diff --git a/.github/workflows/release-generate-ci.yaml b/.github/workflows/release-generate-ci.yaml index f0a474f1..bae9d8b9 100644 --- a/.github/workflows/release-generate-ci.yaml +++ b/.github/workflows/release-generate-ci.yaml @@ -411,6 +411,50 @@ jobs: git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/backstage-plugins + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[backstage-plugins - release-v1.22] Create Konflux PR' + run: | + set -x + repo="backstage-plugins" + branch="sync-konflux-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update Konflux configurations" --body "Update Konflux configurations" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/backstage-plugins + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[backstage-plugins - release-v1.22] Create OWNERS file update PR' + run: | + set -x + repo="backstage-plugins" + branch="sync-owners-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/backstage-plugins - env: GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} @@ -631,6 +675,50 @@ jobs: git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/client + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[client - release-v1.22] Create Konflux PR' + run: | + set -x + repo="client" + branch="sync-konflux-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update Konflux configurations" --body "Update Konflux configurations" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/client + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[client - release-v1.22] Create OWNERS file update PR' + run: | + set -x + repo="client" + branch="sync-owners-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/client - env: GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} @@ -829,6 +917,50 @@ jobs: git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/eventing-integrations + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[eventing-integrations - release-v1.22] Create Konflux PR' + run: | + set -x + repo="eventing-integrations" + branch="sync-konflux-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update Konflux configurations" --body "Update Konflux configurations" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/eventing-integrations + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[eventing-integrations - release-v1.22] Create OWNERS file update PR' + run: | + set -x + repo="eventing-integrations" + branch="sync-owners-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/eventing-integrations - env: GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} @@ -1049,6 +1181,50 @@ jobs: git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/eventing-istio + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[eventing-istio - release-v1.22] Create Konflux PR' + run: | + set -x + repo="eventing-istio" + branch="sync-konflux-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update Konflux configurations" --body "Update Konflux configurations" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/eventing-istio + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[eventing-istio - release-v1.22] Create OWNERS file update PR' + run: | + set -x + repo="eventing-istio" + branch="sync-owners-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/eventing-istio - env: GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} @@ -1269,6 +1445,50 @@ jobs: git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/eventing-kafka-broker + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[eventing-kafka-broker - release-v1.22] Create Konflux PR' + run: | + set -x + repo="eventing-kafka-broker" + branch="sync-konflux-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update Konflux configurations" --body "Update Konflux configurations" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/eventing-kafka-broker + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[eventing-kafka-broker - release-v1.22] Create OWNERS file update PR' + run: | + set -x + repo="eventing-kafka-broker" + branch="sync-owners-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/eventing-kafka-broker - env: GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} @@ -1489,6 +1709,50 @@ jobs: git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/eventing + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[eventing - release-v1.22] Create Konflux PR' + run: | + set -x + repo="eventing" + branch="sync-konflux-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update Konflux configurations" --body "Update Konflux configurations" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/eventing + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[eventing - release-v1.22] Create OWNERS file update PR' + run: | + set -x + repo="eventing" + branch="sync-owners-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/eventing - env: GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} @@ -1709,6 +1973,50 @@ jobs: git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/kn-plugin-event + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[kn-plugin-event - release-1.22] Create Konflux PR' + run: | + set -x + repo="kn-plugin-event" + branch="sync-konflux-release-1.22" + target_branch="release-1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update Konflux configurations" --body "Update Konflux configurations" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/kn-plugin-event + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[kn-plugin-event - release-1.22] Create OWNERS file update PR' + run: | + set -x + repo="kn-plugin-event" + branch="sync-owners-release-1.22" + target_branch="release-1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/kn-plugin-event - env: GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} @@ -1929,6 +2237,50 @@ jobs: git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/kn-plugin-func + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[kn-plugin-func - release-v1.22] Create Konflux PR' + run: | + set -x + repo="kn-plugin-func" + branch="sync-konflux-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update Konflux configurations" --body "Update Konflux configurations" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/kn-plugin-func + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[kn-plugin-func - release-v1.22] Create OWNERS file update PR' + run: | + set -x + repo="kn-plugin-func" + branch="sync-owners-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/kn-plugin-func - env: GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} @@ -2787,6 +3139,50 @@ jobs: git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/serving + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[serving - release-v1.22] Create Konflux PR' + run: | + set -x + repo="serving" + branch="sync-konflux-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update Konflux configurations" --body "Update Konflux