Skip to content

Commit 2f99fc6

Browse files
red-hat-konflux[bot]red-hat-konflux
red-hat-konflux[bot]
and
red-hat-konflux
authored
Red Hat Konflux update fbc-4-17 (#163)
Signed-off-by: red-hat-konflux <[email protected]> Co-authored-by: red-hat-konflux <[email protected]> Signed-off-by: Sergio Arroutbi <[email protected]>
1 parent fce1bca commit 2f99fc6

File tree

2 files changed

+747
-0
lines changed

2 files changed

+747
-0
lines changed

.tekton/fbc-4-17-pull-request.yaml

Lines changed: 375 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,375 @@
1+
apiVersion: tekton.dev/v1
2+
kind: PipelineRun
3+
metadata:
4+
annotations:
5+
build.appstudio.openshift.io/repo: https://github.com/openshift/nbde-tang-server?rev={{revision}}
6+
build.appstudio.redhat.com/commit_sha: '{{revision}}'
7+
build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}'
8+
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
9+
pipelinesascode.tekton.dev/max-keep-runs: "3"
10+
pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
11+
== "main"
12+
creationTimestamp: null
13+
labels:
14+
appstudio.openshift.io/application: fbc-4-17
15+
appstudio.openshift.io/component: fbc-4-17
16+
pipelines.appstudio.openshift.io/type: build
17+
name: fbc-4-17-on-pull-request
18+
namespace: konflux-sec-eng-spec-tenant
19+
spec:
20+
params:
21+
- name: git-url
22+
value: '{{source_url}}'
23+
- name: revision
24+
value: '{{revision}}'
25+
- name: output-image
26+
value: quay.io/redhat-user-workloads/konflux-sec-eng-spec-tenant/fbc-4-17:on-pr-{{revision}}
27+
- name: image-expires-after
28+
value: 5d
29+
- name: path-context
30+
value: /v4.17/
31+
- name: dockerfile
32+
value: /v4.17/Containerfile.catalog
33+
pipelineSpec:
34+
description: |
35+
This pipeline is ideal for building and verifying [file-based catalogs](https://konflux-ci.dev/docs/advanced-how-tos/building-olm.adoc#building-the-file-based-catalog).
36+
37+
_Uses `buildah` to create a container image. Its build-time tests are limited to verifying the included catalog and do not scan the image.
38+
This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-fbc-builder?tab=tags)_
39+
finally:
40+
- name: show-sbom
41+
params:
42+
- name: IMAGE_URL
43+
value: $(tasks.build-image-index.results.IMAGE_URL)
44+
taskRef:
45+
params:
46+
- name: name
47+
value: show-sbom
48+
- name: bundle
49+
value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:52f8b96b96ce4203d4b74d850a85f963125bf8eef0683ea5acdd80818d335a28
50+
- name: kind
51+
value: task
52+
resolver: bundles
53+
- name: show-summary
54+
params:
55+
- name: pipelinerun-name
56+
value: $(context.pipelineRun.name)
57+
- name: git-url
58+
value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit)
59+
- name: image-url
60+
value: $(params.output-image)
61+
- name: build-task-status
62+
value: $(tasks.build-image-index.status)
63+
taskRef:
64+
params:
65+
- name: name
66+
value: summary
67+
- name: bundle
68+
value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:d97c04ab42f277b1103eb6f3a053b247849f4f5b3237ea302a8ecada3b24e15b
69+
- name: kind
70+
value: task
71+
resolver: bundles
72+
workspaces:
73+
- name: workspace
74+
workspace: workspace
75+
params:
76+
- description: Source Repository URL
77+
name: git-url
78+
type: string
79+
- default: ""
80+
description: Revision of the Source Repository
81+
name: revision
82+
type: string
83+
- description: Fully Qualified Output Image
84+
name: output-image
85+
type: string
86+
- default: .
87+
description: Path to the source code of an application's component from where
88+
to build image.
89+
name: path-context
90+
type: string
91+
- default: Dockerfile
92+
description: Path to the Dockerfile inside the context specified by parameter
93+
path-context
94+
name: dockerfile
95+
type: string
96+
- default: "false"
97+
description: Force rebuild image
