Skip to content

Commit

Permalink
Merge pull request #93 from konflux-ci/appstudio-gatekeeper-fbc-v413
Browse files Browse the repository at this point in the history 
Red Hat Konflux update gatekeeper-fbc-v413
  • Loading branch information
@arewm
arewm authored Dec 19, 2024
2 parents 87bf767 + 615db66 commit bed73ae
Show file tree
Hide file tree
Showing 2 changed files with 123 additions and 157 deletions.
142 changes: 62 additions & 80 deletions .tekton/gatekeeper-fbc-v413-pull-request.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,9 @@ metadata:
build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}'
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
pipelinesascode.tekton.dev/max-keep-runs: "3"
# when adding filter for directory use "directory/***".pathChanged()
# when adding filter for git submodule use "submodule".pathChanged()
pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
== "main" && ( "v4.13/***".pathChanged() || ".tekton/gatekeeper-fbc-v413-pull-request.yaml".pathChanged()
|| "Containerfile.catalog".pathChanged() )
)
creationTimestamp: null
labels:
appstudio.openshift.io/application: gatekeeper-fbc-v413
Expand All @@ -29,15 +27,19 @@ spec:
value: quay.io/redhat-user-workloads/konflux-samples-tenant/gatekeeper-fbc-v413/gatekeeper-fbc-v413:on-pr-{{revision}}
- name: image-expires-after
value: 5d
- name: build-platforms
value:
- linux/x86_64
- name: dockerfile
value: Containerfile.catalog
- name: path-context
value: v4.13
- name: build-platforms
value:
- linux/x86_64
- linux/arm64
pipelineSpec:
description: |
This pipeline is ideal for building and verifying [file-based catalogs](https://konflux-ci.dev/docs/advanced-how-tos/building-olm.adoc#building-the-file-based-catalog).
_Uses `buildah` to create a container image. Its build-time tests are limited to verifying the included catalog and do not scan the image.
This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-fbc-builder?tab=tags)_
finally:
- name: show-sbom
params:
Expand Down Expand Up @@ -101,9 +103,16 @@ spec:
description: Add built image into an OCI image index
name: build-image-index
type: string
- default: []
description: Array of --build-arg values ("arg=value" strings) for buildah
name: build-args
type: array
- default: ""
description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file
name: build-args-file
type: string
- default:
- linux/x86_64
- linux/arm64
description: List of platforms to build the container images on. The available
set of values is determined by the configuration of the multi-platform-controller.
name: build-platforms
Expand Down Expand Up @@ -135,7 +144,7 @@ spec:
- name: name
value: init
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:0523b51c28375a3f222da91690e22eff11888ebc98a0c73c468af44762265c69
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:60063fefe88e111d129cb59caff97c912722927c8a0f750253553d4c527a2396
- name: kind
value: task
resolver: bundles
Expand All @@ -156,7 +165,7 @@ spec:
- name: name
value: git-clone-oci-ta
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:4bf48d038ff12d25bdeb5ab3e98dc2271818056f454c83d7393ebbd413028147
value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:8ab0c7a7ac4a4c59740a24304e17cc64fe8745376d19396c4660fc0e1a957a1b
- name: kind
value: task
resolver: bundles
Expand All @@ -168,6 +177,32 @@ spec:
workspaces:
- name: basic-auth
workspace: git-auth
- name: prefetch-dependencies
params:
- name: input
value: $(params.prefetch-input)
- name: SOURCE_ARTIFACT
value: $(tasks.clone-repository.results.SOURCE_ARTIFACT)
- name: ociStorage
value: $(params.output-image).prefetch
- name: ociArtifactExpiresAfter
value: $(params.image-expires-after)
runAfter:
- clone-repository
taskRef:
params:
- name: name
value: prefetch-dependencies-oci-ta
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:3e51d7c477ba00bd0c7de2d8f89269131646d2582e631b9aee91fb4b022d4555
- name: kind
value: task
resolver: bundles
workspaces:
- name: git-basic-auth
workspace: git-auth
- name: netrc
workspace: netrc
- matrix:
params:
- name: PLATFORM
Expand All @@ -183,12 +218,21 @@ spec:
