diff --git a/.tekton/controller-rhel9-operator-pull-request.yaml b/.tekton/controller-rhel9-operator-pull-request.yaml index a2df29c5..6fb7f0ae 100644 --- a/.tekton/controller-rhel9-operator-pull-request.yaml +++ b/.tekton/controller-rhel9-operator-pull-request.yaml @@ -75,7 +75,7 @@ spec: description: Skip ecosystem checks against built image name: skip-ecosystem-checks type: string - - default: "false" + - default: "true" description: Execute the build with network isolation name: hermetic type: string @@ -331,6 +331,23 @@ spec: operator: in values: - "false" + - name: rpms-signature-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:7aa4d3c95e2b963e82fdda392f7cb3d61e3dab035416cf4a3a34e43cf3c9c9b8 + - name: kind + value: task + resolver: bundles - name: ecosystem-cert-preflight-checks params: - name: image-url diff --git a/.tekton/controller-rhel9-operator-push.yaml b/.tekton/controller-rhel9-operator-push.yaml index 5423f4ce..d9528422 100644 --- a/.tekton/controller-rhel9-operator-push.yaml +++ b/.tekton/controller-rhel9-operator-push.yaml @@ -72,7 +72,7 @@ spec: description: Skip ecosystem checks against built image name: skip-ecosystem-checks type: string - - default: "false" + - default: "true" description: Execute the build with network isolation name: hermetic type: string @@ -328,6 +328,23 @@ spec: operator: in values: - "false" + - name: rpms-signature-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:7aa4d3c95e2b963e82fdda392f7cb3d61e3dab035416cf4a3a34e43cf3c9c9b8 + - name: kind + value: task + resolver: bundles - name: ecosystem-cert-preflight-checks params: - name: image-url diff --git a/.tekton/orchestrator-operator-bundle-pull-request.yaml b/.tekton/orchestrator-operator-bundle-pull-request.yaml index 45fae3f6..0c75176a 100644 --- a/.tekton/orchestrator-operator-bundle-pull-request.yaml +++ b/.tekton/orchestrator-operator-bundle-pull-request.yaml @@ -75,7 +75,7 @@ spec: description: Skip ecosystem checks against built image name: skip-ecosystem-checks type: string - - default: "false" + - default: "true" description: Execute the build with network isolation name: hermetic type: string @@ -331,6 +331,23 @@ spec: operator: in values: - "false" + - name: rpms-signature-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:7aa4d3c95e2b963e82fdda392f7cb3d61e3dab035416cf4a3a34e43cf3c9c9b8 + - name: kind + value: task + resolver: bundles - name: ecosystem-cert-preflight-checks params: - name: image-url diff --git a/.tekton/orchestrator-operator-bundle-push.yaml b/.tekton/orchestrator-operator-bundle-push.yaml index e924437b..7e0fbda1 100644 --- a/.tekton/orchestrator-operator-bundle-push.yaml +++ b/.tekton/orchestrator-operator-bundle-push.yaml @@ -72,7 +72,7 @@ spec: description: Skip ecosystem checks against built image name: skip-ecosystem-checks type: string - - default: "false" + - default: "true" description: Execute the build with network isolation name: hermetic type: string @@ -328,6 +328,23 @@ spec: operator: in values: - "false" + - name: rpms-signature-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:7aa4d3c95e2b963e82fdda392f7cb3d61e3dab035416cf4a3a34e43cf3c9c9b8 + - name: kind + value: task + resolver: bundles - name: ecosystem-cert-preflight-checks params: - name: image-url diff --git a/bundle.konflux.Dockerfile b/bundle.konflux.Dockerfile index e861ef06..6c4d76ab 100644 --- a/bundle.konflux.Dockerfile +++ b/bundle.konflux.Dockerfile @@ -2,8 +2,11 @@ FROM registry.access.redhat.com/ubi9:latest as builder ARG IMG=registry.redhat.io/rhdh-orchestrator-dev-preview-beta/controller-rhel9-operator@sha256:9f4671e180ea94a47fcb235cd7edea0eccae0667c14f8a453642eedf492f41da WORKDIR /operator COPY . . -RUN dnf install make -y && make bundle IMG=${IMG} +RUN VERSION=$(grep "^VERSION ?=" Makefile | awk -F'= ' '{print $2}') && \ + IMAGE_TAG_BASE=$(grep "^IMAGE_TAG_BASE ?=" Makefile | awk -F'= ' '{print $2}') && \ + sed -i 's|version: .*|version: '${VERSION}'|; s|name: orchestrator-operator.v.*|name: orchestrator-operator.v.'${VERSION}'|; s|image: '${IMAGE_TAG_BASE}'|image: '$IMG'|' bundle/manifests/orchestrator-operator.clusterserviceversion.yaml +# Build bundle FROM scratch USER 1001