public
/
bootc-base-images
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bootc-base-images/.tekton/ostree-build.yaml

510 lines
16 KiB
YAML
Raw Blame History

apiVersion: tekton.dev/v1
kind: Pipeline
metadata:
name: ostree-build
spec:
finally:
- name: show-summary
params:
- name: pipelinerun-name
value: $(context.pipelineRun.name)
- name: git-url
value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit)
- name: image-url
value: $(params.output-image)
- name: build-task-status
value: $(tasks.build-container.status)
taskRef:
params:
- name: name
value: summary
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:08fde7abf2e24f31d68119d613fb208a25c71263cef440f02c8cb3a43d91813d
- name: kind
value: task
resolver: bundles
params:
- description: Source Repository URL
name: git-url
type: string
- default: ""
description: Revision of the Source Repository
name: revision
type: string
- description: Fully Qualified Output Image
name: output-image
type: string
- default: .
description:
Path to the source code of an application's component from where
to build image.
name: path-context
type: string
- description:
Path to the image file inside the context specified by parameter
path-context
name: image-file
type: string
- default: "false"
description: Force rebuild image
name: rebuild
type: string
- default: "false"
description: Skip checks against built image
name: skip-checks
type: string
- default: "true"
description: Skip optional checks, set false if you want to run optional checks
name: skip-optional
type: string
- default: "false"
description: Execute the build with network isolation
name: hermetic
type: string
- default: ""
description: Build dependencies to be prefetched by Cachi2
name: prefetch-input
type: string
- default: "false"
description: Java build
name: java
type: string
- default: ""
description:
Image tag expiration time, time values could be something like
1h, 2d, 3w for hours, days, and weeks, respectively.
name: image-expires-after
results:
- description: ""
name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL)
- description: ""
name: IMAGE_DIGEST
value: $(tasks.build-container.results.IMAGE_DIGEST)
- description: ""
name: CHAINS-GIT_URL
value: $(tasks.clone-repository.results.url)
- description: ""
name: CHAINS-GIT_COMMIT
value: $(tasks.clone-repository.results.commit)
tasks:
- name: init
params:
- name: image-url
value: $(params.output-image)
- name: rebuild
value: $(params.rebuild)
- name: skip-checks
value: $(params.skip-checks)
- name: skip-optional
value: $(params.skip-optional)
- name: pipelinerun-name
value: $(context.pipelineRun.name)
- name: pipelinerun-uid
value: $(context.pipelineRun.uid)
taskRef:
params:
- name: name
value: init
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:159b85246559defbabbd55a42da0b7f618a4307d13bd4d6eb486efb81d1dcfb5
- name: kind
value: task
resolver: bundles
- name: clone-repository
params:
- name: url
value: $(params.git-url)
- name: revision
value: $(params.revision)
runAfter:
- init
taskRef:
params:
- name: name
value: git-clone
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:913cdc904919482689e79829daeaa3b4d4cc116aafefd135d5af1fc2f8f1afcd
- name: kind
value: task
resolver: bundles
when:
- input: $(tasks.init.results.build)
operator: in
values:
- "true"
workspaces:
- name: output
workspace: workspace
- name: basic-auth
workspace: git-auth
- name: clone-repository-arm64
params:
- name: url
value: $(params.git-url)
- name: revision
value: $(params.revision)
runAfter:
- init
taskRef:
kind: Task
params:
- name: name
value: git-clone
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:913cdc904919482689e79829daeaa3b4d4cc116aafefd135d5af1fc2f8f1afcd
- name: kind
value: task
resolver: bundles
when:
- input: $(tasks.init.results.build)
operator: in
values:
- "true"
workspaces:
- name: output
workspace: workspace-arm64
- name: basic-auth
workspace: git-auth
- name: clone-repository-s390x
params:
- name: url
value: $(params.git-url)
- name: revision
value: $(params.revision)
runAfter:
- init
taskRef:
kind: Task
params:
- name: name
value: git-clone
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:913cdc904919482689e79829daeaa3b4d4cc116aafefd135d5af1fc2f8f1afcd
- name: kind
value: task
resolver: bundles
when:
- input: $(tasks.init.results.build)
operator: in
values:
- "true"
workspaces:
- name: output
workspace: workspace-s390x
- name: basic-auth
workspace: git-auth
- name: clone-repository-ppc64le
params:
- name: url
value: $(params.git-url)
- name: revision
value: $(params.revision)
runAfter:
- init
taskRef:
kind: Task
params:
- name: name
value: git-clone
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:913cdc904919482689e79829daeaa3b4d4cc116aafefd135d5af1fc2f8f1afcd
- name: kind
value: task
resolver: bundles
when:
- input: $(tasks.init.results.build)
operator: in
values:
- "true"
workspaces:
- name: output
workspace: workspace-ppc64le
- name: basic-auth
workspace: git-auth
- name: build-container-amd64
params:
- name: IMAGE
value: $(params.output-image)-amd64
- name: IMAGE_FILE
value: $(params.image-file)
- name: CONTEXT
value: $(params.path-context)
- name: IMAGE_EXPIRES_AFTER
value: $(params.image-expires-after)
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit)
- name: PLATFORM
value: linux/amd64
- name: BUILDER_IMAGE
value: quay.io/centos-bootc/builder:latest
runAfter:
- clone-repository
taskRef:
params:
- name: name
value: rpm-ostree
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-rpm-ostree:0.1@sha256:c9dc454573c27468d416f32c87d85d6e7955e5c2a0811dd69ea4692cddda393f
- name: kind
value: task
resolver: bundles
when:
- input: $(tasks.init.results.build)
operator: in
values:
- "true"
workspaces:
- name: source
workspace: workspace
- name: build-container-arm64
params:
- name: IMAGE
value: $(params.output-image)-arm64
- name: IMAGE_FILE
value: $(params.image-file)
- name: CONTEXT
value: $(params.path-context)
- name: IMAGE_EXPIRES_AFTER
value: $(params.image-expires-after)
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit)
- name: PLATFORM
value: linux/arm64
- name: BUILDER_IMAGE
value: quay.io/centos-bootc/builder:latest
runAfter:
- clone-repository-arm64
taskRef:
params:
- name: name
value: rpm-ostree
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-rpm-ostree:0.1@sha256:c9dc454573c27468d416f32c87d85d6e7955e5c2a0811dd69ea4692cddda393f
- name: kind
value: task
resolver: bundles
when:
- input: $(tasks.init.results.build)
operator: in
values:
- "true"
workspaces:
- name: source
workspace: workspace-arm64
- name: build-container-s390x
params:
- name: IMAGE
value: $(params.output-image)-s390x
- name: IMAGE_FILE
value: $(params.image-file)
- name: CONTEXT
value: $(params.path-context)
- name: IMAGE_EXPIRES_AFTER
value: $(params.image-expires-after)
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit)
- name: PLATFORM
value: linux/s390x
- name: BUILDER_IMAGE
value: quay.io/centos-bootc/builder:latest
runAfter:
- clone-repository-s390x
taskRef:
params:
- name: name
value: rpm-ostree
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-rpm-ostree:0.1@sha256:c9dc454573c27468d416f32c87d85d6e7955e5c2a0811dd69ea4692cddda393f
- name: kind
value: task
resolver: bundles
when:
- input: $(tasks.init.results.build)
operator: in
values:
- "true"
workspaces:
- name: source
workspace: workspace-s390x
- name: build-container-ppc64le
params:
- name: IMAGE
value: $(params.output-image)-ppc64le
- name: IMAGE_FILE
value: $(params.image-file)
- name: CONTEXT
value: $(params.path-context)
- name: IMAGE_EXPIRES_AFTER
value: $(params.image-expires-after)
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit)
- name: PLATFORM
value: linux/s390x
- name: BUILDER_IMAGE
value: quay.io/centos-bootc/builder:latest
runAfter:
- clone-repository-ppc64le
taskRef:
params:
- name: name
value: rpm-ostree
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-rpm-ostree:0.1@sha256:c9dc454573c27468d416f32c87d85d6e7955e5c2a0811dd69ea4692cddda393f
- name: kind
value: task
resolver: bundles
when:
- input: $(tasks.init.results.build)
operator: in
values:
- "true"
workspaces:
- name: source
workspace: workspace-ppc64le
- name: build-container
params:
- name: IMAGE
value: $(params.output-image)
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit)
- name: IMAGES
value:
- $(tasks.build-container-amd64.results.IMAGE_URL)@$(tasks.build-container-amd64.results.IMAGE_DIGEST)
- $(tasks.build-container-arm64.results.IMAGE_URL)@$(tasks.build-container-arm64.results.IMAGE_DIGEST)
- $(tasks.build-container-s390x.results.IMAGE_URL)@$(tasks.build-container-s390x.results.IMAGE_DIGEST)
- $(tasks.build-container-ppc64le.results.IMAGE_URL)@$(tasks.build-container-ppc64le.results.IMAGE_DIGEST)
runAfter:
- build-container-amd64
- build-container-arm64
- build-container-s390x
- build-container-ppc64le
taskRef:
params:
- name: name
value: build-image-manifest
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-build-image-manifest:0.1@sha256:428d144c5979409f53bb9943f00c9cbb9c3298e5c501279a108b5d16afd5e56f
- name: kind
value: task
resolver: bundles
when:
- input: $(tasks.init.results.build)
operator: in
values:
- "true"
- name: inspect-image
params:
- name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL)
- name: IMAGE_DIGEST
value: $(tasks.build-container.results.IMAGE_DIGEST)
runAfter:
- build-container
taskRef:
params:
- name: name
value: inspect-image
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:3a5d3f611240eb5b7b12799c2be22a71803df80dbc12cce2e1e2a252ab543423
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
workspaces:
- name: source
workspace: workspace
- name: deprecated-base-image-check
params:
- name: BASE_IMAGES_DIGESTS
value: $(tasks.build-container-amd64.results.BASE_IMAGES_DIGESTS)
taskRef:
params:
- name: name
value: deprecated-image-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.3@sha256:6d7d51064b03e3bebaeeef48018694ee2a0bb2dd94783efea89eb87861516f92
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
- name: clair-scan
params:
- name: image-digest
value: $(tasks.build-container.results.IMAGE_DIGEST)
- name: image-url
value: $(tasks.build-container.results.IMAGE_URL)
runAfter:
- build-container
taskRef:
params:
- name: name
value: clair-scan
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:ec6156c4a4a0777eb59a0355b9ad8257c1d39dc28b8eb8dea1446b3f682a77a8
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
- name: sast-snyk-check
runAfter:
- clone-repository
taskRef:
params:
- name: name
value: sast-snyk-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:d42d958aaf50c604281665f1deb26858d877ba7cc0171d0d3f937f07909c9e05
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
workspaces:
- name: workspace
workspace: workspace
- name: sbom-json-check
params:
- name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL)
- name: IMAGE_DIGEST
value: $(tasks.build-container.results.IMAGE_DIGEST)
runAfter:
- build-container
taskRef:
params:
- name: name
value: sbom-json-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:ea881dfd625f9afa5d32ac01ca936132003aa33dd273b97388a14a84dd818f60
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
workspaces:
- name: workspace
- name: workspace-arm64
- name: workspace-s390x
- name: workspace-ppc64le
- name: git-auth
optional: true
Reference in New Issue View Git Blame Copy Permalink