configurations" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/serving + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[serving - release-v1.22] Create OWNERS file update PR' + run: | + set -x + repo="serving" + branch="sync-owners-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/serving - env: GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} diff --git a/config/backstage-plugins.yaml b/config/backstage-plugins.yaml index 87b600c8..15e9c776 100644 --- a/config/backstage-plugins.yaml +++ b/config/backstage-plugins.yaml @@ -48,6 +48,19 @@ config: - onDemand: true version: "4.16" promotion: {} + release-v1.22: + konflux: + enabled: true + openShiftVersions: + - candidateRelease: true + onDemand: true + skipCron: true + version: "4.22" + - useClusterPool: true + version: "4.21" + - onDemand: true + version: "4.16" + promotion: {} repositories: - dockerfiles: {} e2e: diff --git a/config/client.yaml b/config/client.yaml index 8dcf8916..bef48db4 100644 --- a/config/client.yaml +++ b/config/client.yaml @@ -56,6 +56,21 @@ config: useClusterPool: true version: "4.21" promotion: {} + release-v1.22: + konflux: + enabled: true + imageOverrides: + - name: CLI_ARTIFACTS + pullSpec: brew.registry.redhat.io/rh-osbs/openshift-serverless-1-kn-cli-artifacts-rhel8:1.16.0 + openShiftVersions: + - candidateRelease: true + onDemand: true + skipCron: true + version: "4.22" + - skipCron: true + useClusterPool: true + version: "4.21" + promotion: {} repositories: - canonicalGoRepository: github.com/knative/client dockerfiles: {} diff --git a/config/eventing-integrations.yaml b/config/eventing-integrations.yaml index 45c788a2..24b1280e 100644 --- a/config/eventing-integrations.yaml +++ b/config/eventing-integrations.yaml @@ -95,6 +95,30 @@ config: promotion: {} skipDockerFilesMatches: - .*hermetic.* + release-v1.22: + konflux: + enabled: true + javaImages: + - .*eventing-integrations-aws-ddb-streams-source + - .*eventing-integrations-aws-s3-sink + - .*eventing-integrations-aws-s3-source + - .*eventing-integrations-aws-sns-sink + - .*eventing-integrations-aws-sqs-sink + - .*eventing-integrations-aws-sqs-source + - .*eventing-integrations-log-sink + - .*eventing-integrations-timer-source + openShiftVersions: + - candidateRelease: true + onDemand: true + skipCron: true + version: "4.21" + - useClusterPool: true + version: "4.20" + - onDemand: true + version: "4.14" + promotion: {} + skipDockerFilesMatches: + - .*hermetic.* repositories: - dockerfiles: {} e2e: diff --git a/config/eventing-istio.yaml b/config/eventing-istio.yaml index 0e585368..d4859400 100644 --- a/config/eventing-istio.yaml +++ b/config/eventing-istio.yaml @@ -51,6 +51,15 @@ config: - onDemand: true version: "4.16" promotion: {} + release-v1.22: + konflux: + enabled: true + openShiftVersions: + - useClusterPool: true + version: "4.20" + - onDemand: true + version: "4.14" + promotion: {} repositories: - dockerfiles: {} e2e: diff --git a/config/eventing-kafka-broker.yaml b/config/eventing-kafka-broker.yaml index be77f730..67a1e38c 100644 --- a/config/eventing-kafka-broker.yaml +++ b/config/eventing-kafka-broker.yaml @@ -81,6 +81,20 @@ config: promotion: {} skipDockerFilesMatches: - .*hermetic.* + release-v1.22: + konflux: + enabled: true + javaImages: + - .*eventing-kafka-broker-receiver + - .*eventing-kafka-broker-dispatcher + openShiftVersions: + - useClusterPool: true + version: "4.20" + - onDemand: true + version: "4.14" + promotion: {} + skipDockerFilesMatches: + - .*hermetic.* repositories: - dockerfiles: {} e2e: diff --git a/config/eventing.yaml b/config/eventing.yaml index ed81ffb7..85d1cc41 100644 --- a/config/eventing.yaml +++ b/config/eventing.yaml @@ -59,6 +59,19 @@ config: - onDemand: true version: "4.16" promotion: {} + release-v1.22: + konflux: + enabled: true + openShiftVersions: + - candidateRelease: true + onDemand: true + skipCron: true + version: "4.21" + - useClusterPool: true + version: "4.20" + - onDemand: true + version: "4.14" + promotion: {} repositories: - dockerfiles: {} e2e: diff --git a/config/kn-plugin-event.yaml b/config/kn-plugin-event.yaml index 75ee76d2..c1ce2971 100644 --- a/config/kn-plugin-event.yaml +++ b/config/kn-plugin-event.yaml @@ -38,6 +38,14 @@ config: useClusterPool: true version: "4.21" promotion: {} + release-1.22: + konflux: + enabled: true + openShiftVersions: + - skipCron: true + useClusterPool: true + version: "4.21" + promotion: {} release-next: openShiftVersions: - skipCron: true diff --git a/config/kn-plugin-func.yaml b/config/kn-plugin-func.yaml index cf914485..771277e2 100644 --- a/config/kn-plugin-func.yaml +++ b/config/kn-plugin-func.yaml @@ -46,6 +46,14 @@ config: useClusterPool: true version: "4.21" promotion: {} + release-v1.22: + konflux: + enabled: true + openShiftVersions: + - skipCron: true + useClusterPool: true + version: "4.20" + promotion: {} repositories: - dockerfiles: {} ignoreConfigs: {} diff --git a/config/serverless-operator.yaml b/config/serverless-operator.yaml index 0e91d9dd..a24d3155 100644 --- a/config/serverless-operator.yaml +++ b/config/serverless-operator.yaml @@ -30,11 +30,11 @@ config: excludes: - .*ocp-4.22-lp-interop.* skipE2EMatches: - - "^kitchensink-upgrade$" + - ^kitchensink-upgrade$ useClusterPool: true version: "4.21" - includeE2EMatches: - - "^kitchensink-upgrade$" + - ^kitchensink-upgrade$ skipPromotion: true version: "4.20" - onDemand: true diff --git a/config/serving.yaml b/config/serving.yaml index 3904c6de..92e62a3f 100644 --- a/config/serving.yaml +++ b/config/serving.yaml @@ -70,6 +70,20 @@ config: skipE2EMatches: - perf-tests$ - .*e2e-tls$ + release-v1.22: + konflux: + enabled: true + openShiftVersions: + - useClusterPool: true + version: "4.20" + - onDemand: true + version: "4.14" + promotion: {} + skipDockerFilesMatches: + - openshift/ci-operator/knative-perf-images.* + skipE2EMatches: + - perf-tests$ + - .*e2e-tls$ repositories: - dockerfiles: excludes: diff --git a/pkg/dockerfilegen/ubi8.rpms.lock.yaml b/pkg/dockerfilegen/ubi8.rpms.lock.yaml index 6b63b83f..82d48ae2 100644 --- a/pkg/dockerfilegen/ubi8.rpms.lock.yaml +++ b/pkg/dockerfilegen/ubi8.rpms.lock.yaml @@ -11,13 +11,13 @@ arches: name: socat evr: 1.7.4.1-2.el8_10 sourcerpm: socat-1.7.4.1-2.el8_10.src.rpm - - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/aarch64/baseos/os/Packages/r/rsync-3.1.3-24.el8_10.aarch64.rpm + - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/aarch64/baseos/os/Packages/r/rsync-3.1.3-25.el8_10.aarch64.rpm repoid: ubi-8-for-aarch64-baseos-rpms - size: 411224 - checksum: sha256:a552ab28a609e2cffca49039b54e99beedc72ade07cff6341222970230aed087 + size: 411400 + checksum: sha256:986a683a47489a832b69ddae067acb1842711b268cdd259fb571c6684063c95e name: rsync - evr: 3.1.3-24.el8_10 - sourcerpm: rsync-3.1.3-24.el8_10.src.rpm + evr: 3.1.3-25.el8_10 + sourcerpm: rsync-3.1.3-25.el8_10.src.rpm - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/aarch64/baseos/os/Packages/t/tar-1.30-11.el8_10.aarch64.rpm repoid: ubi-8-for-aarch64-baseos-rpms size: 849436 @@ -39,12 +39,12 @@ arches: checksum: sha256:785c6b46c00a71d7e711dd1d60c64c1a6e3d80b395e459a3beaf780a3b489120 name: socat evr: 1.7.4.1-2.el8_10 - - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/aarch64/baseos/source/SRPMS/Packages/r/rsync-3.1.3-24.el8_10.src.rpm + - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/aarch64/baseos/source/SRPMS/Packages/r/rsync-3.1.3-25.el8_10.src.rpm repoid: ubi-8-for-aarch64-baseos-source-rpms - size: 1153958 - checksum: sha256:3f64ffd06df0e303cec56158cfef6cc243ef87b42ccee6faaa12167ad261612b + size: 1154650 + checksum: sha256:c5eb468720a569592a07c119b9d2b441f780b48fd5c26ba790e0d5d809fc2d9b name: rsync - evr: 3.1.3-24.el8_10 + evr: 3.1.3-25.el8_10 - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/aarch64/baseos/source/SRPMS/Packages/t/tar-1.30-11.el8_10.src.rpm repoid: ubi-8-for-aarch64-baseos-source-rpms size: 2173356 @@ -67,13 +67,13 @@ arches: name: socat evr: 1.7.4.1-2.el8_10 sourcerpm: socat-1.7.4.1-2.el8_10.src.rpm - - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/ppc64le/baseos/os/Packages/r/rsync-3.1.3-24.el8_10.ppc64le.rpm + - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/ppc64le/baseos/os/Packages/r/rsync-3.1.3-25.el8_10.ppc64le.rpm repoid: ubi-8-for-ppc64le-baseos-rpms - size: 444140 - checksum: sha256:a276c11e72b22749d803d6f878060d4afc2236d6bc6001130336ecb661ba54bb + size: 444280 + checksum: sha256:d030b88f18159107a5df22a2913e1c54cb1fe924df508fef32020d5e90747a54 name: rsync - evr: 3.1.3-24.el8_10 - sourcerpm: rsync-3.1.3-24.el8_10.src.rpm + evr: 3.1.3-25.el8_10 + sourcerpm: rsync-3.1.3-25.el8_10.src.rpm - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/ppc64le/baseos/os/Packages/t/tar-1.30-11.el8_10.ppc64le.rpm repoid: ubi-8-for-ppc64le-baseos-rpms size: 877676 @@ -95,12 +95,12 @@ arches: checksum: sha256:785c6b46c00a71d7e711dd1d60c64c1a6e3d80b395e459a3beaf780a3b489120 name: socat evr: 1.7.4.1-2.el8_10 - - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/ppc64le/baseos/source/SRPMS/Packages/r/rsync-3.1.3-24.el8_10.src.rpm + - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/ppc64le/baseos/source/SRPMS/Packages/r/rsync-3.1.3-25.el8_10.src.rpm repoid: ubi-8-for-ppc64le-baseos-source-rpms - size: 1153958 - checksum: sha256:3f64ffd06df0e303cec56158cfef6cc243ef87b42ccee6faaa12167ad261612b + size: 1154650 + checksum: sha256:c5eb468720a569592a07c119b9d2b441f780b48fd5c26ba790e0d5d809fc2d9b name: rsync - evr: 3.1.3-24.el8_10 + evr: 3.1.3-25.el8_10 - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/ppc64le/baseos/source/SRPMS/Packages/t/tar-1.30-11.el8_10.src.rpm repoid: ubi-8-for-ppc64le-baseos-source-rpms size: 2173356 @@ -123,13 +123,13 @@ arches: name: socat evr: 1.7.4.1-2.el8_10 sourcerpm: socat-1.7.4.1-2.el8_10.src.rpm - - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/s390x/baseos/os/Packages/r/rsync-3.1.3-24.el8_10.s390x.rpm + - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/s390x/baseos/os/Packages/r/rsync-3.1.3-25.el8_10.s390x.rpm repoid: ubi-8-for-s390x-baseos-rpms - size: 414676 - checksum: sha256:4b5ffbe23505b7c1e9d71744768eefcfa8018493c9247fe845f67c94eccc3d21 + size: 414828 + checksum: sha256:a8eaf4a1e7c7bd5b8070b04a7c282ac0c8fe725ec7dd9fa43d7a731eaf3e5bd8 name: rsync - evr: 3.1.3-24.el8_10 - sourcerpm: rsync-3.1.3-24.el8_10.src.rpm + evr: 3.1.3-25.el8_10 + sourcerpm: rsync-3.1.3-25.el8_10.src.rpm - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/s390x/baseos/os/Packages/t/tar-1.30-11.el8_10.s390x.rpm repoid: ubi-8-for-s390x-baseos-rpms size: 852716 @@ -151,12 +151,12 @@ arches: checksum: sha256:785c6b46c00a71d7e711dd1d60c64c1a6e3d80b395e459a3beaf780a3b489120 name: socat evr: 1.7.4.1-2.el8_10 - - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/s390x/baseos/source/SRPMS/Packages/r/rsync-3.1.3-24.el8_10.src.rpm + - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/s390x/baseos/source/SRPMS/Packages/r/rsync-3.1.3-25.el8_10.src.rpm repoid: ubi-8-for-s390x-baseos-source-rpms - size: 1153958 - checksum: sha256:3f64ffd06df0e303cec56158cfef6cc243ef87b42ccee6faaa12167ad261612b + size: 1154650 + checksum: sha256:c5eb468720a569592a07c119b9d2b441f780b48fd5c26ba790e0d5d809fc2d9b name: rsync - evr: 3.1.3-24.el8_10 + evr: 3.1.3-25.el8_10 - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/s390x/baseos/source/SRPMS/Packages/t/tar-1.30-11.el8_10.src.rpm repoid: ubi-8-for-s390x-baseos-source-rpms size: 2173356 @@ -179,13 +179,13 @@ arches: name: socat evr: 1.7.4.1-2.el8_10 sourcerpm: socat-1.7.4.1-2.el8_10.src.rpm - - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/x86_64/baseos/os/Packages/r/rsync-3.1.3-24.el8_10.x86_64.rpm + - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/x86_64/baseos/os/Packages/r/rsync-3.1.3-25.el8_10.x86_64.rpm repoid: ubi-8-for-x86_64-baseos-rpms - size: 421296 - checksum: sha256:de11206f6b17495ae1139e137cffbc92ea7a638677a89ffab7dc669a1c8aa9a6 + size: 421432 + checksum: sha256:9fb4ac09b7640363c24edae1f1ef2826898721961575de795b487a31e654e944 name: rsync - evr: 3.1.3-24.el8_10 - sourcerpm: rsync-3.1.3-24.el8_10.src.rpm + evr: 3.1.3-25.el8_10 + sourcerpm: rsync-3.1.3-25.el8_10.src.rpm - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/x86_64/baseos/os/Packages/t/tar-1.30-11.el8_10.x86_64.rpm repoid: ubi-8-for-x86_64-baseos-rpms size: 858044 @@ -207,12 +207,12 @@ arches: checksum: sha256:785c6b46c00a71d7e711dd1d60c64c1a6e3d80b395e459a3beaf780a3b489120 name: socat evr: 1.7.4.1-2.el8_10 - - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/x86_64/baseos/source/SRPMS/Packages/r/rsync-3.1.3-24.el8_10.src.rpm + - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/x86_64/baseos/source/SRPMS/Packages/r/rsync-3.1.3-25.el8_10.src.rpm repoid: ubi-8-for-x86_64-baseos-source-rpms - size: 1153958 - checksum: sha256:3f64ffd06df0e303cec56158cfef6cc243ef87b42ccee6faaa12167ad261612b + size: 1154650 + checksum: sha256:c5eb468720a569592a07c119b9d2b441f780b48fd5c26ba790e0d5d809fc2d9b name: rsync - evr: 3.1.3-24.el8_10 + evr: 3.1.3-25.el8_10 - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/x86_64/baseos/source/SRPMS/Packages/t/tar-1.30-11.el8_10.src.rpm repoid: ubi-8-for-x86_64-baseos-source-rpms size: 2173356 diff --git a/pkg/konfluxgen/bundle-build.yaml b/pkg/konfluxgen/bundle-build.yaml index 59bb817c..324bcc5a 100644 --- a/pkg/konfluxgen/bundle-build.yaml +++ b/pkg/konfluxgen/bundle-build.yaml @@ -78,6 +78,14 @@ spec: - default: "false" description: Enable cache proxy configuration name: enable-cache-proxy + - default: "true" + description: Use the package registry proxy when prefetching dependencies + name: enable-package-registry-proxy + - default: . + description: Target directories in component's source code to scan with SAST tools. + Multiple values should be separated with commas. + name: sast-target-dirs + type: string - default: [] description: Array of --build-arg values ("arg=value" strings) for buildah name: build-args @@ -160,7 +168,7 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:0bc358b7c16a1ff9a829b6ce327ddb46f5c539b3cf90ade653739ffdf2925176 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:f667d1146533b1d49829c08097e31faf27db24563da576434a707353de62099f - name: kind value: task resolver: bundles @@ -172,6 +180,8 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: TARGET_DIRS + value: $(params.sast-target-dirs) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -183,7 +193,7 @@ spec: - name: name value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:6045ed6f2d37cfdf75cb3f2bf88706839c276a59f892ae027a315456c2914cf3 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:8f3ecbeaff579e41b8278f82d7fabac27845db17a8e687ea6c510c0c9aceabbb - name: kind value: task resolver: bundles @@ -198,6 +208,8 @@ spec: value: $(params.prefetch-input-dev-package-managers) - name: input value: $(params.prefetch-input) + - name: enable-package-registry-proxy + value: $(params.enable-package-registry-proxy) - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - name: ociStorage @@ -211,7 +223,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:9917d11f0a38c844184042d504b3d5605c009e6e43785fa113caae8b4c99b75e + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:a2efbcdcecfa5293a622eb356a18f5c88e5714046b214fe8730b43b1a7dbb77d - name: kind value: task resolver: bundles @@ -235,7 +247,7 @@ spec: - name: name value: apply-tags - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:de3722bac1bf5ae8a95319162ce7e23fb33a7e2b7c0ac91535549f31a75aac86 + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:a291081de7fb27f832c6fc3c4b078acf7e6162ca4c085db38b118ca87e8b5b66 - name: kind value: task resolver: bundles @@ -248,7 +260,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:f2de909151c733da85c7c05de8ecf37c55079c219dcf8db906175ae11fca0142 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:5a423246792ac501ea279229b42ee57da9927da441c04b5c9ff86817b0856b08 - name: kind value: task resolver: bundles @@ -269,7 +281,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:f3f28a40fb7b4c8a5c1ec935df5576139bb6ba5b80f3531f42da2f1f2448a53b + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:13d49df7dc9ae301627e45f95a236011422996152f1bea46cd60217b0f057407 - name: kind value: task resolver: bundles @@ -294,7 +306,7 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:b65a1e0961e0e768dda1f118bc5b5cab9c7ca7f4ed094e6a4352e66f82b9fa0b + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:550afde50349e22ec11191ea0db9a49395ab46fef4e8317d820b6e946677ebeb - name: kind value: task resolver: bundles @@ -315,7 +327,7 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:0201377594e6e0e9d304aa23b2363e4f47e02f3ebb6fe5a410480c1a17c9edfb + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:0917cfc7772e82cb8e74743c2104f43bcf2596aceafe87eec6fce69a8cac5f06 - name: kind value: task resolver: bundles @@ -337,7 +349,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:3457a4ca93f8d55f14ebd407532b1223c689eacc34f0abb3003db4111667bdae + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:e78d0d3baf3c8cfc1a5ad278196b74032d9568b143a87c7a79ab780fedfb296e - name: kind value: task resolver: bundles @@ -364,7 +376,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:9397d3eb9f1cbebaa15e93256e0ca9eaca148baa674be72f07f4a00df63c4609 + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:8fad4c2e2f470f82ee43d6b2ac72327b4d9c6e9cb514a678911c1c9359c29894 - name: kind value: task resolver: bundles @@ -391,7 +403,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:9f18b216ce71a66909e7cb17d9b34526c02d73cf12884ba32d1f10614f7b9f5a + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:567cb66bd2e1f4b58b9d4d756f3317fc62479e0b40aa0de66094b1f12d296cfc - name: kind value: task resolver: bundles @@ -406,6 +418,8 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: TARGET_DIRS + value: $(params.sast-target-dirs) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -417,7 +431,7 @@ spec: - name: name value: sast-shell-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:c314b4d5369d7961af51c865be28cd792d5f233aef94ecf035b3f84acde398bf + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:c4ef47e3b4e0508572d266fb745be7e374c29dc02580328cbe9f4d472a8aca57 - name: kind value: task resolver: bundles @@ -432,6 +446,8 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: TARGET_DIRS + value: $(params.sast-target-dirs) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -443,7 +459,7 @@ spec: - name: name value: sast-unicode-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:3d8a6902ab7c5c2125be07263f395426342c5032b3abfd0140162ad838437bab + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:90efa582de7770d55102b74014a765cd16a25a56f2cf644b56a788c70c4dc749 - name: kind value: task resolver: bundles @@ -471,7 +487,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.3@sha256:aa0d54cdd04777562599195439186bb9ea28ced4529e9b860867611cca453a39 + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.3@sha256:7855471abfe87de080b914f2f3ca27c59e64f6448a7c2435e51435b764494c71 - name: kind value: task resolver: bundles @@ -488,7 +504,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:65b14e54b86c3b8e7332b53ff8d2e574693fa1335f9720aec21d47e9d15686f0 + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:41720da9dfe26f33b0bdc46bbf8667a27dae4790d8e5c5f4412224658de7b213 - name: kind value: task resolver: bundles diff --git a/pkg/konfluxgen/docker-build.yaml b/pkg/konfluxgen/docker-build.yaml index 2b9135cb..4e178c27 100644 --- a/pkg/konfluxgen/docker-build.yaml +++ b/pkg/konfluxgen/docker-build.yaml @@ -87,6 +87,14 @@ spec: - default: "false" description: Enable cache proxy configuration name: enable-cache-proxy + - default: "true" + description: Use the package registry proxy when prefetching dependencies + name: enable-package-registry-proxy + - default: . + description: Target directories in component's source code to scan with SAST tools. + Multiple values should be separated with commas. + name: sast-target-dirs + type: string - default: [] description: Array of --build-arg values ("arg=value" strings) for buildah name: build-args @@ -122,6 +130,8 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: TARGET_DIRS + value: $(params.sast-target-dirs) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -133,7 +143,7 @@ spec: - name: name value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:6045ed6f2d37cfdf75cb3f2bf88706839c276a59f892ae027a315456c2914cf3 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:8f3ecbeaff579e41b8278f82d7fabac27845db17a8e687ea6c510c0c9aceabbb - name: kind value: task resolver: bundles @@ -148,6 +158,8 @@ spec: value: $(params.prefetch-input-dev-package-managers) - name: input value: $(params.prefetch-input) + - name: enable-package-registry-proxy + value: $(params.enable-package-registry-proxy) - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - name: ociStorage @@ -161,7 +173,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:9917d11f0a38c844184042d504b3d5605c009e6e43785fa113caae8b4c99b75e + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:a2efbcdcecfa5293a622eb356a18f5c88e5714046b214fe8730b43b1a7dbb77d - name: kind value: task resolver: bundles @@ -185,7 +197,7 @@ spec: - name: name value: apply-tags - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:de3722bac1bf5ae8a95319162ce7e23fb33a7e2b7c0ac91535549f31a75aac86 + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:a291081de7fb27f832c6fc3c4b078acf7e6162ca4c085db38b118ca87e8b5b66 - name: kind value: task resolver: bundles @@ -198,7 +210,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:f2de909151c733da85c7c05de8ecf37c55079c219dcf8db906175ae11fca0142 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:5a423246792ac501ea279229b42ee57da9927da441c04b5c9ff86817b0856b08 - name: kind value: task resolver: bundles @@ -219,7 +231,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:f3f28a40fb7b4c8a5c1ec935df5576139bb6ba5b80f3531f42da2f1f2448a53b + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:13d49df7dc9ae301627e45f95a236011422996152f1bea46cd60217b0f057407 - name: kind value: task resolver: bundles @@ -275,7 +287,7 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:0bc358b7c16a1ff9a829b6ce327ddb46f5c539b3cf90ade653739ffdf2925176 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:f667d1146533b1d49829c08097e31faf27db24563da576434a707353de62099f - name: kind value: task resolver: bundles @@ -297,7 +309,7 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:b65a1e0961e0e768dda1f118bc5b5cab9c7ca7f4ed094e6a4352e66f82b9fa0b + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:550afde50349e22ec11191ea0db9a49395ab46fef4e8317d820b6e946677ebeb - name: kind value: task resolver: bundles @@ -318,7 +330,7 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:0201377594e6e0e9d304aa23b2363e4f47e02f3ebb6fe5a410480c1a17c9edfb + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:0917cfc7772e82cb8e74743c2104f43bcf2596aceafe87eec6fce69a8cac5f06 - name: kind value: task resolver: bundles @@ -340,7 +352,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:3457a4ca93f8d55f14ebd407532b1223c689eacc34f0abb3003db4111667bdae + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:e78d0d3baf3c8cfc1a5ad278196b74032d9568b143a87c7a79ab780fedfb296e - name: kind value: task resolver: bundles @@ -367,7 +379,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:9397d3eb9f1cbebaa15e93256e0ca9eaca148baa674be72f07f4a00df63c4609 + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:8fad4c2e2f470f82ee43d6b2ac72327b4d9c6e9cb514a678911c1c9359c29894 - name: kind value: task resolver: bundles @@ -392,7 +404,7 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:2d439dce35dc07bec38dcf450bcba949851686141a256d87eb6f42e5a217f6e2 + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:9c300728a03f41beee9a689422d66513d32ab5f804664fe561b11cebacd07799 - name: kind value: task resolver: bundles @@ -419,7 +431,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:9f18b216ce71a66909e7cb17d9b34526c02d73cf12884ba32d1f10614f7b9f5a + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:567cb66bd2e1f4b58b9d4d756f3317fc62479e0b40aa0de66094b1f12d296cfc - name: kind value: task resolver: bundles @@ -434,6 +446,8 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: TARGET_DIRS + value: $(params.sast-target-dirs) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -445,7 +459,7 @@ spec: - name: name value: sast-shell-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:c314b4d5369d7961af51c865be28cd792d5f233aef94ecf035b3f84acde398bf + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:c4ef47e3b4e0508572d266fb745be7e374c29dc02580328cbe9f4d472a8aca57 - name: kind value: task resolver: bundles @@ -460,6 +474,8 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: TARGET_DIRS + value: $(params.sast-target-dirs) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -471,7 +487,7 @@ spec: - name: name value: sast-unicode-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:3d8a6902ab7c5c2125be07263f395426342c5032b3abfd0140162ad838437bab + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:90efa582de7770d55102b74014a765cd16a25a56f2cf644b56a788c70c4dc749 - name: kind value: task resolver: bundles @@ -499,7 +515,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.3@sha256:aa0d54cdd04777562599195439186bb9ea28ced4529e9b860867611cca453a39 + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.3@sha256:7855471abfe87de080b914f2f3ca27c59e64f6448a7c2435e51435b764494c71 - name: kind value: task resolver: bundles @@ -516,7 +532,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:65b14e54b86c3b8e7332b53ff8d2e574693fa1335f9720aec21d47e9d15686f0 + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:41720da9dfe26f33b0bdc46bbf8667a27dae4790d8e5c5f4412224658de7b213 - name: kind value: task resolver: bundles diff --git a/pkg/konfluxgen/docker-java-build.yaml b/pkg/konfluxgen/docker-java-build.yaml index 77ec58b4..54507b09 100644 --- a/pkg/konfluxgen/docker-java-build.yaml +++ b/pkg/konfluxgen/docker-java-build.yaml @@ -87,6 +87,14 @@ spec: - default: "false" description: Enable cache proxy configuration name: enable-cache-proxy + - default: "true" + description: Use the package registry proxy when prefetching dependencies + name: enable-package-registry-proxy + - default: . + description: Target directories in component's source code to scan with SAST tools. + Multiple values should be separated with commas. + name: sast-target-dirs + type: string - default: [] description: Array of --build-arg values ("arg=value" strings) for buildah name: build-args @@ -122,6 +130,8 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: TARGET_DIRS + value: $(params.sast-target-dirs) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -133,7 +143,7 @@ spec: - name: name value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:6045ed6f2d37cfdf75cb3f2bf88706839c276a59f892ae027a315456c2914cf3 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:8f3ecbeaff579e41b8278f82d7fabac27845db17a8e687ea6c510c0c9aceabbb - name: kind value: task resolver: bundles @@ -148,6 +158,8 @@ spec: value: $(params.prefetch-input-dev-package-managers) - name: input value: $(params.prefetch-input) + - name: enable-package-registry-proxy + value: $(params.enable-package-registry-proxy) - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - name: ociStorage @@ -161,7 +173,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:9917d11f0a38c844184042d504b3d5605c009e6e43785fa113caae8b4c99b75e + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:a2efbcdcecfa5293a622eb356a18f5c88e5714046b214fe8730b43b1a7dbb77d - name: kind value: task resolver: bundles @@ -185,7 +197,7 @@ spec: - name: name value: apply-tags - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:de3722bac1bf5ae8a95319162ce7e23fb33a7e2b7c0ac91535549f31a75aac86 + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:a291081de7fb27f832c6fc3c4b078acf7e6162ca4c085db38b118ca87e8b5b66 - name: kind value: task resolver: bundles @@ -198,7 +210,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:f2de909151c733da85c7c05de8ecf37c55079c219dcf8db906175ae11fca0142 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:5a423246792ac501ea279229b42ee57da9927da441c04b5c9ff86817b0856b08 - name: kind value: task resolver: bundles @@ -219,7 +231,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:f3f28a40fb7b4c8a5c1ec935df5576139bb6ba5b80f3531f42da2f1f2448a53b + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:13d49df7dc9ae301627e45f95a236011422996152f1bea46cd60217b0f057407 - name: kind value: task resolver: bundles @@ -275,7 +287,7 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:0bc358b7c16a1ff9a829b6ce327ddb46f5c539b3cf90ade653739ffdf2925176 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:f667d1146533b1d49829c08097e31faf27db24563da576434a707353de62099f - name: kind value: task resolver: bundles @@ -297,7 +309,7 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:b65a1e0961e0e768dda1f118bc5b5cab9c7ca7f4ed094e6a4352e66f82b9fa0b + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:550afde50349e22ec11191ea0db9a49395ab46fef4e8317d820b6e946677ebeb - name: kind value: task resolver: bundles @@ -318,7 +330,7 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:0201377594e6e0e9d304aa23b2363e4f47e02f3ebb6fe5a410480c1a17c9edfb + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:0917cfc7772e82cb8e74743c2104f43bcf2596aceafe87eec6fce69a8cac5f06 - name: kind value: task resolver: bundles @@ -340,7 +352,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:3457a4ca93f8d55f14ebd407532b1223c689eacc34f0abb3003db4111667bdae + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:e78d0d3baf3c8cfc1a5ad278196b74032d9568b143a87c7a79ab780fedfb296e - name: kind value: task resolver: bundles @@ -367,7 +379,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:9397d3eb9f1cbebaa15e93256e0ca9eaca148baa674be72f07f4a00df63c4609 + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:8fad4c2e2f470f82ee43d6b2ac72327b4d9c6e9cb514a678911c1c9359c29894 - name: kind value: task resolver: bundles @@ -392,7 +404,7 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:2d439dce35dc07bec38dcf450bcba949851686141a256d87eb6f42e5a217f6e2 + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:9c300728a03f41beee9a689422d66513d32ab5f804664fe561b11cebacd07799 - name: kind value: task resolver: bundles @@ -419,7 +431,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:9f18b216ce71a66909e7cb17d9b34526c02d73cf12884ba32d1f10614f7b9f5a + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:567cb66bd2e1f4b58b9d4d756f3317fc62479e0b40aa0de66094b1f12d296cfc - name: kind value: task resolver: bundles @@ -434,6 +446,8 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: TARGET_DIRS + value: $(params.sast-target-dirs) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -445,7 +459,7 @@ spec: - name: name value: sast-shell-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:c314b4d5369d7961af51c865be28cd792d5f233aef94ecf035b3f84acde398bf + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:c4ef47e3b4e0508572d266fb745be7e374c29dc02580328cbe9f4d472a8aca57 - name: kind value: task resolver: bundles @@ -460,6 +474,8 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: TARGET_DIRS + value: $(params.sast-target-dirs) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -471,7 +487,7 @@ spec: - name: name value: sast-unicode-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:3d8a6902ab7c5c2125be07263f395426342c5032b3abfd0140162ad838437bab + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:90efa582de7770d55102b74014a765cd16a25a56f2cf644b56a788c70c4dc749 - name: kind value: task resolver: bundles @@ -499,7 +515,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.3@sha256:aa0d54cdd04777562599195439186bb9ea28ced4529e9b860867611cca453a39 + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.3@sha256:7855471abfe87de080b914f2f3ca27c59e64f6448a7c2435e51435b764494c71 - name: kind value: task resolver: bundles @@ -516,7 +532,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:65b14e54b86c3b8e7332b53ff8d2e574693fa1335f9720aec21d47e9d15686f0 + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:41720da9dfe26f33b0bdc46bbf8667a27dae4790d8e5c5f4412224658de7b213 - name: kind value: task resolver: bundles diff --git a/pkg/konfluxgen/fbc-builder.yaml b/pkg/konfluxgen/fbc-builder.yaml index 7f3827b7..abac9503 100644 --- a/pkg/konfluxgen/fbc-builder.yaml +++ b/pkg/konfluxgen/fbc-builder.yaml @@ -91,6 +91,14 @@ spec: - default: "false" description: Enable cache proxy configuration name: enable-cache-proxy + - default: "true" + description: Use the package registry proxy when prefetching dependencies + name: enable-package-registry-proxy + - default: . + description: Target directories in component's source code to scan with SAST tools. + Multiple values should be separated with commas. + name: sast-target-dirs + type: string - default: [] description: Array of --build-arg values ("arg=value" strings) for buildah name: build-args @@ -137,7 +145,7 @@ spec: - name: name value: run-opm-command-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-run-opm-command-oci-ta:0.1@sha256:c79858b867713e44927438f6193c49004bf40bfd9248682f20c5a83ea2a9d2f1 + value: quay.io/konflux-ci/tekton-catalog/task-run-opm-command-oci-ta:0.1@sha256:6a7c758802fd253735b15174c4e7ffffb6e271969adfddb3a083935986845166 - name: kind value: task resolver: bundles @@ -156,7 +164,7 @@ spec: - name: name value: apply-tags - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:de3722bac1bf5ae8a95319162ce7e23fb33a7e2b7c0ac91535549f31a75aac86 + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:a291081de7fb27f832c6fc3c4b078acf7e6162ca4c085db38b118ca87e8b5b66 - name: kind value: task resolver: bundles @@ -169,7 +177,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:f2de909151c733da85c7c05de8ecf37c55079c219dcf8db906175ae11fca0142 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:5a423246792ac501ea279229b42ee57da9927da441c04b5c9ff86817b0856b08 - name: kind value: task resolver: bundles @@ -190,7 +198,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:f3f28a40fb7b4c8a5c1ec935df5576139bb6ba5b80f3531f42da2f1f2448a53b + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:13d49df7dc9ae301627e45f95a236011422996152f1bea46cd60217b0f057407 - name: kind value: task resolver: bundles @@ -201,6 +209,8 @@ spec: params: - name: input value: $(params.prefetch-input) + - name: enable-package-registry-proxy + value: $(params.enable-package-registry-proxy) - name: SOURCE_ARTIFACT value: $(tasks.run-opm-command.results.SOURCE_ARTIFACT) - name: ociStorage @@ -214,7 +224,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:9917d11f0a38c844184042d504b3d5605c009e6e43785fa113caae8b4c99b75e + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:a2efbcdcecfa5293a622eb356a18f5c88e5714046b214fe8730b43b1a7dbb77d - name: kind value: task resolver: bundles @@ -268,7 +278,7 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:0bc358b7c16a1ff9a829b6ce327ddb46f5c539b3cf90ade653739ffdf2925176 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:f667d1146533b1d49829c08097e31faf27db24563da576434a707353de62099f - name: kind value: task resolver: bundles @@ -288,7 +298,7 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:b65a1e0961e0e768dda1f118bc5b5cab9c7ca7f4ed094e6a4352e66f82b9fa0b + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:550afde50349e22ec11191ea0db9a49395ab46fef4e8317d820b6e946677ebeb - name: kind value: task resolver: bundles @@ -305,7 +315,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:3457a4ca93f8d55f14ebd407532b1223c689eacc34f0abb3003db4111667bdae + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:e78d0d3baf3c8cfc1a5ad278196b74032d9568b143a87c7a79ab780fedfb296e - name: kind value: task resolver: bundles @@ -327,7 +337,7 @@ spec: - name: name value: validate-fbc - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-validate-fbc:0.1@sha256:291cbcce7d965831dd5027caad5f47ac4146b6fac0a51358f2ad64603a008436 + value: quay.io/konflux-ci/tekton-catalog/task-validate-fbc:0.1@sha256:d1b92157be81f58facc413ff15ae16dcedb01ada0ad8c72c7d759e818ce51083 - name: kind value: task resolver: bundles @@ -353,7 +363,7 @@ spec: - name: name value: fbc-target-index-pruning-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-fbc-target-index-pruning-check:0.1@sha256:fcc6f1b21c12625ba5e157556bf7bafd03486cb265fe5e761cf352afb5d1adf1 + value: quay.io/konflux-ci/tekton-catalog/task-fbc-target-index-pruning-check:0.1@sha256:0fb7feb722250a0f77e5d9d7b4e2536ec85ff4fc41d78378bbb84304cb7959be - name: kind value: task resolver: bundles @@ -377,7 +387,7 @@ spec: - name: name value: fbc-fips-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-fbc-fips-check-oci-ta:0.1@sha256:54bcb482534272463f3c515fcf969d5b81b5770c0e69d711dbf25510813613b2 + value: quay.io/konflux-ci/tekton-catalog/task-fbc-fips-check-oci-ta:0.1@sha256:3017397d39d8667f1371a415feadff3d08b5bcc272e396818082b767cbb4f1db - name: kind value: task resolver: bundles diff --git a/pkg/konfluxgen/kustomize/docker-build.yaml b/pkg/konfluxgen/kustomize/docker-build.yaml index a156a494..2e602b8d 100644 --- a/pkg/konfluxgen/kustomize/docker-build.yaml +++ b/pkg/konfluxgen/kustomize/docker-build.yaml @@ -66,6 +66,14 @@ spec: - default: "false" description: Enable cache proxy configuration name: enable-cache-proxy + - default: "true" + description: Use the package registry proxy when prefetching dependencies + name: enable-package-registry-proxy + - default: . + description: Target directories in component's source code to scan with SAST tools. + Multiple values should be separated with commas. + name: sast-target-dirs + type: string - default: [] description: Array of --build-arg values ("arg=value" strings) for buildah name: build-args @@ -108,7 +116,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:f2de909151c733da85c7c05de8ecf37c55079c219dcf8db906175ae11fca0142 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:5a423246792ac501ea279229b42ee57da9927da441c04b5c9ff86817b0856b08 - name: kind value: task resolver: bundles @@ -129,7 +137,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:f3f28a40fb7b4c8a5c1ec935df5576139bb6ba5b80f3531f42da2f1f2448a53b + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:13d49df7dc9ae301627e45f95a236011422996152f1bea46cd60217b0f057407 - name: kind value: task resolver: bundles @@ -140,6 +148,8 @@ spec: params: - name: input value: $(params.prefetch-input) + - name: enable-package-registry-proxy + value: $(params.enable-package-registry-proxy) - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - name: ociStorage @@ -153,7 +163,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:9917d11f0a38c844184042d504b3d5605c009e6e43785fa113caae8b4c99b75e + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:a2efbcdcecfa5293a622eb356a18f5c88e5714046b214fe8730b43b1a7dbb77d - name: kind value: task resolver: bundles @@ -211,7 +221,7 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:0bc358b7c16a1ff9a829b6ce327ddb46f5c539b3cf90ade653739ffdf2925176 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:f667d1146533b1d49829c08097e31faf27db24563da576434a707353de62099f - name: kind value: task resolver: bundles @@ -233,7 +243,7 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:b65a1e0961e0e768dda1f118bc5b5cab9c7ca7f4ed094e6a4352e66f82b9fa0b + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:550afde50349e22ec11191ea0db9a49395ab46fef4e8317d820b6e946677ebeb - name: kind value: task resolver: bundles @@ -254,7 +264,7 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:0201377594e6e0e9d304aa23b2363e4f47e02f3ebb6fe5a410480c1a17c9edfb + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:0917cfc7772e82cb8e74743c2104f43bcf2596aceafe87eec6fce69a8cac5f06 - name: kind value: task resolver: bundles @@ -276,7 +286,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:3457a4ca93f8d55f14ebd407532b1223c689eacc34f0abb3003db4111667bdae + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:e78d0d3baf3c8cfc1a5ad278196b74032d9568b143a87c7a79ab780fedfb296e - name: kind value: task resolver: bundles @@ -303,7 +313,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:9397d3eb9f1cbebaa15e93256e0ca9eaca148baa674be72f07f4a00df63c4609 + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:8fad4c2e2f470f82ee43d6b2ac72327b4d9c6e9cb514a678911c1c9359c29894 - name: kind value: task resolver: bundles @@ -328,7 +338,7 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:2d439dce35dc07bec38dcf450bcba949851686141a256d87eb6f42e5a217f6e2 + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:9c300728a03f41beee9a689422d66513d32ab5f804664fe561b11cebacd07799 - name: kind value: task resolver: bundles @@ -343,6 +353,8 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: TARGET_DIRS + value: $(params.sast-target-dirs) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -354,7 +366,7 @@ spec: - name: name value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:6045ed6f2d37cfdf75cb3f2bf88706839c276a59f892ae027a315456c2914cf3 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:8f3ecbeaff579e41b8278f82d7fabac27845db17a8e687ea6c510c0c9aceabbb - name: kind value: task resolver: bundles @@ -381,7 +393,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:9f18b216ce71a66909e7cb17d9b34526c02d73cf12884ba32d1f10614f7b9f5a + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:567cb66bd2e1f4b58b9d4d756f3317fc62479e0b40aa0de66094b1f12d296cfc - name: kind value: task resolver: bundles @@ -396,6 +408,8 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: TARGET_DIRS + value: $(params.sast-target-dirs) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -407,7 +421,7 @@ spec: - name: name value: sast-shell-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:c314b4d5369d7961af51c865be28cd792d5f233aef94ecf035b3f84acde398bf + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:c4ef47e3b4e0508572d266fb745be7e374c29dc02580328cbe9f4d472a8aca57 - name: kind value: task resolver: bundles @@ -422,6 +436,8 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: TARGET_DIRS + value: $(params.sast-target-dirs) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -433,7 +449,7 @@ spec: - name: name value: sast-unicode-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:3d8a6902ab7c5c2125be07263f395426342c5032b3abfd0140162ad838437bab + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:90efa582de7770d55102b74014a765cd16a25a56f2cf644b56a788c70c4dc749 - name: kind value: task resolver: bundles @@ -455,7 +471,7 @@ spec: - name: name value: apply-tags - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:de3722bac1bf5ae8a95319162ce7e23fb33a7e2b7c0ac91535549f31a75aac86 + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:a291081de7fb27f832c6fc3c4b078acf7e6162ca4c085db38b118ca87e8b5b66 - name: kind value: task resolver: bundles @@ -478,7 +494,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.3@sha256:aa0d54cdd04777562599195439186bb9ea28ced4529e9b860867611cca453a39 + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.3@sha256:7855471abfe87de080b914f2f3ca27c59e64f6448a7c2435e51435b764494c71 - name: kind value: task resolver: bundles @@ -495,7 +511,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:65b14e54b86c3b8e7332b53ff8d2e574693fa1335f9720aec21d47e9d15686f0 + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:41720da9dfe26f33b0bdc46bbf8667a27dae4790d8e5c5f4412224658de7b213 - name: kind value: task resolver: bundles diff --git a/pkg/konfluxgen/kustomize/fbc-builder.yaml b/pkg/konfluxgen/kustomize/fbc-builder.yaml index 5c1cfdf7..7604c1a1 100644 --- a/pkg/konfluxgen/kustomize/fbc-builder.yaml +++ b/pkg/konfluxgen/kustomize/fbc-builder.yaml @@ -61,6 +61,14 @@ spec: - default: "false" description: Enable cache proxy configuration name: enable-cache-proxy + - default: "true" + description: Use the package registry proxy when prefetching dependencies + name: enable-package-registry-proxy + - default: . + description: Target directories in component's source code to scan with SAST tools. + Multiple values should be separated with commas. + name: sast-target-dirs + type: string - default: [] description: Array of --build-arg values ("arg=value" strings) for buildah name: build-args @@ -98,7 +106,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:f2de909151c733da85c7c05de8ecf37c55079c219dcf8db906175ae11fca0142 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:5a423246792ac501ea279229b42ee57da9927da441c04b5c9ff86817b0856b08 - name: kind value: task resolver: bundles @@ -119,7 +127,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:f3f28a40fb7b4c8a5c1ec935df5576139bb6ba5b80f3531f42da2f1f2448a53b + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:13d49df7dc9ae301627e45f95a236011422996152f1bea46cd60217b0f057407 - name: kind value: task resolver: bundles @@ -147,7 +155,7 @@ spec: - name: name value: run-opm-command-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-run-opm-command-oci-ta:0.1@sha256:c79858b867713e44927438f6193c49004bf40bfd9248682f20c5a83ea2a9d2f1 + value: quay.io/konflux-ci/tekton-catalog/task-run-opm-command-oci-ta:0.1@sha256:6a7c758802fd253735b15174c4e7ffffb6e271969adfddb3a083935986845166 - name: kind value: task resolver: bundles @@ -155,6 +163,8 @@ spec: params: - name: input value: $(params.prefetch-input) + - name: enable-package-registry-proxy + value: $(params.enable-package-registry-proxy) - name: SOURCE_ARTIFACT value: $(tasks.run-opm-command.results.SOURCE_ARTIFACT) - name: ociStorage @@ -168,7 +178,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:9917d11f0a38c844184042d504b3d5605c009e6e43785fa113caae8b4c99b75e + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:a2efbcdcecfa5293a622eb356a18f5c88e5714046b214fe8730b43b1a7dbb77d - name: kind value: task resolver: bundles @@ -222,7 +232,7 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:0bc358b7c16a1ff9a829b6ce327ddb46f5c539b3cf90ade653739ffdf2925176 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:f667d1146533b1d49829c08097e31faf27db24563da576434a707353de62099f - name: kind value: task resolver: bundles @@ -242,7 +252,7 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:b65a1e0961e0e768dda1f118bc5b5cab9c7ca7f4ed094e6a4352e66f82b9fa0b + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:550afde50349e22ec11191ea0db9a49395ab46fef4e8317d820b6e946677ebeb - name: kind value: task resolver: bundles @@ -259,7 +269,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:3457a4ca93f8d55f14ebd407532b1223c689eacc34f0abb3003db4111667bdae + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:e78d0d3baf3c8cfc1a5ad278196b74032d9568b143a87c7a79ab780fedfb296e - name: kind value: task resolver: bundles @@ -281,7 +291,7 @@ spec: - name: name value: apply-tags - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:de3722bac1bf5ae8a95319162ce7e23fb33a7e2b7c0ac91535549f31a75aac86 + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:a291081de7fb27f832c6fc3c4b078acf7e6162ca4c085db38b118ca87e8b5b66 - name: kind value: task resolver: bundles @@ -298,7 +308,7 @@ spec: - name: name value: validate-fbc - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-validate-fbc:0.1@sha256:291cbcce7d965831dd5027caad5f47ac4146b6fac0a51358f2ad64603a008436 + value: quay.io/konflux-ci/tekton-catalog/task-validate-fbc:0.1@sha256:d1b92157be81f58facc413ff15ae16dcedb01ada0ad8c72c7d759e818ce51083 - name: kind value: task resolver: bundles @@ -324,7 +334,7 @@ spec: - name: name value: fbc-target-index-pruning-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-fbc-target-index-pruning-check:0.1@sha256:fcc6f1b21c12625ba5e157556bf7bafd03486cb265fe5e761cf352afb5d1adf1 + value: quay.io/konflux-ci/tekton-catalog/task-fbc-target-index-pruning-check:0.1@sha256:0fb7feb722250a0f77e5d9d7b4e2536ec85ff4fc41d78378bbb84304cb7959be - name: kind value: task resolver: bundles @@ -348,7 +358,7 @@ spec: - name: name value: fbc-fips-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-fbc-fips-check-oci-ta:0.1@sha256:54bcb482534272463f3c515fcf969d5b81b5770c0e69d711dbf25510813613b2 + value: quay.io/konflux-ci/tekton-catalog/task-fbc-fips-check-oci-ta:0.1@sha256:3017397d39d8667f1371a415feadff3d08b5bcc272e396818082b767cbb4f1db - name: kind value: task resolver: bundles