Skip to content

Commit ccde2f8

Browse files
thepetkthepetk
authored
Merge branch 'main' into main
2 parents a092123 + 1a3abdc commit ccde2f8

File tree

3 files changed

+176
-84
lines changed

3 files changed

+176
-84
lines changed

.github/workflows/scorecard.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ jobs:
4545
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
4646
# format to the repository Actions tab.
4747
- name: "Upload artifact"
48-
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
48+
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
4949
with:
5050
name: SARIF file
5151
path: results.sarif

.tekton/registry-viewer-main-pull-request.yaml

Lines changed: 88 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,8 @@ metadata:
77
build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}'
88
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
99
pipelinesascode.tekton.dev/max-keep-runs: "3"
10-
pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
11-
== "main"
12-
creationTimestamp: null
10+
pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main"
11+
creationTimestamp:
1312
labels:
1413
appstudio.openshift.io/application: devfile-registry-main
1514
appstudio.openshift.io/component: registry-viewer-main
@@ -30,8 +29,8 @@ spec:
3029
value: Dockerfile
3130
- name: build-args
3231
value:
33-
- PROJECT_NAME=registry-viewer
34-
- NEXT_PUBLIC_BASE_PATH=/viewer
32+
- PROJECT_NAME=registry-viewer
33+
- NEXT_PUBLIC_BASE_PATH=/viewer
3534
pipelineSpec:
3635
description: |
3736
This pipeline is ideal for building container images from a Containerfile while maintaining trust after pipeline customization.
@@ -48,7 +47,7 @@ spec:
4847
- name: name
4948
value: show-sbom
5049
- name: bundle
51-
value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0
50+
value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:04f15cbce548e1db7770eee3f155ccb2cc0140a6c371dc67e9a34d83673ea0c0
5251
- name: kind
5352
value: task
5453
resolver: bundles
@@ -64,13 +63,11 @@ spec:
6463
name: output-image
6564
type: string
6665
- default: .
67-
description: Path to the source code of an application's component from where
68-
to build image.
66+
description: Path to the source code of an application's component from where to build image.
6967
name: path-context
7068
type: string
7169
- default: Dockerfile
72-
description: Path to the Dockerfile inside the context specified by parameter
73-
path-context
70+
description: Path to the Dockerfile inside the context specified by parameter path-context
7471
name: dockerfile
7572
type: string
7673
- default: "false"
@@ -90,8 +87,7 @@ spec:
9087
name: prefetch-input
9188
type: string
9289
- default: ""
93-
description: Image tag expiration time, time values could be something like
94-
1h, 2d, 3w for hours, days, and weeks, respectively.
90+
description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.
9591
name: image-expires-after
9692
- default: "false"
9793
description: Build a source image.
@@ -136,7 +132,7 @@ spec:
136132
- name: name
137133
value: init
138134
- name: bundle
139-
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:4c6712db9419461b8c8a39523c012cb0dc061fb58563bb9170b3777d74f54659
135+
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:db1285c571d7037684876df0a5b619305b3c8f2be88233ebead4d37caf5cb04b
140136
- name: kind
141137
value: task
142138
resolver: bundles
@@ -157,7 +153,7 @@ spec:
157153
- name: name
158154
value: git-clone-oci-ta
159155
- name: bundle
160-
value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:f72fcca6732516339d55ac5f01660e287968e64e857a40a8608db27e298b5126
156+
value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:9709088bf3c581d4763e9804d9ee3a1f06ad6a61c23237277057c4f0cdc4f9c3
161157
- name: kind
162158
value: task
163159
resolver: bundles
@@ -186,7 +182,7 @@ spec:
186182
- name: name
187183
value: prefetch-dependencies-oci-ta
188184
- name: bundle
189-
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:90e1a4fd2c588f3f3b32d3bc7aa1e29ae0233dd8f976fa0532df508e60a345b3
185+
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:efc8aebec295bf5986597b6bbeebe093b2764fea79c66094e05ff3d283f54932
190186
- name: kind
191187
value: task
192188
resolver: bundles
@@ -227,7 +223,7 @@ spec:
227223
- name: name
228224
value: buildah-oci-ta
229225
- name: bundle
230-
