Skip to content

Commit

Permalink
Merge pull request #635 from RedHatInsights/appstudio-insights-behavi…
Browse files Browse the repository at this point in the history 
…oral-spec

Red Hat Konflux update insights-behavioral-spec
  • Loading branch information
@github-actions
github-actions[bot] authored Oct 11, 2024
2 parents 177b7da + 98b0f74 commit 5fd57aa
Show file tree
Hide file tree
Showing 2 changed files with 124 additions and 106 deletions.
115 changes: 62 additions & 53 deletions .tekton/insights-behavioral-spec-pull-request.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,11 +31,16 @@ spec:
- name: path-context
value: .
pipelineSpec:
description: |
This pipeline is ideal for building container images from a Containerfile while reducing network traffic.
_Uses `buildah` to create a container image. It also optionally creates a source image and runs some build-time tests. EC will flag a violation for [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) if any tasks are added to the pipeline.
This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build?tab=tags)_
finally:
- name: show-sbom
params:
- name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL)
value: $(tasks.build-image-index.results.IMAGE_URL)
taskRef:
params:
- name: name
Expand All @@ -54,7 +59,7 @@ spec:
- name: image-url
value: $(params.output-image)
- name: build-task-status
value: $(tasks.build-container.status)
value: $(tasks.build-image-index.status)
taskRef:
params:
- name: name
Expand Down Expand Up @@ -104,10 +109,6 @@ spec:
description: Build dependencies to be prefetched by Cachi2
name: prefetch-input
type: string
- default: "false"
description: Java build
name: java
type: string
- default: ""
description: Image tag expiration time, time values could be something like
1h, 2d, 3w for hours, days, and weeks, respectively.
Expand All @@ -116,6 +117,10 @@ spec:
description: Build a source image.
name: build-source-image
type: string
- default: "false"
description: Add built image into an OCI image index
name: build-image-index
type: string
- default: []
description: Array of --build-arg values ("arg=value" strings) for buildah
name: build-args
Expand All @@ -127,19 +132,16 @@ spec:
results:
- description: ""
name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL)
value: $(tasks.build-image-index.results.IMAGE_URL)
- description: ""
name: IMAGE_DIGEST
value: $(tasks.build-container.results.IMAGE_DIGEST)
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
- description: ""
name: CHAINS-GIT_URL
value: $(tasks.clone-repository.results.url)
- description: ""
name: CHAINS-GIT_COMMIT
value: $(tasks.clone-repository.results.commit)
- description: ""
name: JAVA_COMMUNITY_DEPENDENCIES
value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES)
tasks:
- name: init
params:
Expand Down Expand Up @@ -252,12 +254,41 @@ spec:
workspaces:
- name: source
workspace: workspace
- name: build-image-index
params:
- name: IMAGE
value: $(params.output-image)
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit)
- name: IMAGE_EXPIRES_AFTER
value: $(params.image-expires-after)
- name: ALWAYS_BUILD_INDEX
value: $(params.build-image-index)
- name: IMAGES
value:
- $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)
runAfter:
- build-container
taskRef:
params:
- name: name
value: build-image-index
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:e4871851566d8b496966b37bcb8c5ce9748a52487f116373d96c6cd28ef684c6
- name: kind
value: task
resolver: bundles
when:
- input: $(tasks.init.results.build)
operator: in
values:
- "true"
- name: build-source-image
params:
- name: BINARY_IMAGE
value: $(params.output-image)
runAfter:
- build-container
- build-image-index
taskRef:
params:
- name: name
Expand All @@ -282,11 +313,11 @@ spec:
- name: deprecated-base-image-check
params:
- name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL)
value: $(tasks.build-image-index.results.IMAGE_URL)
- name: IMAGE_DIGEST
value: $(tasks.build-container.results.IMAGE_DIGEST)
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
runAfter:
- build-container
- build-image-index
taskRef:
params:
- name: name
Expand All @@ -304,11 +335,11 @@ spec:
- name: clair-scan
params:
- name: image-digest
value: $(tasks.build-container.results.IMAGE_DIGEST)
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
- name: image-url
value: $(tasks.build-container.results.IMAGE_URL)
value: $(tasks.build-image-index.results.IMAGE_URL)
runAfter:
- build-container
- build-image-index
taskRef:
params:
- name: name
Expand All @@ -326,9 +357,9 @@ spec:
- name: ecosystem-cert-preflight-checks
params:
- name: image-url
value: $(tasks.build-container.results.IMAGE_URL)
value: $(tasks.build-image-index.results.IMAGE_URL)
runAfter:
- build-container
- build-image-index
taskRef:
params:
- name: name
Expand All @@ -346,11 +377,11 @@ spec:
- name: sast-snyk-check
params:
- name: image-digest
value: $(tasks.build-container.results.IMAGE_DIGEST)
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
- name: image-url
value: $(tasks.build-container.results.IMAGE_URL)
value: $(tasks.build-image-index.results.IMAGE_URL)
runAfter:
- build-container
- build-image-index
taskRef:
params:
- name: name
Expand All @@ -371,11 +402,11 @@ spec:
- name: clamav-scan
params:
- name: image-digest
value: $(tasks.build-container.results.IMAGE_DIGEST)
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
- name: image-url
value: $(tasks.build-container.results.IMAGE_URL)
value: $(tasks.build-image-index.results.IMAGE_URL)
runAfter:
- build-container
- build-image-index
taskRef:
params:
- name: name
Expand All @@ -390,34 +421,12 @@ spec:
operator: in
values:
- "false"
- name: sbom-json-check
params:
- name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL)
- name: IMAGE_DIGEST
value: $(tasks.build-container.results.IMAGE_DIGEST)
runAfter:
- build-container
taskRef:
params:
- name: name
value: sbom-json-check
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.2@sha256:468b5615993bb6d75df3d66180df5eb8728bbef59efe509eb5ac89b7ac582f16
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
- name: apply-tags
params:
- name: IMAGE
value: $(tasks.build-container.results.IMAGE_URL)
value: $(tasks.build-image-index.results.IMAGE_URL)
runAfter:
- build-container
- build-image-index
taskRef:
params:
- name: name
Expand All @@ -430,15 +439,15 @@ spec:
- name: push-dockerfile
params:
- name: IMAGE
value: $(tasks.build-container.results.IMAGE_URL)
value: $(tasks.build-image-index.results.IMAGE_URL)
- name: IMAGE_DIGEST
value: $(tasks.build-container.results.IMAGE_DIGEST)
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
- name: DOCKERFILE
value: $(params.dockerfile)
- name: CONTEXT
value: $(params.path-context)
runAfter:
- build-container
- build-image-index
taskRef:
params:
- name: name
Expand Down
Loading

0 comments on commit 5fd57aa

Please sign in to comment.