diff --git a/ostree-build.yaml b/ostree-build.yaml new file mode 100644 index 00000000..b70e8db7 --- /dev/null +++ b/ostree-build.yaml @@ -0,0 +1,519 @@ +apiVersion: tekton.dev/v1 +kind: Pipeline +metadata: + name: ostree-build +spec: + finally: + - name: show-sbom + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + taskRef: + params: + - name: name + value: show-sbom + - name: bundle + value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:7db0af43dcebaeb33e34413148370e17078c30fd2fc78fb84c8941b444199f36 + - name: kind + value: task + resolver: bundles + - name: show-summary + params: + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: git-url + value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) + - name: image-url + value: $(params.output-image) + - name: build-task-status + value: $(tasks.build-container.status) + taskRef: + params: + - name: name + value: summary + - name: bundle + value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:243b13105967b251c1facd55159165809a9fa797215af613997ac6a16798db73 + - name: kind + value: task + resolver: bundles + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: Path to the source code of an application's component from where + to build image. + name: path-context + type: string + - description: Path to the image file inside the context specified by parameter + path-context + name: image-file + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "true" + description: Skip optional checks, set false if you want to run optional checks + name: skip-optional + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched by Cachi2 + name: prefetch-input + type: string + - default: "false" + description: Java build + name: java + type: string + - default: "" + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. + name: image-expires-after + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + tasks: + - name: init + params: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: skip-checks + value: $(params.skip-checks) + - name: skip-optional + value: $(params.skip-optional) + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: pipelinerun-uid + value: $(context.pipelineRun.uid) + taskRef: + params: + - name: name + value: init + - name: bundle + value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:26586a7ef08c3e86dfdaf0a5cc38dd3d70c4c02db1331b469caaed0a0f5b3d86 + - name: kind + value: task + resolver: bundles + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + runAfter: + - init + taskRef: + params: + - name: name + value: git-clone + - name: bundle + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:d9e1ab10d72953e7a85dab69b8b96f5b41580a6d4026f77b6a5ba6f3ed227cc3 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + - name: clone-repository-arm64 + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + runAfter: + - init + taskRef: + kind: Task + params: + - name: name + value: git-clone + - name: bundle + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:d9e1ab10d72953e7a85dab69b8b96f5b41580a6d4026f77b6a5ba6f3ed227cc3 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: output + workspace: workspace-arm64 + - name: basic-auth + workspace: git-auth + - name: clone-repository-s390x + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + runAfter: + - init + taskRef: + kind: Task + params: + - name: name + value: git-clone + - name: bundle + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:d9e1ab10d72953e7a85dab69b8b96f5b41580a6d4026f77b6a5ba6f3ed227cc3 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: output + workspace: workspace-s390x + - name: basic-auth + workspace: git-auth + - name: clone-repository-ppc64le + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + runAfter: + - init + taskRef: + kind: Task + params: + - name: name + value: git-clone + - name: bundle + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:d9e1ab10d72953e7a85dab69b8b96f5b41580a6d4026f77b6a5ba6f3ed227cc3 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: output + workspace: workspace-ppc64le + - name: basic-auth + workspace: git-auth + - name: build-container-amd64 + params: + - name: IMAGE + value: $(params.output-image)-amd64 + - name: IMAGE_FILE + value: $(params.image-file) + - name: CONTEXT + value: $(params.path-context) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: PLATFORM + value: linux/amd64 + - name: BUILDER_IMAGE + value: quay.io/redhat-user-workloads/project-sagano-tenant/ostree-builder/ostree-builder-fedora-38:d124414a81d17f31b1d734236f55272a241703d7 + runAfter: + - clone-repository + taskRef: + params: + - name: url + value: https://github.com/stuartwdouglas/build-definitions/ + - name: revision + value: rpm-ostree + - name: pathInRepo + value: task/rpm-ostree/0.1/rpm-ostree.yaml + resolver: git + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: build-container-arm64 + params: + - name: IMAGE + value: $(params.output-image)-arm64 + - name: IMAGE_FILE + value: $(params.image-file) + - name: CONTEXT + value: $(params.path-context) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: PLATFORM + value: linux/arm64 + - name: BUILDER_IMAGE + value: quay.io/redhat-user-workloads/project-sagano-tenant/ostree-builder/ostree-builder-fedora-38:d124414a81d17f31b1d734236f55272a241703d7 + runAfter: + - clone-repository-arm64 + taskRef: + params: + - name: url + value: https://github.com/stuartwdouglas/build-definitions/ + - name: revision + value: rpm-ostree + - name: pathInRepo + value: task/rpm-ostree/0.1/rpm-ostree.yaml + resolver: git + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace-arm64 + - name: build-container-s390x + params: + - name: IMAGE + value: $(params.output-image)-s390x + - name: IMAGE_FILE + value: $(params.image-file) + - name: CONTEXT + value: $(params.path-context) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: PLATFORM + value: linux/s390x + - name: BUILDER_IMAGE + value: quay.io/redhat-user-workloads/project-sagano-tenant/ostree-builder/ostree-builder-fedora-38:d124414a81d17f31b1d734236f55272a241703d7 + runAfter: + - clone-repository-s390x + taskRef: + params: + - name: url + value: https://github.com/stuartwdouglas/build-definitions/ + - name: revision + value: rpm-ostree + - name: pathInRepo + value: task/rpm-ostree/0.1/rpm-ostree.yaml + resolver: git + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace-s390x + - name: build-container-ppc64le + params: + - name: IMAGE + value: $(params.output-image)-ppc64le + - name: IMAGE_FILE + value: $(params.image-file) + - name: CONTEXT + value: $(params.path-context) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: PLATFORM + value: linux/ppc64le + - name: BUILDER_IMAGE + value: quay.io/redhat-user-workloads/project-sagano-tenant/ostree-builder/ostree-builder-fedora-38:d124414a81d17f31b1d734236f55272a241703d7 + runAfter: + - clone-repository-ppc64le + taskRef: + params: + - name: url + value: https://github.com/stuartwdouglas/build-definitions/ + - name: revision + value: rpm-ostree + - name: pathInRepo + value: task/rpm-ostree/0.1/rpm-ostree.yaml + resolver: git + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace-s390x + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: IMAGES + value: + - $(tasks.build-container-amd64.results.IMAGE_URL)@$(tasks.build-container-amd64.results.IMAGE_DIGEST) + - $(tasks.build-container-arm64.results.IMAGE_URL)@$(tasks.build-container-arm64.results.IMAGE_DIGEST) + - $(tasks.build-container-s390x.results.IMAGE_URL)@$(tasks.build-container-s390x.results.IMAGE_DIGEST) + - $(tasks.build-container-ppc64le.results.IMAGE_URL)@$(tasks.build-container-ppc64le.results.IMAGE_DIGEST) + runAfter: + - build-container-amd64 + - build-container-arm64 + - build-container-s390x + - build-container-ppc64le + taskRef: + params: + - name: name + value: build-image-manifest + - name: bundle + value: quay.io/redhat-appstudio-tekton-catalog/task-build-image-manifest:0.1@sha256:3cf06bd844d8a099edc3b14b77f8b55a8869e3aa2a55f69eb1f446700aab7571 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - name: inspect-image + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + runAfter: + - build-container + taskRef: + params: + - name: name + value: inspect-image + - name: bundle + value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:3a5d3f611240eb5b7b12799c2be22a71803df80dbc12cce2e1e2a252ab543423 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: source + workspace: workspace + - name: deprecated-base-image-check + params: + - name: BASE_IMAGES_DIGESTS + value: $(tasks.build-container-amd64.results.BASE_IMAGES_DIGESTS) + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.3@sha256:35e2708505614397ede771474a2e2d6f04e911efc46afae47ca4a63e2f6fc9a0 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + params: + - name: name + value: clair-scan + - name: bundle + value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:f6a5a24cb8faa590d4f3adc204a197fd89da1bcea365963af9ac66838c030816 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: sast-snyk-check + - name: bundle + value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:edd4ba638b71de52c2662abd3e93fd876e6e75cd07b162d13fae014d3a1a1fac + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: sbom-json-check + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + runAfter: + - build-container + taskRef: + params: + - name: name + value: sbom-json-check + - name: bundle + value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:0ca48e1dffde39efe97b3252386f529241d6b276fe812a88774a9f37fc45f742 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + - name: workspace-arm64 + - name: workspace-ppc64le + - name: workspace-s390x + - name: git-auth + optional: true