Created
May 22, 2023 11:12
-
-
Save chmouel/8e4db2f397aacf7b86d8a920c11e138e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: v1 | |
kind: Secret | |
metadata: | |
annotations: | |
pipelinesascode.tekton.dev/sha: 0aa87a87791bca86efc57676fbc5453948ae668d | |
pipelinesascode.tekton.dev/url: https://github.com/pdaverh/nodejs-rhtap-sandbox | |
pipelinesascode.tekton.dev/url-org: pdaverh | |
pipelinesascode.tekton.dev/url-repository: nodejs-rhtap-sandbox | |
creationTimestamp: null | |
labels: | |
app.kubernetes.io/managed-by: pipelinesascode.tekton.dev | |
pipelinesascode.tekton.dev/url-org: pdaverh | |
pipelinesascode.tekton.dev/url-repository: nodejs-rhtap-sandbox | |
name: pac-gitauth-mdiq | |
stringData: | |
.git-credentials: https://git:foobarfoobar@github.com/pdaverh/nodejs-rhtap-sandbox | |
.gitconfig: "\n\t[credential \"https://github.com/pdaverh/nodejs-rhtap-sandbox\"]\n\thelper=store\n\t" | |
git-provider-token: foobarfoobar | |
--- | |
apiVersion: tekton.dev/v1 | |
kind: PipelineRun | |
metadata: | |
annotations: | |
build.appstudio.redhat.com/commit_sha: 0aa87a87791bca86efc57676fbc5453948ae668d | |
build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' | |
build.appstudio.redhat.com/target_branch: '{{target_branch}}' | |
pipelinesascode.tekton.dev/max-keep-runs: "3" | |
pipelinesascode.tekton.dev/on-event: '[pull_request]' | |
pipelinesascode.tekton.dev/on-target-branch: '[main]' | |
pipelinesascode.tekton.dev/original-prname: nodejs-rhtap-example-iez8-on-pull-request | |
generateName: nodejs-rhtap-example-iez8-on-pull-request- | |
labels: | |
appstudio.openshift.io/application: my-quarkus-app | |
appstudio.openshift.io/component: nodejs-rhtap-example-iez8 | |
pipelines.appstudio.openshift.io/type: build | |
pipelinesascode.tekton.dev/original-prname: nodejs-rhtap-example-iez8-on-pull-request | |
spec: | |
params: | |
- name: dockerfile | |
value: Dockerfile | |
- name: git-url | |
value: https://github.com/pdaverh/nodejs-rhtap-sandbox | |
- name: output-image | |
value: quay.io/repository/pdave/nodejs-rhtap-sandbox:on-pr-0aa87a87791bca86efc57676fbc5453948ae668d | |
- name: path-context | |
value: . | |
- name: revision | |
value: 0aa87a87791bca86efc57676fbc5453948ae668d | |
pipelineSpec: | |
finally: | |
- name: show-sbom | |
params: | |
- name: IMAGE_URL | |
value: $(tasks.build-container.results.IMAGE_URL) | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:050bab50254e0377c68d63b6b679decfc655e30cad9ce4b0407fc8468852008d | |
- name: name | |
value: show-sbom | |
- name: kind | |
value: Task | |
resolver: bundles | |
- name: show-summary | |
params: | |
- name: pipelinerun-name | |
value: $(context.pipelineRun.name) | |
- name: git-url | |
value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) | |
- name: image-url | |
value: $(params.output-image) | |
- name: build-task-status | |
value: $(tasks.build-container.status) | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:9e21e57456c026c15765db23b986e47fc1394fa5d4823d3038b697971dd1a2bd | |
- name: name | |
value: summary | |
- name: kind | |
value: Task | |
resolver: bundles | |
params: | |
- description: Source Repository URL | |
name: git-url | |
type: string | |
- default: "" | |
description: Revision of the Source Repository | |
name: revision | |
type: string | |
- description: Fully Qualified Output Image | |
name: output-image | |
type: string | |
- default: . | |
description: The path to your source code | |
name: path-context | |
type: string | |
- default: Dockerfile | |
description: Path to the Dockerfile | |
name: dockerfile | |
type: string | |
- default: "false" | |
description: Force rebuild image | |
name: rebuild | |
type: string | |
- default: "false" | |
description: Skip checks against built image | |
name: skip-checks | |
type: string | |
- default: "false" | |
description: Execute the build with network isolation | |
name: hermetic | |
type: string | |
- default: "" | |
description: Build dependencies to be prefetched by Cachi2 | |
name: prefetch-input | |
type: string | |
- default: "false" | |
description: Java build | |
name: java | |
type: string | |
- default: "" | |
description: Snyk Token Secret Name | |
name: snyk-secret | |
type: string | |
results: | |
- description: "" | |
name: IMAGE_URL | |
value: $(tasks.build-container.results.IMAGE_URL) | |
- description: "" | |
name: IMAGE_DIGEST | |
value: $(tasks.build-container.results.IMAGE_DIGEST) | |
- description: "" | |
name: CHAINS-GIT_URL | |
value: $(tasks.clone-repository.results.url) | |
- description: "" | |
name: CHAINS-GIT_COMMIT | |
value: $(tasks.clone-repository.results.commit) | |
- description: "" | |
name: JAVA_COMMUNITY_DEPENDENCIES | |
value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) | |
tasks: | |
- name: init | |
params: | |
- name: image-url | |
value: $(params.output-image) | |
- name: rebuild | |
value: $(params.rebuild) | |
- name: skip-checks | |
value: $(params.skip-checks) | |
- name: pipelinerun-name | |
value: $(context.pipelineRun.name) | |
- name: pipelinerun-uid | |
value: $(context.pipelineRun.uid) | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:8c06b307b7f74622503b80ff0b81ffda63129959f52f8ed8f753d8ab98f38411 | |
- name: name | |
value: init | |
- name: kind | |
value: Task | |
resolver: bundles | |
- name: clone-repository | |
params: | |
- name: url | |
value: $(params.git-url) | |
- name: revision | |
value: $(params.revision) | |
runAfter: | |
- init | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:458f4853a01c3273bd76076ac1b015d5f901e70fb4b776f788b577adb25bf5f8 | |
- name: name | |
value: git-clone | |
- name: kind | |
value: Task | |
resolver: bundles | |
when: | |
- input: $(tasks.init.results.build) | |
operator: in | |
values: | |
- "true" | |
workspaces: | |
- name: output | |
workspace: workspace | |
- name: basic-auth | |
workspace: git-auth | |
- name: prefetch-dependencies | |
params: | |
- name: input | |
value: $(params.prefetch-input) | |
runAfter: | |
- clone-repository | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:99f1b1e382ce23efe0017bd60584104bc1e23195c1fed6c37e92863600964d58 | |
- name: name | |
value: prefetch-dependencies | |
- name: kind | |
value: Task | |
resolver: bundles | |
when: | |
- input: $(params.hermetic) | |
operator: in | |
values: | |
- "true" | |
workspaces: | |
- name: source | |
workspace: workspace | |
- name: build-container | |
params: | |
- name: IMAGE | |
value: $(params.output-image) | |
- name: DOCKERFILE | |
value: $(params.dockerfile) | |
- name: CONTEXT | |
value: $(params.path-context) | |
- name: DOCKER_AUTH | |
value: $(tasks.init.results.container-registry-secret) | |
- name: HERMETIC | |
value: $(params.hermetic) | |
- name: PREFETCH_INPUT | |
value: $(params.prefetch-input) | |
runAfter: | |
- prefetch-dependencies | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:e5db4074db556616219bab54aa1af1d45d63e4e97fbc26699d1214553655ce8d | |
- name: name | |
value: buildah | |
- name: kind | |
value: Task | |
resolver: bundles | |
when: | |
- input: $(tasks.init.results.build) | |
operator: in | |
values: | |
- "true" | |
workspaces: | |
- name: source | |
workspace: workspace | |
- name: inspect-image | |
params: | |
- name: IMAGE_URL | |
value: $(tasks.build-container.results.IMAGE_URL) | |
- name: IMAGE_DIGEST | |
value: $(tasks.build-container.results.IMAGE_DIGEST) | |
- name: DOCKER_AUTH | |
value: $(tasks.init.results.container-registry-secret) | |
runAfter: | |
- build-container | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:5531128863a2ac4129680d8bc5ed8ea20960c6f3a3731a561feb47afb7db8fcb | |
- name: name | |
value: inspect-image | |
