public
/
bootc-base-images
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

adjusting the manifest file

This commit is contained in:
Liora Milbaum 2023-11-02 16:26:42 +02:00
parent 1658384cec
commit 5ef3a973de
1 changed files with 333 additions and 387 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

720
.tekton/centos-tier-0-stream9-pull-request.yaml
View File

@ -18,407 +18,353 @@ metadata:
namespace: project-sagano-tenant namespace: project-sagano-tenant
spec: spec:
params: params:
- name: dockerfile - name: image-file
value: Dockerfile value: centos-tier-0-stream9.yaml
- name: git-url - name: git-url
value: '{{repo_url}}' value: '{{repo_url}}'
- name: image-expires-after - name: output-image
value: 5d value: quay.io/redhat-user-workloads/project-sagano-tenant/sagano/centos-tier-0-stream9:on-pr-{{revision}}
- name: output-image - name: path-context
value: quay.io/redhat-user-workloads/project-sagano-tenant/sagano/centos-tier-0-stream9:on-pr-{{revision}} value: .
- name: path-context - name: revision
value: . value: '{{revision}}'
- name: revision
value: '{{revision}}'
pipelineSpec: pipelineSpec:
finally: finally:
- name: show-sbom - name: show-summary
params:
- name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL)
taskRef:
params: params:
- name: name - name: pipelinerun-name
value: show-sbom value: $(context.pipelineRun.name)
- name: bundle - name: git-url
value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:7db0af43dcebaeb33e34413148370e17078c30fd2fc78fb84c8941b444199f36 value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit)
- name: kind - name: image-url
value: task value: $(params.output-image)
resolver: bundles - name: build-task-status
- name: show-summary value: $(tasks.build-container.status)
params: taskRef:
- name: pipelinerun-name params:
value: $(context.pipelineRun.name) - name: name
- name: git-url value: summary
value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - name: bundle
- name: image-url value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:243b13105967b251c1facd55159165809a9fa797215af613997ac6a16798db73
value: $(params.output-image) - name: kind
- name: build-task-status value: task
value: $(tasks.build-container.status) resolver: bundles
taskRef:
params:
- name: name
value: summary
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:243b13105967b251c1facd55159165809a9fa797215af613997ac6a16798db73
- name: kind
value: task
resolver: bundles
params: params:
- description: Source Repository URL - description: Source Repository URL
name: git-url name: git-url
type: string type: string
- default: "" - default: ""
description: Revision of the Source Repository description: Revision of the Source Repository
name: revision name: revision
type: string type: string
- description: Fully Qualified Output Image - description: Fully Qualified Output Image
name: output-image name: output-image
type: string type: string
- default: . - default: .
description: Path to the source code of an application's component from where description: Path to the source code of an application's component from where
to build image. to build image.
name: path-context name: path-context
type: string type: string
- default: Dockerfile - description: Path to the image file inside the context specified by parameter
description: Path to the Dockerfile inside the context specified by parameter path-context
path-context name: image-file
name: dockerfile type: string
type: string - default: "false"
- default: "false" description: Force rebuild image
description: Force rebuild image name: rebuild
name: rebuild type: string
type: string - default: "false"
- default: "false" description: Skip checks against built image
description: Skip checks against built image name: skip-checks
name: skip-checks type: string
type: string - default: "true"
- default: "true" description: Skip optional checks, set false if you want to run optional checks
description: Skip optional checks, set false if you want to run optional checks name: skip-optional
name: skip-optional type: string
type: string - default: "false"
- default: "false" description: Execute the build with network isolation
description: Execute the build with network isolation name: hermetic
name: hermetic type: string
type: string - default: ""
- default: "" description: Build dependencies to be prefetched by Cachi2
description: Build dependencies to be prefetched by Cachi2 name: prefetch-input
name: prefetch-input type: string
type: string - default: "false"
- default: "false" description: Java build
description: Java build name: java
name: java type: string
type: string - default: ""
- default: "" description: Image tag expiration time, time values could be something like
description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.
