From c2fbf41d82ee777ad77b89e645a018b6333396e6 Mon Sep 17 00:00:00 2001 From: sg Date: Fri, 25 Oct 2024 11:30:48 +0100 Subject: [PATCH] example workflow for scorecard --- .../scorecard-project/kustomization.yaml | 11 +++++++++ .../scorecard-project/pipelinerun.yaml | 24 +++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 examples/pipelines/scorecard-project/kustomization.yaml create mode 100644 examples/pipelines/scorecard-project/pipelinerun.yaml diff --git a/examples/pipelines/scorecard-project/kustomization.yaml b/examples/pipelines/scorecard-project/kustomization.yaml new file mode 100644 index 000000000..2eec09d58 --- /dev/null +++ b/examples/pipelines/scorecard-project/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +nameSuffix: -scorecard-project +components: + - pkg:helm/smithy-security-oss-components/base + - pkg:helm/smithy-security-oss-components/producer-ossf-scorecard + - pkg:helm/smithy-security-oss-components/producer-aggregator + - pkg:helm/smithy-security-oss-components/enricher-custom-annotation + - pkg:helm/smithy-security-oss-components/enricher-aggregator + - pkg:helm/smithy-security-oss-components/consumer-stdout-json diff --git a/examples/pipelines/scorecard-project/pipelinerun.yaml b/examples/pipelines/scorecard-project/pipelinerun.yaml new file mode 100644 index 000000000..5a80477bf --- /dev/null +++ b/examples/pipelines/scorecard-project/pipelinerun.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + generateName: smithy-scorecard-project- +spec: + pipelineRef: + name: smithy-scorecard-project + params: + - name: producer-ossf-scorecard-input-repo + value: https://github.com/smithy-security/smithy + - name: producer-ossf-scorecard-github-auth-token + value: $github-auth-token-permissions-to-read-repos + - name: enricher-custom-annotation-base-annotation + value: '{"foo":"bar","a":"b","1":"2"}' + workspaces: + - name: output + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi