Merge pull request #167 from tnevrlka/azure-gitops-template

Add Azure gitops pipeline

Author: lcarva

Makefile

@@ -11,6 +11,7 @@ FILES=\
   generated/gitops-template/jenkins/Jenkinsfile \
   generated/gitops-template/githubactions/.github/workflows/gitops-promotion.yml \
   generated/gitops-template/gitlabci/.gitlab-ci.yml \
+  generated/gitops-template/azure/azure-pipelines.yml \
   \
   rhtap.groovy \
   rhtap/build-pipeline-steps.sh \

generated/gitops-template/azure/azure-pipelines.yml

@@ -0,0 +1,41 @@
+# Generated from templates/gitops-template/azure-pipelines.yml.njk. Do not edit directly.
+
+trigger:
+- main
+
+pool:
+  name: resourcehub
+
+container:
+  image: quay.io/redhat-appstudio/rhtap-task-runner:latest
+  options: --privileged
+
+steps:
+  - bash: |
+      echo "• gather-deploy-images"
+      bash /work/rhtap/gather-deploy-images.sh
+      echo "• verify-enterprise-contract"
+      bash /work/rhtap/verify-enterprise-contract.sh
+    name: Verify_EC
+    env:
+      TRUSTIFICATION_OIDC_CLIENT_SECRET: $(TRUSTIFICATION_OIDC_CLIENT_SECRET)
+      # Set this password for your specific registry
+      # IMAGE_REGISTRY_PASSWORD: $(IMAGE_REGISTRY_PASSWORD)
+      # QUAY_IO_CREDS_PSW: $(QUAY_IO_CREDS_PSW)
+      # ARTIFACTORY_IO_CREDS_PSW: $(ARTIFACTORY_IO_CREDS_PSW)
+      # NEXUS_IO_CREDS_PSW: $(NEXUS_IO_CREDS_PSW)
+  - bash: |
+      echo "• gather-images-to-upload-sbom"
+      bash /work/rhtap/gather-images-to-upload-sbom.sh
+      echo "• download-sbom-from-url-in-attestation"
+      bash /work/rhtap/download-sbom-from-url-in-attestation.sh
+      echo "• upload-sbom-to-trustification"
+      bash /work/rhtap/upload-sbom-to-trustification.sh
+    name: Upload_SBOM
+    env:
+      TRUSTIFICATION_OIDC_CLIENT_SECRET: $(TRUSTIFICATION_OIDC_CLIENT_SECRET)
+      # Set this password for your specific registry
+      # IMAGE_REGISTRY_PASSWORD: $(IMAGE_REGISTRY_PASSWORD)
+      # QUAY_IO_CREDS_PSW: $(QUAY_IO_CREDS_PSW)
+      # ARTIFACTORY_IO_CREDS_PSW: $(ARTIFACTORY_IO_CREDS_PSW)
+      # NEXUS_IO_CREDS_PSW: $(NEXUS_IO_CREDS_PSW)

generated/source-repo/azure/azure-pipelines.yml

@@ -14,7 +14,7 @@ steps:
   - bash: |
       echo "• init"
       bash /work/rhtap/init.sh
-    name: Init
+    name: init
     env:
       ROX_API_TOKEN: $(ROX_API_TOKEN)
       GITOPS_AUTH_PASSWORD: $(GITOPS_AUTH_PASSWORD)
@@ -30,7 +30,7 @@ steps:
       bash /work/rhtap/buildah-rhtap.sh
       echo "• cosign-sign-attest"
       bash /work/rhtap/cosign-sign-attest.sh
-    name: Build
+    name: build
     env:
       ROX_API_TOKEN: $(ROX_API_TOKEN)
       GITOPS_AUTH_PASSWORD: $(GITOPS_AUTH_PASSWORD)
@@ -44,7 +44,7 @@ steps:
   - bash: |
       echo "• update-deployment"
       bash /work/rhtap/update-deployment.sh
-    name: Deploy
+    name: deploy
     env:
       ROX_API_TOKEN: $(ROX_API_TOKEN)
       GITOPS_AUTH_PASSWORD: $(GITOPS_AUTH_PASSWORD)
@@ -62,7 +62,7 @@ steps:
       bash /work/rhtap/acs-image-check.sh
       echo "• acs-image-scan"
       bash /work/rhtap/acs-image-scan.sh
-    name: Scan
+    name: scan
     env:
       ROX_API_TOKEN: $(ROX_API_TOKEN)
       GITOPS_AUTH_PASSWORD: $(GITOPS_AUTH_PASSWORD)
@@ -78,7 +78,7 @@ steps:
       bash /work/rhtap/show-sbom-rhdh.sh
       echo "• summary"
       bash /work/rhtap/summary.sh
-    name: Summary
+    name: summary
     env:
       ROX_API_TOKEN: $(ROX_API_TOKEN)
       GITOPS_AUTH_PASSWORD: $(GITOPS_AUTH_PASSWORD)

templates/gitops-template/azure-pipelines.yml.njk

@@ -0,0 +1,19 @@
+{%- include "do-not-edit.njk" -%}
+{%- set secrets = gitops_secrets -%}
+
+trigger:
+- main
+
+pool:
+  name: resourcehub
+
+container:
+  image: quay.io/redhat-appstudio/rhtap-task-runner:latest
+  options: --privileged
+
+steps:
+{%- filter indent(2) -%}
+{%- for step in gitops_steps %}
+{% include "azure-step.njk" %}
+{%- endfor -%}
+{%- endfilter -%}

templates/partials/azure-step.njk

@@ -4,7 +4,7 @@
   echo "• {{ substep }}"
   bash /work/rhtap/{{ substep }}.sh
 {%- endfor %}
-name: {{ step.name | title }}
+name: {{ step.name | replace(" ", "_") }}
 env:
 {%- filter indent(2) -%}
 {%- for secret in secrets %}