value: $(params.path-context)
- name: HERMETIC
value: $(params.hermetic)
- name: PREFETCH_INPUT
value: $(params.prefetch-input)
- name: IMAGE_EXPIRES_AFTER
value: $(params.image-expires-after)
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit)
- name: BUILD_ARGS
value:
- $(params.build-args[*])
- name: BUILD_ARGS_FILE
value: $(params.build-args-file)
- name: SOURCE_ARTIFACT
value: $(tasks.clone-repository.results.SOURCE_ARTIFACT)
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
- name: CACHI2_ARTIFACT
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
- name: IMAGE_APPEND_PLATFORM
value: "true"
runAfter:
Expand All @@ -198,7 +242,7 @@ spec:
- name: name
value: buildah-remote-oci-ta
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.2@sha256:d582f95f21735f44947c62c2976972dc062cba20e6a3694990bafd5827665bb7
value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.2@sha256:1f23a1a77a256fb5672d043a46a4a8b912cfe9b256502ae1a92dd9d4feb38440
- name: kind
value: task
resolver: bundles
Expand Down Expand Up @@ -227,7 +271,7 @@ spec:
- name: name
value: build-image-index
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:ebc17bb22481160eec6eb7277df1e48b90f599bebe563cd4f046807f4e32ced3
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:37328a4b2fc686435531ba423c26c2051822a4e70b06088c4d8eaf0e8fa6d65b
- name: kind
value: task
resolver: bundles
Expand All @@ -249,7 +293,7 @@ spec:
- name: name
value: deprecated-image-check
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:5a1a165fa02270f0a947d8a2131ee9d8be0b8e9d34123828c2bef589e504ee84
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:f8efb0b22692fad908a1a75f8d5c0b6ed3b0bcd2a9853577e7be275e5bac1bb8
- name: kind
value: task
resolver: bundles
Expand All @@ -269,11 +313,11 @@ spec:
- name: name
value: apply-tags
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:87fd7fc0e937aad1a8db9b6e377d7e444f53394dafde512d68adbea6966a4702
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:0767c115d4ba4854d106c9cdfabdc1f1298bc2742a3fea4fefbac4b9c5873d6e
- name: kind
value: task
resolver: bundles
- name: inspect-image
- name: validate-fbc
params:
- name: IMAGE_URL
value: $(tasks.build-image-index.results.IMAGE_URL)
Expand All @@ -284,9 +328,9 @@ spec:
taskRef:
params:
- name: name
value: inspect-image
value: validate-fbc
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-inspect-image:0.1@sha256:b4f8b61baf43ca503aae76078bb4cfe718ca21a5ab293d982978d6fd564bf1b6
value: quay.io/konflux-ci/tekton-catalog/task-validate-fbc:0.1@sha256:4348a28a109daeab3af9515120e6332eb3c2af2020b96a54afc2365b6c7703ed
- name: kind
value: task
resolver: bundles
Expand All @@ -295,75 +339,13 @@ spec:
operator: in
values:
- "false"
workspaces:
- name: source
workspace: workspace
- name: fbc-validate
params:
- name: IMAGE_URL
value: $(tasks.build-image-index.results.IMAGE_URL)
- name: IMAGE_DIGEST
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
- name: BASE_IMAGE
value: $(tasks.inspect-image.results.BASE_IMAGE)
runAfter:
- inspect-image
taskRef:
params:
- name: name
value: fbc-validation
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-fbc-validation:0.1@sha256:bf72968f8b36b92b4e8322f4208f20f07be1195be4551a7916d0b598c613ed4c
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
workspaces:
- name: workspace
workspace: workspace
- name: fbc-related-image-check
runAfter:
- fbc-validate
taskRef:
params:
- name: name
value: fbc-related-image-check
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-fbc-related-image-check:0.1@sha256:17dc33ef07a8f87d1a8a2f6d4f496123e0db5d29bbe7ff7956462dc5d95c3170
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
workspaces:
- name: workspace
workspace: workspace
workspaces:
- name: workspace
- name: git-auth
optional: true
- name: netrc
optional: true
taskRunTemplate: {}
workspaces:
- name: workspace
volumeClaimTemplate:
metadata:
creationTimestamp: null
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
status: {}
- name: git-auth
secret:
secretName: '{{ git_auth_secret }}'
Expand Down
Loading

0 comments on commit bed73ae

Please sign in to comment.