98+
name: rebuild
99+
type: string
100+
- default: "false"
101+
description: Skip checks against built image
102+
name: skip-checks
103+
type: string
104+
- default: "true"
105+
description: Execute the build with network isolation
106+
name: hermetic
107+
type: string
108+
- default: ""
109+
description: Build dependencies to be prefetched by Cachi2
110+
name: prefetch-input
111+
type: string
112+
- default: ""
113+
description: Image tag expiration time, time values could be something like
114+
1h, 2d, 3w for hours, days, and weeks, respectively.
115+
name: image-expires-after
116+
- default: "false"
117+
description: Build a source image.
118+
name: build-source-image
119+
type: string
120+
- default: "false"
121+
description: Add built image into an OCI image index
122+
name: build-image-index
123+
type: string
124+
results:
125+
- description: ""
126+
name: IMAGE_URL
127+
value: $(tasks.build-image-index.results.IMAGE_URL)
128+
- description: ""
129+
name: IMAGE_DIGEST
130+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
131+
- description: ""
132+
name: CHAINS-GIT_URL
133+
value: $(tasks.clone-repository.results.url)
134+
- description: ""
135+
name: CHAINS-GIT_COMMIT
136+
value: $(tasks.clone-repository.results.commit)
137+
tasks:
138+
- name: init
139+
params:
140+
- name: image-url
141+
value: $(params.output-image)
142+
- name: rebuild
143+
value: $(params.rebuild)
144+
- name: skip-checks
145+
value: $(params.skip-checks)
146+
taskRef:
147+
params:
148+
- name: name
149+
value: init
150+
- name: bundle
151+
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:f239f38bba3a8351c8cb0980fde8e2ee477ded7200178b0f45175e4006ff1dca
152+
- name: kind
153+
value: task
154+
resolver: bundles
155+
- name: clone-repository
156+
params:
157+
- name: url
158+
value: $(params.git-url)
159+
- name: revision
160+
value: $(params.revision)
161+
runAfter:
162+
- init
163+
taskRef:
164+
params:
165+
- name: name
166+
value: git-clone
167+
- name: bundle
168+
value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:2cccdf8729ad4d5adf65e8b66464f8efa1e1c87ba16d343b4a6c621a2a40f7e1
169+
- name: kind
170+
value: task
171+
resolver: bundles
172+
when:
173+
- input: $(tasks.init.results.build)
174+
operator: in
175+
values:
176+
- "true"
177+
workspaces:
178+
- name: output
179+
workspace: workspace
180+
- name: basic-auth
181+
workspace: git-auth
182+
- name: build-container
183+
params:
184+
- name: IMAGE
185+
value: $(params.output-image)
186+
- name: DOCKERFILE
187+
value: $(params.dockerfile)
188+
- name: CONTEXT
189+
value: $(params.path-context)
190+
- name: HERMETIC
191+
value: $(params.hermetic)
192+
- name: IMAGE_EXPIRES_AFTER
193+
value: $(params.image-expires-after)
194+
- name: COMMIT_SHA
195+
value: $(tasks.clone-repository.results.commit)
196+
runAfter:
197+
- clone-repository
198+
taskRef:
199+
params:
200+
- name: name
201+
value: buildah
202+
- name: bundle
203+
value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.2@sha256:27357fc687be3605f1139227ddf81a5d0d56eccb2ed2bfb8adb5f9342ab690b1
204+
- name: kind
205+
value: task
206+
resolver: bundles
207+
when:
208+
- input: $(tasks.init.results.build)
209+
operator: in
210+
values:
211+
- "true"
212+
workspaces:
213+
- name: source
214+
workspace: workspace
215+
- name: build-image-index
216+
params:
217+
- name: IMAGE
218+
value: $(params.output-image)
219+
- name: COMMIT_SHA
220+
value: $(tasks.clone-repository.results.commit)
221+
- name: IMAGE_EXPIRES_AFTER
222+
value: $(params.image-expires-after)
223+
- name: ALWAYS_BUILD_INDEX
224+
value: $(params.build-image-index)
225+
- name: IMAGES
226+
value:
227+
- $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)
228+
runAfter:
229+
- build-container
230+
taskRef:
231+
params:
232+
- name: name
233+
value: build-image-index
234+
- name: bundle
