|
| 1 | +apiVersion: tekton.dev/v1 |
| 2 | +kind: PipelineRun |
| 3 | +metadata: |
| 4 | + annotations: |
| 5 | + build.appstudio.openshift.io/repo: https://github.com/openshift-pipelines/tektoncd-git-clone?rev={{revision}} |
| 6 | + build.appstudio.redhat.com/commit_sha: '{{revision}}' |
| 7 | + build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' |
| 8 | + build.appstudio.redhat.com/target_branch: '{{target_branch}}' |
| 9 | + pipelinesascode.tekton.dev/max-keep-runs: "3" |
| 10 | + pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch |
| 11 | + == "main" && ( "image/git-init/***".pathChanged() || ".tekton/git-init-pull-request.yaml".pathChanged() |
| 12 | + ) |
| 13 | + creationTimestamp: null |
| 14 | + labels: |
| 15 | + appstudio.openshift.io/application: tektoncd-git-clone |
| 16 | + appstudio.openshift.io/component: git-init |
| 17 | + pipelines.appstudio.openshift.io/type: build |
| 18 | + name: git-init-on-pull-request |
| 19 | + namespace: tekton-ecosystem-tenant |
| 20 | +spec: |
| 21 | + params: |
| 22 | + - name: dockerfile |
| 23 | + value: https://raw.githubusercontent.com/devfile-samples/devfile-sample-go-basic/main/docker/Dockerfile |
| 24 | + - name: git-url |
| 25 | + value: '{{repo_url}}' |
| 26 | + - name: image-expires-after |
| 27 | + value: 5d |
| 28 | + - name: output-image |
| 29 | + value: quay.io/redhat-user-workloads/tekton-ecosystem-tenant/tektoncd-git-clone/git-init:on-pr-{{revision}} |
| 30 | + - name: path-context |
| 31 | + value: image/git-init |
| 32 | + - name: revision |
| 33 | + value: '{{revision}}' |
| 34 | + pipelineSpec: |
| 35 | + finally: |
| 36 | + - name: show-sbom |
| 37 | + params: |
| 38 | + - name: IMAGE_URL |
| 39 | + value: $(tasks.build-container.results.IMAGE_URL) |
| 40 | + taskRef: |
| 41 | + params: |
| 42 | + - name: name |
| 43 | + value: show-sbom |
| 44 | + - name: bundle |
| 45 | + value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:202d3c3385120ea847d8f0a82bd8d9d5e873d67f981d6f8a51fb1706caaf6bef |
| 46 | + - name: kind |
| 47 | + value: task |
| 48 | + resolver: bundles |
| 49 | + - name: show-summary |
| 50 | + params: |
| 51 | + - name: pipelinerun-name |
| 52 | + value: $(context.pipelineRun.name) |
| 53 | + - name: git-url |
| 54 | + value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) |
| 55 | + - name: image-url |
| 56 | + value: $(params.output-image) |
| 57 | + - name: build-task-status |
| 58 | + value: $(tasks.build-container.status) |
| 59 | + taskRef: |
| 60 | + params: |
| 61 | + - name: name |
| 62 | + value: summary |
| 63 | + - name: bundle |
| 64 | + value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:f65a69aaf71cbab382eff685eee522ad35068a4d91d233e76cef7d42ff15a686 |
| 65 | + - name: kind |
| 66 | + value: task |
| 67 | + resolver: bundles |
| 68 | + params: |
| 69 | + - description: Source Repository URL |
| 70 | + name: git-url |
| 71 | + type: string |
| 72 | + - default: "" |
| 73 | + description: Revision of the Source Repository |
| 74 | + name: revision |
| 75 | + type: string |
| 76 | + - description: Fully Qualified Output Image |
| 77 | + name: output-image |
| 78 | + type: string |
| 79 | + - default: . |
| 80 | + description: Path to the source code of an application's component from where |
| 81 | + to build image. |
| 82 | + name: path-context |
| 83 | + type: string |
| 84 | + - default: Dockerfile |
| 85 | + description: Path to the Dockerfile inside the context specified by parameter |