value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.3@sha256:549e1136dad6244cec3ed5fc52a45c43910675e06f0c597ac1a82518522a1a5c
226+
value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.4@sha256:25cd429104fc1e48cf2e4382d9ee475828759649a1e17c913cb8531b4729558b
231227
- name: kind
232228
value: task
233229
resolver: bundles
@@ -256,7 +252,7 @@ spec:
256252
- name: name
257253
value: build-image-index
258254
- name: bundle
259-
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:09344e6bda708f48ef759bbe84bce99515549f4cfdcbe89e417f695c19463260
255+
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:ec1f33e2e358a5beac831685cf69cd63714d519620953cff48af9d74246118b5
260256
- name: kind
261257
value: task
262258
resolver: bundles
@@ -280,7 +276,7 @@ spec:
280276
- name: name
281277
value: source-build-oci-ta
282278
- name: bundle
283-
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:18241f95266a5e4316449f25a600f0f035d32a81c72ecd609a7e886de1843163
279+
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.2@sha256:9fe82c9511f282287686f918bf1a543fcef417848e7a503357e988aab2887cee
284280
- name: kind
285281
value: task
286282
resolver: bundles
@@ -306,7 +302,7 @@ spec:
306302
- name: name
307303
value: deprecated-image-check
308304
- name: bundle
309-
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:241f87f75a6e4303fbd64b32ba1715d76fe3805c48a6c21829e6a564bcc3a576
305+
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:5d63b920b71192906fe4d6c4903f594e6f34c5edcff9d21714a08b5edcfbc667
310306
- name: kind
311307
value: task
312308
resolver: bundles
@@ -328,7 +324,7 @@ spec:
328324
- name: name
329325
value: clair-scan
330326
- name: bundle
331-
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:4584647138af3efe5f1c523d0f56103c3b9647325634d17f04e2198a2c3c0c26
327+
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:712afcf63f3b5a97c371d37e637efbcc9e1c7ad158872339d00adc6413cd8851
332328
- name: kind
333329
value: task
334330
resolver: bundles
@@ -348,7 +344,7 @@ spec:
348344
- name: name
349345
value: ecosystem-cert-preflight-checks
350346
- name: bundle
351-
value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:df8a25a3431a70544172ed4844f9d0c6229d39130633960729f825a031a7dea9
347+
value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:00b13d06d17328e105b11619ee4db98b215ca6ac02314a4776aa5fc2a974f9c1
352348
- name: kind
353349
value: task
354350
resolver: bundles
@@ -374,7 +370,7 @@ spec:
374370
- name: name
375371
value: sast-snyk-check-oci-ta
376372
- name: bundle
377-
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:b15a199b4a732fea1126b06bee28f878cf2d221e6d0f8e780af8230395fb4b19
373+
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:a1cb59ed66a7be1949c9720660efb0a006e95ef05b3f67929dd8e310e1d7baef
378374
- name: kind
379375
value: task
380376
resolver: bundles
@@ -448,7 +444,7 @@ spec:
448444
- name: name
449445
value: clamav-scan
450446
- name: bundle
451-
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:525ad6081d7d38082db057482bd9ecc59c38954656b1a4e33a28de9c19e71006
447+
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:44b7ee11aa2d80d80d407587bd3cef82a8bb86db730751920d0e286e3db95627
452448
- name: kind
453449
value: task
454450
resolver: bundles
@@ -459,10 +455,27 @@ spec:
459455
- "false"
460456
- name: sast-coverity-check
461457
params:
462-
- name: image-digest
463-
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
464458
- name: image-url
465459
value: $(tasks.build-image-index.results.IMAGE_URL)
460+
- name: IMAGE
461+
value: $(params.output-image)
462+
- name: DOCKERFILE
463+
value: $(params.dockerfile)
464+
- name: CONTEXT
465+
value: $(params.path-context)
466+
- name: HERMETIC
467+
value: $(params.hermetic)
468+
- name: PREFETCH_INPUT
469+
value: $(params.prefetch-input)
470+
- name: IMAGE_EXPIRES_AFTER
471+
value: $(params.image-expires-after)
472+
- name: COMMIT_SHA
473+
value: $(tasks.clone-repository.results.commit)
474+
- name: BUILD_ARGS
475+
value:
476+
- $(params.build-args[*])
477+
- name: BUILD_ARGS_FILE
478+
value: $(params.build-args-file)
466479
- name: SOURCE_ARTIFACT
467480
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
468481
- name: CACHI2_ARTIFACT
@@ -472,9 +485,9 @@ spec:
472485
taskRef:
473486
params:
474487
- name: name
475-
value: sast-coverity-check-oci-ta
488+
value: sast-coverity-check
476489
- name: bundle
477-
value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.1@sha256:87b966c4b2017aa38174180505409b2c5cc7c1c140d9879411dec34a37cfa8be
490+
value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.2@sha256:aba8d22607fe4784c79f502b7c50c5a5cb8e1a24dcd4667cc3a90c8e5e9843e7
478491
- name: kind
479492
value: task
480493
resolver: bundles
@@ -488,39 +501,64 @@ spec:
488501
values:
489502
- success
490503
- name: coverity-availability-check
504+
runAfter:
505+
- build-image-index
506+
taskRef:
507+
params:
508+
- name: name
509+
value: coverity-availability-check
510+
- name: bundle
511+
value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:0b35292eed661c5e3ca307c0ba7f594d17555db2a1da567903b0b47697fa23ed
512+
- name: kind
513+
value: task
514+
resolver: bundles
515+
when:
516+
- input: $(params.skip-checks)
517+
operator: in
518+
values:
519+
- "false"
520+
- name: sast-shell-check
521+
params:
522+
- name: image-digest
523+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
524+
- name: image-url
525+
value: $(tasks.build-image-index.results.IMAGE_URL)
526+
- name: SOURCE_ARTIFACT
527+
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
528+
- name: CACHI2_ARTIFACT
529+
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
530+
runAfter:
531+
- build-image-index
532+
taskRef:
533+
params:
534+
- name: name
535+
value: sast-shell-check-oci-ta
536+
- name: bundle
537+
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:a591675c72f06fb9c5b1a3d60e6e4c58e4df5f7da180c7a4691a692a6e7e6496
538+
- name: kind
539+
value: task
540+
resolver: bundles
541+
when:
542+
- input: $(params.skip-checks)
543+
operator: in
544+
values:
545+
- "false"
546+
- name: sast-unicode-check
491547
params:
492548
- name: image-url
493549
value: $(tasks.build-image-index.results.IMAGE_URL)
494550
- name: SOURCE_ARTIFACT
495551
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
496552
- name: CACHI2_ARTIFACT
497553
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
498-
- name: IMAGE
499-
value: $(params.output-image)
500-
- name: DOCKERFILE
501-
value: $(params.dockerfile)
502-
- name: CONTEXT
503-
value: $(params.path-context)
504-
- name: HERMETIC
505-
value: $(params.hermetic)
506-
- name: PREFETCH_INPUT
507-
value: $(params.prefetch-input)
508-
- name: IMAGE_EXPIRES_AFTER
509-
value: $(params.image-expires-after)
510-
- name: COMMIT_SHA
511-
value: $(tasks.clone-repository.results.commit)
512-
- name: BUILD_ARGS
513-
value: $(params.build-args[*])
514-
- name: BUILD_ARGS_FILE
515-
value: $(params.build-args-file)
516554
runAfter:
517555
- build-image-index
518556
taskRef:
519557
params:
520558
- name: name
521-
value: coverity-availability-check-oci-ta
559+
value: sast-shell-check-oci-ta
522560
- name: bundle
523-
value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check-oci-ta:0.1@sha256:b4e6d38f0717aa53f3dadee105ba559c2fd76b500a4d21d20fc8b828042ae955
561+
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:a591675c72f06fb9c5b1a3d60e6e4c58e4df5f7da180c7a4691a692a6e7e6496
524562
- name: kind
525563
value: task
526564
resolver: bundles
@@ -540,7 +578,7 @@ spec:
540578
- name: name
541579
value: apply-tags
542580
- name: bundle
543-
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:fa7aa88ffe01eeeaa07c8720b27e50e27f6f136ef33595efaa16a0eb4598ea02
581+
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:1ef12328e89d7cd517e447e6ca331233df0807794cabf6be1046bc8a976b3f35
544582
- name: kind
545583
value: task
546584
resolver: bundles
@@ -563,7 +601,7 @@ spec:
563601
- name: name
564602
value: push-dockerfile-oci-ta
565603
- name: bundle
566-
value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:fcd9016f1cd5d1085b5e823cdf04a4e77ce80f67d0990af7853e70755aa25d54
604+
value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:c3f8fd807121fec3b895f327cec7f0d89a94c454945f143268763cf6327503cd
567605
- name: kind
568606
value: task
569607
resolver: bundles
@@ -580,7 +618,7 @@ spec:
580618
- name: name
581619
value: rpms-signature-scan
582620
- name: bundle
583-
value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:39cd56ffa26ff5edfd5bf9b61e902cae35a345c078cd9dcbc0737d30f3ce5ef1
621+
value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:c0798ff85ad04f1553d349fe34aa4918597fb35b3b74e344dfbd5af2f3494300
584622
- name: kind
585623
value: task
586624
resolver: bundles

0 commit comments

Comments
 (0)