235+
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:5da8c2f09990b801f1fd02a0ab3c4136845661e53c98e8a7ebf720774e064fac
236+
- name: kind
237+
value: task
238+
resolver: bundles
239+
when:
240+
- input: $(tasks.init.results.build)
241+
operator: in
242+
values:
243+
- "true"
244+
- name: deprecated-base-image-check
245+
params:
246+
- name: IMAGE_URL
247+
value: $(tasks.build-image-index.results.IMAGE_URL)
248+
- name: IMAGE_DIGEST
249+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
250+
runAfter:
251+
- build-image-index
252+
taskRef:
253+
params:
254+
- name: name
255+
value: deprecated-image-check
256+
- name: bundle
257+
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:443ffa897ee35e416a0bfd39721c68cbf88cfa5c74c843c5183218d0cd586e82
258+
- name: kind
259+
value: task
260+
resolver: bundles
261+
when:
262+
- input: $(params.skip-checks)
263+
operator: in
264+
values:
265+
- "false"
266+
- name: apply-tags
267+
params:
268+
- name: IMAGE
269+
value: $(tasks.build-image-index.results.IMAGE_URL)
270+
runAfter:
271+
- build-image-index
272+
taskRef:
273+
params:
274+
- name: name
275+
value: apply-tags
276+
- name: bundle
277+
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:87fd7fc0e937aad1a8db9b6e377d7e444f53394dafde512d68adbea6966a4702
278+
- name: kind
279+
value: task
280+
resolver: bundles
281+
- name: inspect-image
282+
params:
283+
- name: IMAGE_URL
284+
value: $(tasks.build-image-index.results.IMAGE_URL)
285+
- name: IMAGE_DIGEST
286+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
287+
runAfter:
288+
- build-image-index
289+
taskRef:
290+
params:
291+
- name: name
292+
value: inspect-image
293+
- name: bundle
294+
value: quay.io/konflux-ci/tekton-catalog/task-inspect-image:0.1@sha256:f0371c53985414cca9ea377fae9ec279d9983c6918471969b2dd6e7296bb5ac6
295+
- name: kind
296+
value: task
297+
resolver: bundles
298+
when:
299+
- input: $(params.skip-checks)
300+
operator: in
301+
values:
302+
- "false"
303+
workspaces:
304+
- name: source
305+
workspace: workspace
306+
- name: fbc-validate
307+
params:
308+
- name: IMAGE_URL
309+
value: $(tasks.build-image-index.results.IMAGE_URL)
310+
- name: IMAGE_DIGEST
311+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
312+
- name: BASE_IMAGE
313+
value: $(tasks.inspect-image.results.BASE_IMAGE)
314+
runAfter:
315+
- inspect-image
316+
taskRef:
317+
params:
318+
- name: name
319+
value: fbc-validation
320+
- name: bundle
321+
value: quay.io/konflux-ci/tekton-catalog/task-fbc-validation:0.1@sha256:da1d06650b27433da952b08ba846dd996025e858a54ed7337d61fbf2f954e1fe
322+
- name: kind
323+
value: task
324+
resolver: bundles
325+
when:
326+
- input: $(params.skip-checks)
327+
operator: in
328+
values:
329+
- "false"
330+
workspaces:
331+
- name: workspace
332+
workspace: workspace
333+
- name: fbc-related-image-check
334+
runAfter:
335+
- fbc-validate
336+
taskRef:
337+
params:
338+
- name: name
339+
value: fbc-related-image-check
340+
- name: bundle
341+
value: quay.io/konflux-ci/tekton-catalog/task-fbc-related-image-check:0.1@sha256:17dc33ef07a8f87d1a8a2f6d4f496123e0db5d29bbe7ff7956462dc5d95c3170
342+
- name: kind
343+
value: task
344+
resolver: bundles
345+
when:
346+
- input: $(params.skip-checks)
347+
operator: in
348+
values:
349+
- "false"
350+
workspaces:
351+
- name: workspace
352+
workspace: workspace
353+
workspaces:
354+
- name: workspace
355+
- name: git-auth
356+
optional: true
357+
- name: netrc
358+
optional: true
359+
taskRunTemplate: {}
360+
workspaces:
361+
- name: workspace
362+
volumeClaimTemplate:
363+
metadata:
364+
creationTimestamp: null
365+
spec:
366+
accessModes:
367+
- ReadWriteOnce
368+
resources:
369+
requests:
370+
storage: 1Gi
371+
status: {}
372+
- name: git-auth
373+
secret:
374+
secretName: '{{ git_auth_secret }}'
375+
status: {}

0 commit comments

Comments
 (0)