| 86 | + path-context |
| 87 | + name: dockerfile |
| 88 | + type: string |
| 89 | + - default: "false" |
| 90 | + description: Force rebuild image |
| 91 | + name: rebuild |
| 92 | + type: string |
| 93 | + - default: "false" |
| 94 | + description: Skip checks against built image |
| 95 | + name: skip-checks |
| 96 | + type: string |
| 97 | + - default: "false" |
| 98 | + description: Execute the build with network isolation |
| 99 | + name: hermetic |
| 100 | + type: string |
| 101 | + - default: "" |
| 102 | + description: Build dependencies to be prefetched by Cachi2 |
| 103 | + name: prefetch-input |
| 104 | + type: string |
| 105 | + - default: "false" |
| 106 | + description: Java build |
| 107 | + name: java |
| 108 | + type: string |
| 109 | + - default: "" |
| 110 | + description: Image tag expiration time, time values could be something like |
| 111 | + 1h, 2d, 3w for hours, days, and weeks, respectively. |
| 112 | + name: image-expires-after |
| 113 | + - default: "false" |
| 114 | + description: Build a source image. |
| 115 | + name: build-source-image |
| 116 | + type: string |
| 117 | + results: |
| 118 | + - description: "" |
| 119 | + name: IMAGE_URL |
| 120 | + value: $(tasks.build-container.results.IMAGE_URL) |
| 121 | + - description: "" |
| 122 | + name: IMAGE_DIGEST |
| 123 | + value: $(tasks.build-container.results.IMAGE_DIGEST) |
| 124 | + - description: "" |
| 125 | + name: CHAINS-GIT_URL |
| 126 | + value: $(tasks.clone-repository.results.url) |
| 127 | + - description: "" |
| 128 | + name: CHAINS-GIT_COMMIT |
| 129 | + value: $(tasks.clone-repository.results.commit) |
| 130 | + - description: "" |
| 131 | + name: JAVA_COMMUNITY_DEPENDENCIES |
| 132 | + value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) |
| 133 | + tasks: |
| 134 | + - name: init |
| 135 | + params: |
| 136 | + - name: image-url |
| 137 | + value: $(params.output-image) |
| 138 | + - name: rebuild |
| 139 | + value: $(params.rebuild) |
| 140 | + - name: skip-checks |
| 141 | + value: $(params.skip-checks) |
| 142 | + taskRef: |
| 143 | + params: |
| 144 | + - name: name |
| 145 | + value: init |
| 146 | + - name: bundle |
| 147 | + value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:3d8f01fa59596a998d30dc700fcf7377f09d60008337290eebaeaf604512ce2b |
| 148 | + - name: kind |
| 149 | + value: task |
| 150 | + resolver: bundles |
| 151 | + - name: clone-repository |
| 152 | + params: |
| 153 | + - name: url |
| 154 | + value: $(params.git-url) |
| 155 | + - name: revision |
| 156 | + value: $(params.revision) |
| 157 | + runAfter: |
| 158 | + - init |
| 159 | + taskRef: |
| 160 | + params: |
| 161 | + - name: name |
| 162 | + value: git-clone |
| 163 | + - name: bundle |
| 164 | + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:b8fddc2d36313a5cde93aba2491205f4a84e6853af6c34ede681f8339b147478 |
| 165 | + - name: kind |
| 166 | + value: task |
| 167 | + resolver: bundles |
| 168 | + when: |
| 169 | + - input: $(tasks.init.results.build) |
| 170 | + operator: in |
| 171 | + values: |
| 172 | + - "true" |
| 173 | + workspaces: |
| 174 | + - name: output |
| 175 | + workspace: workspace |
| 176 | + - name: basic-auth |
| 177 | + workspace: git-auth |
| 178 | + - name: prefetch-dependencies |
| 179 | + params: |
| 180 | + - name: input |
| 181 | + value: $(params.prefetch-input) |
| 182 | + runAfter: |
| 183 | + - clone-repository |
| 184 | + taskRef: |
| 185 | + params: |
