diff --git a/.tekton/database-pull-request.yaml b/.tekton/database-pull-request.yaml index 1d32569a20..7f02c08f6a 100644 --- a/.tekton/database-pull-request.yaml +++ b/.tekton/database-pull-request.yaml @@ -9,7 +9,7 @@ metadata: pipelinesascode.tekton.dev/max-keep-runs: "3" pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main" && ( "60-load-db.sh".pathChanged() || "examples/deployment/docker/db_server/mysql.cnf".pathChanged() || "storage/mysql/schema/storage.sql".pathChanged() || ".tekton/database-pull-request.yaml".pathChanged() || "Dockerfile.database.rh".pathChanged() || "trigger-konflux-builds.txt".pathChanged() ) pipelinesascode.tekton.dev/task: "[.tekton/trillian-unit-test.yaml]" - creationTimestamp: null + creationTimestamp: labels: appstudio.openshift.io/application: trillian appstudio.openshift.io/component: database @@ -51,25 +51,6 @@ spec: - name: kind value: task resolver: bundles - - name: show-summary - params: - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: git-url - value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - - name: image-url - value: $(params.output-image) - - name: build-task-status - value: $(tasks.build-container.status) - taskRef: - params: - - name: name - value: summary - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:c718319bd57c4f0ab1843cf98d813d0a26a73e0c8ce66218079c3c865508b0fb - - name: kind - value: task - resolver: bundles params: - description: Source Repository URL name: git-url @@ -82,13 +63,11 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where - to build image. + description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context + description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" @@ -116,8 +95,7 @@ spec: name: java type: string - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "false" description: Build a source image. @@ -163,14 +141,18 @@ spec: value: $(params.git-url) - name: revision value: $(params.revision) + - name: ociStorage + value: $(params.output-image).git + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) runAfter: - init taskRef: params: - name: name - value: git-clone + value: git-clone-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:729ed7f3b7a3da2658c80655039989a66da207b91036893409bd1305e69a655f + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone-oci-ta:0.1@sha256:e3490635200600da4a6b2997b0cf8e65e012155e7795824aa36d858a890ad31f - name: kind value: task resolver: bundles @@ -180,33 +162,31 @@ spec: values: - "true" workspaces: - - name: output - workspace: workspace - name: basic-auth workspace: git-auth - name: prefetch-dependencies params: - name: input value: $(params.prefetch-input) + - name: hermetic + value: ${params.hermetic} + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image).prefetch + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) runAfter: - clone-repository taskRef: params: - name: name - value: prefetch-dependencies + value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:9aec3ae9f0f50a05abdc739faf4cbc82832cff16c77ac74e1d54072a882c0503 + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:b3851f03527abfedd169dfdd0123c55c161b6695133760c85e2e58e6df5043c8 - name: kind value: task resolver: bundles - when: - - input: $(params.hermetic) - operator: in - values: - - "true" - workspaces: - - name: source - workspace: workspace - name: build-container params: - name: IMAGE @@ -223,14 +203,18 @@ spec: value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - prefetch-dependencies taskRef: params: - name: name - value: buildah + value: buildah-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:7cd80204a133c96ccc72bb8d6be0caeaf5014924e679d3686560c8e54cb87d24 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-oci-ta:0.1@sha256:692e8882c1b10d0fa6b1dc5b8191c8b01cda22e04403026bcd6168e393df9597 - name: kind value: task resolver: bundles @@ -239,23 +223,24 @@ spec: operator: in values: - "true" - workspaces: - - name: source - workspace: workspace - name: build-source-image params: - name: BINARY_IMAGE value: $(params.output-image) - name: BASE_IMAGES value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - build-container taskRef: params: - name: name - value: source-build + value: source-build-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:1a976a35adee9163e455d0c5aee5d9bf9cb3c6a770656ae347558f8c54977709 + value: quay.io/redhat-appstudio-tekton-catalog/task-source-build-oci-ta:0.1@sha256:a5b5370cef18ca4dc78855c7bd8dc8cb94b92b73d4bed07a2fa41c26d1f36773 - name: kind value: task resolver: bundles @@ -268,9 +253,6 @@ spec: operator: in values: - "true" - workspaces: - - name: workspace - workspace: workspace - name: deprecated-base-image-check params: - name: BASE_IMAGES_DIGESTS @@ -323,9 +305,9 @@ spec: taskRef: params: - name: name - value: sast-snyk-check + value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:242acc527a06a11fac9dd6524467f62f3a086c186c5f885973e5780a04d4289c + value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check-oci-ta:0.1@sha256:f52736be6b2ffe6d22d400eb8ff3a4ec165eabf6ae071b48f1e1013d0d179b71 - name: kind value: task resolver: bundles @@ -334,9 +316,9 @@ spec: operator: in values: - "false" - workspaces: - - name: workspace - workspace: workspace + params: + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: clamav-scan params: - name: image-digest @@ -386,26 +368,16 @@ spec: - prefetch-dependencies taskRef: name: go-unit-test - workspaces: - - name: source - workspace: workspace + params: + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) workspaces: - - name: workspace - name: git-auth optional: true taskRunTemplate: {} workspaces: - - name: workspace - volumeClaimTemplate: - metadata: - creationTimestamp: null - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - status: {} - name: git-auth secret: secretName: '{{ git_auth_secret }}' diff --git a/.tekton/database-push.yaml b/.tekton/database-push.yaml index 0d69061a9b..4e0e157d63 100644 --- a/.tekton/database-push.yaml +++ b/.tekton/database-push.yaml @@ -8,7 +8,7 @@ metadata: pipelinesascode.tekton.dev/max-keep-runs: "3" pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main" pipelinesascode.tekton.dev/task: "[.tekton/trillian-unit-test.yaml]" - creationTimestamp: null + creationTimestamp: labels: appstudio.openshift.io/application: trillian appstudio.openshift.io/component: database @@ -48,25 +48,6 @@ spec: - name: kind value: task resolver: bundles - - name: show-summary - params: - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: git-url - value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - - name: image-url - value: $(params.output-image) - - name: build-task-status - value: $(tasks.build-container.status) - taskRef: - params: - - name: name - value: summary - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:c718319bd57c4f0ab1843cf98d813d0a26a73e0c8ce66218079c3c865508b0fb - - name: kind - value: task - resolver: bundles params: - description: Source Repository URL name: git-url @@ -79,13 +60,11 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where - to build image. + description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context + description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" @@ -113,8 +92,7 @@ spec: name: java type: string - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "false" description: Build a source image. @@ -160,14 +138,18 @@ spec: value: $(params.git-url) - name: revision value: $(params.revision) + - name: ociStorage + value: $(params.output-image).git + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) runAfter: - init taskRef: params: - name: name - value: git-clone + value: git-clone-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:729ed7f3b7a3da2658c80655039989a66da207b91036893409bd1305e69a655f + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone-oci-ta:0.1@sha256:e3490635200600da4a6b2997b0cf8e65e012155e7795824aa36d858a890ad31f - name: kind value: task resolver: bundles @@ -177,33 +159,31 @@ spec: values: - "true" workspaces: - - name: output - workspace: workspace - name: basic-auth workspace: git-auth - name: prefetch-dependencies params: - name: input value: $(params.prefetch-input) + - name: hermetic + value: ${params.hermetic} + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image).prefetch + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) runAfter: - clone-repository taskRef: params: - name: name - value: prefetch-dependencies + value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:9aec3ae9f0f50a05abdc739faf4cbc82832cff16c77ac74e1d54072a882c0503 + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:b3851f03527abfedd169dfdd0123c55c161b6695133760c85e2e58e6df5043c8 - name: kind value: task resolver: bundles - when: - - input: $(params.hermetic) - operator: in - values: - - "true" - workspaces: - - name: source - workspace: workspace - name: build-container params: - name: IMAGE @@ -220,14 +200,18 @@ spec: value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - prefetch-dependencies taskRef: params: - name: name - value: buildah + value: buildah-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:7cd80204a133c96ccc72bb8d6be0caeaf5014924e679d3686560c8e54cb87d24 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-oci-ta:0.1@sha256:692e8882c1b10d0fa6b1dc5b8191c8b01cda22e04403026bcd6168e393df9597 - name: kind value: task resolver: bundles @@ -236,23 +220,24 @@ spec: operator: in values: - "true" - workspaces: - - name: source - workspace: workspace - name: build-source-image params: - name: BINARY_IMAGE value: $(params.output-image) - name: BASE_IMAGES value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - build-container taskRef: params: - name: name - value: source-build + value: source-build-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:1a976a35adee9163e455d0c5aee5d9bf9cb3c6a770656ae347558f8c54977709 + value: quay.io/redhat-appstudio-tekton-catalog/task-source-build-oci-ta:0.1@sha256:a5b5370cef18ca4dc78855c7bd8dc8cb94b92b73d4bed07a2fa41c26d1f36773 - name: kind value: task resolver: bundles @@ -265,9 +250,6 @@ spec: operator: in values: - "true" - workspaces: - - name: workspace - workspace: workspace - name: deprecated-base-image-check params: - name: BASE_IMAGES_DIGESTS @@ -320,9 +302,9 @@ spec: taskRef: params: - name: name - value: sast-snyk-check + value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:242acc527a06a11fac9dd6524467f62f3a086c186c5f885973e5780a04d4289c + value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check-oci-ta:0.1@sha256:f52736be6b2ffe6d22d400eb8ff3a4ec165eabf6ae071b48f1e1013d0d179b71 - name: kind value: task resolver: bundles @@ -331,9 +313,9 @@ spec: operator: in values: - "false" - workspaces: - - name: workspace - workspace: workspace + params: + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: clamav-scan params: - name: image-digest @@ -383,26 +365,16 @@ spec: - prefetch-dependencies taskRef: name: go-unit-test - workspaces: - - name: source - workspace: workspace + params: + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) workspaces: - - name: workspace - name: git-auth optional: true taskRunTemplate: {} workspaces: - - name: workspace - volumeClaimTemplate: - metadata: - creationTimestamp: null - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - status: {} - name: git-auth secret: secretName: '{{ git_auth_secret }}' diff --git a/.tekton/logserver-pull-request.yaml b/.tekton/logserver-pull-request.yaml index 198637373b..c05883c6da 100644 --- a/.tekton/logserver-pull-request.yaml +++ b/.tekton/logserver-pull-request.yaml @@ -9,7 +9,7 @@ metadata: pipelinesascode.tekton.dev/max-keep-runs: "3" pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main" && ( "go.mod".pathChanged() || "go.sum".pathChanged() || ".tekton/logserver-pull-request.yaml".pathChanged() || "Dockerfile.logserver.rh".pathChanged() || "cmd/trillian_log_server/***".pathChanged() || "trigger-konflux-builds.txt".pathChanged() ) pipelinesascode.tekton.dev/task: "[.tekton/trillian-unit-test.yaml]" - creationTimestamp: null + creationTimestamp: labels: appstudio.openshift.io/application: trillian appstudio.openshift.io/component: logserver @@ -51,25 +51,6 @@ spec: - name: kind value: task resolver: bundles - - name: show-summary - params: - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: git-url - value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - - name: image-url - value: $(params.output-image) - - name: build-task-status - value: $(tasks.build-container.status) - taskRef: - params: - - name: name - value: summary - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:c718319bd57c4f0ab1843cf98d813d0a26a73e0c8ce66218079c3c865508b0fb - - name: kind - value: task - resolver: bundles params: - description: Source Repository URL name: git-url @@ -82,13 +63,11 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where - to build image. + description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context + description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" @@ -116,8 +95,7 @@ spec: name: java type: string - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "false" description: Build a source image. @@ -163,14 +141,18 @@ spec: value: $(params.git-url) - name: revision value: $(params.revision) + - name: ociStorage + value: $(params.output-image).git + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) runAfter: - init taskRef: params: - name: name - value: git-clone + value: git-clone-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:729ed7f3b7a3da2658c80655039989a66da207b91036893409bd1305e69a655f + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone-oci-ta:0.1@sha256:e3490635200600da4a6b2997b0cf8e65e012155e7795824aa36d858a890ad31f - name: kind value: task resolver: bundles @@ -180,33 +162,31 @@ spec: values: - "true" workspaces: - - name: output - workspace: workspace - name: basic-auth workspace: git-auth - name: prefetch-dependencies params: - name: input value: $(params.prefetch-input) + - name: hermetic + value: ${params.hermetic} + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image).prefetch + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) runAfter: - clone-repository taskRef: params: - name: name - value: prefetch-dependencies + value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:9aec3ae9f0f50a05abdc739faf4cbc82832cff16c77ac74e1d54072a882c0503 + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:b3851f03527abfedd169dfdd0123c55c161b6695133760c85e2e58e6df5043c8 - name: kind value: task resolver: bundles - when: - - input: $(params.hermetic) - operator: in - values: - - "true" - workspaces: - - name: source - workspace: workspace - name: build-container params: - name: IMAGE @@ -223,14 +203,18 @@ spec: value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - prefetch-dependencies taskRef: params: - name: name - value: buildah + value: buildah-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:7cd80204a133c96ccc72bb8d6be0caeaf5014924e679d3686560c8e54cb87d24 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-oci-ta:0.1@sha256:692e8882c1b10d0fa6b1dc5b8191c8b01cda22e04403026bcd6168e393df9597 - name: kind value: task resolver: bundles @@ -239,23 +223,24 @@ spec: operator: in values: - "true" - workspaces: - - name: source - workspace: workspace - name: build-source-image params: - name: BINARY_IMAGE value: $(params.output-image) - name: BASE_IMAGES value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - build-container taskRef: params: - name: name - value: source-build + value: source-build-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:1a976a35adee9163e455d0c5aee5d9bf9cb3c6a770656ae347558f8c54977709 + value: quay.io/redhat-appstudio-tekton-catalog/task-source-build-oci-ta:0.1@sha256:a5b5370cef18ca4dc78855c7bd8dc8cb94b92b73d4bed07a2fa41c26d1f36773 - name: kind value: task resolver: bundles @@ -268,9 +253,6 @@ spec: operator: in values: - "true" - workspaces: - - name: workspace - workspace: workspace - name: deprecated-base-image-check params: - name: BASE_IMAGES_DIGESTS @@ -323,9 +305,9 @@ spec: taskRef: params: - name: name - value: sast-snyk-check + value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:242acc527a06a11fac9dd6524467f62f3a086c186c5f885973e5780a04d4289c + value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check-oci-ta:0.1@sha256:f52736be6b2ffe6d22d400eb8ff3a4ec165eabf6ae071b48f1e1013d0d179b71 - name: kind value: task resolver: bundles @@ -334,9 +316,9 @@ spec: operator: in values: - "false" - workspaces: - - name: workspace - workspace: workspace + params: + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: clamav-scan params: - name: image-digest @@ -386,26 +368,16 @@ spec: - prefetch-dependencies taskRef: name: go-unit-test - workspaces: - - name: source - workspace: workspace + params: + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) workspaces: - - name: workspace - name: git-auth optional: true taskRunTemplate: {} workspaces: - - name: workspace - volumeClaimTemplate: - metadata: - creationTimestamp: null - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - status: {} - name: git-auth secret: secretName: '{{ git_auth_secret }}' diff --git a/.tekton/logserver-push.yaml b/.tekton/logserver-push.yaml index 19f2a42d39..272dd74fbd 100644 --- a/.tekton/logserver-push.yaml +++ b/.tekton/logserver-push.yaml @@ -8,7 +8,7 @@ metadata: pipelinesascode.tekton.dev/max-keep-runs: "3" pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main" pipelinesascode.tekton.dev/task: "[.tekton/trillian-unit-test.yaml]" - creationTimestamp: null + creationTimestamp: labels: appstudio.openshift.io/application: trillian appstudio.openshift.io/component: logserver @@ -48,25 +48,6 @@ spec: - name: kind value: task resolver: bundles - - name: show-summary - params: - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: git-url - value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - - name: image-url - value: $(params.output-image) - - name: build-task-status - value: $(tasks.build-container.status) - taskRef: - params: - - name: name - value: summary - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:c718319bd57c4f0ab1843cf98d813d0a26a73e0c8ce66218079c3c865508b0fb - - name: kind - value: task - resolver: bundles params: - description: Source Repository URL name: git-url @@ -79,13 +60,11 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where - to build image. + description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context + description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" @@ -113,8 +92,7 @@ spec: name: java type: string - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "false" description: Build a source image. @@ -160,14 +138,18 @@ spec: value: $(params.git-url) - name: revision value: $(params.revision) + - name: ociStorage + value: $(params.output-image).git + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) runAfter: - init taskRef: params: - name: name - value: git-clone + value: git-clone-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:729ed7f3b7a3da2658c80655039989a66da207b91036893409bd1305e69a655f + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone-oci-ta:0.1@sha256:e3490635200600da4a6b2997b0cf8e65e012155e7795824aa36d858a890ad31f - name: kind value: task resolver: bundles @@ -177,33 +159,31 @@ spec: values: - "true" workspaces: - - name: output - workspace: workspace - name: basic-auth workspace: git-auth - name: prefetch-dependencies params: - name: input value: $(params.prefetch-input) + - name: hermetic + value: ${params.hermetic} + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image).prefetch + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) runAfter: - clone-repository taskRef: params: - name: name - value: prefetch-dependencies + value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:9aec3ae9f0f50a05abdc739faf4cbc82832cff16c77ac74e1d54072a882c0503 + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:b3851f03527abfedd169dfdd0123c55c161b6695133760c85e2e58e6df5043c8 - name: kind value: task resolver: bundles - when: - - input: $(params.hermetic) - operator: in - values: - - "true" - workspaces: - - name: source - workspace: workspace - name: build-container params: - name: IMAGE @@ -220,14 +200,18 @@ spec: value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - prefetch-dependencies taskRef: params: - name: name - value: buildah + value: buildah-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:7cd80204a133c96ccc72bb8d6be0caeaf5014924e679d3686560c8e54cb87d24 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-oci-ta:0.1@sha256:692e8882c1b10d0fa6b1dc5b8191c8b01cda22e04403026bcd6168e393df9597 - name: kind value: task resolver: bundles @@ -236,23 +220,24 @@ spec: operator: in values: - "true" - workspaces: - - name: source - workspace: workspace - name: build-source-image params: - name: BINARY_IMAGE value: $(params.output-image) - name: BASE_IMAGES value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - build-container taskRef: params: - name: name - value: source-build + value: source-build-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:1a976a35adee9163e455d0c5aee5d9bf9cb3c6a770656ae347558f8c54977709 + value: quay.io/redhat-appstudio-tekton-catalog/task-source-build-oci-ta:0.1@sha256:a5b5370cef18ca4dc78855c7bd8dc8cb94b92b73d4bed07a2fa41c26d1f36773 - name: kind value: task resolver: bundles @@ -265,9 +250,6 @@ spec: operator: in values: - "true" - workspaces: - - name: workspace - workspace: workspace - name: deprecated-base-image-check params: - name: BASE_IMAGES_DIGESTS @@ -320,9 +302,9 @@ spec: taskRef: params: - name: name - value: sast-snyk-check + value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:242acc527a06a11fac9dd6524467f62f3a086c186c5f885973e5780a04d4289c + value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check-oci-ta:0.1@sha256:f52736be6b2ffe6d22d400eb8ff3a4ec165eabf6ae071b48f1e1013d0d179b71 - name: kind value: task resolver: bundles @@ -331,9 +313,9 @@ spec: operator: in values: - "false" - workspaces: - - name: workspace - workspace: workspace + params: + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: clamav-scan params: - name: image-digest @@ -383,26 +365,16 @@ spec: - prefetch-dependencies taskRef: name: go-unit-test - workspaces: - - name: source - workspace: workspace + params: + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) workspaces: - - name: workspace - name: git-auth optional: true taskRunTemplate: {} workspaces: - - name: workspace - volumeClaimTemplate: - metadata: - creationTimestamp: null - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - status: {} - name: git-auth secret: secretName: '{{ git_auth_secret }}' diff --git a/.tekton/logsigner-pull-request.yaml b/.tekton/logsigner-pull-request.yaml index faf932a620..f3c3ea098b 100644 --- a/.tekton/logsigner-pull-request.yaml +++ b/.tekton/logsigner-pull-request.yaml @@ -9,7 +9,7 @@ metadata: pipelinesascode.tekton.dev/max-keep-runs: "3" pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main" && ( "go.mod".pathChanged() || "go.sum".pathChanged() || ".tekton/logsigner-pull-request.yaml".pathChanged() || "Dockerfile.logsigner.rh".pathChanged() || "cmd/trillian_log_signer/***".pathChanged() || "trigger-konflux-builds.txt".pathChanged() ) pipelinesascode.tekton.dev/task: "[.tekton/trillian-unit-test.yaml]" - creationTimestamp: null + creationTimestamp: labels: appstudio.openshift.io/application: trillian appstudio.openshift.io/component: logsigner @@ -51,25 +51,6 @@ spec: - name: kind value: task resolver: bundles - - name: show-summary - params: - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: git-url - value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - - name: image-url - value: $(params.output-image) - - name: build-task-status - value: $(tasks.build-container.status) - taskRef: - params: - - name: name - value: summary - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:c718319bd57c4f0ab1843cf98d813d0a26a73e0c8ce66218079c3c865508b0fb - - name: kind - value: task - resolver: bundles params: - description: Source Repository URL name: git-url @@ -82,13 +63,11 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where - to build image. + description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context + description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" @@ -116,8 +95,7 @@ spec: name: java type: string - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "false" description: Build a source image. @@ -163,14 +141,18 @@ spec: value: $(params.git-url) - name: revision value: $(params.revision) + - name: ociStorage + value: $(params.output-image).git + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) runAfter: - init taskRef: params: - name: name - value: git-clone + value: git-clone-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:729ed7f3b7a3da2658c80655039989a66da207b91036893409bd1305e69a655f + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone-oci-ta:0.1@sha256:e3490635200600da4a6b2997b0cf8e65e012155e7795824aa36d858a890ad31f - name: kind value: task resolver: bundles @@ -180,33 +162,31 @@ spec: values: - "true" workspaces: - - name: output - workspace: workspace - name: basic-auth workspace: git-auth - name: prefetch-dependencies params: - name: input value: $(params.prefetch-input) + - name: hermetic + value: ${params.hermetic} + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image).prefetch + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) runAfter: - clone-repository taskRef: params: - name: name - value: prefetch-dependencies + value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:9aec3ae9f0f50a05abdc739faf4cbc82832cff16c77ac74e1d54072a882c0503 + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:b3851f03527abfedd169dfdd0123c55c161b6695133760c85e2e58e6df5043c8 - name: kind value: task resolver: bundles - when: - - input: $(params.hermetic) - operator: in - values: - - "true" - workspaces: - - name: source - workspace: workspace - name: build-container params: - name: IMAGE @@ -223,14 +203,18 @@ spec: value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - prefetch-dependencies taskRef: params: - name: name - value: buildah + value: buildah-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:7cd80204a133c96ccc72bb8d6be0caeaf5014924e679d3686560c8e54cb87d24 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-oci-ta:0.1@sha256:692e8882c1b10d0fa6b1dc5b8191c8b01cda22e04403026bcd6168e393df9597 - name: kind value: task resolver: bundles @@ -239,23 +223,24 @@ spec: operator: in values: - "true" - workspaces: - - name: source - workspace: workspace - name: build-source-image params: - name: BINARY_IMAGE value: $(params.output-image) - name: BASE_IMAGES value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - build-container taskRef: params: - name: name - value: source-build + value: source-build-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:1a976a35adee9163e455d0c5aee5d9bf9cb3c6a770656ae347558f8c54977709 + value: quay.io/redhat-appstudio-tekton-catalog/task-source-build-oci-ta:0.1@sha256:a5b5370cef18ca4dc78855c7bd8dc8cb94b92b73d4bed07a2fa41c26d1f36773 - name: kind value: task resolver: bundles @@ -268,9 +253,6 @@ spec: operator: in values: - "true" - workspaces: - - name: workspace - workspace: workspace - name: deprecated-base-image-check params: - name: BASE_IMAGES_DIGESTS @@ -323,9 +305,9 @@ spec: taskRef: params: - name: name - value: sast-snyk-check + value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:242acc527a06a11fac9dd6524467f62f3a086c186c5f885973e5780a04d4289c + value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check-oci-ta:0.1@sha256:f52736be6b2ffe6d22d400eb8ff3a4ec165eabf6ae071b48f1e1013d0d179b71 - name: kind value: task resolver: bundles @@ -334,9 +316,9 @@ spec: operator: in values: - "false" - workspaces: - - name: workspace - workspace: workspace + params: + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: clamav-scan params: - name: image-digest @@ -386,26 +368,16 @@ spec: - prefetch-dependencies taskRef: name: go-unit-test - workspaces: - - name: source - workspace: workspace + params: + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) workspaces: - - name: workspace - name: git-auth optional: true taskRunTemplate: {} workspaces: - - name: workspace - volumeClaimTemplate: - metadata: - creationTimestamp: null - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - status: {} - name: git-auth secret: secretName: '{{ git_auth_secret }}' diff --git a/.tekton/logsigner-push.yaml b/.tekton/logsigner-push.yaml index 1f2c5cc9b2..7731a9e8b2 100644 --- a/.tekton/logsigner-push.yaml +++ b/.tekton/logsigner-push.yaml @@ -8,7 +8,7 @@ metadata: pipelinesascode.tekton.dev/max-keep-runs: "3" pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main" pipelinesascode.tekton.dev/task: "[.tekton/trillian-unit-test.yaml]" - creationTimestamp: null + creationTimestamp: labels: appstudio.openshift.io/application: trillian appstudio.openshift.io/component: logsigner @@ -48,25 +48,6 @@ spec: - name: kind value: task resolver: bundles - - name: show-summary - params: - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: git-url - value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - - name: image-url - value: $(params.output-image) - - name: build-task-status - value: $(tasks.build-container.status) - taskRef: - params: - - name: name - value: summary - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:c718319bd57c4f0ab1843cf98d813d0a26a73e0c8ce66218079c3c865508b0fb - - name: kind - value: task - resolver: bundles params: - description: Source Repository URL name: git-url @@ -79,13 +60,11 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where - to build image. + description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context + description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" @@ -113,8 +92,7 @@ spec: name: java type: string - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "false" description: Build a source image. @@ -160,14 +138,18 @@ spec: value: $(params.git-url) - name: revision value: $(params.revision) + - name: ociStorage + value: $(params.output-image).git + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) runAfter: - init taskRef: params: - name: name - value: git-clone + value: git-clone-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:729ed7f3b7a3da2658c80655039989a66da207b91036893409bd1305e69a655f + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone-oci-ta:0.1@sha256:e3490635200600da4a6b2997b0cf8e65e012155e7795824aa36d858a890ad31f - name: kind value: task resolver: bundles @@ -177,33 +159,31 @@ spec: values: - "true" workspaces: - - name: output - workspace: workspace - name: basic-auth workspace: git-auth - name: prefetch-dependencies params: - name: input value: $(params.prefetch-input) + - name: hermetic + value: ${params.hermetic} + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image).prefetch + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) runAfter: - clone-repository taskRef: params: - name: name - value: prefetch-dependencies + value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:9aec3ae9f0f50a05abdc739faf4cbc82832cff16c77ac74e1d54072a882c0503 + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:b3851f03527abfedd169dfdd0123c55c161b6695133760c85e2e58e6df5043c8 - name: kind value: task resolver: bundles - when: - - input: $(params.hermetic) - operator: in - values: - - "true" - workspaces: - - name: source - workspace: workspace - name: build-container params: - name: IMAGE @@ -220,14 +200,18 @@ spec: value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - prefetch-dependencies taskRef: params: - name: name - value: buildah + value: buildah-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:7cd80204a133c96ccc72bb8d6be0caeaf5014924e679d3686560c8e54cb87d24 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-oci-ta:0.1@sha256:692e8882c1b10d0fa6b1dc5b8191c8b01cda22e04403026bcd6168e393df9597 - name: kind value: task resolver: bundles @@ -236,23 +220,24 @@ spec: operator: in values: - "true" - workspaces: - - name: source - workspace: workspace - name: build-source-image params: - name: BINARY_IMAGE value: $(params.output-image) - name: BASE_IMAGES value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - build-container taskRef: params: - name: name - value: source-build + value: source-build-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:1a976a35adee9163e455d0c5aee5d9bf9cb3c6a770656ae347558f8c54977709 + value: quay.io/redhat-appstudio-tekton-catalog/task-source-build-oci-ta:0.1@sha256:a5b5370cef18ca4dc78855c7bd8dc8cb94b92b73d4bed07a2fa41c26d1f36773 - name: kind value: task resolver: bundles @@ -265,9 +250,6 @@ spec: operator: in values: - "true" - workspaces: - - name: workspace - workspace: workspace - name: deprecated-base-image-check params: - name: BASE_IMAGES_DIGESTS @@ -320,9 +302,9 @@ spec: taskRef: params: - name: name - value: sast-snyk-check + value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:242acc527a06a11fac9dd6524467f62f3a086c186c5f885973e5780a04d4289c + value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check-oci-ta:0.1@sha256:f52736be6b2ffe6d22d400eb8ff3a4ec165eabf6ae071b48f1e1013d0d179b71 - name: kind value: task resolver: bundles @@ -331,9 +313,9 @@ spec: operator: in values: - "false" - workspaces: - - name: workspace - workspace: workspace + params: + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: clamav-scan params: - name: image-digest @@ -383,26 +365,16 @@ spec: - prefetch-dependencies taskRef: name: go-unit-test - workspaces: - - name: source - workspace: workspace + params: + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) workspaces: - - name: workspace - name: git-auth optional: true taskRunTemplate: {} workspaces: - - name: workspace - volumeClaimTemplate: - metadata: - creationTimestamp: null - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - status: {} - name: git-auth secret: secretName: '{{ git_auth_secret }}' diff --git a/.tekton/redis-pull-request.yaml b/.tekton/redis-pull-request.yaml index e071ae85a6..b7b7ba592e 100644 --- a/.tekton/redis-pull-request.yaml +++ b/.tekton/redis-pull-request.yaml @@ -7,9 +7,8 @@ metadata: build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch - == "main" - creationTimestamp: null + pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main" + creationTimestamp: labels: appstudio.openshift.io/application: trillian appstudio.openshift.io/component: redis @@ -51,25 +50,6 @@ spec: - name: kind value: task resolver: bundles - - name: show-summary - params: - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: git-url - value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - - name: image-url - value: $(params.output-image) - - name: build-task-status - value: $(tasks.build-container.status) - taskRef: - params: - - name: name - value: summary - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:c718319bd57c4f0ab1843cf98d813d0a26a73e0c8ce66218079c3c865508b0fb - - name: kind - value: task - resolver: bundles params: - description: Source Repository URL name: git-url @@ -82,13 +62,11 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where - to build image. + description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context + description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" @@ -112,8 +90,7 @@ spec: name: java type: string - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "false" description: Build a source image. @@ -159,14 +136,18 @@ spec: value: $(params.git-url) - name: revision value: $(params.revision) + - name: ociStorage + value: $(params.output-image).git + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) runAfter: - init taskRef: params: - name: name - value: git-clone + value: git-clone-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:729ed7f3b7a3da2658c80655039989a66da207b91036893409bd1305e69a655f + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone-oci-ta:0.1@sha256:e3490635200600da4a6b2997b0cf8e65e012155e7795824aa36d858a890ad31f - name: kind value: task resolver: bundles @@ -176,33 +157,31 @@ spec: values: - "true" workspaces: - - name: output - workspace: workspace - name: basic-auth workspace: git-auth - name: prefetch-dependencies params: - name: input value: $(params.prefetch-input) + - name: hermetic + value: ${params.hermetic} + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image).prefetch + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) runAfter: - clone-repository taskRef: params: - name: name - value: prefetch-dependencies + value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:9aec3ae9f0f50a05abdc739faf4cbc82832cff16c77ac74e1d54072a882c0503 + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:b3851f03527abfedd169dfdd0123c55c161b6695133760c85e2e58e6df5043c8 - name: kind value: task resolver: bundles - when: - - input: $(params.prefetch-input) - operator: notin - values: - - "{}" - workspaces: - - name: source - workspace: workspace - name: build-container params: - name: IMAGE @@ -219,14 +198,18 @@ spec: value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - prefetch-dependencies taskRef: params: - name: name - value: buildah + value: buildah-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:7cd80204a133c96ccc72bb8d6be0caeaf5014924e679d3686560c8e54cb87d24 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-oci-ta:0.1@sha256:692e8882c1b10d0fa6b1dc5b8191c8b01cda22e04403026bcd6168e393df9597 - name: kind value: task resolver: bundles @@ -235,23 +218,24 @@ spec: operator: in values: - "true" - workspaces: - - name: source - workspace: workspace - name: build-source-image params: - name: BINARY_IMAGE value: $(params.output-image) - name: BASE_IMAGES value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - build-container taskRef: params: - name: name - value: source-build + value: source-build-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:1a976a35adee9163e455d0c5aee5d9bf9cb3c6a770656ae347558f8c54977709 + value: quay.io/redhat-appstudio-tekton-catalog/task-source-build-oci-ta:0.1@sha256:a5b5370cef18ca4dc78855c7bd8dc8cb94b92b73d4bed07a2fa41c26d1f36773 - name: kind value: task resolver: bundles @@ -264,9 +248,6 @@ spec: operator: in values: - "true" - workspaces: - - name: workspace - workspace: workspace - name: deprecated-base-image-check params: - name: BASE_IMAGES_DIGESTS @@ -319,9 +300,9 @@ spec: taskRef: params: - name: name - value: sast-snyk-check + value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:242acc527a06a11fac9dd6524467f62f3a086c186c5f885973e5780a04d4289c + value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check-oci-ta:0.1@sha256:f52736be6b2ffe6d22d400eb8ff3a4ec165eabf6ae071b48f1e1013d0d179b71 - name: kind value: task resolver: bundles @@ -330,9 +311,9 @@ spec: operator: in values: - "false" - workspaces: - - name: workspace - workspace: workspace + params: + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: clamav-scan params: - name: image-digest @@ -378,22 +359,10 @@ spec: values: - "false" workspaces: - - name: workspace - name: git-auth optional: true taskRunTemplate: {} workspaces: - - name: workspace - volumeClaimTemplate: - metadata: - creationTimestamp: null - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - status: {} - name: git-auth secret: secretName: '{{ git_auth_secret }}' diff --git a/.tekton/redis-push.yaml b/.tekton/redis-push.yaml index f07923531a..003b1f030e 100644 --- a/.tekton/redis-push.yaml +++ b/.tekton/redis-push.yaml @@ -6,9 +6,8 @@ metadata: build.appstudio.redhat.com/commit_sha: '{{revision}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch - == "main" - creationTimestamp: null + pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main" + creationTimestamp: labels: appstudio.openshift.io/application: trillian appstudio.openshift.io/component: redis @@ -48,25 +47,6 @@ spec: - name: kind value: task resolver: bundles - - name: show-summary - params: - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: git-url - value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - - name: image-url - value: $(params.output-image) - - name: build-task-status - value: $(tasks.build-container.status) - taskRef: - params: - - name: name - value: summary - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:c718319bd57c4f0ab1843cf98d813d0a26a73e0c8ce66218079c3c865508b0fb - - name: kind - value: task - resolver: bundles params: - description: Source Repository URL name: git-url @@ -79,13 +59,11 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where - to build image. + description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context + description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" @@ -109,8 +87,7 @@ spec: name: java type: string - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "false" description: Build a source image. @@ -156,14 +133,18 @@ spec: value: $(params.git-url) - name: revision value: $(params.revision) + - name: ociStorage + value: $(params.output-image).git + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) runAfter: - init taskRef: params: - name: name - value: git-clone + value: git-clone-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:729ed7f3b7a3da2658c80655039989a66da207b91036893409bd1305e69a655f + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone-oci-ta:0.1@sha256:e3490635200600da4a6b2997b0cf8e65e012155e7795824aa36d858a890ad31f - name: kind value: task resolver: bundles @@ -173,33 +154,31 @@ spec: values: - "true" workspaces: - - name: output - workspace: workspace - name: basic-auth workspace: git-auth - name: prefetch-dependencies params: - name: input value: $(params.prefetch-input) + - name: hermetic + value: ${params.hermetic} + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image).prefetch + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) runAfter: - clone-repository taskRef: params: - name: name - value: prefetch-dependencies + value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:9aec3ae9f0f50a05abdc739faf4cbc82832cff16c77ac74e1d54072a882c0503 + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:b3851f03527abfedd169dfdd0123c55c161b6695133760c85e2e58e6df5043c8 - name: kind value: task resolver: bundles - when: - - input: $(params.prefetch-input) - operator: notin - values: - - "{}" - workspaces: - - name: source - workspace: workspace - name: build-container params: - name: IMAGE @@ -216,14 +195,18 @@ spec: value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - prefetch-dependencies taskRef: params: - name: name - value: buildah + value: buildah-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:7cd80204a133c96ccc72bb8d6be0caeaf5014924e679d3686560c8e54cb87d24 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-oci-ta:0.1@sha256:692e8882c1b10d0fa6b1dc5b8191c8b01cda22e04403026bcd6168e393df9597 - name: kind value: task resolver: bundles @@ -232,23 +215,24 @@ spec: operator: in values: - "true" - workspaces: - - name: source - workspace: workspace - name: build-source-image params: - name: BINARY_IMAGE value: $(params.output-image) - name: BASE_IMAGES value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - build-container taskRef: params: - name: name - value: source-build + value: source-build-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:1a976a35adee9163e455d0c5aee5d9bf9cb3c6a770656ae347558f8c54977709 + value: quay.io/redhat-appstudio-tekton-catalog/task-source-build-oci-ta:0.1@sha256:a5b5370cef18ca4dc78855c7bd8dc8cb94b92b73d4bed07a2fa41c26d1f36773 - name: kind value: task resolver: bundles @@ -261,9 +245,6 @@ spec: operator: in values: - "true" - workspaces: - - name: workspace - workspace: workspace - name: deprecated-base-image-check params: - name: BASE_IMAGES_DIGESTS @@ -316,9 +297,9 @@ spec: taskRef: params: - name: name - value: sast-snyk-check + value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:242acc527a06a11fac9dd6524467f62f3a086c186c5f885973e5780a04d4289c + value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check-oci-ta:0.1@sha256:f52736be6b2ffe6d22d400eb8ff3a4ec165eabf6ae071b48f1e1013d0d179b71 - name: kind value: task resolver: bundles @@ -327,9 +308,9 @@ spec: operator: in values: - "false" - workspaces: - - name: workspace - workspace: workspace + params: + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: clamav-scan params: - name: image-digest @@ -375,22 +356,10 @@ spec: values: - "false" workspaces: - - name: workspace - name: git-auth optional: true taskRunTemplate: {} workspaces: - - name: workspace - volumeClaimTemplate: - metadata: - creationTimestamp: null - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - status: {} - name: git-auth secret: secretName: '{{ git_auth_secret }}' diff --git a/.tekton/trillian-unit-test.yaml b/.tekton/trillian-unit-test.yaml index 54e35d8ecf..0371c0bc04 100644 --- a/.tekton/trillian-unit-test.yaml +++ b/.tekton/trillian-unit-test.yaml @@ -5,17 +5,43 @@ metadata: annotations: tekton.dev/title: "Go Unit Test Task" spec: - workspaces: - - name: source + params: + - description: The trusted artifact URI containing the application source code. + name: SOURCE_ARTIFACT + type: string + - description: The Trusted Artifact URI pointing to the artifact with the prefetched dependencies. + name: CACHI2_ARTIFACT + type: string + default: "" + stepTemplate: + volumeMounts: + - mountPath: /var/workdir + name: workdir + # This path is hard coded in the cachi2.env file. + - mountPath: /cachi2 + name: cachi2 + securityContext: + # This is needed because the different steps in this Task run with different user IDs. + runAsUser: 0 steps: + - image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:4e39fb97f4444c2946944482df47b39c5bbc195c54c6560b0647635f553ab23d + name: use-trusted-artifact + args: + - use + - $(params.SOURCE_ARTIFACT)=/var/workdir/source + - $(params.CACHI2_ARTIFACT)=/cachi2 - name: run-tests image: registry.access.redhat.com/ubi9/go-toolset@sha256:15e7344d24e3d191c6595fe043323bde27c25e1220f8cc77cd6c5cd5d1ff10c2 - workingDir: $(workspaces.source.path)/source + workingDir: /var/workdir/source script: | #!/usr/bin/env sh + if [ -f "/cachi2/cachi2.env" ]; then + source "/cachi2/cachi2.env" + fi go mod vendor - go test $(go list ./... | grep -v /storage/ | grep -v /client/ ) - -# This file bundles the unit tests for trillian. -# If any changes are made to this file, it must be pushed to Quay using the following command: -# 'tkn bundle push quay.io/securesign/trillian-unit-test:latest -f .tekton/trillian-unit-test.yaml'. \ No newline at end of file + go test $(go list ./... | grep -v /storage/ | grep -v /client/ | grep -v /quota/crdbqm ) + volumes: + - name: workdir + emptyDir: {} + - name: cachi2 + emptyDir: {}