1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after
name: image-expires-after
- default: "false"
description: Build a source image.
name: build-source-image
type: string
results: results:
- description: "" - description: ""
name: IMAGE_URL name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL) value: $(tasks.build-container.results.IMAGE_URL)
- description: "" - description: ""
name: IMAGE_DIGEST name: IMAGE_DIGEST
value: $(tasks.build-container.results.IMAGE_DIGEST) value: $(tasks.build-container.results.IMAGE_DIGEST)
- description: "" - description: ""
name: CHAINS-GIT_URL name: CHAINS-GIT_URL
value: $(tasks.clone-repository.results.url) value: $(tasks.clone-repository.results.url)
- description: "" - description: ""
name: CHAINS-GIT_COMMIT name: CHAINS-GIT_COMMIT
value: $(tasks.clone-repository.results.commit)
- description: ""
name: JAVA_COMMUNITY_DEPENDENCIES
value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES)
tasks:
- name: init
params:
- name: image-url
value: $(params.output-image)
- name: rebuild
value: $(params.rebuild)
- name: skip-checks
value: $(params.skip-checks)
- name: skip-optional
value: $(params.skip-optional)
- name: pipelinerun-name
value: $(context.pipelineRun.name)
- name: pipelinerun-uid
value: $(context.pipelineRun.uid)
taskRef:
params:
- name: name
value: init
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:26586a7ef08c3e86dfdaf0a5cc38dd3d70c4c02db1331b469caaed0a0f5b3d86
- name: kind
value: task
resolver: bundles
- name: clone-repository
params:
- name: url
value: $(params.git-url)
- name: revision
value: $(params.revision)
runAfter:
- init
taskRef:
params:
- name: name
value: git-clone
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:d9e1ab10d72953e7a85dab69b8b96f5b41580a6d4026f77b6a5ba6f3ed227cc3
- name: kind
value: task
resolver: bundles
when:
- input: $(tasks.init.results.build)
operator: in
values:
- "true"
workspaces:
- name: output
workspace: workspace
- name: basic-auth
workspace: git-auth
- name: prefetch-dependencies
params:
- name: input
value: $(params.prefetch-input)
runAfter:
- clone-repository
taskRef:
params:
- name: name
value: prefetch-dependencies
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:ca366af4f096e94dad40a327a09328a5e4bed4d0292a213165861e9e19bf380e
- name: kind
value: task
resolver: bundles
when:
- input: $(params.hermetic)
operator: in
values:
- "true"
workspaces:
- name: source
workspace: workspace
- name: build-container
params:
- name: IMAGE
value: $(params.output-image)
- name: DOCKERFILE
value: $(params.dockerfile)
- name: CONTEXT
value: $(params.path-context)
- name: HERMETIC
value: $(params.hermetic)
- name: PREFETCH_INPUT
value: $(params.prefetch-input)
- name: IMAGE_EXPIRES_AFTER
value: $(params.image-expires-after)
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit) value: $(tasks.clone-repository.results.commit)
runAfter: tasks:
- prefetch-dependencies - name: init
taskRef:
params: params:
- name: name - name: image-url
value: buildah value: $(params.output-image)
- name: bundle - name: rebuild
value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:fabd9af8e999f2d11b024fbe21dd5ed2dcf029b71b4d7e21de3b106c3d6ff74d value: $(params.rebuild)
- name: kind - name: skip-checks
value: task value: $(params.skip-checks)
resolver: bundles - name: skip-optional
when: value: $(params.skip-optional)
- input: $(tasks.init.results.build) - name: pipelinerun-name
operator: in value: $(context.pipelineRun.name)
values: - name: pipelinerun-uid
- "true" value: $(context.pipelineRun.uid)
workspaces: taskRef:
- name: source params:
workspace: workspace - name: name
- name: build-source-image value: init
params: - name: bundle
- name: BINARY_IMAGE value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:26586a7ef08c3e86dfdaf0a5cc38dd3d70c4c02db1331b469caaed0a0f5b3d86
value: $(params.output-image) - name: kind
- name: BASE_IMAGES value: task
value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) resolver: bundles
runAfter: - name: clone-repository
- build-container
taskRef:
params: params:
- name: name - name: url
value: source-build value: $(params.git-url)