| 186 | + - name: name |
| 187 | + value: prefetch-dependencies |
| 188 | + - name: bundle |
| 189 | + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:0b7bec23b6c08f37138a86e569835842763b3aa42f4455fd70ba3986350e07c7 |
| 190 | + - name: kind |
| 191 | + value: task |
| 192 | + resolver: bundles |
| 193 | + when: |
| 194 | + - input: $(params.hermetic) |
| 195 | + operator: in |
| 196 | + values: |
| 197 | + - "true" |
| 198 | + workspaces: |
| 199 | + - name: source |
| 200 | + workspace: workspace |
| 201 | + - name: build-container |
| 202 | + params: |
| 203 | + - name: IMAGE |
| 204 | + value: $(params.output-image) |
| 205 | + - name: DOCKERFILE |
| 206 | + value: $(params.dockerfile) |
| 207 | + - name: CONTEXT |
| 208 | + value: $(params.path-context) |
| 209 | + - name: HERMETIC |
| 210 | + value: $(params.hermetic) |
| 211 | + - name: PREFETCH_INPUT |
| 212 | + value: $(params.prefetch-input) |
| 213 | + - name: IMAGE_EXPIRES_AFTER |
| 214 | + value: $(params.image-expires-after) |
| 215 | + - name: COMMIT_SHA |
| 216 | + value: $(tasks.clone-repository.results.commit) |
| 217 | + runAfter: |
| 218 | + - prefetch-dependencies |
| 219 | + taskRef: |
| 220 | + params: |
| 221 | + - name: name |
| 222 | + value: buildah |
| 223 | + - name: bundle |
| 224 | + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:351af2c0e5eeb92a5d6d4083847c1559475b596cda7671f489756d5302a4c847 |
| 225 | + - name: kind |
| 226 | + value: task |
| 227 | + resolver: bundles |
| 228 | + when: |
| 229 | + - input: $(tasks.init.results.build) |
| 230 | + operator: in |
| 231 | + values: |
| 232 | + - "true" |
| 233 | + workspaces: |
| 234 | + - name: source |
| 235 | + workspace: workspace |
| 236 | + - name: build-source-image |
| 237 | + params: |
| 238 | + - name: BINARY_IMAGE |
| 239 | + value: $(params.output-image) |
| 240 | + - name: BASE_IMAGES |
| 241 | + value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) |
| 242 | + runAfter: |
| 243 | + - build-container |
| 244 | + taskRef: |
| 245 | + params: |
| 246 | + - name: name |
| 247 | + value: source-build |
| 248 | + - name: bundle |
| 249 | + value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:f8c5dec871fb5347eb2fc61d44754bcc101897aecf953b374ab3e8315e1a9804 |
| 250 | + - name: kind |
| 251 | + value: task |
| 252 | + resolver: bundles |
| 253 | + when: |
| 254 | + - input: $(tasks.init.results.build) |
| 255 | + operator: in |
| 256 | + values: |
| 257 | + - "true" |
| 258 | + - input: $(params.build-source-image) |
| 259 | + operator: in |
| 260 | + values: |
| 261 | + - "true" |
| 262 | + workspaces: |
| 263 | + - name: workspace |
| 264 | + workspace: workspace |
| 265 | + - name: deprecated-base-image-check |
| 266 | + params: |
| 267 | + - name: BASE_IMAGES_DIGESTS |
| 268 | + value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) |
| 269 | + runAfter: |
| 270 | + - build-container |
| 271 | + taskRef: |
| 272 | + params: |
| 273 | + - name: name |
| 274 | + value: deprecated-image-check |
| 275 | + - name: bundle |
| 276 | + value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.3@sha256:d87f8c50a674f57527a0c4f3df6d9093941a2ae84739b55368b3c11702ce340c |
| 277 | + - name: kind |
| 278 | + value: task |
| 279 | + resolver: bundles |
| 280 | + when: |
| 281 | + - input: $(params.skip-checks) |
| 282 | + operator: in |
| 283 | + values: |
| 284 | + - "false" |
| 285 | + - name: clair-scan |
| 286 | + params: |
