apiVersion: tekton.dev/v1 kind: Pipeline metadata: name: ostree-build spec: finally: - name: show-summary params: - name: pipelinerun-name value: $(context.pipelineRun.name) - name: git-url value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - name: image-url value: $(params.output-image) - name: build-task-status value: $(tasks.build-container.status) taskRef: params: - name: name value: summary - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:243b13105967b251c1facd55159165809a9fa797215af613997ac6a16798db73 - name: kind value: task resolver: bundles params: - description: Source Repository URL name: git-url type: string - default: "" description: Revision of the Source Repository name: revision type: string - description: Fully Qualified Output Image name: output-image type: string - default: . description: Path to the source code of an application's component from where to build image. name: path-context type: string - description: Path to the image file inside the context specified by parameter path-context name: image-file type: string - default: "false" description: Force rebuild image name: rebuild type: string - default: "false" description: Skip checks against built image name: skip-checks type: string - default: "true" description: Skip optional checks, set false if you want to run optional checks name: skip-optional type: string - default: "false" description: Execute the build with network isolation name: hermetic type: string - default: "" description: Build dependencies to be prefetched by Cachi2 name: prefetch-input type: string - default: "false" description: Java build name: java type: string - default: "" description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after results: - description: "" name: IMAGE_URL value: $(tasks.build-container.results.IMAGE_URL) - description: "" name: IMAGE_DIGEST value: $(tasks.build-container.results.IMAGE_DIGEST) - description: "" name: CHAINS-GIT_URL value: $(tasks.clone-repository.results.url) - description: "" name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository.results.commit) tasks: - name: init params: - name: image-url value: $(params.output-image) - name: rebuild value: $(params.rebuild) - name: skip-checks value: $(params.skip-checks) - name: skip-optional value: $(params.skip-optional) - name: pipelinerun-name value: $(context.pipelineRun.name) - name: pipelinerun-uid value: $(context.pipelineRun.uid) taskRef: params: - name: name value: init - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:26586a7ef08c3e86dfdaf0a5cc38dd3d70c4c02db1331b469caaed0a0f5b3d86 - name: kind value: task resolver: bundles - name: clone-repository params: - name: url value: $(params.git-url) - name: revision value: $(params.revision) runAfter: - init taskRef: params: - name: name value: git-clone - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:d9e1ab10d72953e7a85dab69b8b96f5b41580a6d4026f77b6a5ba6f3ed227cc3 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: output workspace: workspace - name: basic-auth workspace: git-auth - name: clone-repository-arm64 params: - name: url value: $(params.git-url) - name: revision value: $(params.revision) runAfter: - init taskRef: kind: Task params: - name: name value: git-clone - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:d9e1ab10d72953e7a85dab69b8b96f5b41580a6d4026f77b6a5ba6f3ed227cc3 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: output workspace: workspace-arm64 - name: basic-auth workspace: git-auth - name: clone-repository-s390x params: - name: url value: $(params.git-url) - name: revision value: $(params.revision) runAfter: - init taskRef: kind: Task params: - name: name value: git-clone - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:d9e1ab10d72953e7a85dab69b8b96f5b41580a6d4026f77b6a5ba6f3ed227cc3 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: output workspace: workspace-s390x - name: basic-auth workspace: git-auth - name: clone-repository-ppc64le params: - name: url value: $(params.git-url) - name: revision value: $(params.revision) runAfter: - init taskRef: kind: Task params: - name: name value: git-clone - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:d9e1ab10d72953e7a85dab69b8b96f5b41580a6d4026f77b6a5ba6f3ed227cc3 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: output workspace: workspace-ppc64le - name: basic-auth workspace: git-auth - name: build-container-amd64 params: - name: IMAGE value: $(params.output-image)-amd64 - name: IMAGE_FILE value: $(params.image-file) - name: CONTEXT value: $(params.path-context) - name: IMAGE_EXPIRES_AFTER value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: PLATFORM value: linux/amd64 - name: BUILDER_IMAGE value: quay.io/bcook/ostree-builder:latest runAfter: - clone-repository taskRef: params: - name: name value: rpm-ostree - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-rpm-ostree:0.1@sha256:b7dbe76640d10cd7b7ff39573ad7f5ca7523237449e38447c9bdca0ec3e1f187 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: source workspace: workspace - name: build-container-arm64 params: - name: IMAGE value: $(params.output-image)-arm64 - name: IMAGE_FILE value: $(params.image-file) - name: CONTEXT value: $(params.path-context) - name: IMAGE_EXPIRES_AFTER value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: PLATFORM value: linux/arm64 - name: BUILDER_IMAGE value: quay.io/bcook/ostree-builder:latest runAfter: - clone-repository-arm64 taskRef: params: - name: name value: rpm-ostree - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-rpm-ostree:0.1@sha256:b7dbe76640d10cd7b7ff39573ad7f5ca7523237449e38447c9bdca0ec3e1f187 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: source workspace: workspace-arm64 - name: build-container-s390x params: - name: IMAGE value: $(params.output-image)-s390x - name: IMAGE_FILE value: $(params.image-file) - name: CONTEXT value: $(params.path-context) - name: IMAGE_EXPIRES_AFTER value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: PLATFORM value: linux/s390x - name: BUILDER_IMAGE value: quay.io/bcook/ostree-builder:latest runAfter: - clone-repository-s390x taskRef: params: - name: name value: rpm-ostree - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-rpm-ostree:0.1@sha256:b7dbe76640d10cd7b7ff39573ad7f5ca7523237449e38447c9bdca0ec3e1f187 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: source workspace: workspace-s390x - name: build-container-ppc64le params: - name: IMAGE value: $(params.output-image)-ppc64le - name: IMAGE_FILE value: $(params.image-file) - name: CONTEXT value: $(params.path-context) - name: IMAGE_EXPIRES_AFTER value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: PLATFORM value: linux/ppc64le - name: BUILDER_IMAGE value: quay.io/bcook/ostree-builder:latest runAfter: - clone-repository-ppc64le taskRef: params: - name: name value: rpm-ostree - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-rpm-ostree:0.1@sha256:b7dbe76640d10cd7b7ff39573ad7f5ca7523237449e38447c9bdca0ec3e1f187 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: source workspace: workspace-s390x - name: build-container params: - name: IMAGE value: $(params.output-image) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: IMAGES value: - $(tasks.build-container-amd64.results.IMAGE_URL)@$(tasks.build-container-amd64.results.IMAGE_DIGEST) - $(tasks.build-container-arm64.results.IMAGE_URL)@$(tasks.build-container-arm64.results.IMAGE_DIGEST) - $(tasks.build-container-s390x.results.IMAGE_URL)@$(tasks.build-container-s390x.results.IMAGE_DIGEST) - $(tasks.build-container-ppc64le.results.IMAGE_URL)@$(tasks.build-container-ppc64le.results.IMAGE_DIGEST) runAfter: - build-container-amd64 - build-container-arm64 - build-container-s390x - build-container-ppc64le taskRef: params: - name: name value: build-image-manifest - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-build-image-manifest:0.1@sha256:8e27a9376764122aba32c0a310876f154c6c9710e323f3330c7e5f6d1c234f25 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" - name: inspect-image params: - name: IMAGE_URL value: $(tasks.build-container.results.IMAGE_URL) - name: IMAGE_DIGEST value: $(tasks.build-container.results.IMAGE_DIGEST) runAfter: - build-container taskRef: params: - name: name value: inspect-image - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:3a5d3f611240eb5b7b12799c2be22a71803df80dbc12cce2e1e2a252ab543423 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" workspaces: - name: source workspace: workspace - name: deprecated-base-image-check params: - name: BASE_IMAGES_DIGESTS value: $(tasks.build-container-amd64.results.BASE_IMAGES_DIGESTS) taskRef: params: - name: name value: deprecated-image-check - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.3@sha256:35e2708505614397ede771474a2e2d6f04e911efc46afae47ca4a63e2f6fc9a0 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" - name: clair-scan params: - name: image-digest value: $(tasks.build-container.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-container.results.IMAGE_URL) runAfter: - build-container taskRef: params: - name: name value: clair-scan - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:f6a5a24cb8faa590d4f3adc204a197fd89da1bcea365963af9ac66838c030816 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" - name: sast-snyk-check runAfter: - clone-repository taskRef: params: - name: name value: sast-snyk-check - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:edd4ba638b71de52c2662abd3e93fd876e6e75cd07b162d13fae014d3a1a1fac - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" workspaces: - name: workspace workspace: workspace - name: sbom-json-check params: - name: IMAGE_URL value: $(tasks.build-container.results.IMAGE_URL) - name: IMAGE_DIGEST value: $(tasks.build-container.results.IMAGE_DIGEST) runAfter: - build-container taskRef: params: - name: name value: sbom-json-check - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:0ca48e1dffde39efe97b3252386f529241d6b276fe812a88774a9f37fc45f742 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" workspaces: - name: workspace - name: workspace-arm64 - name: workspace-ppc64le - name: workspace-s390x - name: git-auth optional: true