Skip to content

Commit 8d52b8f

Browse files
openshift-merge-bot[bot]openshift-merge-bot[bot]
authored
Merge pull request #2788 from wgahnagl/sast_unicode_check
Add shell and unicode sast pipeline tasks
2 parents 7efe626 + 3539be3 commit 8d52b8f

4 files changed

+246
-38
lines changed

.tekton/windows-machine-config-operator-bundle-master-pull-request.yaml

Lines changed: 61 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -127,7 +127,7 @@ spec:
127127
- name: name
128128
value: init
129129
- name: bundle
130-
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:2f59e9a3c20ce4509356389d327087213cc82c079b30811935837791da140f9f
130+
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:737682d073a65a486d59b2b30e3104b93edd8490e0cd5e9b4a39703e47363f0f
131131
- name: kind
132132
value: task
133133
resolver: bundles
@@ -177,7 +177,7 @@ spec:
177177
- name: name
178178
value: prefetch-dependencies-oci-ta
179179
- name: bundle
180-
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:786a6601c654a48e32ea51b2636982d2e096da3027ea701009ca956b74a7d400
180+
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:efc8aebec295bf5986597b6bbeebe093b2764fea79c66094e05ff3d283f54932
181181
- name: kind
182182
value: task
183183
resolver: bundles
@@ -213,7 +213,7 @@ spec:
213213
- name: name
214214
value: buildah-oci-ta
215215
- name: bundle
216-
value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.4@sha256:8abdd666a032d7088f31d0dbaa2a8ea07b85d814d08d157bb3ffa344dca5485a
216+
value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.4@sha256:25cd429104fc1e48cf2e4382d9ee475828759649a1e17c913cb8531b4729558b
217217
- name: kind
218218
value: task
219219
resolver: bundles
@@ -237,7 +237,7 @@ spec:
237237
- name: name
238238
value: source-build-oci-ta
239239
- name: bundle
240-
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.2@sha256:ea2316bcef60fdbc6d89bb34d343d9157e89e786504fb68e223c04a7486d9e91
240+
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.2@sha256:9fe82c9511f282287686f918bf1a543fcef417848e7a503357e988aab2887cee
241241
- name: kind
242242
value: task
243243
resolver: bundles
@@ -309,7 +309,7 @@ spec:
309309
- name: name
310310
value: clair-scan
311311
- name: bundle
312-
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:03383b5a8674edef0ae184dd81f00386017624a5af255cb0b5803d7659483ba5
312+
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:712afcf63f3b5a97c371d37e637efbcc9e1c7ad158872339d00adc6413cd8851
313313
- name: kind
314314
value: task
315315
resolver: bundles
@@ -326,7 +326,7 @@ spec:
326326
- name: name
327327
value: sast-snyk-check-oci-ta
328328
- name: bundle
329-
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:540f585f8abc3790e9e1285330d5610c1101173d9b26a61924586c220e4024e6
329+
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:a1cb59ed66a7be1949c9720660efb0a006e95ef05b3f67929dd8e310e1d7baef
330330
- name: kind
331331
value: task
332332
resolver: bundles
@@ -344,6 +344,58 @@ spec:
344344