| 287 | + - name: image-digest |
| 288 | + value: $(tasks.build-container.results.IMAGE_DIGEST) |
| 289 | + - name: image-url |
| 290 | + value: $(tasks.build-container.results.IMAGE_URL) |
| 291 | + runAfter: |
| 292 | + - build-container |
| 293 | + taskRef: |
| 294 | + params: |
| 295 | + - name: name |
| 296 | + value: clair-scan |
| 297 | + - name: bundle |
| 298 | + value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:fbe1ab58531d856fba360060d3884a0606310a966e2d01ba9305da9eb01ab916 |
| 299 | + - name: kind |
| 300 | + value: task |
| 301 | + resolver: bundles |
| 302 | + when: |
| 303 | + - input: $(params.skip-checks) |
| 304 | + operator: in |
| 305 | + values: |
| 306 | + - "false" |
| 307 | + - name: sast-snyk-check |
| 308 | + runAfter: |
| 309 | + - clone-repository |
| 310 | + taskRef: |
| 311 | + params: |
| 312 | + - name: name |
| 313 | + value: sast-snyk-check |
| 314 | + - name: bundle |
| 315 | + value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:eee508768b14655275fbcc2f42f9da1ab553b872dcbe113b0896aa9bcf7e1adf |
| 316 | + - name: kind |
| 317 | + value: task |
| 318 | + resolver: bundles |
| 319 | + when: |
| 320 | + - input: $(params.skip-checks) |
| 321 | + operator: in |
| 322 | + values: |
| 323 | + - "false" |
| 324 | + workspaces: |
| 325 | + - name: workspace |
| 326 | + workspace: workspace |
| 327 | + - name: clamav-scan |
| 328 | + params: |
| 329 | + - name: image-digest |
| 330 | + value: $(tasks.build-container.results.IMAGE_DIGEST) |
| 331 | + - name: image-url |
| 332 | + value: $(tasks.build-container.results.IMAGE_URL) |
| 333 | + runAfter: |
| 334 | + - build-container |
| 335 | + taskRef: |
| 336 | + params: |
| 337 | + - name: name |
| 338 | + value: clamav-scan |
| 339 | + - name: bundle |
| 340 | + value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:d72cb58db88289559676676c3db43906718028e07279f70ddb12ed8bdc8e2860 |
| 341 | + - name: kind |
| 342 | + value: task |
| 343 | + resolver: bundles |
| 344 | + when: |
| 345 | + - input: $(params.skip-checks) |
| 346 | + operator: in |
| 347 | + values: |
| 348 | + - "false" |
| 349 | + - name: sbom-json-check |
| 350 | + params: |
| 351 | + - name: IMAGE_URL |
| 352 | + value: $(tasks.build-container.results.IMAGE_URL) |
| 353 | + - name: IMAGE_DIGEST |
| 354 | + value: $(tasks.build-container.results.IMAGE_DIGEST) |
| 355 | + runAfter: |
| 356 | + - build-container |
| 357 | + taskRef: |
| 358 | + params: |
| 359 | + - name: name |
| 360 | + value: sbom-json-check |
| 361 | + - name: bundle |
| 362 | + value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:717e6e33f02dbe1a28fb743f32699e002c944680c251a50b644f27becb9208e9 |
| 363 | + - name: kind |
| 364 | + value: task |
| 365 | + resolver: bundles |
| 366 | + when: |
| 367 | + - input: $(params.skip-checks) |
| 368 | + operator: in |
| 369 | + values: |
| 370 | + - "false" |
| 371 | + workspaces: |
| 372 | + - name: workspace |
| 373 | + - name: git-auth |
| 374 | + optional: true |
| 375 | + taskRunTemplate: {} |
| 376 | + workspaces: |
| 377 | + - name: workspace |
| 378 | + volumeClaimTemplate: |
| 379 | + metadata: |
| 380 | + creationTimestamp: null |
| 381 | + spec: |
| 382 | + accessModes: |
| 383 | + - ReadWriteOnce |
| 384 | + resources: |
| 385 | + requests: |
| 386 | + storage: 1Gi |
| 387 | + status: {} |
| 388 | + - name: git-auth |
| 389 | + secret: |
| 390 | + secretName: '{{ git_auth_secret }}' |
| 391 | +status: {} |
0 commit comments