From fea8b3a9a41a66c85b73c4886477842171751e54 Mon Sep 17 00:00:00 2001 From: Ruben Romero Montes Date: Thu, 20 Jun 2024 10:22:02 +0200 Subject: [PATCH] chore: use konflux-ci task registry (#90) Signed-off-by: Ruben Romero Montes --- .tekton/onguard-pull-request.yaml | 84 ++++++++++++++++++++++++------- .tekton/onguard-push.yaml | 84 ++++++++++++++++++++++++------- 2 files changed, 134 insertions(+), 34 deletions(-) diff --git a/.tekton/onguard-pull-request.yaml b/.tekton/onguard-pull-request.yaml index 6cf9554..7fa4f26 100644 --- a/.tekton/onguard-pull-request.yaml +++ b/.tekton/onguard-pull-request.yaml @@ -41,7 +41,7 @@ spec: - name: name value: show-sbom - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:9cd4bf015b18621834f40ed02c8dccda1f7834c7d989521a8314bdb3a596e96b + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:bb6de6584cc47524ac69d2fb0bc310e546696b707e4052a465966e2446e33a15 - name: kind value: task resolver: bundles @@ -60,13 +60,13 @@ spec: - name: name value: summary - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:51d5aaa4e13e9fb4303f667e38d07e758820040032ed9fb3ab5f6afaaffc60d8 + value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:fc1b0a4efc83c91cd4a24020daabb874b3f33a87c34cd157cda0b7e6d4b7779a - name: kind value: task resolver: bundles workspaces: - - name: workspace - workspace: workspace + - name: workspace + workspace: workspace params: - description: Source Repository URL name: git-url @@ -116,6 +116,14 @@ spec: description: Build a source image. name: build-source-image type: string + - default: [] + description: Array of --build-arg values ("arg=value" strings) for buildah + name: build-args + type: array + - default: "" + description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file + name: build-args-file + type: string results: - description: "" name: IMAGE_URL @@ -146,7 +154,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:b23c7a924f303a67b3a00b32a6713ae1a4fccbc5327daa76a6edd250501ea7a3 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:83b7df553a736def52dd47bca2a3614c8fa2c88d112d691a4834289cf8c2abf5 - name: kind value: task resolver: bundles @@ -163,7 +171,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:2be7c9c83159c5247f1f9aab8fa1a2cb29d0df66f6c5bb48a012320bdcb03c7d + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:9ea6101d110d96dd95216ee5fb73213c394ee62280f2bf1d61bb460f56dac027 - name: kind value: task resolver: bundles @@ -188,18 +196,20 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:9aec3ae9f0f50a05abdc739faf4cbc82832cff16c77ac74e1d54072a882c0503 + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:c22f2537b73add9b9cef0c1ac92187abb8d265756eaa1e6e568a4f4215720cc3 - name: kind value: task resolver: bundles when: - - input: $(params.hermetic) - operator: in + - input: $(params.prefetch-input) + operator: notin values: - - "true" + - "" workspaces: - name: source workspace: workspace + - name: git-basic-auth + workspace: git-auth - name: build-container params: - name: IMAGE @@ -216,6 +226,11 @@ spec: value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) runAfter: - prefetch-dependencies taskRef: @@ -223,7 +238,7 @@ spec: - name: name value: buildah-8gb - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-8gb:0.1@sha256:3dbec109b54aaec4ea7265f008155109a8a70426cab4a8a040b7c92d5360b463 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-8gb@sha256:8653b4eb7c3f3e28834bdb9821a2b9bf905714011d347168e019e94151147640 - name: kind value: task resolver: bundles @@ -248,7 +263,7 @@ spec: - name: name value: source-build - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:1a976a35adee9163e455d0c5aee5d9bf9cb3c6a770656ae347558f8c54977709 + value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:eacb3f49a4fefc112e5d68f67f9418584e1f942e33b027aaf80612d7eff332d0 - name: kind value: task resolver: bundles @@ -279,7 +294,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.4@sha256:aaf998c36c66d2330cf45894f9cca52486fcdd73e030620e7107e28da247ed87 + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:d70d970e689a26f1c9e6a1db69580a06cde989c7278c402316278d78c17d2927 - name: kind value: task resolver: bundles @@ -301,7 +316,27 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:de7d372d90939db203072a024f1b13869dd11fac9b196e2a485bdf2a20099902 + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1@sha256:f38e2740eceadac1dd3c131f093d6f87feecf31cfa9d3765fb3fa3a25ed804c8 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: ecosystem-cert-preflight-checks + params: + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + params: + - name: name + value: ecosystem-cert-preflight-checks + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:8838d3e1628dbe61f4851b3640d2e3a9a3079d3ff3da955f4a3e4c2c95a013df - name: kind value: task resolver: bundles @@ -318,7 +353,7 @@ spec: - name: name value: sast-snyk-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:2265f4d38353a931bad027f5b0c1a27e46eb44e555238fc4e0680f7d805abcce + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.1@sha256:4c672aeda06ed1b9997a3c003153e1764c258195aa46a5f227ab521a81823a84 - name: kind value: task resolver: bundles @@ -343,7 +378,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:a6d6d640a5bb33df23e3ae6b1c52589fe5de86144d44e6b4dd6d8ed3a0e89fa4 + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:110ecfa4656ece3241336e434ded12aa4191a96ff1d0d6ca6deebba59be50f40 - name: kind value: task resolver: bundles @@ -365,7 +400,7 @@ spec: - name: name value: sbom-json-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:1f7ae5f2660ddfd447727cdc4a8311ce4d991e5fd8f0a23f1b13d6968d8a97e1 + value: quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1@sha256:fe6e910cf25664dc6c192023f178a4066e20307d7f888f6d0fe0304c5c11a3c4 - name: kind value: task resolver: bundles @@ -374,6 +409,21 @@ spec: operator: in values: - "false" + - name: apply-tags + params: + - name: IMAGE + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:175162b0a1c55e911d0d25ddef97e90932b5043f0b523cf83ed4824363840d74 + - name: kind + value: task + resolver: bundles workspaces: - name: workspace - name: git-auth diff --git a/.tekton/onguard-push.yaml b/.tekton/onguard-push.yaml index 3e0ac11..c2a3fdd 100644 --- a/.tekton/onguard-push.yaml +++ b/.tekton/onguard-push.yaml @@ -38,7 +38,7 @@ spec: - name: name value: show-sbom - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:9cd4bf015b18621834f40ed02c8dccda1f7834c7d989521a8314bdb3a596e96b + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:bb6de6584cc47524ac69d2fb0bc310e546696b707e4052a465966e2446e33a15 - name: kind value: task resolver: bundles @@ -57,13 +57,13 @@ spec: - name: name value: summary - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:51d5aaa4e13e9fb4303f667e38d07e758820040032ed9fb3ab5f6afaaffc60d8 + value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:fc1b0a4efc83c91cd4a24020daabb874b3f33a87c34cd157cda0b7e6d4b7779a - name: kind value: task resolver: bundles workspaces: - - name: workspace - workspace: workspace + - name: workspace + workspace: workspace params: - description: Source Repository URL name: git-url @@ -113,6 +113,14 @@ spec: description: Build a source image. name: build-source-image type: string + - default: [] + description: Array of --build-arg values ("arg=value" strings) for buildah + name: build-args + type: array + - default: "" + description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file + name: build-args-file + type: string results: - description: "" name: IMAGE_URL @@ -143,7 +151,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:b23c7a924f303a67b3a00b32a6713ae1a4fccbc5327daa76a6edd250501ea7a3 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:83b7df553a736def52dd47bca2a3614c8fa2c88d112d691a4834289cf8c2abf5 - name: kind value: task resolver: bundles @@ -160,7 +168,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:2be7c9c83159c5247f1f9aab8fa1a2cb29d0df66f6c5bb48a012320bdcb03c7d + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:9ea6101d110d96dd95216ee5fb73213c394ee62280f2bf1d61bb460f56dac027 - name: kind value: task resolver: bundles @@ -185,18 +193,20 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:9aec3ae9f0f50a05abdc739faf4cbc82832cff16c77ac74e1d54072a882c0503 + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:c22f2537b73add9b9cef0c1ac92187abb8d265756eaa1e6e568a4f4215720cc3 - name: kind value: task resolver: bundles when: - - input: $(params.hermetic) - operator: in + - input: $(params.prefetch-input) + operator: notin values: - - "true" + - "" workspaces: - name: source workspace: workspace + - name: git-basic-auth + workspace: git-auth - name: build-container params: - name: IMAGE @@ -213,6 +223,11 @@ spec: value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) runAfter: - prefetch-dependencies taskRef: @@ -220,7 +235,7 @@ spec: - name: name value: buildah-8gb - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-8gb:0.1@sha256:3dbec109b54aaec4ea7265f008155109a8a70426cab4a8a040b7c92d5360b463 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-8gb@sha256:8653b4eb7c3f3e28834bdb9821a2b9bf905714011d347168e019e94151147640 - name: kind value: task resolver: bundles @@ -245,7 +260,7 @@ spec: - name: name value: source-build - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:1a976a35adee9163e455d0c5aee5d9bf9cb3c6a770656ae347558f8c54977709 + value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:eacb3f49a4fefc112e5d68f67f9418584e1f942e33b027aaf80612d7eff332d0 - name: kind value: task resolver: bundles @@ -276,7 +291,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.4@sha256:aaf998c36c66d2330cf45894f9cca52486fcdd73e030620e7107e28da247ed87 + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:d70d970e689a26f1c9e6a1db69580a06cde989c7278c402316278d78c17d2927 - name: kind value: task resolver: bundles @@ -298,7 +313,27 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:de7d372d90939db203072a024f1b13869dd11fac9b196e2a485bdf2a20099902 + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1@sha256:f38e2740eceadac1dd3c131f093d6f87feecf31cfa9d3765fb3fa3a25ed804c8 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: ecosystem-cert-preflight-checks + params: + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + params: + - name: name + value: ecosystem-cert-preflight-checks + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:8838d3e1628dbe61f4851b3640d2e3a9a3079d3ff3da955f4a3e4c2c95a013df - name: kind value: task resolver: bundles @@ -315,7 +350,7 @@ spec: - name: name value: sast-snyk-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:2265f4d38353a931bad027f5b0c1a27e46eb44e555238fc4e0680f7d805abcce + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.1@sha256:4c672aeda06ed1b9997a3c003153e1764c258195aa46a5f227ab521a81823a84 - name: kind value: task resolver: bundles @@ -340,7 +375,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:a6d6d640a5bb33df23e3ae6b1c52589fe5de86144d44e6b4dd6d8ed3a0e89fa4 + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:110ecfa4656ece3241336e434ded12aa4191a96ff1d0d6ca6deebba59be50f40 - name: kind value: task resolver: bundles @@ -362,7 +397,7 @@ spec: - name: name value: sbom-json-check - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:1f7ae5f2660ddfd447727cdc4a8311ce4d991e5fd8f0a23f1b13d6968d8a97e1 + value: quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1@sha256:fe6e910cf25664dc6c192023f178a4066e20307d7f888f6d0fe0304c5c11a3c4 - name: kind value: task resolver: bundles @@ -371,6 +406,21 @@ spec: operator: in values: - "false" + - name: apply-tags + params: + - name: IMAGE + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:175162b0a1c55e911d0d25ddef97e90932b5043f0b523cf83ed4824363840d74 + - name: kind + value: task + resolver: bundles workspaces: - name: workspace - name: git-auth