Add support for Tekton StepActions

.ct.yaml

@@ -1,3 +1,4 @@
 helm-extra-args: --timeout 180s
 chart-repos:
   - stable=https://charts.helm.sh/stable
+validate-maintainers: false

README.md

@@ -34,7 +34,7 @@ At the moment, the following artifacts kinds are supported *(with plans to suppo
 - [Kyverno policies](https://kyverno.io)
 - [OLM operators](https://github.com/operator-framework)
 - [Open Policy Agent (OPA) policies](https://www.openpolicyagent.org/)
-- [Tekton tasks and pipelines](https://tekton.dev/)
+- [Tekton tasks, pipelines and stepactions](https://tekton.dev/)
 - [Tinkerbell actions](https://tinkerbell.org/)
 
 You can use Artifact Hub to:

charts/artifact-hub/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: artifact-hub
 description: Artifact Hub is a web-based application that enables finding, installing, and publishing Kubernetes packages.
 type: application
-version: 1.17.1-0
+version: 1.17.1-1
 appVersion: 1.17.0
 kubeVersion: ">= 1.19.0-0"
 home: https://artifacthub.io

charts/artifact-hub/values.schema.json

@@ -1162,7 +1162,7 @@
                 },
                 "repositoriesKinds": {
                     "title": "Repositories kinds to process ([] = all)",
-                    "description": "The following kinds are supported at the moment: falco, helm, olm, opa, tbaction, krew, helm-plugin, tekton-task, keda-scaler, coredns, keptn, tekton-pipeline, container, kubewarden, gatekeeper, kyverno, knative-client-plugin, backstage, argo-template, kubearmor, kcl, headlamp, inspektor-gadget",
+                    "description": "The following kinds are supported at the moment: falco, helm, olm, opa, tbaction, krew, helm-plugin, tekton-task, keda-scaler, coredns, keptn, tekton-pipeline, container, kubewarden, gatekeeper, kyverno, knative-client-plugin, backstage, argo-template, kubearmor, kcl, headlamp, inspektor-gadget, tekton-stepaction",
                     "type": "array",
                     "items": {
                         "type": "string"

cmd/ah/lint.go

@@ -90,7 +90,7 @@ func newLintCmd() *cobra.Command {
 			return lint(opts, &output{cmd.OutOrStdout()})
 		},
 	}
-	lintCmd.Flags().StringVarP(&opts.kind, "kind", "k", "helm", "repository kind: argo-template, backstage, coredns, falco, gatekeeper, headlamp, helm, helm-plugin, inspektor-gadget, kcl, keda-scaler, keptn, knative-client-plugin, krew, kubearmor, kubewarden, kyverno, olm, opa, tbaction, tekton-task, tekton-pipeline")
+	lintCmd.Flags().StringVarP(&opts.kind, "kind", "k", "helm", "repository kind: argo-template, backstage, coredns, falco, gatekeeper, headlamp, helm, helm-plugin, inspektor-gadget, kcl, keda-scaler, keptn, knative-client-plugin, krew, kubearmor, kubewarden, kyverno, olm, opa, tbaction, tekton-task, tekton-pipeline, tekton-stepaction")
 	lintCmd.Flags().StringVarP(&opts.path, "path", "p", ".", "repository's packages path")
 	return lintCmd
 }
@@ -134,7 +134,7 @@ func lint(opts *lintOptions, out *output) error {
 		report = lintKrew(opts.path)
 	case hub.OLM:
 		report = lintOLM(opts.path)
-	case hub.TektonTask, hub.TektonPipeline:
+	case hub.TektonTask, hub.TektonPipeline, hub.TektonStepAction:
 		report = lintTekton(opts.path, kind)
 	default:
 		return errors.New("kind not supported yet")
@@ -376,9 +376,9 @@ func lintOLM(basePath string) *lintReport {
 	return report
 }
 
