apiVersion: tekton.dev/v1 kind: Pipeline metadata: name: ostree-build spec: finally: - name: show-summary params: - name: pipelinerun-name value: $(context.pipelineRun.name) - name: git-url value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - name: image-url value: $(params.output-image) - name: build-task-status value: $(tasks.build-container.status) taskRef: params: - name: name value: summary - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:08fde7abf2e24f31d68119d613fb208a25c71263cef440f02c8cb3a43d91813d - name: kind value: task resolver: bundles params: - description: Source Repository URL name: git-url type: string - default: "" description: Revision of the Source Repository name: revision type: string - description: Fully Qualified Output Image name: output-image type: string - default: . description: Path to the source code of an application's component from where to build image. name: path-context type: string - description: Path to the image file inside the context specified by parameter path-context name: image-file type: string - default: "false" description: Force rebuild image name: rebuild type: string - default: "false" description: Skip checks against built image name: skip-checks type: string - default: "true" description: Skip optional checks, set false if you want to run optional checks name: skip-optional type: string - default: "false" description: Execute the build with network isolation name: hermetic type: string - default: "" description: Build dependencies to be prefetched by Cachi2 name: prefetch-input type: string - default: "false" description: Java build name: java type: string - default: "" description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after results: - description: "" name: IMAGE_URL value: $(tasks.build-container.results.IMAGE_URL) - description: "" name: IMAGE_DIGEST value: $(tasks.build-container.results.IMAGE_DIGEST) - description: "" name: CHAINS-GIT_URL value: $(tasks.clone-repository.results.url) - description: "" name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository.results.commit) tasks: - name: init params: - name: image-url value: $(params.output-image) - name: rebuild value: $(params.rebuild) - name: skip-checks value: $(params.skip-checks) - name: skip-optional value: $(params.skip-optional) - name: pipelinerun-name value: $(context.pipelineRun.name) - name: pipelinerun-uid value: $(context.pipelineRun.uid) taskRef: params: - name: name value: init - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:159b85246559defbabbd55a42da0b7f618a4307d13bd4d6eb486efb81d1dcfb5 - name: kind value: task resolver: bundles - name: clone-repository params: - name: url value: $(params.git-url) - name: revision value: $(params.revision) runAfter: - init taskRef: params: - name: name value: git-clone - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:913cdc904919482689e79829daeaa3b4d4cc116aafefd135d5af1fc2f8f1afcd - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: output workspace: workspace - name: basic-auth workspace: git-auth - name: clone-repository-arm64 params: - name: url value: $(params.git-url) - name: revision value: $(params.revision) runAfter: - init taskRef: kind: Task params: - name: name value: git-clone - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:913cdc904919482689e79829daeaa3b4d4cc116aafefd135d5af1fc2f8f1afcd - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: output workspace: workspace-arm64 - name: basic-auth workspace: git-auth - name: clone-repository-s390x params: - name: url value: $(params.git-url) - name: revision value: $(params.revision) runAfter: - init taskRef: kind: Task params: - name: name value: git-clone - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:913cdc904919482689e79829daeaa3b4d4cc116aafefd135d5af1fc2f8f1afcd - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: output workspace: workspace-s390x - name: basic-auth workspace: git-auth - name: clone-repository-ppc64le params: - name: url value: $(params.git-url) - name: revision value: $(params.revision) runAfter: - init taskRef: kind: Task params: - name: name value: git-clone - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:913cdc904919482689e79829daeaa3b4d4cc116aafefd135d5af1fc2f8f1afcd - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: output workspace: workspace-ppc64le - name: basic-auth workspace: git-auth - name: build-container-amd64 params: - name: IMAGE value: $(params.output-image)-amd64 - name: IMAGE_FILE value: $(params.image-file) - name: CONTEXT value: $(params.path-context) - name: IMAGE_EXPIRES_AFTER value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: PLATFORM value: linux/amd64 - name: BUILDER_IMAGE value: quay.io/centos-bootc/builder:latest runAfter: - clone-repository taskRef: params: - name: name value: rpm-ostree - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-rpm-ostree:0.1@sha256:c9dc454573c27468d416f32c87d85d6e7955e5c2a0811dd69ea4692cddda393f - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: source workspace: workspace - name: build-container-arm64 params: - name: IMAGE value: $(params.output-image)-arm64 - name: IMAGE_FILE value: $(params.image-file) - name: CONTEXT value: $(params.path-context) - name: IMAGE_EXPIRES_AFTER value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: PLATFORM value: linux/arm64 - name: BUILDER_IMAGE value: quay.io/centos-bootc/builder:latest runAfter: - clone-repository-arm64 taskRef: params: - name: name value: rpm-ostree - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-rpm-ostree:0.1@sha256:c9dc454573c27468d416f32c87d85d6e7955e5c2a0811dd69ea4692cddda393f - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: source workspace: workspace-arm64 - name: build-container-s390x params: - name: IMAGE value: $(params.output-image)-s390x - name: IMAGE_FILE value: $(params.image-file) - name: CONTEXT value: $(params.path-context) - name: IMAGE_EXPIRES_AFTER value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: PLATFORM value: linux/s390x - name: BUILDER_IMAGE value: quay.io/centos-bootc/builder:latest runAfter: - clone-repository-s390x taskRef: params: - name: name value: rpm-ostree - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-rpm-ostree:0.1@sha256:c9dc454573c27468d416f32c87d85d6e7955e5c2a0811dd69ea4692cddda393f - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: source workspace: workspace-s390x - name: build-container-ppc64le params: - name: IMAGE value: $(params.output-image)-ppc64le - name: IMAGE_FILE value: $(params.image-file) - name: CONTEXT value: $(params.path-context) - name: IMAGE_EXPIRES_AFTER value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: PLATFORM value: linux/ppc64le - name: BUILDER_IMAGE value: quay.io/centos-bootc/builder:latest runAfter: - clone-repository-ppc64le taskRef: params: - name: name value: rpm-ostree - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-rpm-ostree:0.1@sha256:c9dc454573c27468d416f32c87d85d6e7955e5c2a0811dd69ea4692cddda393f - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: source workspace: workspace-ppc64le - name: build-container params: - name: IMAGE value: $(params.output-image) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: IMAGES value: - $(tasks.build-container-amd64.results.IMAGE_URL)@$(tasks.build-container-amd64.results.IMAGE_DIGEST) - $(tasks.build-container-arm64.results.IMAGE_URL)@$(tasks.build-container-arm64.results.IMAGE_DIGEST) - $(tasks.build-container-s390x.results.IMAGE_URL)@$(tasks.build-container-s390x.results.IMAGE_DIGEST) - $(tasks.build-container-ppc64le.results.IMAGE_URL)@$(tasks.build-container-ppc64le.results.IMAGE_DIGEST) runAfter: - build-container-amd64 - build-container-arm64 - build-container-s390x - build-container-ppc64le taskRef: params: - name: name value: build-image-manifest - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-build-image-manifest:0.1@sha256:428d144c5979409f53bb9943f00c9cbb9c3298e5c501279a108b5d16afd5e56f - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" - name: inspect-image params: - name: IMAGE_URL value: $(tasks.build-container.results.IMAGE_URL) - name: IMAGE_DIGEST value: $(tasks.build-container.results.IMAGE_DIGEST) runAfter: - build-container taskRef: params: - name: name value: inspect-image - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:9873371b41de7f8bcda4dfbbbd4c8fe2af95c1236cdf61d8b4617f445e460aad - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" workspaces: - name: source workspace: workspace - name: deprecated-base-image-check params: - name: BASE_IMAGES_DIGESTS value: $(tasks.build-container-amd64.results.BASE_IMAGES_DIGESTS) taskRef: params: - name: name value: deprecated-image-check - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.3@sha256:88b6fd5ffc29d67cd39a30634b70bf874f1894f9a7791dfc0d95980498c01d26 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" - name: clair-scan params: - name: image-digest value: $(tasks.build-container.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-container.results.IMAGE_URL) runAfter: - build-container taskRef: params: - name: name value: clair-scan - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:ec6156c4a4a0777eb59a0355b9ad8257c1d39dc28b8eb8dea1446b3f682a77a8 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" - name: sast-snyk-check runAfter: - clone-repository taskRef: params: - name: name value: sast-snyk-check - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:cdb08029043d69502fe119c21aa4da3d1fdf1b16f3783f5e9dac1874e5c168e0 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" workspaces: - name: workspace workspace: workspace - name: sbom-json-check params: - name: IMAGE_URL value: $(tasks.build-container.results.IMAGE_URL) - name: IMAGE_DIGEST value: $(tasks.build-container.results.IMAGE_DIGEST) runAfter: - build-container taskRef: params: - name: name value: sbom-json-check - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:4a43362f0050de37e7dc23ab46faee9536e7946cf7b7b1e15727ac8c82f2e3bc - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" workspaces: - name: workspace - name: workspace-arm64 - name: workspace-s390x - name: workspace-ppc64le - name: git-auth optional: true