc10c7cfee06160013a78e033352bc99f041a52a6868d9ec6301b
286+
name: clair-scan
287+
when:
288+
- input: $(params.skip-checks)
289+
operator: in
290+
values:
291+
- "false"
292+
- name: sast-snyk-check
293+
params:
294+
- name: SNYK_SECRET
295+
value: $(params.snyk-secret)
296+
runAfter:
297+
- clone-repository
298+
taskRef:
299+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:6ec7690387f3610530bf99809f039549d2037f8a0e769c6e9db996b2d5f57552
300+
name: sast-snyk-check
301+
when:
302+
- input: $(params.skip-checks)
303+
operator: in
304+
values:
305+
- "false"
306+
- input: $(params.snyk-secret)
307+
operator: notin
308+
values:
309+
- ""
310+
workspaces:
311+
- name: workspace
312+
workspace: workspace
313+
- name: clamav-scan
314+
params:
315+
- name: image-digest
316+
value: $(tasks.build-container.results.IMAGE_DIGEST)
317+
- name: image-url
318+
value: $(tasks.build-container.results.IMAGE_URL)
319+
- name: docker-auth
320+
value: $(tasks.init.results.container-registry-secret)
321+
runAfter:
322+
- build-container
323+
taskRef:
324+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:92fd756046798264160d43614a29e21007b40a0d239bafc9c330c81c6ef808e0
325+
name: clamav-scan
326+
when:
327+
- input: $(params.skip-checks)
328+
operator: in
329+
values:
330+
- "false"
331+
- name: sbom-json-check
332+
params:
333+
- name: IMAGE_URL
334+
value: $(tasks.build-container.results.IMAGE_URL)
335+
- name: IMAGE_DIGEST
336+
value: $(tasks.build-container.results.IMAGE_DIGEST)
337+
runAfter:
338+
- build-container
339+
taskRef:
340+
bundle: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:884216ac4ac6555ffa91b3e5c2484bf609be46adeb5024a3d47044ff133290ca
341+
name: sbom-json-check
342+
when:
343+
- input: $(params.skip-checks)
344+
operator: in
345+
values:
346+
- "false"
347+
workspaces:
348+
- name: workspace
349+
- name: git-auth
350+
optional: true
351+
workspaces:
352+
- name: workspace
353+
volumeClaimTemplate:
354+
metadata:
355+
creationTimestamp: null
356+
spec:
357+
accessModes:
358+
- ReadWriteOnce
359+
resources:
360+
requests:
361+
storage: 1Gi
362+
status: {}
363+
- name: git-auth
364+
secret:
365+
secretName: '{{ git_auth_secret }}'
366+
status: {}

0 commit comments

Comments
 (0)