- name: bundle - name: revision
value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:e751a76622743cf51b35ba230768be9886535b7cf51491c2b8513979e7a577d8 value: $(params.revision)
- name: kind runAfter:
value: task - init
resolver: bundles taskRef:
when: params:
- input: $(tasks.init.results.build) - name: name
operator: in value: git-clone
values: - name: bundle
- "true" value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:d9e1ab10d72953e7a85dab69b8b96f5b41580a6d4026f77b6a5ba6f3ed227cc3
- input: $(params.build-source-image) - name: kind
operator: in value: task
values: resolver: bundles
- "true" when:
workspaces: - input: $(tasks.init.results.build)
- name: workspace operator: in
workspace: workspace values:
- name: inspect-image - "true"
params: workspaces:
- name: IMAGE_URL - name: output
value: $(tasks.build-container.results.IMAGE_URL) workspace: workspace
- name: IMAGE_DIGEST - name: basic-auth
value: $(tasks.build-container.results.IMAGE_DIGEST) workspace: git-auth
runAfter: - name: prefetch-dependencies
- build-container
taskRef:
params: params:
- name: name - name: input
value: inspect-image value: $(params.prefetch-input)
- name: bundle runAfter:
value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:3a5d3f611240eb5b7b12799c2be22a71803df80dbc12cce2e1e2a252ab543423 - clone-repository
- name: kind taskRef:
value: task params:
resolver: bundles - name: name
when: value: prefetch-dependencies
- input: $(params.skip-checks) - name: bundle
operator: in value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:ca366af4f096e94dad40a327a09328a5e4bed4d0292a213165861e9e19bf380e
values: - name: kind
- "false" value: task
workspaces: resolver: bundles
- name: source when:
workspace: workspace - input: $(params.hermetic)
- name: deprecated-base-image-check operator: in
params: values:
- name: BASE_IMAGES_DIGESTS - "true"
value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) workspaces:
runAfter: - name: source
- build-container workspace: workspace
taskRef: - name: build-container
params: params:
- name: name - name: IMAGE
value: deprecated-image-check value: $(params.output-image)
- name: bundle - name: IMAGE_FILE
value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.3@sha256:35e2708505614397ede771474a2e2d6f04e911efc46afae47ca4a63e2f6fc9a0 value: $(params.image-file)
- name: kind - name: CONTEXT
value: task value: $(params.path-context)
resolver: bundles - name: IMAGE_EXPIRES_AFTER
when: value: $(params.image-expires-after)
- input: $(params.skip-checks) - name: COMMIT_SHA
operator: in value: $(tasks.clone-repository.results.commit)
values: - name: PLATFORM
- "false" value: linux/arm64
- name: clair-scan - name: BUILDER_IMAGE
params: value: quay.io/bcook/ostree-builder:latest
- name: image-digest runAfter:
value: $(tasks.build-container.results.IMAGE_DIGEST) - prefetch-dependencies
- name: image-url taskRef:
value: $(tasks.build-container.results.IMAGE_URL) params:
runAfter: - name: url
- build-container value: https://github.com/stuartwdouglas/build-definitions/
taskRef: - name: revision
value: rpm-ostree
- name: pathInRepo
value: task/rpm-ostree/0.1/rpm-ostree.yaml
resolver: git
when:
- input: $(tasks.init.results.build)
operator: in
values:
- "true"
workspaces:
- name: source
workspace: workspace
- name: inspect-image
params: params:
- name: name - name: IMAGE_URL
value: clair-scan value: $(tasks.build-container.results.IMAGE_URL)
- name: bundle - name: IMAGE_DIGEST
value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:f6a5a24cb8faa590d4f3adc204a197fd89da1bcea365963af9ac66838c030816 value: $(tasks.build-container.results.IMAGE_DIGEST)
- name: kind runAfter:
value: task - build-container
resolver: bundles taskRef:
when: params:
- input: $(params.skip-checks) - name: name
operator: in value: inspect-image
values: - name: bundle
- "false" value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:3a5d3f611240eb5b7b12799c2be22a71803df80dbc12cce2e1e2a252ab543423
- name: sast-snyk-check - name: kind
runAfter: value: task
- clone-repository resolver: bundles
taskRef: when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
workspaces:
- name: source
workspace: workspace
- name: deprecated-base-image-check
params: params:
- name: name - name: BASE_IMAGES_DIGESTS
value: sast-snyk-check value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS)
- name: bundle taskRef:
value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:edd4ba638b71de52c2662abd3e93fd876e6e75cd07b162d13fae014d3a1a1fac params:
- name: kind - name: name
value: task value: deprecated-image-check
resolver: bundles - name: bundle
when: value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.3@sha256:35e2708505614397ede771474a2e2d6f04e911efc46afae47ca4a63e2f6fc9a0
- input: $(params.skip-checks) - name: kind
operator: in value: task
values: resolver: bundles
- "false" when:
workspaces: - input: $(params.skip-checks)
- name: workspace operator: in
workspace: workspace values:
- name: clamav-scan - "false"
params: - name: clair-scan
- name: image-digest
value: $(tasks.build-container.results.IMAGE_DIGEST)
- name: image-url
value: $(tasks.build-container.results.IMAGE_URL)
runAfter:
- build-container
taskRef:
params: params:
- name: name - name: image-digest
value: clamav-scan value: $(tasks.build-container.results.IMAGE_DIGEST)
- name: bundle - name: image-url
value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:b7d194547892219c663c4414d3bbb18e0c1798353e3922e4dc2b63ef9169adb9 value: $(tasks.build-container.results.IMAGE_URL)
- name: kind runAfter:
value: task - build-container
resolver: bundles taskRef:
when: params:
- input: $(params.skip-checks) - name: name
operator: in value: clair-scan
values: - name: bundle
- "false" value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:f6a5a24cb8faa590d4f3adc204a197fd89da1bcea365963af9ac66838c030816
- name: sbom-json-check - name: kind
params: value: task
- name: IMAGE_URL resolver: bundles
value: $(tasks.build-container.results.IMAGE_URL) when:
- name: IMAGE_DIGEST - input: $(params.skip-checks)
value: $(tasks.build-container.results.IMAGE_DIGEST) operator: in
runAfter: values:
- build-container - "false"
taskRef: - name: sast-snyk-check
runAfter:
- clone-repository
taskRef:
params:
- name: name
value: sast-snyk-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:edd4ba638b71de52c2662abd3e93fd876e6e75cd07b162d13fae014d3a1a1fac
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
workspaces:
- name: workspace
workspace: workspace
- name: clamav-scan
params: params:
- name: name - name: image-digest
value: sbom-json-check value: $(tasks.build-container.results.IMAGE_DIGEST)
- name: bundle - name: image-url
value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:0ca48e1dffde39efe97b3252386f529241d6b276fe812a88774a9f37fc45f742 value: $(tasks.build-container.results.IMAGE_URL)
- name: kind runAfter:
value: task - build-container
resolver: bundles taskRef:
when: params:
- input: $(params.skip-checks) - name: name
operator: in value: clamav-scan
values: - name: bundle
- "false" value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:b7d194547892219c663c4414d3bbb18e0c1798353e3922e4dc2b63ef9169adb9
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "true"
- name: sbom-json-check
params:
- name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL)
- name: IMAGE_DIGEST
value: $(tasks.build-container.results.IMAGE_DIGEST)
runAfter:
- build-container
taskRef:
params:
- name: name
value: sbom-json-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:0ca48e1dffde39efe97b3252386f529241d6b276fe812a88774a9f37fc45f742
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
workspaces: workspaces:
- name: workspace - name: workspace
- name: git-auth - name: git-auth
optional: true optional: true
workspaces: workspaces:
- name: workspace - name: workspace
volumeClaimTemplate: volumeClaimTemplate:
metadata: metadata:
creationTimestamp: null creationTimestamp: null
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
resources: resources:
requests: requests:
storage: 1Gi storage: 5Gi
status: {} status: {}
- name: git-auth - name: git-auth
secret: secret:
secretName: '{{ git_auth_secret }}' secretName: '{{ git_auth_secret }}'
status: {} status: {}