-// lintTekton checks if the Tekton tasks or pipelines available in the path
-// provided are ready to be processed by the Tekton tracker source and listed
-// on Artifact Hub.
+// lintTekton checks if the Tekton tasks, pipelines or stepactions available in
+// the path provided are ready to be processed by the Tekton tracker source and
+// listed on Artifact Hub.
 func lintTekton(basePath string, kind hub.RepositoryKind) *lintReport {
 	report := &lintReport{}
 	repository := &hub.Repository{

database/migrations/schema/057_tekton_stepactions.sql

@@ -0,0 +1,5 @@
+insert into repository_kind values (23, 'Tekton stepactions');
+
+---- create above / drop below ----
+
+delete from repository_kind where repository_kind_id = 23;

database/tests/schema/schema.sql

@@ -564,7 +564,8 @@ select results_eq(
         (19, 'KubeArmor policies'),
         (20, 'KCL modules'),
         (21, 'Headlamp plugins'),
-        (22, 'Inspektor gadgets')
+        (22, 'Inspektor gadgets'),
+        (23, 'Tekton stepactions')
     $$,
     'Repository kinds should exist'
 );

docs/api/openapi.yaml

@@ -1621,6 +1621,30 @@ paths:
           $ref: "#/components/responses/TooManyRequests"
         "500":
           $ref: "#/components/responses/InternalServerError"
+  "/packages/tekton-stepaction/{repoName}/{packageName}":
+    get:
+      tags:
+        - Packages
+      summary: Get package details
+      description: Get package details
+      operationId: getTektonStepActionDetails
+      parameters:
+        - $ref: "#/components/parameters/RepoNameParam"
+        - $ref: "#/components/parameters/PackageNameParam"
+      responses:
+        "200":
+          description: ""
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/TektonStepActionPackage"
+        "404":
+          $ref: "#/components/responses/NotFoundResponse"
+        "429":
+          $ref: "#/components/responses/TooManyRequests"
+        "500":
+          $ref: "#/components/responses/InternalServerError"
+
   "/packages/tekton-task/{repoName}/{packageName}":
     get:
       tags:
@@ -2172,6 +2196,30 @@ paths:
           $ref: "#/components/responses/TooManyRequests"
         "500":
           $ref: "#/components/responses/InternalServerError"
+  "/packages/tekton-stepaction/{repoName}/{packageName}/{version}":
+    get:
+      tags:
+        - Packages
+      summary: Get package version details
+      description: Get package version details
+      operationId: getTektonStepActionVersionDetails
+      parameters:
+        - $ref: "#/components/parameters/RepoNameParam"
+        - $ref: "#/components/parameters/PackageNameParam"
+        - $ref: "#/components/parameters/VersionParam"
+      responses:
+        "200":
+          description: ""
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/TektonStepActionPackage"
+        "404":
+          $ref: "#/components/responses/NotFoundResponse"
+        "429":
+          $ref: "#/components/responses/TooManyRequests"
+        "500":
+          $ref: "#/components/responses/InternalServerError"
   "/packages/tekton-task/{repoName}/{packageName}/{version}":
     get:
       tags:
@@ -4396,6 +4444,32 @@ components:
                     type: string
                     nullable: false
                     example: darwin/amd64
+    TektonStepActionPackage:
+      allOf:
+        - $ref: "#/components/schemas/Package"
+        - type: object
+          properties:
+            data:
+              type: object
+              properties:
+                pipelines.minVersion:
+                  type: string
+                  example: 2.0.0
+                manifestRaw:
+                  type: string
+                  additionalProperties:
+                    type: string
+                  example: "apiVersion: tekton.dev/v1beta1"
+                examples:
+                  type: object
+                  nullable: false
+                  additionalProperties: true
+                platforms:
+                  type: array
+                  items:
+                    type: string
+                    nullable: false
+                    example: darwin/amd64
     TektonTaskPackage:
       allOf:
         - $ref: "#/components/schemas/Package"
@@ -4832,6 +4906,7 @@ components:
           * `20` - KCL packages
           * `21` - Headlamp plugins
           * `22` - Inspektor gadgets
+          * `23` - Tekton stepactions
     RepositoryKindParam:
       type: string
       enum:
@@ -4858,6 +4933,7 @@ components:
         - kcl
         - headlamp
         - inspektor-gadget
+        - tekton-stepaction
       description: |
         Repository kind name:
         * `helm` - Helm charts
@@ -4883,6 +4959,7 @@ components:
         * `kcl` - KCL packages
         * `headlamp` - Headlamp plugins
         * `inspektor-gadget` - Inspektor gadgets
+        * `tekton-stepaction` - Tekton stepactions
     RepositorySummary:
       type: object
       required:
@@ -5425,6 +5502,7 @@ components:
           * `20` - KCL packages
           * `21` - Headlamp plugins
           * `22` - Inspektor gadgets
+          * `23` - Tekton stepactions
     PackageNameParam:
       in: path
       name: packageName