- name: kind | |
value: Task | |
resolver: bundles | |
when: | |
- input: $(params.skip-checks) | |
operator: in | |
values: | |
- "false" | |
workspaces: | |
- name: source | |
workspace: workspace | |
- name: label-check | |
runAfter: | |
- inspect-image | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:2cabc7f183c5f089b827a5ac2450fef80be325480fbd2fb322ddb1e0feeb5f7d | |
- name: name | |
value: label-check | |
- name: kind | |
value: Task | |
resolver: bundles | |
when: | |
- input: $(params.skip-checks) | |
operator: in | |
values: | |
- "false" | |
workspaces: | |
- name: workspace | |
workspace: workspace | |
- name: optional-label-check | |
params: | |
- name: POLICY_NAMESPACE | |
value: optional_checks | |
runAfter: | |
- inspect-image | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:2cabc7f183c5f089b827a5ac2450fef80be325480fbd2fb322ddb1e0feeb5f7d | |
- name: name | |
value: label-check | |
- name: kind | |
value: Task | |
resolver: bundles | |
when: | |
- input: $(params.skip-checks) | |
operator: in | |
values: | |
- "false" | |
workspaces: | |
- name: workspace | |
workspace: workspace | |
- name: deprecated-base-image-check | |
params: | |
- name: BASE_IMAGES_DIGESTS | |
value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.2@sha256:bf1a1cad85bb896e920f0f7ff5dda2f885b76f2617934f72e7954565cd50df49 | |
- name: name | |
value: deprecated-image-check | |
- name: kind | |
value: Task | |
resolver: bundles | |
when: | |
- input: $(params.skip-checks) | |
operator: in | |
values: | |
- "false" | |
workspaces: | |
- name: test-ws | |
workspace: workspace | |
- name: clair-scan | |
params: | |
- name: image-digest | |
value: $(tasks.build-container.results.IMAGE_DIGEST) | |
- name: image-url | |
value: $(tasks.build-container.results.IMAGE_URL) | |
- name: docker-auth | |
value: $(tasks.init.results.container-registry-secret) | |
runAfter: | |
- build-container | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:1b4951e91fdfb3188d459d0abac411a6364da5cb135e81fb4a84bbd782bb545d | |
- name: name | |
value: clair-scan | |
- name: kind | |
value: Task | |
resolver: bundles | |
when: | |
- input: $(params.skip-checks) | |
operator: in | |
values: | |
- "false" | |
- name: sast-snyk-check | |
params: | |
- name: SNYK_SECRET | |
value: $(params.snyk-secret) | |
runAfter: | |
- clone-repository | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:58f288a86ae7e1a2fff416d11720521effcf8e9b410355080a2b8a9bb8ae587c | |
- name: name | |
value: sast-snyk-check | |
- name: kind | |
value: Task | |
resolver: bundles | |
when: | |
- input: $(params.skip-checks) | |
operator: in | |
values: | |
- "false" | |
- input: $(params.snyk-secret) | |
operator: notin | |
values: | |
- "" | |
workspaces: | |
- name: workspace | |
workspace: workspace | |
- name: clamav-scan | |
params: | |
- name: image-digest | |
value: $(tasks.build-container.results.IMAGE_DIGEST) | |
- name: image-url | |
value: $(tasks.build-container.results.IMAGE_URL) | |
- name: docker-auth | |
value: $(tasks.init.results.container-registry-secret) | |
runAfter: | |
- build-container | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:2c8dbe8aa7c0fa126a9c84e7590c4e901bcfeec6dde4ccbffda4c493cefb43ed | |
- name: name | |
value: clamav-scan | |
- name: kind | |
value: Task | |
resolver: bundles | |
when: | |
- input: $(params.skip-checks) | |
operator: in | |
values: | |
- "false" | |
- name: sbom-json-check | |
params: | |
- name: IMAGE_URL | |
value: $(tasks.build-container.results.IMAGE_URL) | |
- name: IMAGE_DIGEST | |
value: $(tasks.build-container.results.IMAGE_DIGEST) | |
runAfter: | |
- build-container | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:9a232f343d6397bfaf9620b6e63ce6943e256ad30da93cf8e9de3ca63ada7717 | |
- name: name | |
value: sbom-json-check | |
- name: kind | |
value: Task | |
resolver: bundles | |
when: | |
- input: $(params.skip-checks) | |
operator: in | |
values: | |
- "false" | |
workspaces: | |
- name: workspace | |
- name: git-auth | |
optional: true | |
workspaces: | |
- name: workspace | |
volumeClaimTemplate: | |
metadata: | |
spec: | |
accessModes: | |
- ReadWriteOnce | |
resources: | |
requests: | |
storage: 1Gi | |
- name: git-auth | |
secret: | |
secretName: pac-gitauth-mdiq | |
--- | |
apiVersion: tekton.dev/v1 | |
kind: PipelineRun | |
metadata: | |
annotations: | |
build.appstudio.redhat.com/commit_sha: 0aa87a87791bca86efc57676fbc5453948ae668d | |
build.appstudio.redhat.com/target_branch: '{{target_branch}}' | |
pipelinesascode.tekton.dev/max-keep-runs: "3" | |
pipelinesascode.tekton.dev/on-event: '[push]' | |
pipelinesascode.tekton.dev/on-target-branch: '[main]' | |
pipelinesascode.tekton.dev/original-prname: nodejs-rhtap-example-iez8-on-push | |
generateName: nodejs-rhtap-example-iez8-on-push- | |
labels: | |
appstudio.openshift.io/application: my-quarkus-app | |
appstudio.openshift.io/component: nodejs-rhtap-example-iez8 | |
pipelines.appstudio.openshift.io/type: build | |
pipelinesascode.tekton.dev/original-prname: nodejs-rhtap-example-iez8-on-push | |
spec: | |
params: | |
- name: dockerfile | |
value: Dockerfile | |
- name: git-url | |
value: https://github.com/pdaverh/nodejs-rhtap-sandbox | |
- name: output-image | |
value: quay.io/redhat-user-workloads/pdave-tenant/my-quarkus-app/nodejs-rhtap-example-iez8:0aa87a87791bca86efc57676fbc5453948ae668d | |
- name: path-context | |
value: . | |
- name: revision | |
value: 0aa87a87791bca86efc57676fbc5453948ae668d | |
pipelineSpec: | |
finally: | |
- name: show-sbom | |
params: | |
- name: IMAGE_URL | |
value: $(tasks.build-container.results.IMAGE_URL) | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:050bab50254e0377c68d63b6b679decfc655e30cad9ce4b0407fc8468852008d | |
- name: name | |
value: show-sbom | |
- name: kind | |
value: Task | |
resolver: bundles | |
- name: show-summary | |
params: | |
- name: pipelinerun-name | |
value: $(context.pipelineRun.name) | |
- name: git-url | |
value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) | |
- name: image-url | |
value: $(params.output-image) | |
- name: build-task-status | |
value: $(tasks.build-container.status) | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:9e21e57456c026c15765db23b986e47fc1394fa5d4823d3038b697971dd1a2bd | |
- name: name | |
value: summary | |
- name: kind | |
value: Task | |
resolver: bundles | |
params: | |
- description: Source Repository URL | |
name: git-url | |
type: string | |
- default: "" | |
description: Revision of the Source Repository | |
name: revision | |
type: string | |
- description: Fully Qualified Output Image | |
name: output-image | |
type: string | |
- default: . | |
description: The path to your source code | |
name: path-context | |
type: string | |
- default: Dockerfile | |
description: Path to the Dockerfile | |
name: dockerfile | |
type: string | |
- default: "false" | |
description: Force rebuild image | |
name: rebuild | |
type: string | |
- default: "false" | |
description: Skip checks against built image | |
name: skip-checks | |
type: string | |
- default: "false" | |
description: Execute the build with network isolation | |
name: hermetic | |
type: string | |
- default: "" | |
description: Build dependencies to be prefetched by Cachi2 | |
name: prefetch-input | |
type: string | |
- default: "false" | |
description: Java build | |
name: java | |
type: string | |
- default: "" | |
description: Snyk Token Secret Name | |
name: snyk-secret | |
type: string | |
results: | |
- description: "" | |
name: IMAGE_URL | |
value: $(tasks.build-container.results.IMAGE_URL) | |
- description: "" | |
name: IMAGE_DIGEST | |
value: $(tasks.build-container.results.IMAGE_DIGEST) | |
- description: "" | |
name: CHAINS-GIT_URL | |
value: $(tasks.clone-repository.results.url) | |
- description: "" | |
name: CHAINS-GIT_COMMIT | |
value: $(tasks.clone-repository.results.commit) | |
- description: "" | |
name: JAVA_COMMUNITY_DEPENDENCIES | |
value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) | |
tasks: | |
- name: init | |
params: | |
- name: image-url | |
value: $(params.output-image) | |
- name: rebuild | |
value: $(params.rebuild) | |
- name: skip-checks | |
value: $(params.skip-checks) | |
- name: pipelinerun-name | |
value: $(context.pipelineRun.name) | |
- name: pipelinerun-uid | |
value: $(context.pipelineRun.uid) | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:8c06b307b7f74622503b80ff0b81ffda63129959f52f8ed8f753d8ab98f38411 | |
- name: name | |
value: init | |
- name: kind | |
value: Task | |
resolver: bundles | |
- name: clone-repository | |
params: | |
- name: url | |
value: $(params.git-url) | |
- name: revision | |
value: $(params.revision) | |
runAfter: | |
- init | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:458f4853a01c3273bd76076ac1b015d5f901e70fb4b776f788b577adb25bf5f8 | |
- name: name | |
value: git-clone | |
- name: kind | |
value: Task | |
resolver: bundles | |
when: | |
- input: $(tasks.init.results.build) | |
operator: in | |
values: | |
- "true" | |
workspaces: | |
- name: output | |
workspace: workspace | |
- name: basic-auth | |
workspace: git-auth | |
- name: prefetch-dependencies | |
params: | |
- name: input | |
value: $(params.prefetch-input) | |
runAfter: | |
- clone-repository | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:99f1b1e382ce23efe0017bd60584104bc1e23195c1fed6c37e92863600964d58 | |
- name: name | |
value: prefetch-dependencies | |
- name: kind | |
value: Task | |
resolver: bundles | |
when: | |
- input: $(params.hermetic) | |
operator: in | |
values: | |
- "true" | |
workspaces: | |
- name: source | |
workspace: workspace | |
- name: build-container | |
params: | |
- name: IMAGE | |
value: $(params.output-image) | |
- name: DOCKERFILE | |
value: $(params.dockerfile) | |
- name: CONTEXT | |
value: $(params.path-context) | |
- name: DOCKER_AUTH | |
value: $(tasks.init.results.container-registry-secret) | |
- name: HERMETIC | |
value: $(params.hermetic) | |
- name: PREFETCH_INPUT | |
value: $(params.prefetch-input) | |
runAfter: | |
- prefetch-dependencies | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:e5db4074db556616219bab54aa1af1d45d63e4e97fbc26699d1214553655ce8d | |
- name: name | |
value: buildah | |
- name: kind | |
value: Task | |
resolver: bundles | |
when: | |
- input: $(tasks.init.results.build) | |
operator: in | |
values: | |
- "true" | |
workspaces: | |
- name: source | |
workspace: workspace | |
- name: inspect-image | |
params: | |
- name: IMAGE_URL | |
value: $(tasks.build-container.results.IMAGE_URL) | |
- name: IMAGE_DIGEST | |
value: $(tasks.build-container.results.IMAGE_DIGEST) | |
- name: DOCKER_AUTH | |
value: $(tasks.init.results.container-registry-secret) | |
runAfter: | |
- build-container | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:5531128863a2ac4129680d8bc5ed8ea20960c6f3a3731a561feb47afb7db8fcb | |
- name: name | |
value: inspect-image | |
- name: kind | |
value: Task | |
resolver: bundles | |
when: | |
- input: $(params.skip-checks) | |
operator: in | |
values: | |
- "false" | |
workspaces: | |
- name: source | |
workspace: workspace | |
- name: label-check | |
runAfter: | |
- inspect-image | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:2cabc7f183c5f089b827a5ac2450fef80be325480fbd2fb322ddb1e0feeb5f7d | |
- name: name | |
value: label-check | |
- name: kind | |
value: Task | |
resolver: bundles | |
when: | |
- input: $(params.skip-checks) | |
operator: in | |
values: | |
- "false" | |
