11apiVersion : tekton.dev/v1
22kind : Pipeline
33metadata :
4- creationTimestamp :
54 labels :
65 pipelines.openshift.io/runtime : generic
76 pipelines.openshift.io/strategy : docker
@@ -13,27 +12,14 @@ spec:
1312
1413 _Uses `buildah` to create a multi-platform container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. This pipeline requires that the [multi platform controller](https://github.com/konflux-ci/multi-platform-controller) is deployed and configured on your Konflux instance. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://conforma.dev/docs/policy/packages/release_trusted_task.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks.
1514 This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-multi-platform-oci-ta?tab=tags)_
16- finally :
17- - name : show-sbom
18- params :
19- - name : IMAGE_URL
20- value : $(tasks.build-image-index.results.IMAGE_URL)
21- taskRef :
22- params :
23- - name : name
24- value : show-sbom
25- - name : bundle
26- value : quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:e119aa864b094715cb8dd01d44d2752658f1a1b83a3417e92456f26a06a3c1d8
27- - name : kind
28- value : task
29- resolver : bundles
3015params :
3116 - default :
3217 - linux/x86_64
3318 - linux/arm64
3419 - linux/ppc64le
3520 - linux/s390x
36- description : List of platforms to build the container images on. The available set of values is determined by the configuration of the multi-platform-controller.
21+ description : List of platforms to build the container images on. The available
22+ set of values is determined by the configuration of the multi-platform-controller.
3723 name : build-platforms
3824 type : array
3925 - default : --all-projects --org=3e1a4cca-ebfb-495f-b64c-3cc960d566b4 --exclude=test*,vendor,third_party
4531 name : build-source-image
4632 type : string
4733 - default : " false"
48- description : ' Enable in-development package managers. WARNING: the behavior may change at any time without notice. Use at your own risk.'
34+ description : ' Enable in-development package managers. WARNING: the behavior may
35+ change at any time without notice. Use at your own risk.'
4936 name : prefetch-input-dev-package-managers
5037 - default : []
5138 description : Additional image tags
@@ -62,17 +49,15 @@ spec:
6249 name : output-image
6350 type : string
6451 - default : .
65- description : Path to the source code of an application's component from where to build image.
52+ description : Path to the source code of an application's component from where
53+ to build image.
6654 name : path-context
6755 type : string
6856 - default : Dockerfile
69- description : Path to the Dockerfile inside the context specified by parameter path-context
57+ description : Path to the Dockerfile inside the context specified by parameter
58+ path-context
7059 name : dockerfile
7160 type : string
72- - default : " false"
73- description : Force rebuild image
74- name : rebuild
75- type : string
7661 - default : " false"
7762 description : Skip checks against built image
7863 name : skip-checks
@@ -82,17 +67,26 @@ spec:
8267 name : hermetic
8368 type : string
8469 - default : " "
85- description : Build dependencies to be prefetched by Cachi2
70+ description : Build dependencies to be prefetched
8671 name : prefetch-input
8772 type : string
8873 - default : " "
89- description : Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.
74+ description : Image tag expiration time, time values could be something like 1h,
75+ 2d, 3w for hours, days, and weeks, respectively.
9076 name : image-expires-after
9177 type : string
9278 - default : " true"
9379 description : Add built image into an OCI image index
9480 name : build-image-index
9581 type : string
82+ - default : docker
83+ description : The format for the resulting image's mediaType. Valid values are
84+ oci or docker.
