implement the push pipeline

Author: mabulgu

.tekton/ansible-chatbot-service-push.yaml

@@ -2,60 +2,32 @@ apiVersion: tekton.dev/v1
 kind: PipelineRun
 metadata:
   annotations:
-    build.appstudio.openshift.io/repo: https://github.com/openshift/lightspeed-service?rev={{revision}}
-    build.appstudio.redhat.com/commit_sha: "{{revision}}"
-    build.appstudio.redhat.com/target_branch: "{{target_branch}}"
+    build.appstudio.openshift.io/repo: https://github.com/ansible/ansible-chatbot-service?rev={{revision}}
+    build.appstudio.redhat.com/commit_sha: '{{revision}}'
+    build.appstudio.redhat.com/target_branch: '{{target_branch}}'
     pipelinesascode.tekton.dev/max-keep-runs: "3"
-    pipelinesascode.tekton.dev/on-cel-expression: "event == \"push\" && \ntarget_branch == \"main\"\n"
+    pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main"
     build.appstudio.openshift.io/build-nudge-files: |
       .*Dockerfile.*, bundle/manifests/lightspeed-operator.clusterserviceversion.yaml, config/default/kustomization.yaml, lightspeed-catalog-4.15/index.yaml, lightspeed-catalog-4.16/index.yaml
   creationTimestamp: null
   labels:
-    appstudio.openshift.io/application: ols
-    appstudio.openshift.io/component: lightspeed-service
+    appstudio.openshift.io/application: ansible-chatbot-service
+    appstudio.openshift.io/component: ansible-chatbot-service
     pipelines.appstudio.openshift.io/type: build
-  name: lightspeed-service-on-push
-  namespace: crt-nshift-lightspeed-tenant
+  name: ansible-chatbot-service-on-push
+  namespace: ansible-lightspeed-tenant
 spec:
   params:
     - name: dockerfile
       value: Containerfile
     - name: git-url
       value: "{{source_url}}"
     - name: output-image
-      value: quay.io/redhat-user-workloads/crt-nshift-lightspeed-tenant/ols/lightspeed-service:{{revision}}
+      value: quay.io/ansible/ansible-chatbot-service:{{revision}}
     - name: path-context
       value: .
     - name: revision
       value: "{{revision}}"
-    - name: build-source-image
-      value: "true"
-    - name: prefetch-input
-      value: '[{"type": "rpm", "path": "."}, {"type": "pip", "path": ".", "allow_binary": "true"}]'
-    - name: hermetic
-      value: "true"
-  taskRunSpecs:
-    - pipelineTaskName: build-source-image
-      computeResources:
-        requests:
-          cpu: '1'
-          memory: 1Gi
-        limits:
-          memory: 4Gi
-    - pipelineTaskName: clair-scan
-      computeResources:
-        requests:
-          cpu: '1'
-          memory: 1Gi
-        limits:
-          memory: 8Gi
-    - pipelineTaskName: ecosystem-cert-preflight-checks
-      computeResources:
-        requests:
-          cpu: '1'
-          memory: 1Gi
-        limits:
-          memory: 8Gi
   pipelineSpec:
     finally:
       - name: show-sbom
@@ -67,7 +39,7 @@ spec:
             - name: name
               value: show-sbom
             - name: bundle
-              value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:9bfc6b99ef038800fe131d7b45ff3cd4da3a415dd536f7c657b3527b01c4a13b
+              value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:8e0f8cad75e6f674d72a874385b69c4651afc0c9dcc59feffe0d85844687d852
             - name: kind
               value: task
           resolver: bundles
@@ -93,6 +65,44 @@ spec:
         workspaces:
           - name: workspace
             workspace: workspace
+      - name: slack-notification-when-failed
+        params:
+          - name: message
+            value: Konflux https://console.redhat.com/application-pipeline/workspaces/ansible-lightspeed/applications/ansible-chatbot-service/pipelineruns/$(context.pipelineRun.name) status=$(tasks.status)
+          - name: secret-name
+            value: slack-webhook-urls
+          - name: key-name
+            value: team-wisdom-eng
+        taskRef:
+          params:
+            - name: bundle
+              value: quay.io/redhat-appstudio-tekton-catalog/task-slack-webhook-notification:0.1
+            - name: name
+              value: slack-webhook-notification
+            - name: kind
+              value: Task
+          resolver: bundles
+        when:
+          - input: $(tasks.status)
+            operator: in
+            values: [ "Failed" ]
+      - name: slack-notification
+        params:
+          - name: message
+            value: Konflux https://console.redhat.com/application-pipeline/workspaces/ansible-lightspeed/applications/ansible-chatbot-service/pipelineruns/$(context.pipelineRun.name) status=$(tasks.status)
+          - name: secret-name
+            value: slack-webhook-urls
+          - name: key-name
+            value: wisdom-cicd-events
+        taskRef:
+          params:
+            - name: bundle
+              value: quay.io/redhat-appstudio-tekton-catalog/task-slack-webhook-notification:0.1
+            - name: name
+              value: slack-webhook-notification
+            - name: kind
+              value: Task
+          resolver: bundles
     params:
       - description: Source Repository URL
         name: git-url
@@ -139,10 +149,6 @@ spec:
         description: Build a source image.
