apiVersion: tekton.dev/v1 kind: Pipeline metadata: name: ostree-build spec: finally: - name: show-summary params: - name: pipelinerun-name value: $(context.pipelineRun.name) - name: git-url value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - name: image-url value: $(params.output-image) - name: build-task-status value: $(tasks.build-container.status) taskRef: params: - name: name value: summary - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:f65a69aaf71cbab382eff685eee522ad35068a4d91d233e76cef7d42ff15a686 - name: kind value: task resolver: bundles params: - description: Source Repository URL name: git-url type: string - default: "" description: Revision of the Source Repository name: revision type: string - description: Fully Qualified Output Image name: output-image type: string - default: . description: Path to the source code of an application's component from where to build image. name: path-context type: string - description: Path to the image file inside the context specified by parameter path-context name: image-file type: string - default: "false" description: Force rebuild image name: rebuild type: string - default: "false" description: Skip checks against built image name: skip-checks type: string - default: "true" description: Skip optional checks, set false if you want to run optional checks name: skip-optional type: string - default: "false" description: Execute the build with network isolation name: hermetic type: string - default: "" description: Build dependencies to be prefetched by Cachi2 name: prefetch-input type: string - default: "false" description: Java build name: java type: string - default: "" description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - name: config-file description: config file to use for rpm-ostree tool type: string default: "" results: - description: "" name: IMAGE_URL value: $(tasks.build-container.results.IMAGE_URL) - description: "" name: IMAGE_DIGEST value: $(tasks.build-container.results.IMAGE_DIGEST) - description: "" name: CHAINS-GIT_URL value: $(tasks.clone-repository.results.url) - description: "" name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository.results.commit) tasks: - name: init params: - name: image-url value: $(params.output-image) - name: rebuild value: $(params.rebuild) - name: skip-checks value: $(params.skip-checks) taskRef: params: - name: name value: init - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:3d8f01fa59596a998d30dc700fcf7377f09d60008337290eebaeaf604512ce2b - name: kind value: task resolver: bundles - name: clone-repository params: - name: url value: $(params.git-url) - name: revision value: $(params.revision) runAfter: - init taskRef: params: - name: name value: git-clone - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:b8fddc2d36313a5cde93aba2491205f4a84e6853af6c34ede681f8339b147478 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: output workspace: workspace - name: basic-auth workspace: git-auth - name: clone-repository-arm64 params: - name: url value: $(params.git-url) - name: revision value: $(params.revision) runAfter: - init taskRef: kind: Task params: - name: name value: git-clone - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:b8fddc2d36313a5cde93aba2491205f4a84e6853af6c34ede681f8339b147478 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: output workspace: workspace-arm64 - name: basic-auth workspace: git-auth - name: clone-repository-s390x params: - name: url value: $(params.git-url) - name: revision value: $(params.revision) runAfter: - init taskRef: kind: Task params: - name: name value: git-clone - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:b8fddc2d36313a5cde93aba2491205f4a84e6853af6c34ede681f8339b147478 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: output workspace: workspace-s390x - name: basic-auth workspace: git-auth - name: clone-repository-ppc64le params: - name: url value: $(params.git-url) - name: revision value: $(params.revision) runAfter: - init taskRef: kind: Task params: - name: name value: git-clone - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:b8fddc2d36313a5cde93aba2491205f4a84e6853af6c34ede681f8339b147478 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: output workspace: workspace-ppc64le - name: basic-auth workspace: git-auth - name: build-container-amd64 params: - name: IMAGE value: $(params.output-image)-amd64 - name: IMAGE_FILE value: $(params.image-file) - name: CONTEXT value: $(params.path-context) - name: IMAGE_EXPIRES_AFTER value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: PLATFORM value: linux/amd64 - name: BUILDER_IMAGE value: quay.io/centos-bootc/builder:latest - name: CONFIG_FILE value: $(params.config-file) runAfter: - clone-repository taskRef: params: - name: name value: rpm-ostree - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-rpm-ostree:0.1@sha256:6e6ea5dddc169d17bb314d03c6056cc3e6c1ca74c95b49fc954199d3a1c58bc5 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: source workspace: workspace - name: build-container-arm64 params: - name: IMAGE value: $(params.output-image)-arm64 - name: IMAGE_FILE value: $(params.image-file) - name: CONTEXT value: $(params.path-context) - name: IMAGE_EXPIRES_AFTER value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: PLATFORM value: linux/arm64 - name: BUILDER_IMAGE value: quay.io/centos-bootc/builder:latest - name: CONFIG_FILE value: $(params.config-file) runAfter: - clone-repository-arm64 taskRef: params: - name: name value: rpm-ostree - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-rpm-ostree:0.1@sha256:6e6ea5dddc169d17bb314d03c6056cc3e6c1ca74c95b49fc954199d3a1c58bc5 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: source workspace: workspace-arm64 - name: build-container-s390x params: - name: IMAGE value: $(params.output-image)-s390x - name: IMAGE_FILE value: $(params.image-file) - name: CONTEXT value: $(params.path-context) - name: IMAGE_EXPIRES_AFTER value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: PLATFORM value: linux/s390x - name: BUILDER_IMAGE value: quay.io/centos-bootc/builder:latest - name: CONFIG_FILE value: $(params.config-file) runAfter: - clone-repository-s390x taskRef: params: - name: name value: rpm-ostree - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-rpm-ostree:0.1@sha256:6e6ea5dddc169d17bb314d03c6056cc3e6c1ca74c95b49fc954199d3a1c58bc5 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: source workspace: workspace-s390x - name: build-container-ppc64le params: - name: IMAGE value: $(params.output-image)-ppc64le - name: IMAGE_FILE value: $(params.image-file) - name: CONTEXT value: $(params.path-context) - name: IMAGE_EXPIRES_AFTER value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: PLATFORM value: linux/ppc64le - name: BUILDER_IMAGE value: quay.io/centos-bootc/builder:latest - name: CONFIG_FILE value: $(params.config-file) runAfter: - clone-repository-ppc64le taskRef: params: - name: name value: rpm-ostree - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-rpm-ostree:0.1@sha256:6e6ea5dddc169d17bb314d03c6056cc3e6c1ca74c95b49fc954199d3a1c58bc5 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: source workspace: workspace-ppc64le - name: build-container params: - name: IMAGE value: $(params.output-image) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: IMAGES value: - $(tasks.build-container-amd64.results.IMAGE_URL)@$(tasks.build-container-amd64.results.IMAGE_DIGEST) - $(tasks.build-container-arm64.results.IMAGE_URL)@$(tasks.build-container-arm64.results.IMAGE_DIGEST) - $(tasks.build-container-s390x.results.IMAGE_URL)@$(tasks.build-container-s390x.results.IMAGE_DIGEST) - $(tasks.build-container-ppc64le.results.IMAGE_URL)@$(tasks.build-container-ppc64le.results.IMAGE_DIGEST) runAfter: - build-container-amd64 - build-container-arm64 - build-container-s390x - build-container-ppc64le taskRef: params: - name: name value: build-image-manifest - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-build-image-manifest:0.1@sha256:38750364fc669cabf741e8be3459b3d9dfc569a2be342befabe28a800eee22d4 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" - name: inspect-image params: - name: IMAGE_URL value: $(tasks.build-container.results.IMAGE_URL) - name: IMAGE_DIGEST value: $(tasks.build-container.results.IMAGE_DIGEST) runAfter: - build-container taskRef: params: - name: name value: inspect-image - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:d27c6ff7b9be6df786f489f8a5d4a8f0619d77e45f0d12e4a730157b60873c82 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" workspaces: - name: source workspace: workspace - name: deprecated-base-image-check params: - name: BASE_IMAGES_DIGESTS value: $(tasks.build-container-amd64.results.BASE_IMAGES_DIGESTS) taskRef: params: - name: name value: deprecated-image-check - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.3@sha256:a299ff57d97f3924020634625dfb9bbc66547124ca23a3396e338c645f7b4a8e - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" - name: clair-scan params: - name: image-digest value: $(tasks.build-container.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-container.results.IMAGE_URL) runAfter: - build-container taskRef: params: - name: name value: clair-scan - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:63b42c0fc23d05e26776a0e7c4f0ab00750096ebfe1eed9a7ba96f8b27713fbf - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" - name: sast-snyk-check runAfter: - clone-repository taskRef: params: - name: name value: sast-snyk-check - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:47515cb119225bba55c593876610bd890f8efcbb66bb57fb0c0881ddd47ce558 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" workspaces: - name: workspace workspace: workspace - name: sbom-json-check params: - name: IMAGE_URL value: $(tasks.build-container.results.IMAGE_URL) - name: IMAGE_DIGEST value: $(tasks.build-container.results.IMAGE_DIGEST) runAfter: - build-container taskRef: params: - name: name value: sbom-json-check - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:bf49861b3bbee2129e8d1b5966fc2a7c3f259d96a5fcef5674d05c9cb21ab540 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" workspaces: - name: workspace - name: workspace-arm64 - name: workspace-s390x - name: workspace-ppc64le - name: git-auth optional: true