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
345345
- name: CACHI2_ARTIFACT
346346
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
347+
- name: sast-shell-check
348+
params:
349+
- name: image-digest
350+
value: $(tasks.build-container.results.IMAGE_DIGEST)
351+
- name: image-url
352+
value: $(tasks.build-container.results.IMAGE_URL)
353+
- name: SOURCE_ARTIFACT
354+
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
355+
- name: CACHI2_ARTIFACT
356+
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
357+
runAfter:
358+
- build-container
359+
taskRef:
360+
params:
361+
- name: name
362+
value: sast-shell-check-oci-ta
363+
- name: bundle
364+
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:a591675c72f06fb9c5b1a3d60e6e4c58e4df5f7da180c7a4691a692a6e7e6496
365+
- name: kind
366+
value: task
367+
resolver: bundles
368+
when:
369+
- input: $(params.skip-checks)
370+
operator: in
371+
values:
372+
- "false"
373+
workspaces: []
374+
- name: sast-unicode-check
375+
params:
376+
- name: image-url
377+
value: $(tasks.build-container.results.IMAGE_URL)
378+
- name: SOURCE_ARTIFACT
379+
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
380+
- name: CACHI2_ARTIFACT
381+
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
382+
runAfter:
383+
- build-container
384+
taskRef:
385+
params:
386+
- name: name
387+
value: sast-unicode-check-oci-ta
388+
- name: bundle
389+
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.1@sha256:424f2f659c02998dc3a43e1ce869e3148982c59adb74f953f8fa91ff1c9ab86e
390+
- name: kind
391+
value: task
392+
resolver: bundles
393+
when:
394+
- input: $(params.skip-checks)
395+
operator: in
396+
values:
397+
- "false"
398+
workspaces: []
347399
- name: clamav-scan
348400
params:
349401
- name: image-digest
@@ -357,7 +409,7 @@ spec:
357409
- name: name
358410
value: clamav-scan
359411
- name: bundle
360-
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:c30c12681b02eb4b83aeb4021d0e714a72db4d1d3bb14579652f4d1a763473ab
412+
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:62c835adae22e36fce6684460b39206bc16752f1a4427cdbba4ee9afdd279670
361413
- name: kind
362414
value: task
363415
resolver: bundles
@@ -377,7 +429,7 @@ spec:
377429
- name: name
378430
value: apply-tags
379431
- name: bundle
380-
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:e1d365ce85d6448f6ebd0d0a000d0f45b694950b7545a2c34bfbcf992c80df61
432+
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:61c90b1c94a2a11cb11211a0d65884089b758c34254fcec164d185a402beae22
381433
- name: kind
382434
value: task
383435
resolver: bundles
@@ -394,7 +446,7 @@ spec:
394446
- name: name
395447
value: rpms-signature-scan
396448
- name: bundle
397-
value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:d00d159c370e3c99447516970c316ef57dfd27c29e0ce3cff50727c9c40936d8
449+
value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:c0798ff85ad04f1553d349fe34aa4918597fb35b3b74e344dfbd5af2f3494300
398450
- name: kind
399451
value: task
400452
resolver: bundles

