apiVersion: tekton.dev/v1 kind: Pipeline metadata: name: ostree-build spec: finally: - name: show-summary params: - name: pipelinerun-name value: $(context.pipelineRun.name) - name: git-url value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - name: image-url value: $(params.output-image) - name: build-task-status value: $(tasks.build-container.status) taskRef: params: - name: name value: summary - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:6a54bf5cee74c54ed5e08d4b11476cc29fa119d02a2d715005496737de885d49 - name: kind value: task resolver: bundles params: - description: Source Repository URL name: git-url type: string - default: "" description: Revision of the Source Repository name: revision type: string - description: Fully Qualified Output Image name: output-image type: string - default: . description: Path to the source code of an application's component from where to build image. name: path-context type: string - description: Path to the image file inside the context specified by parameter path-context name: image-file type: string - default: "false" description: Force rebuild image name: rebuild type: string - default: "false" description: Skip checks against built image name: skip-checks type: string - default: "true" description: Skip optional checks, set false if you want to run optional checks name: skip-optional type: string - default: "false" description: Execute the build with network isolation name: hermetic type: string - default: "" description: Build dependencies to be prefetched by Cachi2 name: prefetch-input type: string - default: "false" description: Java build name: java type: string - default: "" description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - name: config-file description: config file to use for rpm-ostree tool type: string default: "" results: - description: "" name: IMAGE_URL value: $(tasks.build-container.results.IMAGE_URL) - description: "" name: IMAGE_DIGEST value: $(tasks.build-container.results.IMAGE_DIGEST) - description: "" name: CHAINS-GIT_URL value: $(tasks.clone-repository.results.url) - description: "" name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository.results.commit) tasks: - name: init params: - name: image-url value: $(params.output-image) - name: rebuild value: $(params.rebuild) - name: skip-checks value: $(params.skip-checks) taskRef: params: - name: name value: init - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:3d8f01fa59596a998d30dc700fcf7377f09d60008337290eebaeaf604512ce2b - name: kind value: task resolver: bundles - name: clone-repository params: - name: url value: $(params.git-url) - name: revision value: $(params.revision) runAfter: - init taskRef: params: - name: name value: git-clone - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:fffe6234a4d60c63b97af86642369e4931a404f6dc8be0d12743f7651a4dc802 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: output workspace: workspace - name: basic-auth workspace: git-auth - name: clone-repository-arm64 params: - name: url value: $(params.git-url) - name: revision value: $(params.revision) runAfter: - init taskRef: kind: Task params: - name: name value: git-clone - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:fffe6234a4d60c63b97af86642369e4931a404f6dc8be0d12743f7651a4dc802 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: output workspace: workspace-arm64 - name: basic-auth workspace: git-auth - name: build-container-amd64 params: - name: IMAGE value: $(params.output-image)-amd64 - name: IMAGE_FILE value: $(params.image-file) - name: CONTEXT value: $(params.path-context) - name: IMAGE_EXPIRES_AFTER value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: PLATFORM value: linux/amd64 - name: BUILDER_IMAGE value: quay.io/centos-bootc/bootc-image-builder:latest - name: CONFIG_FILE value: $(params.config-file) runAfter: - clone-repository taskRef: params: - name: name value: rpm-ostree - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-rpm-ostree:0.1@sha256:c0f2bff911ac6741b2f6dc064ed8a19d4ab1dea036a6235edbaa0f84fc639c25 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: source workspace: workspace - name: build-container-arm64 params: - name: IMAGE value: $(params.output-image)-arm64 - name: IMAGE_FILE value: $(params.image-file) - name: CONTEXT value: $(params.path-context) - name: IMAGE_EXPIRES_AFTER value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: PLATFORM value: linux/arm64 - name: BUILDER_IMAGE value: quay.io/centos-bootc/bootc-image-builder:latest - name: CONFIG_FILE value: $(params.config-file) runAfter: - clone-repository-arm64 taskRef: params: - name: name value: rpm-ostree - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-rpm-ostree:0.1@sha256:c0f2bff911ac6741b2f6dc064ed8a19d4ab1dea036a6235edbaa0f84fc639c25 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: source workspace: workspace-arm64 - name: build-container params: - name: IMAGE value: $(params.output-image) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: IMAGES value: - $(tasks.build-container-amd64.results.IMAGE_URL)@$(tasks.build-container-amd64.results.IMAGE_DIGEST) - $(tasks.build-container-arm64.results.IMAGE_URL)@$(tasks.build-container-arm64.results.IMAGE_DIGEST) runAfter: - build-container-amd64 - build-container-arm64 taskRef: params: - name: name value: build-image-manifest - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-build-image-manifest:0.1@sha256:38750364fc669cabf741e8be3459b3d9dfc569a2be342befabe28a800eee22d4 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" - name: inspect-image params: - name: IMAGE_URL value: $(tasks.build-container.results.IMAGE_URL) - name: IMAGE_DIGEST value: $(tasks.build-container.results.IMAGE_DIGEST) runAfter: - build-container taskRef: params: - name: name value: inspect-image - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:c9e991c0480f331f1eb49ade78c3510d4ae7cba2ec302dc39568d99dcddb62f8 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" workspaces: - name: source workspace: workspace - name: deprecated-base-image-check params: - name: BASE_IMAGES_DIGESTS value: $(tasks.build-container-amd64.results.BASE_IMAGES_DIGESTS) taskRef: params: - name: name value: deprecated-image-check - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.3@sha256:ba55ff56b8718406278d72fd5e3de88da110dd4391aa7581923b8d219a29f841 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" - name: clair-scan params: - name: image-digest value: $(tasks.build-container.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-container.results.IMAGE_URL) runAfter: - build-container taskRef: params: - name: name value: clair-scan - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:5097b69c7b8ed19bbc09b3b119214305ed382a185aece344806875e6c43203b8 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" - name: sast-snyk-check runAfter: - clone-repository taskRef: params: - name: name value: sast-snyk-check - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:422177f6fffa55284a30ddc4a26dca1462aee34a479529b9e2b52a5bb39606a4 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" workspaces: - name: workspace workspace: workspace - name: sbom-json-check params: - name: IMAGE_URL value: $(tasks.build-container.results.IMAGE_URL) - name: IMAGE_DIGEST value: $(tasks.build-container.results.IMAGE_DIGEST) runAfter: - build-container taskRef: params: - name: name value: sbom-json-check - name: bundle value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:e5202b2f610fcf36793e410336bd5b9764999abb29b3cd29007f6c68dd7725af - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" workspaces: - name: workspace - name: workspace-arm64 - name: git-auth optional: true