85+ name : buildah-format
86+ type : string
87+ - default : " false"
88+ description : Enable cache proxy configuration
89+ name : enable-cache-proxy
9690 - default : []
9791 description : Array of --build-arg values ("arg=value" strings) for buildah
9892 name : build-args
10296 name : build-args-file
10397 type : string
10498 - default : " false"
105- description : Whether to enable privileged mode, should be used only with remote VMs
99+ description : Whether to enable privileged mode, should be used only with remote
100+ VMs
106101 name : privileged-nested
107102 type : string
108103 results :
@@ -196,12 +191,8 @@ spec:
196191 resolver : bundles
197192 - name : init
198193 params :
199- - name : image-url
200- value : $(params.output-image)
201- - name : rebuild
202- value : $(params.rebuild)
203- - name : skip-checks
204- value : $(params.skip-checks)
194+ - name : enable-cache-proxy
195+ value : $(params.enable-cache-proxy)
205196 taskRef :
206197 params :
207198 - name : name
@@ -232,11 +223,6 @@ spec:
232223 - name : kind
233224 value : task
234225 resolver : bundles
235- when :
236- - input : $(tasks.init.results.build)
237- operator : in
238- values :
239- - " true"
240226 workspaces :
241227 - name : basic-auth
242228 workspace : git-auth
@@ -268,6 +254,14 @@ spec:
268254 value : $(params.build-args-file)
269255 - name : PRIVILEGED_NESTED
270256 value : $(params.privileged-nested)
257+ - name : SOURCE_URL
258+ value : $(tasks.clone-repository.results.url)
259+ - name : BUILDAH_FORMAT
260+ value : $(params.buildah-format)
261+ - name : HTTP_PROXY
262+ value : $(tasks.init.results.http-proxy)
263+ - name : NO_PROXY
264+ value : $(tasks.init.results.no-proxy)
271265 - name : SOURCE_ARTIFACT
272266 value : $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
273267 - name : CACHI2_ARTIFACT
@@ -285,11 +279,6 @@ spec:
285279 - name : kind
286280 value : task
287281 resolver : bundles
288- when :
289- - input : $(tasks.init.results.build)
290- operator : in
291- values :
292- - " true"
293282 - name : build-image-index
294283 params :
295284 - name : IMAGE
@@ -303,6 +292,8 @@ spec:
303292 - name : IMAGES
304293 value :
305294 - $(tasks.build-images.results.IMAGE_REF[*])
295+ - name : BUILDAH_FORMAT
296+ value : $(params.buildah-format)
306297 runAfter :
307298 - build-images
308299 taskRef :
@@ -314,11 +305,6 @@ spec:
314305 - name : kind
315306 value : task
316307 resolver : bundles
317- when :
318- - input : $(tasks.init.results.build)
319- operator : in
320- values :
321- - " true"
322308 - name : build-source-image
323309 params :
324310 - name : BINARY_IMAGE
@@ -341,10 +327,6 @@ spec:
341327 value : task
342328 resolver : bundles
343329 when :
344- - input : $(tasks.init.results.build)
345- operator : in
346- values :
347- - " true"
348330 - input : $(params.build-source-image)
349331 operator : in
350332 values :
@@ -398,7 +380,12 @@ spec:
398380 operator : in
399381 values :
400382 - " false"
401- - name : ecosystem-cert-preflight-checks
383+ - matrix :
384+ params :
385+ - name : platform
386+ value :
387+ - $(params.build-platforms)
388+ name : ecosystem-cert-preflight-checks
402389 params :
403390 - name : image-url
404391 value : $(tasks.build-image-index.results.IMAGE_URL)
@@ -533,7 +520,7 @@ spec:
533520 - name : name
534521 value : rpms-signature-scan
535522 - name : bundle
536- value : quay.io/konflux-ci/konflux-vanguard /task-rpms-signature-scan:0.2@sha256:e127e0e0a5aab1364b560436594fe7ed67abcd5f8d6dd3ef14ac1f35cf81078c
523+ value : quay.io/konflux-ci/tekton-catalog /task-rpms-signature-scan:0.2@sha256:47b81d6b3d752649eddfbb8b3fd8f6522c4bb07f6d1946f9bc45dae3f92e2c9a
537524 - name : kind
538525 value : task
539526 resolver : bundles
0 commit comments