.tekton/windows-machine-config-operator-bundle-master-push.yaml

Lines changed: 61 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -124,7 +124,7 @@ spec:
124124
- name: name
125125
value: init
126126
- name: bundle
127-
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:2f59e9a3c20ce4509356389d327087213cc82c079b30811935837791da140f9f
127+
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:737682d073a65a486d59b2b30e3104b93edd8490e0cd5e9b4a39703e47363f0f
128128
- name: kind
129129
value: task
130130
resolver: bundles
@@ -174,7 +174,7 @@ spec:
174174
- name: name
175175
value: prefetch-dependencies-oci-ta
176176
- name: bundle
177-
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:786a6601c654a48e32ea51b2636982d2e096da3027ea701009ca956b74a7d400
177+
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:efc8aebec295bf5986597b6bbeebe093b2764fea79c66094e05ff3d283f54932
178178
- name: kind
179179
value: task
180180
resolver: bundles
@@ -210,7 +210,7 @@ spec:
210210
- name: name
211211
value: buildah-oci-ta
212212
- name: bundle
213-
value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.4@sha256:8abdd666a032d7088f31d0dbaa2a8ea07b85d814d08d157bb3ffa344dca5485a
213+
value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.4@sha256:25cd429104fc1e48cf2e4382d9ee475828759649a1e17c913cb8531b4729558b
214214
- name: kind
215215
value: task
216216
resolver: bundles
@@ -234,7 +234,7 @@ spec:
234234
- name: name
235235
value: source-build-oci-ta
236236
- name: bundle
237-
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.2@sha256:ea2316bcef60fdbc6d89bb34d343d9157e89e786504fb68e223c04a7486d9e91
237+
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.2@sha256:9fe82c9511f282287686f918bf1a543fcef417848e7a503357e988aab2887cee
238238
- name: kind
239239
value: task
240240
resolver: bundles
@@ -306,7 +306,7 @@ spec:
306306
- name: name
307307
value: clair-scan
308308
- name: bundle
309-
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:03383b5a8674edef0ae184dd81f00386017624a5af255cb0b5803d7659483ba5
309+
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:712afcf63f3b5a97c371d37e637efbcc9e1c7ad158872339d00adc6413cd8851
310310
- name: kind
311311
value: task
312312
resolver: bundles
@@ -323,7 +323,7 @@ spec:
323323
- name: name
324324
value: sast-snyk-check-oci-ta
325325
- name: bundle
326-
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:540f585f8abc3790e9e1285330d5610c1101173d9b26a61924586c220e4024e6
326+
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:a1cb59ed66a7be1949c9720660efb0a006e95ef05b3f67929dd8e310e1d7baef
327327
- name: kind
328328
value: task
329329
resolver: bundles
@@ -341,6 +341,58 @@ spec:
341341
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
342342
- name: CACHI2_ARTIFACT
343343
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
344+
- name: sast-shell-check
345+
params:
346+
- name: image-digest
347+
value: $(tasks.build-container.results.IMAGE_DIGEST)
348+
- name: image-url
349+
value: $(tasks.build-container.results.IMAGE_URL)
350+
- name: SOURCE_ARTIFACT
351+
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
352+
- name: CACHI2_ARTIFACT
353+
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
354+
runAfter:
355+
- build-container
356+
taskRef:
357+
params:
358+
- name: name
359+
value: sast-shell-check-oci-ta
360+
- name: bundle
361+
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:a591675c72f06fb9c5b1a3d60e6e4c58e4df5f7da180c7a4691a692a6e7e6496
362+
- name: kind
363+
value: task
364+
resolver: bundles
365+
when:
366+
- input: $(params.skip-checks)
367+
operator: in
368+
values:
369+
- "false"
370+
workspaces: []
371+
- name: sast-unicode-check
372+
params:
373+
- name: image-url
374+
value: $(tasks.build-container.results.IMAGE_URL)
375+
- name: SOURCE_ARTIFACT
376+
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
377+
- name: CACHI2_ARTIFACT
378+
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
379+
runAfter:
380+
- build-container
381+
taskRef:
382+
params:
383+
- name: name
384+
value: sast-unicode-check-oci-ta
385+
- name: bundle
386+
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.1@sha256:424f2f659c02998dc3a43e1ce869e3148982c59adb74f953f8fa91ff1c9ab86e
387+
- name: kind
388+
value: task
389+
resolver: bundles
390+
when:
391+
- input: $(params.skip-checks)
392+
operator: in
393+
values:
394+
- "false"
395+
workspaces: []
344396
- name: clamav-scan
345397
params:
346398
- name: image-digest
@@ -354,7 +406,7 @@ spec:
354406
- name: name
355407
value: clamav-scan
356408
- name: bundle
357-
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:c30c12681b02eb4b83aeb4021d0e714a72db4d1d3bb14579652f4d1a763473ab
409+
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:62c835adae22e36fce6684460b39206bc16752f1a4427cdbba4ee9afdd279670
358410
- name: kind
359411
value: task
360412
resolver: bundles
@@ -374,7 +426,7 @@ spec:
374426
- name: name
375427
value: apply-tags
376428
- name: bundle
377-
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:e1d365ce85d6448f6ebd0d0a000d0f45b694950b7545a2c34bfbcf992c80df61
429+
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:61c90b1c94a2a11cb11211a0d65884089b758c34254fcec164d185a402beae22
378430
- name: kind
379431
value: task
380432
resolver: bundles
@@ -391,7 +443,7 @@ spec:
391443
- name: name
392444
value: rpms-signature-scan
393445
- name: bundle
394-
value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:d00d159c370e3c99447516970c316ef57dfd27c29e0ce3cff50727c9c40936d8
446+
value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:c0798ff85ad04f1553d349fe34aa4918597fb35b3b74e344dfbd5af2f3494300
395447
- name: kind
396448
value: task
397449
resolver: bundles

0 commit comments

Comments
 (0)