docs/repositories.md

@@ -25,6 +25,7 @@ The following repositories kinds are supported at the moment:
 - [OPA policies repositories](https://github.com/artifacthub/hub/blob/master/docs/opa_policies_repositories.md)
 - [Tekton pipelines repositories](https://github.com/artifacthub/hub/blob/master/docs/tekton_pipelines_repositories.md)
 - [Tekton tasks repositories](https://github.com/artifacthub/hub/blob/master/docs/tekton_tasks_repositories.md)
+- [Tekton stepactions repositories](https://github.com/artifacthub/hub/blob/master/docs/tekton_stepactions_repositories.md)
 - [Tinkerbell actions repositories](https://github.com/artifacthub/hub/blob/master/docs/tinkerbell_actions_repositories.md)
 
 This guide also contains additional information about the following repositories topics:

docs/security_report.md

@@ -18,9 +18,9 @@ Artifact Hub will try to extract the containers images used by Helm charts from
 
 The images used by an OLM operator are extracted from the `containerImage` annotation in the [CSV file metadata section](https://github.com/operator-framework/community-operators/blob/master/docs/packaging-required-fields.md), as well as from the `related images` section in the CSV spec. Most of the OLM operators currently listed in Artifact Hub provide that information already, so security reports for them are already available in Artifact Hub with no extra effort required.
 
-### Tekton tasks and pipelines
+### Tekton tasks, pipelines and stepactions
 
-The images used by Tekton tasks and pipelines are extracted from the [`task.step.image`](https://github.com/tektoncd/pipeline/blob/main/docs/tasks.md#running-scripts-within-steps) fields of the resource yaml file. If the `image` value is specified by [`params`](https://github.com/tektoncd/pipeline/blob/main/docs/tasks.md#specifying-parameters), the default value of the params (if provided) is used to run the security report. You can find examples with explanations [here](https://github.com/tektoncd/community/blob/main/teps/0079-tekton-catalog-support-tiers.md#extract-container-images-from-catalogs). Please note that the security reports do not include user-provided container images if the default value of the image `params` are overwritten by `pipelineRun` or `taskRun` at run time.
+The images used by Tekton tasks, pipelines and stepactions are extracted from the [`task.step.image`](https://github.com/tektoncd/pipeline/blob/main/docs/tasks.md#running-scripts-within-steps) fields of the resource yaml file. If the `image` value is specified by [`params`](https://github.com/tektoncd/pipeline/blob/main/docs/tasks.md#specifying-parameters), the default value of the params (if provided) is used to run the security report. You can find examples with explanations [here](https://github.com/tektoncd/community/blob/main/teps/0079-tekton-catalog-support-tiers.md#extract-container-images-from-catalogs). Please note that the security reports do not include user-provided container images if the default value of the image `params` are overwritten by `pipelineRun` or `taskRun` at run time.
 
 ### CoreDNS plugins, KEDA scalers, Keptn integrations, OPA policies and Tinkerbell actions
 

docs/tekton_stepactions_repositories.md

@@ -0,0 +1,3 @@
+## Tekton stepactions repositories
+
+Tekton stepactions repositories are expected to follow the same rules as Tekton tasks repositories. Please see the [Tekton tasks repositories](https://github.com/artifacthub/hub/blob/master/docs/tekton_tasks_repositories.md) documentation for more details.

docs/www/headers/tekton_stepactions_repositories

@@ -0,0 +1,6 @@
+---
+title: "Tekton stepactions"
+aliases: [
+  "/tekton_stepactions_repositories",
+]
+---

internal/handlers/handlers.go

@@ -265,7 +265,7 @@ func (h *Handlers) setupRouter() {
 			r.Get("/stats", h.Packages.GetStats)
 			r.With(corsMW).Get("/search", h.Packages.Search)
 			r.With(h.Users.RequireLogin).Get("/starred", h.Packages.GetStarredByUser)
-			r.Route("/{^helm$|^falco$|^opa$|^olm|^tbaction|^krew|^helm-plugin|^tekton-task|^keda-scaler|^coredns|^keptn|^tekton-pipeline|^container|^kubewarden|^gatekeeper|^kyverno|^knative-client-plugin|^backstage|^argo-template|^kubearmor|^kcl|^headlamp|^inspektor-gadget$}/{repoName}/{packageName}", func(r chi.Router) {
+			r.Route("/{^helm$|^falco$|^opa$|^olm|^tbaction|^krew|^helm-plugin|^tekton-task|^keda-scaler|^coredns|^keptn|^tekton-pipeline|^container|^kubewarden|^gatekeeper|^kyverno|^knative-client-plugin|^backstage|^argo-template|^kubearmor|^kcl|^headlamp|^inspektor-gadget|^tekton-stepaction$}/{repoName}/{packageName}", func(r chi.Router) {
 				r.Get("/feed/rss", h.Packages.RssFeed)
 				r.With(corsMW).Get("/summary", h.Packages.GetSummary)
 				r.Get("/{version}", h.Packages.Get)
@@ -430,7 +430,7 @@ func (h *Handlers) setupRouter() {
 
 	// Index special entry points
 	r.Route("/packages", func(r chi.Router) {
-		r.Route("/{^helm$|^falco$|^opa$|^olm|^tbaction|^krew|^helm-plugin|^tekton-task|^keda-scaler|^coredns|^keptn|^tekton-pipeline|^container|^kubewarden|^gatekeeper|^kyverno|^knative-client-plugin|^backstage|^argo-template|^kubearmor|^kcl|^headlamp|^inspektor-gadget$}/{repoName}/{packageName}", func(r chi.Router) {
+		r.Route("/{^helm$|^falco$|^opa$|^olm|^tbaction|^krew|^helm-plugin|^tekton-task|^keda-scaler|^coredns|^keptn|^tekton-pipeline|^container|^kubewarden|^gatekeeper|^kyverno|^knative-client-plugin|^backstage|^argo-template|^kubearmor|^kcl|^headlamp|^inspektor-gadget|^tekton-stepaction$}/{repoName}/{packageName}", func(r chi.Router) {
 			r.With(h.Packages.InjectIndexMeta).Get("/{version}", h.Static.Index)
 			r.With(h.Packages.InjectIndexMeta).Get("/", h.Static.Index)
 		})

internal/handlers/pkg/handlers_test.go

@@ -2177,6 +2177,17 @@ func TestBuildURL(t *testing.T) {
 			"2.0.0",
 			baseURL + "/packages/inspektor-gadget/repo1/pkg1/2.0.0",
 		},
+		{
+			&hub.Package{
+				NormalizedName: "pkg1",
+				Repository: &hub.Repository{
+					Kind: hub.TektonStepAction,
+					Name: "repo1",
+				},
+			},
+			"2.0.0",
+			baseURL + "/packages/tekton-stepaction/repo1/pkg1/2.0.0",
+		},
 	}
 	for _, tc := range testCases {
 		tc := tc

internal/hub/repo.go

@@ -115,6 +115,9 @@ const (
 
 	// InspektorGadget represents a repository with Inspektor Gadgets.
 	InspektorGadget RepositoryKind = 22
+
+	// TektonStepAction represents a repository with Tekton stepactions.
+	TektonStepAction RepositoryKind = 23
 )
 
 // GetKindName returns the name of the provided repository kind.
@@ -166,6 +169,8 @@ func GetKindName(kind RepositoryKind) string {
 		return "tekton-pipeline"
 	case TektonTask:
 		return "tekton-task"
+	case TektonStepAction:
+		return "tekton-stepaction"
 	default:
 		return ""
 	}
@@ -221,6 +226,8 @@ func GetKindFromName(kind string) (RepositoryKind, error) {
 		return TektonPipeline, nil
 	case "tekton-task":
 		return TektonTask, nil
+	case "tekton-stepaction":
+		return TektonStepAction, nil
 	default:
 		return -1, errors.New("invalid kind name")
 	}

internal/repo/manager.go

@@ -101,6 +101,7 @@ var (
 		hub.TBAction,
 		hub.TektonPipeline,
 		hub.TektonTask,
+		hub.TektonStepAction,
 	}
 )
 
@@ -300,7 +301,8 @@ func (m *Manager) ClaimOwnership(ctx context.Context, repoName, orgName string)
 		hub.OPA,
 		hub.TBAction,
 		hub.TektonPipeline,
-		hub.TektonTask:
+		hub.TektonTask,
+		hub.TektonStepAction:
 		tmpDir, packagesPath, err := m.rc.CloneRepository(ctx, r)
 		if err != nil {
 			return err
@@ -480,7 +482,8 @@ func (m *Manager) locateMetadataFile(r *hub.Repository, basePath string) string
 		hub.OPA,
 		hub.TBAction,
 		hub.TektonPipeline,
-		hub.TektonTask:
+		hub.TektonTask,
+		hub.TektonStepAction:
 		mdFile = filepath.Join(basePath, hub.RepositoryMetadataFile)
 	}
 	return mdFile
@@ -579,7 +582,7 @@ func (m *Manager) GetRemoteDigest(ctx context.Context, r *hub.Repository) (strin
 
 	case GitRepoURLRE.MatchString(r.URL):
 		// Do not track repo's digest for Tekton repos using git based versioning
-		if (r.Kind == hub.TektonTask || r.Kind == hub.TektonPipeline) && r.Data != nil {
+		if (r.Kind == hub.TektonTask || r.Kind == hub.TektonPipeline || r.Kind == hub.TektonStepAction) && r.Data != nil {
 			var data *hub.TektonData
 			if err := json.Unmarshal(r.Data, &data); err != nil {
 				return "", fmt.Errorf("invalid tekton repository data: %w", err)
@@ -844,7 +847,8 @@ func (m *Manager) validateURL(r *hub.Repository) error {
 		hub.OPA,
 		hub.TBAction,
 		hub.TektonPipeline,
-		hub.TektonTask:
+		hub.TektonTask,
+		hub.TektonStepAction:
 		if SchemeIsHTTP(u) && !GitRepoURLRE.MatchString(r.URL) {
 			return errors.New("invalid url format")
 		}

internal/tracker/helpers.go

@@ -129,7 +129,7 @@ func SetupSource(i *hub.TrackerSourceInput) hub.TrackerSource {
 		hub.OPA,
 		hub.TBAction:
 		source = generic.NewTrackerSource(i)
-	case hub.TektonTask, hub.TektonPipeline:
+	case hub.TektonTask, hub.TektonPipeline, hub.TektonStepAction:
 		source = tekton.NewTrackerSource(i)
 	}
 	return source