         name: build-source-image
         type: string
-      - default: []
-        description: Array of --build-arg values ("arg=value" strings) for buildah
-        name: build-args
-        type: array
       - default: ""
         description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file
         name: build-args-file
@@ -177,7 +183,7 @@ spec:
             - name: name
               value: init
             - name: bundle
-              value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:092c113b614f6551113f17605ae9cb7e822aa704d07f0e37ed209da23ce392cc
+              value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:596b7c11572bb94eb67d9ffb4375068426e2a8249ff2792ce04ad2a4bc593a63
             - name: kind
               value: task
           resolver: bundles
@@ -194,7 +200,7 @@ spec:
             - name: name
               value: git-clone
             - name: bundle
-              value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:2cccdf8729ad4d5adf65e8b66464f8efa1e1c87ba16d343b4a6c621a2a40f7e1
+              value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:9e6c4db5a666ea0e1e747e03d63f46e5617a6b9852c26871f9d50891d778dfa2
             - name: kind
               value: task
           resolver: bundles
@@ -221,7 +227,7 @@ spec:
             - name: name
               value: prefetch-dependencies
             - name: bundle
-              value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:fe7234e3824d1e65d6a7aac352e7a6bbce623d90d8d7da9aceeee108ad2c61be
+              value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:eea8bd511343b4014dab46a77e7215510f7a63820937d1267c6dc428e10ffbe4
             - name: kind
               value: task
           resolver: bundles
@@ -230,6 +236,10 @@ spec:
             operator: notin
             values:
               - ""
+          - input: $(params.hermetic)
+            operator: in
+            values:
+              - "true"
         workspaces:
           - name: source
             workspace: workspace
@@ -251,19 +261,20 @@ spec:
             value: $(params.image-expires-after)
           - name: COMMIT_SHA
             value: $(tasks.clone-repository.results.commit)
-          - name: BUILD_ARGS
-            value:
-              - $(params.build-args[*])
           - name: BUILD_ARGS_FILE
-            value: build.args
+            value: $(params.build-args-file)
+          - name: TARGET_STAGE
+            value: production
+          - name: BUILD_ARGS
+            value: [ "IMAGE_TAGS=latest 1.0.$(tasks.git-metadata.results.commit-timestamp)", "GIT_COMMIT=$(tasks.clone-repository.results.commit)" ]
         runAfter:
           - prefetch-dependencies
         taskRef:
           params:
             - name: name
               value: buildah-10gb
             - name: bundle
-              value: quay.io/konflux-ci/tekton-catalog/task-buildah-10gb:0.2@sha256:fe86b7c7e746f0d0a5ee6791d29eae5569138a5d31df42fadebcb6a9d2722ccb
+              value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-10gb:0.2
             - name: kind
               value: task
           resolver: bundles
@@ -275,6 +286,42 @@ spec:
         workspaces:
           - name: source
             workspace: workspace
+      - name: apply-tags
+        params:
+          - name: IMAGE
+            value: $(tasks.build-container.results.IMAGE_URL)
+          - name: ADDITIONAL_TAGS
+            value: [ "latest", "1.0.$(tasks.git-metadata.results.commit-timestamp)" ]
+        runAfter:
+          - build-container
+        taskRef:
+          params:
+            - name: name
+              value: apply-tags
+            - name: bundle
+              value: quay.io/redhat-appstudio-tekton-catalog/task-apply-tags:0.1
+            - name: kind
+              value: task
+          resolver: bundles
+      - name: git-metadata
+        runAfter:
+          - clone-repository
+        workspaces:
+          - name: source
+            workspace: workspace
+        taskSpec:
+          workspaces:
+            - name: source
+          steps:
+            - name: get-commit-timestamp
+              image: alpine/git
+              script: |
+                #!/bin/sh
+                set -euo pipefail
+                cd "$(workspaces.source.path)/source"
+                echo -n $(date -d @$(git log -1 --format=%at) "+%Y%m%d%H%M") > $(results.commit-timestamp.path)
+          results:
+            - name: commit-timestamp
       - name: build-source-image
         params:
           - name: BINARY_IMAGE
@@ -286,7 +333,7 @@ spec:
             - name: name
               value: source-build
             - name: bundle
-              value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:21cb5ebaff7a9216903cf78933dc4ec4dd6283a52636b16590a5f52ceb278269
+              value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:14b91ad9124b722b44222685013faaf9af8ac5b66030d9abeb1c61da3c118cdd
             - name: kind
               value: task
           resolver: bundles
@@ -315,7 +362,7 @@ spec:
             - name: name
               value: deprecated-image-check
             - name: bundle
-              value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:b4f9599f5770ea2e6e4d031224ccc932164c1ecde7f85f68e16e99c98d754003
+              value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.4@sha256:1f17ef7ab9859d6e2215ef2ed532ebc15e516ba09226b8cae77907a7a8b7cedd
             - name: kind
               value: task
           resolver: bundles
@@ -337,7 +384,7 @@ spec:
             - name: name
               value: clair-scan
             - name: bundle
-              value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:28fee4bf5da87f2388c973d9336086749cad8436003f9a514e22ac99735e056b
+              value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:b8c51079ea1110e1095c229e184e3c340120ba211a63a200e836706f5a35361c
             - name: kind
               value: task
           resolver: bundles
@@ -357,7 +404,7 @@ spec:
             - name: name
               value: ecosystem-cert-preflight-checks
             - name: bundle
-              value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:5131cce0f93d0b728c7bcc0d6cee4c61d4c9f67c6d619c627e41e3c9775b497d
+              value: quay.io/redhat-appstudio-tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:fc2cda064580364bb80c3ad6f438002de0033963fc33985d01ad249346b93433
             - name: kind
               value: task
           resolver: bundles
@@ -374,7 +421,7 @@ spec:
             - name: name
               value: sast-snyk-check
             - name: bundle
-              value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2@sha256:c1ea706405f9ae146e31baef4abfea49b1e855a75bfc44c33eb0eb29516831b3
+              value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.2@sha256:479bd0d9aaa7b377ff5f8ad93168d44807455646f2161688637cb2e4e0b990d9
             - name: kind
               value: task
           resolver: bundles
@@ -404,7 +451,7 @@ spec:
             - name: name
               value: clamav-scan
             - name: bundle
-              value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:1e29eebe916b81b7100138d62db0e03e22d03657274d37041c59cbaca5fdbf7d
+              value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:7bb17b937c9342f305468e8a6d0a22493e3ecde58977bd2ffc8b50e2fa234d58
             - name: kind
               value: task
           resolver: bundles
@@ -413,21 +460,6 @@ spec:
             operator: in
             values:
               - "false"
-      - name: apply-tags
-        params:
-          - name: IMAGE
-            value: $(tasks.build-container.results.IMAGE_URL)
-        runAfter:
-          - build-container
-        taskRef:
-          params:
-            - name: name
-              value: apply-tags
-            - name: bundle
-              value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:f485e250fb060060892b633c495a3d7e38de1ec105ae1be48608b0401530ab2c
-            - name: kind
-              value: task
-          resolver: bundles
     workspaces:
       - name: workspace
       - name: git-auth