Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Switch Pipelines to use Trusted Artifact #197

Merged
merged 2 commits into from
Aug 21, 2024
Merged

Switch Pipelines to use Trusted Artifact #197

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9dab583
Use PAC resolver for unit test Task
lcarva May 29, 2024
3270bce
Switch Pipelines to use Trusted Artifact
lcarva May 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
110 changes: 39 additions & 71 deletions .tekton/database-pull-request.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ metadata:
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
pipelinesascode.tekton.dev/max-keep-runs: "3"
pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main" && ( "60-load-db.sh".pathChanged() || "examples/deployment/docker/db_server/mysql.cnf".pathChanged() || "storage/mysql/schema/storage.sql".pathChanged() || ".tekton/database-pull-request.yaml".pathChanged() || "Dockerfile.database.rh".pathChanged() || "trigger-konflux-builds.txt".pathChanged() )
pipelinesascode.tekton.dev/task: "[.tekton/trillian-unit-test.yaml]"
creationTimestamp: null
labels:
appstudio.openshift.io/application: trillian
Expand Down Expand Up @@ -50,25 +51,6 @@ spec:
- name: kind
value: task
resolver: bundles
- name: show-summary
params:
- name: pipelinerun-name
value: $(context.pipelineRun.name)
- name: git-url
value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit)
- name: image-url
value: $(params.output-image)
- name: build-task-status
value: $(tasks.build-container.status)
taskRef:
params:
- name: name
value: summary
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:abdf426424f1331c27be80ed98a0fbcefb8422767d1724308b9d57b37f977155
- name: kind
value: task
resolver: bundles
params:
- description: Source Repository URL
name: git-url
Expand Down Expand Up @@ -159,14 +141,18 @@ spec:
value: $(params.git-url)
- name: revision
value: $(params.revision)
- name: ociStorage
value: $(params.output-image).git
- name: ociArtifactExpiresAfter
value: $(params.image-expires-after)
runAfter:
- init
taskRef:
params:
- name: name
value: git-clone
value: git-clone-oci-ta
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:9e6c4db5a666ea0e1e747e03d63f46e5617a6b9852c26871f9d50891d778dfa2
value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone-oci-ta:0.1@sha256:1178a65926b449c3603f7c0ecbb2d9311c0d7f1443c5164e952e7634a1d10142
- name: kind
value: task
resolver: bundles
Expand All @@ -176,33 +162,31 @@ spec:
values:
- "true"
workspaces:
- name: output
workspace: workspace
- name: basic-auth
workspace: git-auth
- name: prefetch-dependencies
params:
- name: input
value: $(params.prefetch-input)
- name: hermetic
value: ${params.hermetic}
- name: SOURCE_ARTIFACT
value: $(tasks.clone-repository.results.SOURCE_ARTIFACT)
- name: ociStorage
value: $(params.output-image).prefetch
- name: ociArtifactExpiresAfter
value: $(params.image-expires-after)
runAfter:
- clone-repository
taskRef:
params:
- name: name
value: prefetch-dependencies
value: prefetch-dependencies-oci-ta
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:492db3ca0bf5c44b67a38ba937de645a5282be2cb447dc30d0227424ca3c736f
value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:57979e1c289bfe09acb70401f35558a9032e749b398a43fea049c044f9d96afe
- name: kind
value: task
resolver: bundles
when:
- input: $(params.hermetic)
operator: in
values:
- "true"
workspaces:
- name: source
workspace: workspace
- name: build-container
params:
- name: IMAGE
Expand All @@ -219,14 +203,18 @@ spec:
value: $(params.image-expires-after)
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit)
- name: SOURCE_ARTIFACT
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
- name: CACHI2_ARTIFACT
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
runAfter:
- prefetch-dependencies
taskRef:
params:
- name: name
value: buildah
value: buildah-oci-ta
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.2@sha256:afd98cbfb2cad2c1d3885da1b5a55a3e4fd547ba54a040b8d0a801fcaf5169fb
value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-oci-ta:0.1@sha256:4f5c2eb7dfa89ca286b90ed858b9670324d9e025c07fffff57d6de92840f8f1f
- name: kind
value: task
resolver: bundles
Expand All @@ -235,21 +223,22 @@ spec:
operator: in
values:
- "true"
workspaces:
- name: source
workspace: workspace
- name: build-source-image
params:
- name: BINARY_IMAGE
value: $(params.output-image)
- name: SOURCE_ARTIFACT
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
- name: CACHI2_ARTIFACT
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
runAfter:
- build-container
taskRef:
params:
- name: name
value: source-build
value: source-build-oci-ta
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:929bf55a5e364c957a5f907a5516fb8f8893c389ae5985767de7311736eb904a
value: quay.io/redhat-appstudio-tekton-catalog/task-source-build-oci-ta:0.1@sha256:9ea6c027a7e025a9a18367b2608f69e824a388807ef8d9f33742a8f9ef387045
- name: kind
value: task
resolver: bundles
Expand All @@ -262,9 +251,6 @@ spec:
operator: in
values:
- "true"
workspaces:
- name: workspace
workspace: workspace
- name: deprecated-base-image-check
params:
- name: IMAGE_URL
Expand Down Expand Up @@ -315,9 +301,9 @@ spec:
taskRef:
params:
- name: name
value: sast-snyk-check
value: sast-snyk-check-oci-ta
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:7cca6199faa8e7ba2c51877753a6853e394f8895816a093088c028f687fa3c59
value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check-oci-ta:0.1@sha256:0b217311aceb2c379a4327002b18edce086ced3806576420a543f5e03a710077
- name: kind
value: task
resolver: bundles
Expand All @@ -326,14 +312,13 @@ spec:
operator: in
values:
- "false"
workspaces:
- name: workspace
workspace: workspace
params:
- name: image-digest
value: $(tasks.build-container.results.IMAGE_DIGEST)
- name: image-url
value: $(tasks.build-container.results.IMAGE_URL)
- name: SOURCE_ARTIFACT
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
- name: clamav-scan
params:
- name: image-digest
Expand Down Expand Up @@ -382,34 +367,17 @@ spec:
runAfter:
- prefetch-dependencies
taskRef:
params:
- name: name
value: go-unit-test
- name: bundle
value: quay.io/securesign/trillian-unit-test@sha256:56557b0303473a81a9326c3f64575941879bd1dc2c15360c7a3cee9eb7ad25ad
- name: kind
value: task
resolver: bundles
workspaces:
- name: source
workspace: workspace
name: go-unit-test
params:
- name: SOURCE_ARTIFACT
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
- name: CACHI2_ARTIFACT
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
workspaces:
- name: workspace
- name: git-auth
optional: true
taskRunTemplate: {}
workspaces:
- name: workspace
volumeClaimTemplate:
metadata:
creationTimestamp: null
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
status: {}
- name: git-auth
secret:
secretName: '{{ git_auth_secret }}'
Expand Down
Loading