This document is generated by the job '.github/workflows/publish-pipelines.yml' using the configurations files !
Command to be executed:
java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/konflux/build-quarkus-app-cfg.yamlusing as configuration:
# configurations/konflux/build-quarkus-app-cfg.yaml
# The type will be used by the application to generate the resources for the selected provider: konflux, tekton
provider: konflux
resourceType: PipelineRun
domain: build
namespace: user-ns1
repository:
url: https://github.com/ch007m/new-quarkus-app-1
dockerfilePath: src/main/docker/Dockerfile.jvm
# To generate the Konflux Application and/or Component CR
application:
name: my-quarkus
enable: false
component:
name: my-quarkus-app
enable: false
job:
name: quarkus-1-on-push
description: PipelineRun performing a build of a Quarkus application using pack CLI
workspaces:
- name: source-dir
workspace: workspace
- name: pack-workspace
workspace: workspace
results:
- IMAGE_URL: "$(tasks.build-container.results.IMAGE_URL)"
- IMAGE_DIGEST: "$(tasks.build-container.results.IMAGE_DIGEST)"
- BASE_IMAGES_DIGESTS: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)"
- CHAINS-GIT_URL: "$(tasks.clone-repository.results.url)"
- CHAINS-GIT_COMMIT: "$(tasks.clone-repository.results.commit)"
params:
- git-url: "{{source_url}}"
- revision: "{{revision}}"
- output-image: "quay.io/ch007m/user-ns1/my-quarkus/quarkus-1:{{revision}}"
- image-expires-after: "5d"
- build-image-index: ""
# We need the following parameters when used within the Pipeline: when condition, etc
- build-source-image: false
- prefetch-input: ""
# Buildpack params
- source-dir: "source"
- imageUrl: "buildpacksio/pack"
- imageTag: "latest"
- packCmdBuilderFlags:
- build
- -B
- quay.io/snowdrop/ubi-builder
- -e
- BP_JVM_VERSION=21
- quarkus-hello:1.0
# Remark : As the Pipeline(run) resource of konflux already defines mandatory steps to perform actions as listed here - it is then not needed
# to detail them here except the actions that you want to include part of the build process
# The actions to be executed should match/map the name ofg the Task declared in an OCI Bundle or Git repository url
# Examples:
# - pack: to build an image using the Pack CLI
# - build: to build an application using a builder image
# - pack-builder: to create a builder image using pack CLI
# - stack: to create a base stack image build or run
# - meta/composite: to package the buildpacks of a "meta/composite" buildpack project
# - buildpack: to package a "buildpack" project
# - extension: to package an "extension" project
#
actions:
- name: pack
ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25
workspaces:
- name: source-dir
workspace: workspace
- name: pack-workspace
workspace: workspace
params:
- PACK_SOURCE_DIR: "$(params.source-dir)"
- PACK_CLI_IMAGE: "$(params.imageUrl)"
- PACK_CLI_IMAGE_VERSION: "$(params.imageTag)"
- PACK_CMD_FLAGS:
- "$(params.packCmdBuilderFlags)"
Generated file:
# generated/konflux/build/pipelinerun-quarkus-1-on-push.yaml
apiVersion: "tekton.dev/v1"
kind: "PipelineRun"
metadata:
annotations:
build.appstudio.redhat.com/target_branch: "{{target_branch}}"
build.appstudio.redhat.com/commit_sha: "{{revision}}"
pipelinesascode.tekton.dev/on-cel-expression: "event == 'push' && target_branch\
\ == 'main'"
pipelinesascode.tekton.dev/max-keep-runs: "3"
build.appstudio.openshift.io/repo: "https://github.com/ch007m/new-quarkus-app-1?rev={{revision}}"
labels:
appstudio.openshift.io/application: "my-quarkus"
pipelines.appstudio.openshift.io/type: "build"
pipelines.openshift.io/strategy: "build"
appstudio.openshift.io/component: "my-quarkus-app"
pipelines.openshift.io/used-by: "build-cloud"
pipelines.openshift.io/runtime: "java"
name: "quarkus-1-on-push"
namespace: "user-ns1"
spec:
params:
- name: "git-url"
value: "{{source_url}}"
- name: "revision"
value: "{{revision}}"
- name: "image-expires-after"
value: "5d"
- name: "build-image-index"
value: ""
- name: "build-source-image"
value: "false"
- name: "prefetch-input"
value: ""
- name: "git-url"
value: "{{source_url}}"
- name: "revision"
value: "{{revision}}"
- name: "output-image"
value: "quay.io/ch007m/user-ns1/my-quarkus/quarkus-1:{{revision}}"
- name: "image-expires-after"
value: "5d"
- name: "build-image-index"
value: ""
- name: "build-source-image"
value: "false"
- name: "prefetch-input"
value: ""
- name: "source-dir"
value: "source"
- name: "imageUrl"
value: "buildpacksio/pack"
- name: "imageTag"
value: "latest"
- name: "packCmdBuilderFlags"
value:
- "build"
- "-B"
- "quay.io/snowdrop/ubi-builder"
- "-e"
- "BP_JVM_VERSION=21"
- "quarkus-hello:1.0"
pipelineSpec:
finally:
- name: "show-sbom"
params:
- name: "IMAGE_URL"
value: "$(tasks.build-container.results.IMAGE_URL)"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1"
- name: "name"
value: "show-sbom"
- name: "kind"
value: "task"
resolver: "bundles"
- name: "summary"
params:
- name: "pipelinerun-name"
value: "$(context.pipelineRun.name)"
- name: "git-url"
value: "$(tasks.git-clone.results.url)?rev=$(tasks.git-clone.results.commit)"
- name: "image-url"
value: "$(params.output-image)"
- name: "build-task-status"
value: "$(tasks.build-container.status)"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-summary:0.2"
- name: "name"
value: "summary"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "workspace"
workspace: "workspace"
results:
- name: "IMAGE_URL"
value: "$(tasks.build-container.results.IMAGE_URL)"
- name: "IMAGE_DIGEST"
value: "$(tasks.build-container.results.IMAGE_DIGEST)"
- name: "BASE_IMAGES_DIGESTS"
value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)"
- name: "CHAINS-GIT_URL"
value: "$(tasks.git-clone.results.url)"
- name: "CHAINS-GIT_COMMIT"
value: "$(tasks.git-clone.results.commit)"
tasks:
- name: "init"
params:
- name: "image-url"
value: "$(params.output-image)"
- name: "rebuild"
value: "$(params.rebuild)"
- name: "skip-checks"
value: "$(params.skip-checks)"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-init:0.2"
- name: "name"
value: "init"
- name: "kind"
value: "task"
resolver: "bundles"
- name: "git-clone"
params:
- name: "url"
value: "$(params.git-url)"
runAfter:
- "init"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1"
- name: "name"
value: "git-clone"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "output"
workspace: "workspace"
- name: "basic-auth"
workspace: "git-auth"
- name: "prefetch-dependencies"
params:
- name: "input"
value: "$(params.prefetch-input)"
runAfter:
- "git-clone"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1"
- name: "name"
value: "prefetch-dependencies"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "source"
workspace: "workspace"
- name: "git-basic-auth"
workspace: "git-auth"
- name: "build-container"
params:
- name: "PACK_SOURCE_DIR"
value: "$(params.source-dir)"
- name: "PACK_CLI_IMAGE"
value: "$(params.imageUrl)"
- name: "PACK_CLI_IMAGE_VERSION"
value: "$(params.imageTag)"
- name: "PACK_CMD_FLAGS"
value:
- "$(params.packCmdBuilderFlags)"
taskRef:
params:
- name: "bundle"
value: "quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25"
- name: "name"
value: "pack"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "source-dir"
workspace: "workspace"
- name: "pack-workspace"
workspace: "workspace"
- name: "build-image-index"
params:
- name: "IMAGE"
value: "$(params.output-image)"
- name: "COMMIT_SHA"
value: "$(tasks.git-clone.results.commit)"
- name: "IMAGE_EXPIRES_AFTER"
value: "$(params.image-expires-after)"
- name: "ALWAYS_BUILD_INDEX"
value: "$(params.build-image-index)"
- name: "IMAGES"
value:
- "$(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)"
runAfter:
- "build-container"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1"
- name: "name"
value: "build-image-index"
- name: "kind"
value: "task"
resolver: "bundles"
- name: "source-build"
params:
- name: "BINARY_IMAGE"
value: "$(params.output-image)"
- name: "BASE_IMAGES"
value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)"
runAfter:
- "build-container"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-source-build:0.1"
- name: "name"
value: "source-build"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "workspace"
workspace: "workspace"
- name: "clair-scan"
params:
- name: "image-digest"
value: "$(tasks.build-container.results.IMAGE_DIGEST)"
- name: "image-url"
value: "$(tasks.build-container.results.IMAGE_URL)"
runAfter:
- "build-container"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1"
- name: "name"
value: "clair-scan"
- name: "kind"
value: "task"
resolver: "bundles"
- name: "ecosystem-cert-preflight-checks"
params:
- name: "image-url"
value: "$(tasks.build-container.results.IMAGE_URL)"
runAfter:
- "build-container"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1"
- name: "name"
value: "ecosystem-cert-preflight-checks"
- name: "kind"
value: "task"
resolver: "bundles"
- name: "sast-snyk-check"
params:
- name: "image-digest"
value: "$(tasks.build-container.results.IMAGE_DIGEST)"
- name: "image-url"
value: "$(tasks.build-container.results.IMAGE_URL)"
runAfter:
- "git-clone"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2"
- name: "name"
value: "sast-snyk-check"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "workspace"
workspace: "workspace"
- name: "clamav-scan"
params:
- name: "image-digest"
value: "$(tasks.build-container.results.IMAGE_DIGEST)"
- name: "image-url"
value: "$(tasks.build-container.results.IMAGE_URL)"
runAfter:
- "build-container"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1"
- name: "name"
value: "clamav-scan"
- name: "kind"
value: "task"
resolver: "bundles"
timeouts:
pipeline: "300000000000ns"
workspaces:
- name: "workspace"
volumeClaimTemplate:
apiVersion: "v1"
kind: "PersistentVolumeClaim"
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "1Gi"
- name: "git-auth"
secret:
secretName: "{{ git_auth_secret }}"
- name: "source-dir"
volumeClaimTemplate:
apiVersion: "v1"
kind: "PersistentVolumeClaim"
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "1Gi"
- name: "pack-workspace"
volumeClaimTemplate:
apiVersion: "v1"
kind: "PersistentVolumeClaim"
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "1Gi"
Command to be executed:
java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/konflux/build-quarkus-app-lifecycle-extension-cfg.yamlusing as configuration:
# configurations/konflux/build-quarkus-app-lifecycle-extension-cfg.yaml
# The type will be used by the application to generate the resources for the selected provider: konflux, tekton
provider: konflux
resourceType: PipelineRun
domain: build
namespace: user-ns1
repository:
url: https://github.com/ch007m/new-quarkus-app-1
dockerfilePath: src/main/docker/Dockerfile.jvm
# To generate the Konflux Application and/or Component CR
application:
name: my-quarkus
enable: true
component:
name: my-quarkus-app
enable: true
job:
name: quarkus-1-on-push
description: PipelineRun doing a build of a Quarkus application using buildpack - extension task
results:
- IMAGE_URL: "$(tasks.build-container.results.IMAGE_URL)"
- IMAGE_DIGEST: "$(tasks.build-container.results.IMAGE_DIGEST)"
- BASE_IMAGES_DIGESTS: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)"
- CHAINS-GIT_URL: "$(tasks.clone-repository.results.url)"
- CHAINS-GIT_COMMIT: "$(tasks.clone-repository.results.commit)"
params:
- git-url: "{{source_url}}"
- revision: "{{revision}}"
- output-image: "quay.io/ch007m/my-quarkus:{{revision}}"
- image-expires-after: "5d"
- build-image-index: ""
- skip-checks: "true"
# We need the following parameters when used within the Pipeline: when condition, etc
- build-source-image: false
- prefetch-input: ""
# SBOM Grype
- grype-version: v0.79.6
- grype-sbom-format: table
# Buildpack params
actions:
# Finally
- name: show-sbom
finally: true
# ref: bundle://quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:9bfc6b99ef038800fe131d7b45ff3cd4da3a415dd536f7c657b3527b01c4a13b
# params:
# - IMAGE_URL: "$(tasks.build-container.results.IMAGE_URL)"
ref: url://https://raw.githubusercontent.com/tektoncd/catalog/main/task/grype/0.1/grype.yaml
params:
- GRYPE_IMAGE: anchore/grype:$(params.grype-version)
- ARGS:
- $(tasks.build-container.results.IMAGE_URL)
- -o $(params.grype-sbom-format)
- name: summary # Konflux uses as name show-summary !!
finally: true
ref: bundle://quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:d97c04ab42f277b1103eb6f3a053b247849f4f5b3237ea302a8ecada3b24e15b
params:
- pipelinerun-name: "$(context.pipelineRun.name)"
- git-url: "$(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit)"
- image-url: "$(params.output-image)"
- build-task-status: "$(tasks.build-container.status)"
# Our build and check tasks
- name: buildpacks-extension-check
ref: url://https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/buildpacks-extension-check/01/buildpacks-extension-check.yaml
params:
- builderImage: paketocommunity/builder-ubi-base:latest
- credentialsHome: /tekton/creds-secrets/
- name: buildpacks-extension-phases
ref: url://https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/buildpacks-extension-phases/01/buildpacks-extension-phases.yaml
workspaces:
- name: source
workspace: workspace
params:
- APP_IMAGE: $(params.output-image)
- SOURCE_SUBPATH: "source"
- CNB_LOG_LEVEL: "info"
- CNB_LIFECYCLE_IMAGE: buildpacksio/lifecycle:0.20.1
- CNB_PLATFORM_API: "0.14"
- CNB_BUILDER_IMAGE: paketocommunity/builder-ubi-base:latest
- CNB_BUILD_IMAGE: paketocommunity/build-ubi-base:latest
- CNB_RUN_IMAGE: paketocommunity/run-ubi-base:latest
- CNB_USER_ID: $(tasks.buildpacks-extension-check.results.uid)
- CNB_GROUP_ID: $(tasks.buildpacks-extension-check.results.gid)
- CNB_ENV_VARS:
- BP_JVM_VERSION=21Generated file:
# generated/konflux/build/pipelinerun-quarkus-1-on-push.yaml
apiVersion: "tekton.dev/v1"
kind: "PipelineRun"
metadata:
annotations:
build.appstudio.redhat.com/target_branch: "{{target_branch}}"
build.appstudio.redhat.com/commit_sha: "{{revision}}"
pipelinesascode.tekton.dev/on-cel-expression: "event == 'push' && target_branch\
\ == 'main'"
pipelinesascode.tekton.dev/max-keep-runs: "3"
build.appstudio.openshift.io/repo: "https://github.com/ch007m/new-quarkus-app-1?rev={{revision}}"
labels:
appstudio.openshift.io/application: "my-quarkus"
pipelines.appstudio.openshift.io/type: "build"
pipelines.openshift.io/strategy: "build"
appstudio.openshift.io/component: "my-quarkus-app"
pipelines.openshift.io/used-by: "build-cloud"
pipelines.openshift.io/runtime: "java"
name: "quarkus-1-on-push"
namespace: "user-ns1"
spec:
params:
- name: "git-url"
value: "{{source_url}}"
- name: "revision"
value: "{{revision}}"
- name: "image-expires-after"
value: "5d"
- name: "build-image-index"
value: ""
- name: "build-source-image"
value: "false"
- name: "prefetch-input"
value: ""
- name: "git-url"
value: "{{source_url}}"
- name: "revision"
value: "{{revision}}"
- name: "output-image"
value: "quay.io/ch007m/user-ns1/my-quarkus/quarkus-1:{{revision}}"
- name: "image-expires-after"
value: "5d"
- name: "build-image-index"
value: ""
- name: "build-source-image"
value: "false"
- name: "prefetch-input"
value: ""
- name: "source-dir"
value: "source"
- name: "imageUrl"
value: "buildpacksio/pack"
- name: "imageTag"
value: "latest"
- name: "packCmdBuilderFlags"
value:
- "build"
- "-B"
- "quay.io/snowdrop/ubi-builder"
- "-e"
- "BP_JVM_VERSION=21"
- "quarkus-hello:1.0"
pipelineSpec:
finally:
- name: "show-sbom"
params:
- name: "IMAGE_URL"
value: "$(tasks.build-container.results.IMAGE_URL)"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1"
- name: "name"
value: "show-sbom"
- name: "kind"
value: "task"
resolver: "bundles"
- name: "summary"
params:
- name: "pipelinerun-name"
value: "$(context.pipelineRun.name)"
- name: "git-url"
value: "$(tasks.git-clone.results.url)?rev=$(tasks.git-clone.results.commit)"
- name: "image-url"
value: "$(params.output-image)"
- name: "build-task-status"
value: "$(tasks.build-container.status)"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-summary:0.2"
- name: "name"
value: "summary"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "workspace"
workspace: "workspace"
results:
- name: "IMAGE_URL"
value: "$(tasks.build-container.results.IMAGE_URL)"
- name: "IMAGE_DIGEST"
value: "$(tasks.build-container.results.IMAGE_DIGEST)"
- name: "BASE_IMAGES_DIGESTS"
value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)"
- name: "CHAINS-GIT_URL"
value: "$(tasks.git-clone.results.url)"
- name: "CHAINS-GIT_COMMIT"
value: "$(tasks.git-clone.results.commit)"
tasks:
- name: "init"
params:
- name: "image-url"
value: "$(params.output-image)"
- name: "rebuild"
value: "$(params.rebuild)"
- name: "skip-checks"
value: "$(params.skip-checks)"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-init:0.2"
- name: "name"
value: "init"
- name: "kind"
value: "task"
resolver: "bundles"
- name: "git-clone"
params:
- name: "url"
value: "$(params.git-url)"
runAfter:
- "init"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1"
- name: "name"
value: "git-clone"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "output"
workspace: "workspace"
- name: "basic-auth"
workspace: "git-auth"
- name: "prefetch-dependencies"
params:
- name: "input"
value: "$(params.prefetch-input)"
runAfter:
- "git-clone"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1"
- name: "name"
value: "prefetch-dependencies"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "source"
workspace: "workspace"
- name: "git-basic-auth"
workspace: "git-auth"
- name: "build-container"
params:
- name: "PACK_SOURCE_DIR"
value: "$(params.source-dir)"
- name: "PACK_CLI_IMAGE"
value: "$(params.imageUrl)"
- name: "PACK_CLI_IMAGE_VERSION"
value: "$(params.imageTag)"
- name: "PACK_CMD_FLAGS"
value:
- "$(params.packCmdBuilderFlags)"
taskRef:
params:
- name: "bundle"
value: "quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25"
- name: "name"
value: "pack"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "source-dir"
workspace: "workspace"
- name: "pack-workspace"
workspace: "workspace"
- name: "build-image-index"
params:
- name: "IMAGE"
value: "$(params.output-image)"
- name: "COMMIT_SHA"
value: "$(tasks.git-clone.results.commit)"
- name: "IMAGE_EXPIRES_AFTER"
value: "$(params.image-expires-after)"
- name: "ALWAYS_BUILD_INDEX"
value: "$(params.build-image-index)"
- name: "IMAGES"
value:
- "$(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)"
runAfter:
- "build-container"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1"
- name: "name"
value: "build-image-index"
- name: "kind"
value: "task"
resolver: "bundles"
- name: "source-build"
params:
- name: "BINARY_IMAGE"
value: "$(params.output-image)"
- name: "BASE_IMAGES"
value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)"
runAfter:
- "build-container"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-source-build:0.1"
- name: "name"
value: "source-build"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "workspace"
workspace: "workspace"
- name: "clair-scan"
params:
- name: "image-digest"
value: "$(tasks.build-container.results.IMAGE_DIGEST)"
- name: "image-url"
value: "$(tasks.build-container.results.IMAGE_URL)"
runAfter:
- "build-container"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1"
- name: "name"
value: "clair-scan"
- name: "kind"
value: "task"
resolver: "bundles"
- name: "ecosystem-cert-preflight-checks"
params:
- name: "image-url"
value: "$(tasks.build-container.results.IMAGE_URL)"
runAfter:
- "build-container"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1"
- name: "name"
value: "ecosystem-cert-preflight-checks"
- name: "kind"
value: "task"
resolver: "bundles"
- name: "sast-snyk-check"
params:
- name: "image-digest"
value: "$(tasks.build-container.results.IMAGE_DIGEST)"
- name: "image-url"
value: "$(tasks.build-container.results.IMAGE_URL)"
runAfter:
- "git-clone"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2"
- name: "name"
value: "sast-snyk-check"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "workspace"
workspace: "workspace"
- name: "clamav-scan"
params:
- name: "image-digest"
value: "$(tasks.build-container.results.IMAGE_DIGEST)"
- name: "image-url"
value: "$(tasks.build-container.results.IMAGE_URL)"
runAfter:
- "build-container"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1"
- name: "name"
value: "clamav-scan"
- name: "kind"
value: "task"
resolver: "bundles"
timeouts:
pipeline: "300000000000ns"
workspaces:
- name: "workspace"
volumeClaimTemplate:
apiVersion: "v1"
kind: "PersistentVolumeClaim"
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "1Gi"
- name: "git-auth"
secret:
secretName: "{{ git_auth_secret }}"
- name: "source-dir"
volumeClaimTemplate:
apiVersion: "v1"
kind: "PersistentVolumeClaim"
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "1Gi"
- name: "pack-workspace"
volumeClaimTemplate:
apiVersion: "v1"
kind: "PersistentVolumeClaim"
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "1Gi"
Command to be executed:
java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/konflux/build-quarkus-app-lifecycle-build-cfg.yamlusing as configuration:
# configurations/konflux/build-quarkus-app-lifecycle-build-cfg.yaml
# The type will be used by the application to generate the resources for the selected provider: konflux, tekton
provider: konflux
resourceType: PipelineRun
domain: build
namespace: user-ns1
repository:
url: https://github.com/ch007m/new-quarkus-app-1
dockerfilePath: src/main/docker/Dockerfile.jvm
# To generate the Konflux Application and/or Component CR
application:
name: my-quarkus
enable: false
component:
name: my-quarkus-app
enable: false
job:
name: quarkus-1-on-push
description: PipelineRun performing a build of a Quarkus application using buildpack task and lifecycle
results:
- IMAGE_URL: "$(tasks.build-container.results.IMAGE_URL)"
- IMAGE_DIGEST: "$(tasks.build-container.results.IMAGE_DIGEST)"
- BASE_IMAGES_DIGESTS: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)"
- CHAINS-GIT_URL: "$(tasks.clone-repository.results.url)"
- CHAINS-GIT_COMMIT: "$(tasks.clone-repository.results.commit)"
params:
- git-url: "{{source_url}}"
- revision: "{{revision}}"
- output-image: "quay.io/ch007m/my-quarkus:{{revision}}"
- image-expires-after: "5d"
- build-image-index: ""
# We need the following parameters when used within the Pipeline: when condition, etc
- build-source-image: false
- prefetch-input: ""
# Buildpack params
actions:
- name: buildpacks-phases
ref: url://https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/buildpacks-phases/01/buildpacks-phases.yaml
workspaces:
- name: source
workspace: workspace
params:
- APP_IMAGE: $(params.output-image)
- SOURCE_SUBPATH: "source"
- CNB_LOG_LEVEL: "info"
- CNB_BUILDER_IMAGE: paketocommunity/builder-ubi-base:latest
- CNB_LIFECYCLE_IMAGE: buildpacksio/lifecycle:0.20.1
- CNB_PLATFORM_API: "0.14"
- CNB_EXPERIMENTAL_MODE: "false"
- CNB_BUILD_IMAGE: paketocommunity/build-ubi-base:latest
- CNB_RUN_IMAGE: paketocommunity/run-ubi-base:latest
- CNB_GROUP_ID: 1000 # see: https://github.com/paketo-community/ubi-base-stack/blob/main/stack/stack.toml#L10-L12
- CNB_USER_ID: 1002
- CNB_ENV_VARS:
- BP_JVM_VERSION=21Generated file:
# generated/konflux/build/pipelinerun-quarkus-1-on-push.yaml
apiVersion: "tekton.dev/v1"
kind: "PipelineRun"
metadata:
annotations:
build.appstudio.redhat.com/target_branch: "{{target_branch}}"
build.appstudio.redhat.com/commit_sha: "{{revision}}"
pipelinesascode.tekton.dev/on-cel-expression: "event == 'push' && target_branch\
\ == 'main'"
pipelinesascode.tekton.dev/max-keep-runs: "3"
build.appstudio.openshift.io/repo: "https://github.com/ch007m/new-quarkus-app-1?rev={{revision}}"
labels:
appstudio.openshift.io/application: "my-quarkus"
pipelines.appstudio.openshift.io/type: "build"
pipelines.openshift.io/strategy: "build"
appstudio.openshift.io/component: "my-quarkus-app"
pipelines.openshift.io/used-by: "build-cloud"
pipelines.openshift.io/runtime: "java"
name: "quarkus-1-on-push"
namespace: "user-ns1"
spec:
params:
- name: "git-url"
value: "{{source_url}}"
- name: "revision"
value: "{{revision}}"
- name: "image-expires-after"
value: "5d"
- name: "build-image-index"
value: ""
- name: "build-source-image"
value: "false"
- name: "prefetch-input"
value: ""
- name: "git-url"
value: "{{source_url}}"
- name: "revision"
value: "{{revision}}"
- name: "output-image"
value: "quay.io/ch007m/user-ns1/my-quarkus/quarkus-1:{{revision}}"
- name: "image-expires-after"
value: "5d"
- name: "build-image-index"
value: ""
- name: "build-source-image"
value: "false"
- name: "prefetch-input"
value: ""
- name: "source-dir"
value: "source"
- name: "imageUrl"
value: "buildpacksio/pack"
- name: "imageTag"
value: "latest"
- name: "packCmdBuilderFlags"
value:
- "build"
- "-B"
- "quay.io/snowdrop/ubi-builder"
- "-e"
- "BP_JVM_VERSION=21"
- "quarkus-hello:1.0"
pipelineSpec:
finally:
- name: "show-sbom"
params:
- name: "IMAGE_URL"
value: "$(tasks.build-container.results.IMAGE_URL)"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1"
- name: "name"
value: "show-sbom"
- name: "kind"
value: "task"
resolver: "bundles"
- name: "summary"
params:
- name: "pipelinerun-name"
value: "$(context.pipelineRun.name)"
- name: "git-url"
value: "$(tasks.git-clone.results.url)?rev=$(tasks.git-clone.results.commit)"
- name: "image-url"
value: "$(params.output-image)"
- name: "build-task-status"
value: "$(tasks.build-container.status)"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-summary:0.2"
- name: "name"
value: "summary"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "workspace"
workspace: "workspace"
results:
- name: "IMAGE_URL"
value: "$(tasks.build-container.results.IMAGE_URL)"
- name: "IMAGE_DIGEST"
value: "$(tasks.build-container.results.IMAGE_DIGEST)"
- name: "BASE_IMAGES_DIGESTS"
value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)"
- name: "CHAINS-GIT_URL"
value: "$(tasks.git-clone.results.url)"
- name: "CHAINS-GIT_COMMIT"
value: "$(tasks.git-clone.results.commit)"
tasks:
- name: "init"
params:
- name: "image-url"
value: "$(params.output-image)"
- name: "rebuild"
value: "$(params.rebuild)"
- name: "skip-checks"
value: "$(params.skip-checks)"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-init:0.2"
- name: "name"
value: "init"
- name: "kind"
value: "task"
resolver: "bundles"
- name: "git-clone"
params:
- name: "url"
value: "$(params.git-url)"
runAfter:
- "init"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1"
- name: "name"
value: "git-clone"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "output"
workspace: "workspace"
- name: "basic-auth"
workspace: "git-auth"
- name: "prefetch-dependencies"
params:
- name: "input"
value: "$(params.prefetch-input)"
runAfter:
- "git-clone"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1"
- name: "name"
value: "prefetch-dependencies"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "source"
workspace: "workspace"
- name: "git-basic-auth"
workspace: "git-auth"
- name: "build-container"
params:
- name: "PACK_SOURCE_DIR"
value: "$(params.source-dir)"
- name: "PACK_CLI_IMAGE"
value: "$(params.imageUrl)"
- name: "PACK_CLI_IMAGE_VERSION"
value: "$(params.imageTag)"
- name: "PACK_CMD_FLAGS"
value:
- "$(params.packCmdBuilderFlags)"
taskRef:
params:
- name: "bundle"
value: "quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25"
- name: "name"
value: "pack"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "source-dir"
workspace: "workspace"
- name: "pack-workspace"
workspace: "workspace"
- name: "build-image-index"
params:
- name: "IMAGE"
value: "$(params.output-image)"
- name: "COMMIT_SHA"
value: "$(tasks.git-clone.results.commit)"
- name: "IMAGE_EXPIRES_AFTER"
value: "$(params.image-expires-after)"
- name: "ALWAYS_BUILD_INDEX"
value: "$(params.build-image-index)"
- name: "IMAGES"
value:
- "$(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)"
runAfter:
- "build-container"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1"
- name: "name"
value: "build-image-index"
- name: "kind"
value: "task"
resolver: "bundles"
- name: "source-build"
params:
- name: "BINARY_IMAGE"
value: "$(params.output-image)"
- name: "BASE_IMAGES"
value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)"
runAfter:
- "build-container"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-source-build:0.1"
- name: "name"
value: "source-build"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "workspace"
workspace: "workspace"
- name: "clair-scan"
params:
- name: "image-digest"
value: "$(tasks.build-container.results.IMAGE_DIGEST)"
- name: "image-url"
value: "$(tasks.build-container.results.IMAGE_URL)"
runAfter:
- "build-container"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1"
- name: "name"
value: "clair-scan"
- name: "kind"
value: "task"
resolver: "bundles"
- name: "ecosystem-cert-preflight-checks"
params:
- name: "image-url"
value: "$(tasks.build-container.results.IMAGE_URL)"
runAfter:
- "build-container"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1"
- name: "name"
value: "ecosystem-cert-preflight-checks"
- name: "kind"
value: "task"
resolver: "bundles"
- name: "sast-snyk-check"
params:
- name: "image-digest"
value: "$(tasks.build-container.results.IMAGE_DIGEST)"
- name: "image-url"
value: "$(tasks.build-container.results.IMAGE_URL)"
runAfter:
- "git-clone"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2"
- name: "name"
value: "sast-snyk-check"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "workspace"
workspace: "workspace"
- name: "clamav-scan"
params:
- name: "image-digest"
value: "$(tasks.build-container.results.IMAGE_DIGEST)"
- name: "image-url"
value: "$(tasks.build-container.results.IMAGE_URL)"
runAfter:
- "build-container"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1"
- name: "name"
value: "clamav-scan"
- name: "kind"
value: "task"
resolver: "bundles"
timeouts:
pipeline: "300000000000ns"
workspaces:
- name: "workspace"
volumeClaimTemplate:
apiVersion: "v1"
kind: "PersistentVolumeClaim"
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "1Gi"
- name: "git-auth"
secret:
secretName: "{{ git_auth_secret }}"
- name: "source-dir"
volumeClaimTemplate:
apiVersion: "v1"
kind: "PersistentVolumeClaim"
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "1Gi"
- name: "pack-workspace"
volumeClaimTemplate:
apiVersion: "v1"
kind: "PersistentVolumeClaim"
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "1Gi"
Command to be executed:
java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/konflux/build-remote-ssh-cfg.yamlusing as configuration:
# configurations/konflux/build-remote-ssh-cfg.yaml
# The type will be used by the application to generate the resources for the selected provider: konflux, tekton
provider: konflux
resourceType: PipelineRun
domain: remote-build
namespace: cmoullia-tenant
repository:
url: https://github.com/redhat-buildpacks/builder-ubi-base
# To generate the Application and/or Component CR
application:
name: buildpack-remote
enable: false
component:
name: builder-ubi-base
enable: false
job:
name: builder-ubi-base
description: PipelineRun using the pack cli to build the builder image remotely
timeout: "0h15m0s"
params:
# Konflux param
- output-image: quay.io/redhat-user-workloads/cmoullia-tenant/buildpack-remote/builder-ubi-base:{{revision}}
actions:
- name: pack
runAfter: prefetch-dependencies # TODO: IS there a better way to set such a value : default or not
image: quay.io/konflux-ci/buildah-task:latest@sha256:860a239c5f25376a435a514ae6d53a5c75b1fa492461d17774e9b7cb32d1e275
params:
# Konflux
- PLATFORM: linux-mlarge/amd64 # linux-root/amd64 # We need it in order to configure the multi-arch-platform controller properly - see: https://github.com/redhat-appstudio/infra-deployments/blob/main/components/multi-platform-controller/production/host-config.yaml
# Image to use to execute remotely the SSH script using podman run
- BUILDER_IMAGE: quay.io/konflux-ci/buildah-task:latest@sha256:860a239c5f25376a435a514ae6d53a5c75b1fa492461d17774e9b7cb32d1e275
# Buildpack
- REPOSITORY_TO_FETCH: "https://github.com/redhat-buildpacks/builder-ubi-base"
- PACK_CLI_VERSION: "v0.35.1"
- BUILD_ARGS:
- "-v"
workspaces:
- name: source
workspace: workspace
results:
- IMAGE_URL: "Image repository and tag where the built image was pushed"
- IMAGE_DIGEST: "Digest of the image just built"
- IMAGE_REF: "Image reference of the built image"
- BASE_IMAGES_DIGESTS: "Digests of the base images used for build"
- SBOM_BLOB_URL: "SBOM Image URL"
# env var ar not injected within the tekton's pod running the script
envs:
- BUILDER_IMAGE: $(params.BUILDER_IMAGE)
- PLATFORM: $(params.PLATFORM)
- REPOSITORY_TO_FETCH: $(params.REPOSITORY_TO_FETCH)
- IMAGE: $(params.output-image)
- PACK_CLI_VERSION: $(params.PACK_CLI_VERSION)
args:
- $(params.BUILD_ARGS[*])
#scriptFileUrl: https://raw.githubusercontent.com/ch007m/pipeline-dsl-builder/main/scripts/ssh-remote.sh
volumes:
- name: ssh
mountPath: /ssh
# readOnly: true ==> The default value is true
secret: "multi-platform-ssh-$(context.taskRun.name)"
- name: workdir
mountPath: /var/workdir
readOnly: false
emptyDir: "{}"
scriptFileUrl: "file://configurations/konflux/ubi-builder-image.sh"Generated file:
# generated/konflux/remote-build/pipelinerun-builder-ubi-base.yaml
apiVersion: "tekton.dev/v1"
kind: "PipelineRun"
metadata:
annotations:
build.appstudio.redhat.com/target_branch: "{{target_branch}}"
build.appstudio.redhat.com/commit_sha: "{{revision}}"
pipelinesascode.tekton.dev/on-cel-expression: "event == 'push' && target_branch\
\ == 'main'"
pipelinesascode.tekton.dev/max-keep-runs: "3"
build.appstudio.openshift.io/repo: "https://github.com/redhat-buildpacks/builder-ubi-base?rev={{revision}}"
labels:
appstudio.openshift.io/application: "buildpack-remote"
pipelines.appstudio.openshift.io/type: "build"
pipelines.openshift.io/strategy: "remote-build"
appstudio.openshift.io/component: "builder-ubi-base"
pipelines.openshift.io/used-by: "build-cloud"
pipelines.openshift.io/runtime: "java"
name: "builder-ubi-base"
namespace: "cmoullia-tenant"
spec:
params:
- name: "git-url"
value: "{{source_url}}"
- name: "revision"
value: "{{revision}}"
- name: "image-expires-after"
value: "5d"
- name: "build-image-index"
value: ""
- name: "build-source-image"
value: "false"
- name: "prefetch-input"
value: ""
- name: "output-image"
value: "quay.io/redhat-user-workloads/cmoullia-tenant/buildpack-remote/builder-ubi-base:{{revision}}"
pipelineSpec:
finally:
- name: "show-sbom"
params:
- name: "IMAGE_URL"
value: "$(tasks.build-container.results.IMAGE_URL)"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1"
- name: "name"
value: "show-sbom"
- name: "kind"
value: "task"
resolver: "bundles"
- name: "summary"
params:
- name: "pipelinerun-name"
value: "$(context.pipelineRun.name)"
- name: "git-url"
value: "$(tasks.git-clone.results.url)?rev=$(tasks.git-clone.results.commit)"
- name: "image-url"
value: "$(params.output-image)"
- name: "build-task-status"
value: "$(tasks.build-container.status)"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-summary:0.2"
- name: "name"
value: "summary"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "workspace"
workspace: "workspace"
results:
- name: "IMAGE_URL"
value: "$(tasks.build-container.results.IMAGE_URL)"
- name: "IMAGE_DIGEST"
value: "$(tasks.build-container.results.IMAGE_DIGEST)"
- name: "BASE_IMAGES_DIGESTS"
value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)"
- name: "CHAINS-GIT_URL"
value: "$(tasks.git-clone.results.url)"
- name: "CHAINS-GIT_COMMIT"
value: "$(tasks.git-clone.results.commit)"
tasks:
- name: "init"
params:
- name: "image-url"
value: "$(params.output-image)"
- name: "rebuild"
value: "$(params.rebuild)"
- name: "skip-checks"
value: "$(params.skip-checks)"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-init:0.2"
- name: "name"
value: "init"
- name: "kind"
value: "task"
resolver: "bundles"
- name: "git-clone"
params:
- name: "url"
value: "$(params.git-url)"
runAfter:
- "init"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1"
- name: "name"
value: "git-clone"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "output"
workspace: "workspace"
- name: "basic-auth"
workspace: "git-auth"
- name: "prefetch-dependencies"
params:
- name: "input"
value: "$(params.prefetch-input)"
runAfter:
- "git-clone"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1"
- name: "name"
value: "prefetch-dependencies"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "source"
workspace: "workspace"
- name: "git-basic-auth"
workspace: "git-auth"
- name: "build-container"
params:
- name: "PLATFORM"
value: "linux-mlarge/amd64"
- name: "BUILDER_IMAGE"
value: "quay.io/konflux-ci/buildah-task:latest@sha256:860a239c5f25376a435a514ae6d53a5c75b1fa492461d17774e9b7cb32d1e275"
- name: "REPOSITORY_TO_FETCH"
value: "https://github.com/redhat-buildpacks/builder-ubi-base"
- name: "PACK_CLI_VERSION"
value: "v0.35.1"
- name: "BUILD_ARGS"
value:
- "-v"
runAfter:
- "prefetch-dependencies"
taskSpec:
results:
- description: "Image repository and tag where the built image was pushed"
name: "IMAGE_URL"
- description: "Digest of the image just built"
name: "IMAGE_DIGEST"
- description: "Image reference of the built image"
name: "IMAGE_REF"
- description: "Digests of the base images used for build"
name: "BASE_IMAGES_DIGESTS"
- description: "SBOM Image URL"
name: "SBOM_BLOB_URL"
stepTemplate:
env:
- name: "BUILDER_IMAGE"
value: "$(params.BUILDER_IMAGE)"
- name: "PLATFORM"
value: "$(params.PLATFORM)"
- name: "REPOSITORY_TO_FETCH"
value: "$(params.REPOSITORY_TO_FETCH)"
- name: "IMAGE"
value: "$(params.output-image)"
- name: "PACK_CLI_VERSION"
value: "$(params.PACK_CLI_VERSION)"
steps:
- args:
- "$(params.BUILD_ARGS[*])"
image: "quay.io/konflux-ci/buildah-task:latest@sha256:860a239c5f25376a435a514ae6d53a5c75b1fa492461d17774e9b7cb32d1e275"
name: "run-script"
script: |-
#!/usr/bin/env bash
set -eu
set -o pipefail
echo "##########################################################################################"
echo "### Step 1 :: Configure SSH and rsync folders from tekton to the VM"
echo "##########################################################################################"
mkdir -p ~/.ssh
if [ -e "/ssh/error" ]; then
#no server could be provisioned
cat /ssh/error
exit 1
elif [ -e "/ssh/otp" ]; then
curl --cacert /ssh/otp-ca -XPOST -d @/ssh/otp $(cat /ssh/otp-server) >~/.ssh/id_rsa
echo "" >> ~/.ssh/id_rsa
else
cp /ssh/id_rsa ~/.ssh
fi
chmod 0400 ~/.ssh/id_rsa
export SSH_HOST=$(cat /ssh/host)
export BUILD_DIR=$(cat /ssh/user-dir)
export SSH_ARGS="-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ServerAliveCountMax=10"
echo "### Export different variables which are used within the script like args, repository to fetch, etc"
export REPOSITORY_TO_FETCH=${REPOSITORY_TO_FETCH}
export BUILD_ARGS="$@"
ssh $SSH_ARGS "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes"
echo "### rsync folders from pod to VM ..."
rsync -ra /var/workdir/ "$SSH_HOST:$BUILD_DIR/volumes/workdir/"
rsync -ra "/tekton/results/" "$SSH_HOST:$BUILD_DIR/results/"
echo "##########################################################################################"
echo "### Step 2 :: Create the bash script to be executed within the VM"
echo "##########################################################################################"
mkdir -p scripts
cat >scripts/script-build.sh <<'REMOTESSHEOF'
#!/bin/sh
TEMP_DIR="$HOME/tmp"
USER_BIN_DIR="$HOME/bin"
BUILDPACK_PROJECTS="$HOME/buildpack-repo"
mkdir -p ${TEMP_DIR}
mkdir -p ${USER_BIN_DIR}
mkdir -p ${BUILDPACK_PROJECTS}
export PATH=$PATH:${USER_BIN_DIR}
echo "### Podman info ###"
podman version
echo "### Start podman.socket ##"
systemctl --user start podman.socket
systemctl status podman.socket
echo "### Installing jq ..."
curl -sSL https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux-amd64 > ${USER_BIN_DIR}/jq
chmod +x ${USER_BIN_DIR}/jq
echo "### Install tomlq tool ..."
curl -sSL https://github.com/cryptaliagy/tomlq/releases/download/0.1.6/tomlq.amd64.tgz | tar -vxz tq
mv tq ${USER_BIN_DIR}/tq
echo "### Install syft"
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s --
# Not needed as syft is already saved under bin/syft => mv bin/syft ${USER_BIN_DIR}/syft
syft --version
echo "### Install cosign"
curl -O -sL https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64
mv cosign-linux-amd64 ${USER_BIN_DIR}/cosign
chmod +x ${USER_BIN_DIR}/cosign
cosign version
echo "### Install pack ###"
curl -sSL "https://github.com/buildpacks/pack/releases/download/${PACK_CLI_VERSION}/pack-${PACK_CLI_VERSION}-linux.tgz" | tar -C ${TEMP_DIR} --no-same-owner -xzv pack
mv ${TEMP_DIR}/pack ${USER_BIN_DIR}
echo "### Pack version ###"
pack --version
pack config experimental true
echo "### Fetch the tarball of the buildpack project to build"
echo "### Git repo: ${REPOSITORY_TO_FETCH}"
curl -sSL "${REPOSITORY_TO_FETCH}/tarball/main" | tar -xz -C ${TEMP_DIR}
mv ${TEMP_DIR}/redhat-buildpacks-builder-ubi-base-* ${BUILDPACK_PROJECTS}/builder-ubi-base
cd ${BUILDPACK_PROJECTS}/builder-ubi-base
echo "### Build the builder image using pack"
for build_arg in "${BUILD_ARGS[@]}"; do
PACK_ARGS+=" $build_arg"
done
echo "### Pack extra args: $PACK_ARGS"
echo "### Execute: pack builder create ..."
export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock
echo "pack builder create ${IMAGE} --config builder.toml ${PACK_ARGS}"
pack builder create ${IMAGE} --config builder.toml ${PACK_ARGS}
echo "### Export the image as OCI"
podman push "$IMAGE" "oci:konflux-final-image:$IMAGE"
echo "###########################################################"
echo "### Export: IMAGE_URL, IMAGE_DIGEST & BASE_IMAGES_DIGESTS under: $BUILD_DIR/volumes/workdir/"
echo "###########################################################"
echo -n "$IMAGE" > $BUILD_DIR/volumes/workdir/IMAGE_URL
BASE_IMAGE=$(tq -f builder.toml -o json 'stack' | jq -r '."build-image"')
podman inspect ${BASE_IMAGE} | jq -r '.[].Digest' > $BUILD_DIR/volumes/workdir/BASE_IMAGES_DIGESTS
echo "### Push the image produced and get its digest: $IMAGE"
podman push \
--digestfile $BUILD_DIR/volumes/workdir/IMAGE_DIGEST \
"$IMAGE"
echo "########################################"
echo "### Running syft on the image filesystem"
echo "########################################"
syft -v scan oci-dir:konflux-final-image -o cyclonedx-json > $BUILD_DIR/volumes/workdir/sbom-image.json
echo "### Show the content of the sbom file"
cat $BUILD_DIR/volumes/workdir/sbom-image.json # | jq -r '.'
{
echo -n "${IMAGE}@"
cat "$BUILD_DIR/volumes/workdir/IMAGE_DIGEST"
} > $BUILD_DIR/volumes/workdir/IMAGE_REF
echo "Image reference: $(cat $BUILD_DIR/volumes/workdir/IMAGE_REF)"
echo "########################################"
echo "### Add the SBOM to the image"
echo "########################################"
cosign attach sbom --sbom $BUILD_DIR/volumes/workdir/sbom-image.json --type cyclonedx $(cat $BUILD_DIR/volumes/workdir/IMAGE_REF)
REMOTESSHEOF
chmod +x scripts/script-build.sh
echo "##########################################################################################"
echo "### Step 3 :: Execute the bash script on the VM"
echo "##########################################################################################"
rsync -ra scripts "$SSH_HOST:$BUILD_DIR"
rsync -ra "$HOME/.docker/" "$SSH_HOST:$BUILD_DIR/.docker/"
ssh $SSH_ARGS "$SSH_HOST" \
"REPOSITORY_TO_FETCH=${REPOSITORY_TO_FETCH} BUILDER_IMAGE=$BUILDER_IMAGE PLATFORM=$PLATFORM IMAGE=$IMAGE PACK_CLI_VERSION=$PACK_CLI_VERSION BUILD_ARGS=$BUILD_ARGS" BUILD_DIR=$BUILD_DIR \
scripts/script-build.sh
echo "### rsync folders from VM to pod"
rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/workdir/" "/var/workdir/"
rsync -ra "$SSH_HOST:$BUILD_DIR/results/" "/tekton/results/"
echo "##########################################################################################"
echo "### Step 4 :: Export results to Tekton"
echo "##########################################################################################"
echo "### Export the tekton results"
echo "### IMAGE_URL: $(cat /var/workdir/IMAGE_URL)"
cat /var/workdir/IMAGE_URL > "$(results.IMAGE_URL.path)"
echo "### IMAGE_DIGEST: $(cat /var/workdir/IMAGE_DIGEST)"
cat /var/workdir/IMAGE_DIGEST > "$(results.IMAGE_DIGEST.path)"
echo "### IMAGE_REF: $(cat /var/workdir/IMAGE_REF)"
cat /var/workdir/IMAGE_REF > "$(results.IMAGE_REF.path)"
echo "### BASE_IMAGES_DIGESTS: $(cat /var/workdir/BASE_IMAGES_DIGESTS)"
cat /var/workdir/BASE_IMAGES_DIGESTS > "$(results.BASE_IMAGES_DIGESTS.path)"
SBOM_REPO="${IMAGE%:*}"
SBOM_DIGEST="$(sha256sum /var/workdir/sbom-image.json | cut -d' ' -f1)"
echo "### SBOM_BLOB_URL: ${SBOM_REPO}@sha256:${SBOM_DIGEST}"
echo -n "${SBOM_REPO}@sha256:${SBOM_DIGEST}" | tee "$(results.SBOM_BLOB_URL.path)"
volumeMounts:
- mountPath: "/ssh"
name: "ssh"
readOnly: true
- mountPath: "/var/workdir"
name: "workdir"
readOnly: false
volumes:
- name: "ssh"
secret:
secretName: "multi-platform-ssh-$(context.taskRun.name)"
- emptyDir: {}
name: "workdir"
workspaces:
- name: "source"
workspace: "workspace"
- name: "build-image-index"
params:
- name: "IMAGE"
value: "$(params.output-image)"
- name: "COMMIT_SHA"
value: "$(tasks.git-clone.results.commit)"
- name: "IMAGE_EXPIRES_AFTER"
value: "$(params.image-expires-after)"
- name: "ALWAYS_BUILD_INDEX"
value: "$(params.build-image-index)"
- name: "IMAGES"
value:
- "$(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)"
runAfter:
- "build-container"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1"
- name: "name"
value: "build-image-index"
- name: "kind"
value: "task"
resolver: "bundles"
- name: "source-build"
params:
- name: "BINARY_IMAGE"
value: "$(params.output-image)"
- name: "BASE_IMAGES"
value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)"
runAfter:
- "build-container"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-source-build:0.1"
- name: "name"
value: "source-build"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "workspace"
workspace: "workspace"
- name: "clair-scan"
params:
- name: "image-digest"
value: "$(tasks.build-container.results.IMAGE_DIGEST)"
- name: "image-url"
value: "$(tasks.build-container.results.IMAGE_URL)"
runAfter:
- "build-container"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1"
- name: "name"
value: "clair-scan"
- name: "kind"
value: "task"
resolver: "bundles"
- name: "ecosystem-cert-preflight-checks"
params:
- name: "image-url"
value: "$(tasks.build-container.results.IMAGE_URL)"
runAfter:
- "build-container"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1"
- name: "name"
value: "ecosystem-cert-preflight-checks"
- name: "kind"
value: "task"
resolver: "bundles"
- name: "sast-snyk-check"
params:
- name: "image-digest"
value: "$(tasks.build-container.results.IMAGE_DIGEST)"
- name: "image-url"
value: "$(tasks.build-container.results.IMAGE_URL)"
runAfter:
- "git-clone"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2"
- name: "name"
value: "sast-snyk-check"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "workspace"
workspace: "workspace"
- name: "clamav-scan"
params:
- name: "image-digest"
value: "$(tasks.build-container.results.IMAGE_DIGEST)"
- name: "image-url"
value: "$(tasks.build-container.results.IMAGE_URL)"
runAfter:
- "build-container"
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1"
- name: "name"
value: "clamav-scan"
- name: "kind"
value: "task"
resolver: "bundles"
timeouts:
pipeline: "900000000000ns"
workspaces:
- name: "workspace"
volumeClaimTemplate:
apiVersion: "v1"
kind: "PersistentVolumeClaim"
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "1Gi"
- name: "git-auth"
secret:
secretName: "{{ git_auth_secret }}"
Command to be executed:
java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-fetch-file-script-cfg.yamlusing as configuration:
# configurations/tekton/simple-job-fetch-file-script-cfg.yaml
# The type will be used by the application to generate the resources for the selected provider: konflux, tekton
provider: tekton
resourceType: PipelineRun
domain: example
job:
name: simple-job-fetch-file-script
description: Simple example of a Tekton pipeline echoing a message
actions:
- name: say-hello
scriptFileUrl: file://scripts/echo.shGenerated file:
# generated/tekton/example/pipelinerun-simple-job-fetch-file-script.yaml
apiVersion: "tekton.dev/v1"
kind: "PipelineRun"
metadata:
annotations:
tekton.dev/pipelines.minVersion: "0.60.x"
tekton.dev/displayName: "Simple example of a Tekton pipeline echoing a message"
tekton.dev/platforms: "linux/amd64"
labels:
app.kubernetes.io/version: "0.1"
name: "simple-job-fetch-file-script"
spec:
pipelineSpec:
tasks:
- name: "say-hello"
taskSpec:
stepTemplate: {}
steps:
- image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17"
name: "run-script"
script: |-
#!/usr/bin/env bash
set -e
echo "Say Hello"
timeouts:
pipeline: "300000000000ns"
Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye and sharing the message using a workspace
Command to be executed:
java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-two-actions-worskpace-cfg.yamlusing as configuration:
# configurations/tekton/simple-job-two-actions-worskpace-cfg.yaml
provider: tekton
resourceType: PipelineRun
domain: example
namespace: demo
job:
name: simple-job-two-actions-wks
description: Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye and sharing the message using a workspace
workspaces:
- name: shared-wks
actions:
- name: say-hello
script: |
#!/usr/bin/env bash
set -e
if [ "$(workspaces.shared-wks.bound)" == "true" ] ; then
echo Hello from action - say-hello > $(workspaces.shared-wks.path)/message
fi
workspaces:
- name: shared-wks
workspace: shared-wks
- name: say-goodbye
script: |
#!/usr/bin/env bash
set -e
if [ "$(workspaces.shared-wks.bound)" == "true" ] ; then
cat $(workspaces.shared-wks.path)/message
fi
echo "Saying Good bye to all of you from action: say-goodbye"
workspaces:
- name: shared-wks
workspace: shared-wksGenerated file:
# generated/tekton/example/pipelinerun-simple-job-two-actions-wks.yaml
apiVersion: "tekton.dev/v1"
kind: "PipelineRun"
metadata:
annotations:
tekton.dev/pipelines.minVersion: "0.60.x"
tekton.dev/displayName: "Simple example of a Tekton pipeline including 2 actions\
\ echoing Hello and Good bye and sharing the message using a workspace"
tekton.dev/platforms: "linux/amd64"
labels:
app.kubernetes.io/version: "0.1"
name: "simple-job-two-actions-wks"
namespace: "demo"
spec:
pipelineSpec:
tasks:
- name: "say-hello"
taskSpec:
stepTemplate: {}
steps:
- image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17"
name: "run-script"
script: |
#!/usr/bin/env bash
set -e
if [ "$(workspaces.shared-wks.bound)" == "true" ] ; then
echo Hello from action - say-hello > $(workspaces.shared-wks.path)/message
fi
workspaces:
- name: "shared-wks"
workspace: "shared-wks"
- name: "say-goodbye"
runAfter:
- "say-hello"
taskSpec:
stepTemplate: {}
steps:
- image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17"
name: "run-script"
script: |
#!/usr/bin/env bash
set -e
if [ "$(workspaces.shared-wks.bound)" == "true" ] ; then
cat $(workspaces.shared-wks.path)/message
fi
echo "Saying Good bye to all of you from action: say-goodbye"
workspaces:
- name: "shared-wks"
workspace: "shared-wks"
timeouts:
pipeline: "300000000000ns"
workspaces:
- name: "shared-wks"
volumeClaimTemplate:
apiVersion: "v1"
kind: "PersistentVolumeClaim"
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "1Gi"
Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye when condition is met
Command to be executed:
java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-two-actions-when-cfg.yamlusing as configuration:
# configurations/tekton/simple-job-two-actions-when-cfg.yaml
provider: tekton
resourceType: PipelineRun
domain: example
namespace: demo
job:
name: simple-job-two-actions-when # name of the pipeline to be created
description: Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye when condition is met
params:
- message: true
actions:
- name: say-hello
script: |
#!/usr/bin/env bash
set -e
echo "Say Hello"
- name: say-goodbye
when:
- "$(params.message): true"
script: |
#!/usr/bin/env bash
set -e
echo "and say Good bye to all of you !"Generated file:
# generated/tekton/example/pipelinerun-simple-job-two-actions-when.yaml
apiVersion: "tekton.dev/v1"
kind: "PipelineRun"
metadata:
annotations:
tekton.dev/pipelines.minVersion: "0.60.x"
tekton.dev/displayName: "Simple example of a Tekton pipeline including 2 actions\
\ echoing Hello and Good bye when condition is met"
tekton.dev/platforms: "linux/amd64"
labels:
app.kubernetes.io/version: "0.1"
name: "simple-job-two-actions-when"
namespace: "demo"
spec:
params:
- name: "message"
value: "true"
pipelineSpec:
tasks:
- name: "say-hello"
taskSpec:
stepTemplate: {}
steps:
- image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17"
name: "run-script"
script: |
#!/usr/bin/env bash
set -e
echo "Say Hello"
- name: "say-goodbye"
runAfter:
- "say-hello"
taskSpec:
stepTemplate: {}
steps:
- image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17"
name: "run-script"
script: |-
#!/usr/bin/env bash
set -e
echo "and say Good bye to all of you !"
when:
- input: "$(params.message)"
operator: "in"
values:
- "true"
timeouts:
pipeline: "300000000000ns"
Command to be executed:
java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-two-actions-cfg.yamlusing as configuration:
# configurations/tekton/simple-job-two-actions-cfg.yaml
# The type will be used by the application to generate the resources for the selected provider: konflux, tekton
provider: tekton
resourceType: PipelineRun
# The domain allows to organize the resources, tasks to be generated
domain: example
# Kubernetes namespace
namespace: demo
job:
name: simple-job-two-actions # name of the pipeline to be created
description: Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye
actions:
- name: say-hello
script: |
#!/usr/bin/env bash
set -e
echo "Say Hello"
- name: say-goodbye
script: |
#!/usr/bin/env bash
set -e
echo "and say Good bye to all of you !"Generated file:
# generated/tekton/example/pipelinerun-simple-job-two-actions.yaml
apiVersion: "tekton.dev/v1"
kind: "PipelineRun"
metadata:
annotations:
tekton.dev/pipelines.minVersion: "0.60.x"
tekton.dev/displayName: "Simple example of a Tekton pipeline including 2 actions\
\ echoing Hello and Good bye"
tekton.dev/platforms: "linux/amd64"
labels:
app.kubernetes.io/version: "0.1"
name: "simple-job-two-actions"
namespace: "demo"
spec:
pipelineSpec:
tasks:
- name: "say-hello"
taskSpec:
stepTemplate: {}
steps:
- image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17"
name: "run-script"
script: |
#!/usr/bin/env bash
set -e
echo "Say Hello"
- name: "say-goodbye"
runAfter:
- "say-hello"
taskSpec:
stepTemplate: {}
steps:
- image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17"
name: "run-script"
script: |-
#!/usr/bin/env bash
set -e
echo "and say Good bye to all of you !"
timeouts:
pipeline: "300000000000ns"
Command to be executed:
java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-action-embedded-script-cfg.yamlusing as configuration:
# configurations/tekton/simple-action-embedded-script-cfg.yaml
provider: tekton
resourceType: TaskRun
domain: example
job:
name: simple-action-embedded-script
description: Simple example of a Tekton task echoing a message
actions:
- name: say-hello
script: |
#!/usr/bin/env bash
set -e
echo "Say Hello"Generated file:
# generated/tekton/example/taskrun-simple-action-embedded-script.yaml
apiVersion: "tekton.dev/v1"
kind: "TaskRun"
metadata:
labels:
tekton.dev/taskRun: "simple-action-embedded-script"
name: "simple-action-embedded-script"
spec:
taskSpec:
steps:
- command:
- null
image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17"
name: "say-hello"
script: |-
#!/usr/bin/env bash
set -e
echo "Say Hello"
Command to be executed:
java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-embedded-script-cfg.yamlusing as configuration:
# configurations/tekton/simple-job-embedded-script-cfg.yaml
provider: tekton
resourceType: PipelineRun
domain: example
job:
name: simple-job-embedded-script # name of the pipeline to be created
description: Simple example of a Tekton pipeline echoing a message
actions:
- name: say-hello
script: |
#!/usr/bin/env bash
set -e
echo "Say Hello"Generated file:
# generated/tekton/example/pipelinerun-simple-job-embedded-script.yaml
apiVersion: "tekton.dev/v1"
kind: "PipelineRun"
metadata:
annotations:
tekton.dev/pipelines.minVersion: "0.60.x"
tekton.dev/displayName: "Simple example of a Tekton pipeline echoing a message"
tekton.dev/platforms: "linux/amd64"
labels:
app.kubernetes.io/version: "0.1"
name: "simple-job-embedded-script"
spec:
pipelineSpec:
tasks:
- name: "say-hello"
taskSpec:
stepTemplate: {}
steps:
- image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17"
name: "run-script"
script: |-
#!/usr/bin/env bash
set -e
echo "Say Hello"
timeouts:
pipeline: "300000000000ns"
Command to be executed:
java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-fetch-script-cfg.yamlusing as configuration:
# configurations/tekton/simple-job-fetch-script-cfg.yaml
# The type will be used by the application to generate the resources for the selected provider: konflux, tekton
provider: tekton
resourceType: PipelineRun
domain: example
# Kubernetes namespace
namespace:
job:
name: simple-job-fetch-script # name of the pipeline to be created
description: Simple example of a Tekton pipeline echoing a message
actions:
- name: say-hello
# The ref or reference expressed using the uri://<task-name>:<url>
# will fetch the code of the action to be executed
ref:
# The url of the script file to be executed using a linux container
scriptFileUrl: https://raw.githubusercontent.com/ch007m/pipeline-dsl-builder/main/scripts/echo.shGenerated file:
# generated/tekton/example/pipelinerun-simple-job-fetch-script.yaml
apiVersion: "tekton.dev/v1"
kind: "PipelineRun"
metadata:
annotations:
tekton.dev/pipelines.minVersion: "0.60.x"
tekton.dev/displayName: "Simple example of a Tekton pipeline echoing a message"
tekton.dev/platforms: "linux/amd64"
labels:
app.kubernetes.io/version: "0.1"
name: "simple-job-fetch-script"
spec:
pipelineSpec:
tasks:
- name: "say-hello"
taskSpec:
stepTemplate: {}
steps:
- image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17"
name: "run-script"
script: |
#!/usr/bin/env bash
set -e
echo "Say Hello"
timeouts:
pipeline: "300000000000ns"
Command to be executed:
java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-results-script-cfg.yamlusing as configuration:
# configurations/tekton/simple-job-results-script-cfg.yaml
# The type will be used by the application to generate the resources for the selected provider: konflux, tekton
provider: tekton
resourceType: PipelineRun
domain: example
job:
name: simple-job-results-file-script
description: Simple example of a Tekton pipeline echoing a message and pushing a result
actions:
- name: say-hello
results:
- FOO: "A Foo user"
scriptFileUrl: file://scripts/echo.shGenerated file:
# generated/tekton/example/pipelinerun-simple-job-results-file-script.yaml
apiVersion: "tekton.dev/v1"
kind: "PipelineRun"
metadata:
annotations:
tekton.dev/pipelines.minVersion: "0.60.x"
tekton.dev/displayName: "Simple example of a Tekton pipeline echoing a message\
\ and pushing a result"
tekton.dev/platforms: "linux/amd64"
labels:
app.kubernetes.io/version: "0.1"
name: "simple-job-results-file-script"
spec:
pipelineSpec:
tasks:
- name: "say-hello"
taskSpec:
results:
- description: "A Foo user"
name: "FOO"
stepTemplate: {}
steps:
- image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17"
name: "run-script"
script: |-
#!/usr/bin/env bash
set -e
echo "Say Hello"
timeouts:
pipeline: "300000000000ns"
Command to be executed:
java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/pack-builder-git-task-cfg.yamlusing as configuration:
# configurations/tekton/pack-builder-git-task-cfg.yaml
provider: tekton
resourceType: PipelineRun
domain: buildpack
namespace:
job:
name: pack-builder-git-task
description: "This Pipeline builds a builder image using the pack CLI."
params:
- debug: true
- git-url: "https://github.com/redhat-buildpacks/ubi-image-builder.git"
- source-dir: "."
- output-image: "gitea.cnoe.localtest.me:8443/giteaadmin/ubi-builder"
- imageUrl: "buildpacksio/pack"
- imageTag: "latest"
- packCmdBuilderFlags:
- -v
- --publish
# The workspaces declared here will be mounted for each action except if an action overrides it to use a different name
workspaces:
- name: pack-workspace
volumeClaimTemplate:
storage: 1Gi
accessMode: ReadWriteOnce
- name: source-dir
volumeClaimTemplate:
storage: 1Gi
accessMode: ReadWriteOnce
- name: data-store
volumeSources:
- secret: pack-config-toml
- secret: gitea-creds # quay-creds, docker-creds, etc
actions:
- name: git-clone
ref: bundle://quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:de0ca8872c791944c479231e21d68379b54877aaf42e5f766ef4a8728970f8b3
params:
- url: "$(params.git-url)"
- subdirectory: "."
workspaces:
- name: output
workspace: source-dir
- name: fetch-packconfig-registrysecret
ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25
- name: list-source-workspace
ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25
- name: pack-builder
ref: url://https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/pack-builder/0.1/pack-builder.yml
params:
- PACK_SOURCE_DIR: "$(params.source-dir)"
- PACK_CLI_IMAGE: "$(params.imageUrl)"
- PACK_CLI_IMAGE_VERSION: "$(params.imageTag)"
- BUILDER_IMAGE_NAME: "$(params.output-image)"
- PACK_BUILDER_TOML: "ubi-builder.toml"
- PACK_CMD_FLAGS:
- "$(params.packCmdBuilderFlags)"
Generated file:
# generated/tekton/buildpack/pipelinerun-pack-builder-git-task.yaml
apiVersion: "tekton.dev/v1"
kind: "PipelineRun"
metadata:
annotations:
tekton.dev/pipelines.minVersion: "0.60.x"
tekton.dev/displayName: "This Pipeline builds a builder image using the pack CLI."
tekton.dev/platforms: "linux/amd64"
labels:
app.kubernetes.io/version: "0.1"
name: "pack-builder-git-task"
spec:
params:
- name: "debug"
value: "true"
- name: "git-url"
value: "https://github.com/redhat-buildpacks/ubi-image-builder.git"
- name: "source-dir"
value: "."
- name: "output-image"
value: "gitea.cnoe.localtest.me:8443/giteaadmin/ubi-builder"
- name: "imageUrl"
value: "buildpacksio/pack"
- name: "imageTag"
value: "latest"
- name: "packCmdBuilderFlags"
value:
- "-v"
- "--publish"
pipelineSpec:
tasks:
- name: "git-clone"
params:
- name: "url"
value: "$(params.git-url)"
- name: "subdirectory"
value: "."
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:de0ca8872c791944c479231e21d68379b54877aaf42e5f766ef4a8728970f8b3"
- name: "name"
value: "git-clone"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "output"
workspace: "source-dir"
- name: "fetch-packconfig-registrysecret"
runAfter:
- "git-clone"
taskRef:
params:
- name: "bundle"
value: "quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25"
- name: "name"
value: "fetch-packconfig-registrysecret"
- name: "kind"
value: "task"
resolver: "bundles"
- name: "list-source-workspace"
runAfter:
- "fetch-packconfig-registrysecret"
taskRef:
params:
- name: "bundle"
value: "quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25"
- name: "name"
value: "list-source-workspace"
- name: "kind"
value: "task"
resolver: "bundles"
- name: "pack-builder"
params:
- name: "PACK_SOURCE_DIR"
value: "$(params.source-dir)"
- name: "PACK_CLI_IMAGE"
value: "$(params.imageUrl)"
- name: "PACK_CLI_IMAGE_VERSION"
value: "$(params.imageTag)"
- name: "BUILDER_IMAGE_NAME"
value: "$(params.output-image)"
- name: "PACK_BUILDER_TOML"
value: "ubi-builder.toml"
- name: "PACK_CMD_FLAGS"
value:
- "$(params.packCmdBuilderFlags)"
runAfter:
- "list-source-workspace"
taskRef:
params:
- name: "url"
value: "https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/pack-builder/0.1/pack-builder.yml"
resolver: "http"
workspaces:
- name: "source-dir"
workspace: "source-dir"
- name: "pack-workspace"
workspace: "pack-workspace"
timeouts:
pipeline: "300000000000ns"
workspaces:
- name: "pack-workspace"
volumeClaimTemplate:
apiVersion: "v1"
kind: "PersistentVolumeClaim"
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "1Gi"
- name: "source-dir"
volumeClaimTemplate:
apiVersion: "v1"
kind: "PersistentVolumeClaim"
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "1Gi"
- name: "data-store"
projected:
sources:
- secret:
name: "pack-config-toml"
- secret:
name: "gitea-creds"
Command to be executed:
java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/pack-builder-cfg.yamlusing as configuration:
# configurations/tekton/pack-builder-cfg.yaml
provider: tekton
resourceType: PipelineRun
domain: buildpack
namespace:
job:
name: pack-builder-push
description: "This Pipeline builds a builder image using the pack CLI."
params:
- debug: true
- git-url: "https://github.com/redhat-buildpacks/ubi-image-builder.git"
- source-dir: "."
- output-image: "gitea.cnoe.localtest.me:8443/giteaadmin/ubi-builder"
- imageUrl: "buildpacksio/pack"
- imageTag: "latest"
- packCmdBuilderFlags:
- -v
- --publish
# The workspaces declared here will be mounted for each action except if an action overrides it to use a different name
workspaces:
- name: pack-workspace
volumeClaimTemplate:
storage: 1Gi
accessMode: ReadWriteOnce
- name: source-dir
volumeClaimTemplate:
storage: 1Gi
accessMode: ReadWriteOnce
- name: data-store
volumeSources:
- secret: pack-config-toml
- secret: gitea-creds # quay-creds, docker-creds, etc
actions:
- name: git-clone
ref: bundle://quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:de0ca8872c791944c479231e21d68379b54877aaf42e5f766ef4a8728970f8b3
params:
- url: "$(params.git-url)"
- subdirectory: "."
workspaces:
- name: output
workspace: source-dir
- name: fetch-packconfig-registrysecret
ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25
- name: list-source-workspace
ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25
- name: pack-builder
ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25
params:
- PACK_SOURCE_DIR: "$(params.source-dir)"
- PACK_CLI_IMAGE: "$(params.imageUrl)"
- PACK_CLI_IMAGE_VERSION: "$(params.imageTag)"
- BUILDER_IMAGE_NAME: "$(params.output-image)"
- PACK_BUILDER_TOML: "ubi-builder.toml"
- PACK_CMD_FLAGS:
- "$(params.packCmdBuilderFlags)"
Generated file:
# generated/tekton/buildpack/pipelinerun-pack-builder-push.yaml
apiVersion: "tekton.dev/v1"
kind: "PipelineRun"
metadata:
annotations:
tekton.dev/pipelines.minVersion: "0.60.x"
tekton.dev/displayName: "This Pipeline builds a builder image using the pack CLI."
tekton.dev/platforms: "linux/amd64"
labels:
app.kubernetes.io/version: "0.1"
name: "pack-builder-push"
spec:
params:
- name: "debug"
value: "true"
- name: "git-url"
value: "https://github.com/redhat-buildpacks/ubi-image-builder.git"
- name: "source-dir"
value: "."
- name: "output-image"
value: "gitea.cnoe.localtest.me:8443/giteaadmin/ubi-builder"
- name: "imageUrl"
value: "buildpacksio/pack"
- name: "imageTag"
value: "latest"
- name: "packCmdBuilderFlags"
value:
- "-v"
- "--publish"
pipelineSpec:
tasks:
- name: "git-clone"
params:
- name: "url"
value: "$(params.git-url)"
- name: "subdirectory"
value: "."
taskRef:
params:
- name: "bundle"
value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:de0ca8872c791944c479231e21d68379b54877aaf42e5f766ef4a8728970f8b3"
- name: "name"
value: "git-clone"
- name: "kind"
value: "task"
resolver: "bundles"
workspaces:
- name: "output"
workspace: "source-dir"
- name: "fetch-packconfig-registrysecret"
runAfter:
- "git-clone"
taskRef:
params:
- name: "bundle"
value: "quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25"
- name: "name"
value: "fetch-packconfig-registrysecret"
- name: "kind"
value: "task"
resolver: "bundles"
- name: "list-source-workspace"
runAfter:
- "fetch-packconfig-registrysecret"
taskRef:
params:
- name: "bundle"
value: "quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25"
- name: "name"
value: "list-source-workspace"
- name: "kind"
value: "task"
resolver: "bundles"
- name: "pack-builder"
params:
- name: "PACK_SOURCE_DIR"
value: "$(params.source-dir)"
- name: "PACK_CLI_IMAGE"
value: "$(params.imageUrl)"
- name: "PACK_CLI_IMAGE_VERSION"
value: "$(params.imageTag)"
- name: "BUILDER_IMAGE_NAME"
value: "$(params.output-image)"
- name: "PACK_BUILDER_TOML"
value: "ubi-builder.toml"
- name: "PACK_CMD_FLAGS"
value:
- "$(params.packCmdBuilderFlags)"
runAfter:
- "list-source-workspace"
taskRef:
params:
- name: "bundle"
value: "quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25"
- name: "name"
value: "pack-builder"
- name: "kind"
value: "task"
resolver: "bundles"
timeouts:
pipeline: "300000000000ns"
workspaces:
- name: "pack-workspace"
volumeClaimTemplate:
apiVersion: "v1"
kind: "PersistentVolumeClaim"
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "1Gi"
- name: "source-dir"
volumeClaimTemplate:
apiVersion: "v1"
kind: "PersistentVolumeClaim"
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "1Gi"
- name: "data-store"
projected:
sources:
- secret:
name: "pack-config-toml"
- secret:
name: "gitea-creds"
Command to be executed:
java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/basic3-issue-cfg.yamlusing as configuration:
# configurations/tekton/basic3-issue-cfg.yaml
provider: tekton
resourceType: PipelineRun
domain: demo
# Such a job will not work as the [*] "notation"
# with array param is not supported in a task's script
job:
name: basic-job-3
description: Such a job will not work as the [*] "notation" with array param is not supported in a task's script
actions:
- name: say-hello
params:
- name: team
value: Aurea
script: |
#!/usr/bin/env bash
members=($(params.team[*]))
for member in "${members[@]}"; do
echo "Say hello to: $member"
doneGenerated file:
# generated/tekton/demo/pipelinerun-basic-job-3.yaml
apiVersion: "tekton.dev/v1"
kind: "PipelineRun"
metadata:
annotations:
tekton.dev/pipelines.minVersion: "0.60.x"
tekton.dev/displayName: "Such a job will not work as the [*] \"notation\" with\
\ array param is not supported in a task's script"
tekton.dev/platforms: "linux/amd64"
labels:
app.kubernetes.io/version: "0.1"
name: "basic-job-3"
spec:
pipelineSpec:
tasks:
- name: "say-hello"
params:
- name: "name"
value: "team"
- name: "value"
value: "Aurea"
taskSpec:
stepTemplate: {}
steps:
- image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17"
name: "run-script"
script: |-
#!/usr/bin/env bash
members=($(params.team[*]))
for member in "${members[@]}"; do
echo "Say hello to: $member"
done
timeouts:
pipeline: "300000000000ns"
Command to be executed:
java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/basic1-cfg.yamlusing as configuration:
# configurations/tekton/basic1-cfg.yaml
provider: tekton
resourceType: PipelineRun
domain: demo
job:
name: basic-job-1
description: Basic job echoing a message
actions:
- name: say-hello
script: |
#!/usr/bin/env bash
echo "Say hello to the team"Generated file:
# generated/tekton/demo/pipelinerun-basic-job-1.yaml
apiVersion: "tekton.dev/v1"
kind: "PipelineRun"
metadata:
annotations:
tekton.dev/pipelines.minVersion: "0.60.x"
tekton.dev/displayName: "Basic job echoing a message"
tekton.dev/platforms: "linux/amd64"
labels:
app.kubernetes.io/version: "0.1"
name: "basic-job-1"
spec:
pipelineSpec:
tasks:
- name: "say-hello"
taskSpec:
stepTemplate: {}
steps:
- image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17"
name: "run-script"
script: |-
#!/usr/bin/env bash
echo "Say hello to the team"
timeouts:
pipeline: "300000000000ns"
Command to be executed:
java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/basic2-cfg.yamlusing as configuration:
# configurations/tekton/basic2-cfg.yaml
provider: tekton
resourceType: PipelineRun
domain: demo
job:
name: basic-job-2
description: Basic job echoing a message using the param teamMember
actions:
- name: say-hello
params:
- name: teamMember
value: Aurea
script: |
#!/usr/bin/env bash
echo $(params.teamMember)Generated file:
# generated/tekton/demo/pipelinerun-basic-job-2.yaml
apiVersion: "tekton.dev/v1"
kind: "PipelineRun"
metadata:
annotations:
tekton.dev/pipelines.minVersion: "0.60.x"
tekton.dev/displayName: "Basic job echoing a message using the param teamMember"
tekton.dev/platforms: "linux/amd64"
labels:
app.kubernetes.io/version: "0.1"
name: "basic-job-2"
spec:
pipelineSpec:
tasks:
- name: "say-hello"
params:
- name: "name"
value: "teamMember"
- name: "value"
value: "Aurea"
taskSpec:
stepTemplate: {}
steps:
- image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17"
name: "run-script"
script: |-
#!/usr/bin/env bash
echo $(params.teamMember)
timeouts:
pipeline: "300000000000ns"