Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

gitops-pull-request: allow ignoring missing config #1223

Merged
merged 1 commit into from
Jul 31, 2024
Merged

gitops-pull-request: allow ignoring missing config #1223

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion pipelines/gitops-pull-request-rhtap/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
|ec-rekor-host| The Rekor host that EC should use to look up transparency logs| http://rekor-server.rhtap.svc| verify-enteprise-contract:0.1:REKOR_HOST ; download-sboms:0.1:REKOR_HOST|
|ec-strict| Should EC violations cause the pipeline to fail?| true| verify-enteprise-contract:0.1:STRICT|
|ec-tuf-mirror| The TUF mirror that EC should use| http://tuf.rhtap.svc| verify-enteprise-contract:0.1:TUF_MIRROR ; download-sboms:0.1:TUF_MIRROR|
|fail-if-trustification-not-configured| Should the pipeline fail when there are SBOMs to upload but Trustification is not properly configured (i.e. the secret is missing or doesn't have all the required keys)?| true| upload-sboms-to-trustification:0.1:FAIL_IF_TRUSTIFICATION_NOT_CONFIGURED|
|git-url| Gitops repo url| None| clone-repository:0.1:url|
|revision| Gitops repo revision| | clone-repository:0.1:revision|
|target-branch| The target branch for the pull request| main| get-images-to-verify:0.1:TARGET_BRANCH ; get-images-to-upload-sbom:0.1:TARGET_BRANCH|
Expand Down Expand Up @@ -57,7 +58,7 @@
### upload-sbom-to-trustification:0.1 task parameters
|name|description|default value|already set by|
|---|---|---|---|
|FAIL_IF_TRUSTIFICATION_NOT_CONFIGURED| Should the task fail if the Secret does not contain the required keys? (Set "true" to fail, "false" to skip uploading and exit with success).| true| |
|FAIL_IF_TRUSTIFICATION_NOT_CONFIGURED| Should the task fail if the Secret does not contain the required keys? (Set "true" to fail, "false" to skip uploading and exit with success).| true| '$(params.fail-if-trustification-not-configured)'|
|HTTP_RETRIES| Maximum number of retries for transient HTTP(S) errors| 3| |
|SBOMS_DIR| Directory containing SBOM files. The task will search for CycloneDX JSON SBOMs recursively in this directory and upload them all to Trustification. The path is relative to the 'sboms' workspace.| .| 'sboms'|
|TRUSTIFICATION_SECRET_NAME| Name of the Secret containing auth and configuration| trustification-secret| '$(params.trustification-secret-name)'|
Expand Down
8 changes: 8 additions & 0 deletions pipelines/gitops-pull-request-rhtap/gitops-pull-request.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,12 @@ spec:
name: trustification-secret-name
type: string
default: tpa-secret
- description: >-
Should the pipeline fail when there are SBOMs to upload but Trustification is not properly
configured (i.e. the secret is missing or doesn't have all the required keys)?
name: fail-if-trustification-not-configured
type: string
default: "true"
tasks:
- name: clone-repository
params:
Expand Down Expand Up @@ -148,6 +154,8 @@ spec:
value: sboms
- name: TRUSTIFICATION_SECRET_NAME
value: $(params.trustification-secret-name)
- name: FAIL_IF_TRUSTIFICATION_NOT_CONFIGURED
value: $(params.fail-if-trustification-not-configured)
workspaces:
- name: sboms
workspace: workspace
Expand Down
Loading