workspaces: | |
- name: workspace | |
workspace: workspace | |
- name: optional-label-check | |
params: | |
- name: POLICY_NAMESPACE | |
value: optional_checks | |
runAfter: | |
- inspect-image | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-label-check:0.1@sha256:2cabc7f183c5f089b827a5ac2450fef80be325480fbd2fb322ddb1e0feeb5f7d | |
- name: name | |
value: label-check | |
- name: kind | |
value: Task | |
resolver: bundles | |
when: | |
- input: $(params.skip-checks) | |
operator: in | |
values: | |
- "false" | |
workspaces: | |
- name: workspace | |
workspace: workspace | |
- name: deprecated-base-image-check | |
params: | |
- name: BASE_IMAGES_DIGESTS | |
value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.2@sha256:bf1a1cad85bb896e920f0f7ff5dda2f885b76f2617934f72e7954565cd50df49 | |
- name: name | |
value: deprecated-image-check | |
- name: kind | |
value: Task | |
resolver: bundles | |
when: | |
- input: $(params.skip-checks) | |
operator: in | |
values: | |
- "false" | |
workspaces: | |
- name: test-ws | |
workspace: workspace | |
- name: clair-scan | |
params: | |
- name: image-digest | |
value: $(tasks.build-container.results.IMAGE_DIGEST) | |
- name: image-url | |
value: $(tasks.build-container.results.IMAGE_URL) | |
- name: docker-auth | |
value: $(tasks.init.results.container-registry-secret) | |
runAfter: | |
- build-container | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:1b4951e91fdfb3188d459d0abac411a6364da5cb135e81fb4a84bbd782bb545d | |
- name: name | |
value: clair-scan | |
- name: kind | |
value: Task | |
resolver: bundles | |
when: | |
- input: $(params.skip-checks) | |
operator: in | |
values: | |
- "false" | |
- name: sast-snyk-check | |
params: | |
- name: SNYK_SECRET | |
value: $(params.snyk-secret) | |
runAfter: | |
- clone-repository | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:58f288a86ae7e1a2fff416d11720521effcf8e9b410355080a2b8a9bb8ae587c | |
- name: name | |
value: sast-snyk-check | |
- name: kind | |
value: Task | |
resolver: bundles | |
when: | |
- input: $(params.skip-checks) | |
operator: in | |
values: | |
- "false" | |
- input: $(params.snyk-secret) | |
operator: notin | |
values: | |
- "" | |
workspaces: | |
- name: workspace | |
workspace: workspace | |
- name: clamav-scan | |
params: | |
- name: image-digest | |
value: $(tasks.build-container.results.IMAGE_DIGEST) | |
- name: image-url | |
value: $(tasks.build-container.results.IMAGE_URL) | |
- name: docker-auth | |
value: $(tasks.init.results.container-registry-secret) | |
runAfter: | |
- build-container | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:2c8dbe8aa7c0fa126a9c84e7590c4e901bcfeec6dde4ccbffda4c493cefb43ed | |
- name: name | |
value: clamav-scan | |
- name: kind | |
value: Task | |
resolver: bundles | |
when: | |
- input: $(params.skip-checks) | |
operator: in | |
values: | |
- "false" | |
- name: sbom-json-check | |
params: | |
- name: IMAGE_URL | |
value: $(tasks.build-container.results.IMAGE_URL) | |
- name: IMAGE_DIGEST | |
value: $(tasks.build-container.results.IMAGE_DIGEST) | |
runAfter: | |
- build-container | |
taskRef: | |
params: | |
- name: bundle | |
value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:9a232f343d6397bfaf9620b6e63ce6943e256ad30da93cf8e9de3ca63ada7717 | |
- name: name | |
value: sbom-json-check | |
- name: kind | |
value: Task | |
resolver: bundles | |
when: | |
- input: $(params.skip-checks) | |
operator: in | |
values: | |
- "false" | |
workspaces: | |
- name: workspace | |
- name: git-auth | |
optional: true | |
workspaces: | |
- name: workspace | |
volumeClaimTemplate: | |
metadata: | |
spec: | |
accessModes: | |
- ReadWriteOnce | |
resources: | |
requests: | |
storage: 1Gi | |
- name: git-auth | |
secret: | |
secretName: pac-gitauth-mdiq | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment