Skip to content

Commit 2b9ebdc

Browse files
sarroutbisarroutbi
authored
Update jobs to build PR pipelines (#350)
* Add SAST tasks to bundle pipelines * Add fbc-target-index-pruning-check to pipelines * Add sast-shell-check,sast-unicode-check tasks Signed-off-by: Sergio Arroutbi <[email protected]>
1 parent c285a32 commit 2b9ebdc

12 files changed

+608
-0
lines changed

.tekton/fbc-4-17-pull-request.yaml

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -266,6 +266,32 @@ spec:
266266
operator: in
267267
values:
268268
- "false"
269+
- name: fbc-target-index-pruning-check
270+
params:
271+
- name: IMAGE_URL
272+
value: $(tasks.build-image-index.results.IMAGE_URL)
273+
- name: IMAGE_DIGEST
274+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
275+
- name: TARGET_INDEX
276+
value: registry.redhat.io/redhat/redhat-operator-index
277+
- name: RENDERED_CATALOG_DIGEST
278+
value: $(tasks.validate-fbc.results.RENDERED_CATALOG_DIGEST)
279+
runAfter:
280+
- validate-fbc
281+
taskRef:
282+
params:
283+
- name: name
284+
value: fbc-target-index-pruning-check
285+
- name: bundle
286+
value: quay.io/konflux-ci/tekton-catalog/task-fbc-target-index-pruning-check:0.1@sha256:e83a377233b9ef4d8bcfd4b42d7b00d1bb45bd65bf7eaf06a9676b3c1facb955
287+
- name: kind
288+
value: task
289+
resolver: bundles
290+
when:
291+
- input: $(params.skip-checks)
292+
operator: in
293+
values:
294+
- "false"
269295
- name: deprecated-base-image-check
270296
params:
271297
- name: IMAGE_URL
@@ -303,6 +329,28 @@ spec:
303329
- name: kind
304330
value: task
305331
resolver: bundles
332+
- name: validate-fbc
333+
params:
334+
- name: IMAGE_URL
335+
value: $(tasks.build-image-index.results.IMAGE_URL)
336+
- name: IMAGE_DIGEST
337+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
338+
runAfter:
339+
- build-image-index
340+
taskRef:
341+
params:
342+
- name: name
343+
value: validate-fbc
344+
- name: bundle
345+
value: quay.io/konflux-ci/tekton-catalog/task-validate-fbc:0.1@sha256:ecb9fa56b199afef7a39c6311f3d9c25129797d8c3c103770a7133af617768ee
346+
- name: kind
347+
value: task
348+
resolver: bundles
349+
when:
350+
- input: $(params.skip-checks)
351+
operator: in
352+
values:
353+
- "false"
306354
- name: fbc-validate
307355
params:
308356
- name: IMAGE_URL

.tekton/fbc-4-17-push.yaml

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -263,6 +263,32 @@ spec:
263263
operator: in
264264
values:
265265
- "false"
266+
- name: fbc-target-index-pruning-check
267+
params:
268+
- name: IMAGE_URL
269+
value: $(tasks.build-image-index.results.IMAGE_URL)
270+
- name: IMAGE_DIGEST
271+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
272+
- name: TARGET_INDEX
273+
value: registry.redhat.io/redhat/redhat-operator-index
274+
- name: RENDERED_CATALOG_DIGEST
275+
value: $(tasks.validate-fbc.results.RENDERED_CATALOG_DIGEST)
276+
runAfter:
277+
- validate-fbc
278+
taskRef:
279+
params:
280+
- name: name
281+
value: fbc-target-index-pruning-check
282+
- name: bundle
283+
value: quay.io/konflux-ci/tekton-catalog/task-fbc-target-index-pruning-check:0.1@sha256:e83a377233b9ef4d8bcfd4b42d7b00d1bb45bd65bf7eaf06a9676b3c1facb955
284+
- name: kind
285+
value: task
286+
resolver: bundles
287+
when:
288+
- input: $(params.skip-checks)
289+
operator: in
290+
values:
291+
- "false"
266292
- name: deprecated-base-image-check
267293
params:
268294
- name: IMAGE_URL
@@ -300,6 +326,28 @@ spec:
300326
- name: kind
301327
value: task
302328
resolver: bundles
329+
- name: validate-fbc
330+
params:
331+
- name: IMAGE_URL
332+
value: $(tasks.build-image-index.results.IMAGE_URL)
333+
- name: IMAGE_DIGEST
334+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
335+
runAfter:
336+
- build-image-index
337+
taskRef:
338+
params:
339+
- name: name
340+
value: validate-fbc
341+
- name: bundle
342+
value: quay.io/konflux-ci/tekton-catalog/task-validate-fbc:0.1@sha256:ecb9fa56b199afef7a39c6311f3d9c25129797d8c3c103770a7133af617768ee
343+
- name: kind
344+
value: task
345+
resolver: bundles
346+
when:
347+
- input: $(params.skip-checks)
348+
operator: in
349+
values:
350+
- "false"
303351
- name: fbc-validate
304352
params:
305353
- name: IMAGE_URL

.tekton/fbc-4-18-pull-request.yaml

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -266,6 +266,32 @@ spec:
266266
operator: in
267267
values:
268268
- "false"
269+
- name: fbc-target-index-pruning-check
270+
params:
271+
- name: IMAGE_URL
272+
value: $(tasks.build-image-index.results.IMAGE_URL)
273+
- name: IMAGE_DIGEST
274+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
275+
- name: TARGET_INDEX
276+
value: registry.redhat.io/redhat/redhat-operator-index
277+
- name: RENDERED_CATALOG_DIGEST
278+
value: $(tasks.validate-fbc.results.RENDERED_CATALOG_DIGEST)
279+
runAfter:
280+
- validate-fbc
281+
taskRef:
282+
params:
283+
- name: name
284+
value: fbc-target-index-pruning-check
285+
- name: bundle
286+
value: quay.io/konflux-ci/tekton-catalog/task-fbc-target-index-pruning-check:0.1@sha256:e83a377233b9ef4d8bcfd4b42d7b00d1bb45bd65bf7eaf06a9676b3c1facb955
287+
- name: kind
288+
value: task
289+
resolver: bundles
290+
when:
291+
- input: $(params.skip-checks)
292+
operator: in
293+
values:
294+
- "false"
269295
- name: deprecated-base-image-check
270296
params:
271297
- name: IMAGE_URL
@@ -303,6 +329,28 @@ spec:
303329
- name: kind
304330
value: task
305331
resolver: bundles
332+
- name: validate-fbc
333+
params:
334+
- name: IMAGE_URL
335+
value: $(tasks.build-image-index.results.IMAGE_URL)
336+
- name: IMAGE_DIGEST
337+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
338+
runAfter:
339+
- build-image-index
340+
taskRef:
341+
params:
342+
- name: name
343+
value: validate-fbc
344+
- name: bundle
345+
value: quay.io/konflux-ci/tekton-catalog/task-validate-fbc:0.1@sha256:ecb9fa56b199afef7a39c6311f3d9c25129797d8c3c103770a7133af617768ee
346+
- name: kind
347+
value: task
348+
resolver: bundles
349+
when:
350+
- input: $(params.skip-checks)
351+
operator: in
352+
values:
353+
- "false"
306354
- name: fbc-validate
307355
params:
308356
- name: IMAGE_URL

.tekton/fbc-4-18-push.yaml

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -263,6 +263,32 @@ spec:
263263
operator: in
264264
values:
265265
- "false"
266+
- name: fbc-target-index-pruning-check
267+
params:
268+
- name: IMAGE_URL
269+
value: $(tasks.build-image-index.results.IMAGE_URL)
270+
- name: IMAGE_DIGEST
271+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
272+
- name: TARGET_INDEX
273+
value: registry.redhat.io/redhat/redhat-operator-index
274+
- name: RENDERED_CATALOG_DIGEST
275+
value: $(tasks.validate-fbc.results.RENDERED_CATALOG_DIGEST)
276+
runAfter:
277+
- validate-fbc
278+
taskRef:
279+
params:
280+
- name: name
281+
value: fbc-target-index-pruning-check
282+
- name: bundle
283+
value: quay.io/konflux-ci/tekton-catalog/task-fbc-target-index-pruning-check:0.1@sha256:e83a377233b9ef4d8bcfd4b42d7b00d1bb45bd65bf7eaf06a9676b3c1facb955
284+
- name: kind
285+
value: task
286+
resolver: bundles
287+
when:
288+
- input: $(params.skip-checks)
289+
operator: in
290+
values:
291+
- "false"
266292
- name: deprecated-base-image-check
267293
params:
268294
- name: IMAGE_URL
@@ -300,6 +326,28 @@ spec:
300326
- name: kind
301327
value: task
302328
resolver: bundles
329+
- name: validate-fbc
330+
params:
331+
- name: IMAGE_URL
332+
value: $(tasks.build-image-index.results.IMAGE_URL)
333+
- name: IMAGE_DIGEST
334+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
335+
runAfter:
336+
- build-image-index
337+
taskRef:
338+
params:
339+
- name: name
340+
value: validate-fbc
341+
- name: bundle
342+
value: quay.io/konflux-ci/tekton-catalog/task-validate-fbc:0.1@sha256:ecb9fa56b199afef7a39c6311f3d9c25129797d8c3c103770a7133af617768ee
343+
- name: kind
344+
value: task
345+
resolver: bundles
346+
when:
347+
- input: $(params.skip-checks)
348+
operator: in
349+
values:
350+
- "false"
303351
- name: fbc-validate
304352
params:
305353
- name: IMAGE_URL

.tekton/nbde-tang-server-multiarch-1-1-pull-request.yaml

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -385,6 +385,58 @@ spec:
385385
operator: in
386386
values:
387387
- "false"
388+
- name: sast-shell-check
389+
params:
390+
- name: image-digest
391+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
392+
- name: image-url
393+
value: $(tasks.build-image-index.results.IMAGE_URL)
394+
- name: SOURCE_ARTIFACT
395+
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
396+
- name: CACHI2_ARTIFACT
397+
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
398+
runAfter:
399+
- build-image-index
400+
taskRef:
401+
params:
402+
- name: name
403+
value: sast-shell-check-oci-ta
404+
- name: bundle
405+
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:a591675c72f06fb9c5b1a3d60e6e4c58e4df5f7da180c7a4691a692a6e7e6496
406+
- name: kind
407+
value: task
408+
resolver: bundles
409+
when:
410+
- input: $(params.skip-checks)
411+
operator: in
412+
values:
413+
- "false"
414+
workspaces: []
415+
- name: sast-unicode-check
416+
params:
417+
- name: image-url
418+
value: $(tasks.build-image-index.results.IMAGE_URL)
419+
- name: SOURCE_ARTIFACT
420+
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
421+
- name: CACHI2_ARTIFACT
422+
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
423+
runAfter:
424+
- build-image-index
425+
taskRef:
426+
params:
427+
- name: name
428+
value: sast-unicode-check-oci-ta
429+
- name: bundle
430+
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.1@sha256:424f2f659c02998dc3a43e1ce869e3148982c59adb74f953f8fa91ff1c9ab86e
431+
- name: kind
432+
value: task
433+
resolver: bundles
434+
when:
435+
- input: $(params.skip-checks)
436+
operator: in
437+
values:
438+
- "false"
439+
workspaces: []
388440
- name: clamav-scan
389441
params:
390442
- name: image-digest

.tekton/nbde-tang-server-multiarch-1-1-push.yaml

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -382,6 +382,58 @@ spec:
382382
operator: in
383383
values:
384384
- "false"
385+
- name: sast-shell-check
386+
params:
387+
- name: image-digest
388+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
389+
- name: image-url
390+
value: $(tasks.build-image-index.results.IMAGE_URL)
391+
- name: SOURCE_ARTIFACT
392+
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
393+
- name: CACHI2_ARTIFACT
394+
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
395+
runAfter:
396+
- build-image-index
397+
taskRef:
398+
params:
399+
- name: name
400+
value: sast-shell-check-oci-ta
401+
- name: bundle
402+
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:a591675c72f06fb9c5b1a3d60e6e4c58e4df5f7da180c7a4691a692a6e7e6496
403+
- name: kind
404+
value: task
405+
resolver: bundles
406+
when:
407+
- input: $(params.skip-checks)
408+
operator: in
409+
values:
410+
- "false"
411+
workspaces: []
412+
- name: sast-unicode-check
413+
params:
414+
- name: image-url
415+
value: $(tasks.build-image-index.results.IMAGE_URL)
416+
- name: SOURCE_ARTIFACT
417+
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
418+
- name: CACHI2_ARTIFACT
419+
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
420+
runAfter:
421+
- build-image-index
422+
taskRef:
423+
params:
424+
- name: name
425+
value: sast-unicode-check-oci-ta
426+
- name: bundle
427+
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.1@sha256:424f2f659c02998dc3a43e1ce869e3148982c59adb74f953f8fa91ff1c9ab86e
428+
- name: kind
429+
value: task
430+
resolver: bundles
431+
when:
432+
- input: $(params.skip-checks)
433+
operator: in
434+
values:
435+
- "false"
436+
workspaces: []
385437
- name: clamav-scan
386438
params:
387439
- name: image-digest

0 commit comments

Comments
 (0)