diff --git a/.tekton/multi-arch-build-pipeline.yaml b/.tekton/multi-arch-build-pipeline.yaml deleted file mode 100644 index 94194d30a..000000000 --- a/.tekton/multi-arch-build-pipeline.yaml +++ /dev/null @@ -1,571 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: Pipeline -metadata: - name: multi-arch-build-pipeline -spec: - tasks: - - name: init - taskRef: - resolver: bundles - params: - - name: name - value: init - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:092c113b614f6551113f17605ae9cb7e822aa704d07f0e37ed209da23ce392cc - - name: kind - value: task - params: - - name: image-url - value: "$(params.output-image)" - - name: rebuild - value: "$(params.rebuild)" - - name: skip-checks - value: "$(params.skip-checks)" - - name: clone-repository - taskRef: - resolver: bundles - params: - - name: name - value: git-clone-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:d1e63ec00bed1c9f0f571fa76b4da570be49a7c255c610544a461495230ba1b1 - - name: kind - value: task - when: - - input: "$(tasks.init.results.build)" - operator: in - values: - - 'true' - runAfter: - - init - params: - - name: url - value: "$(params.git-url)" - - name: revision - value: "$(params.revision)" - - name: ociStorage - value: "$(params.output-image).git" - - name: ociArtifactExpiresAfter - value: "$(params.image-expires-after)" - workspaces: - - name: basic-auth - workspace: git-auth - - name: prefetch-dependencies - taskRef: - resolver: bundles - params: - - name: name - value: prefetch-dependencies-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:4e43e71a09cb5ce2b3a6b591e32f2cd223657c9b882d9a42020dcaa21ac27338 - - name: kind - value: task - params: - - name: input - value: "$(params.prefetch-input)" - - name: hermetic - value: "$(params.hermetic)" - - name: dev-package-managers - value: $(params.prefetch-dev-package-managers-enabled) - - name: SOURCE_ARTIFACT - value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - - name: ociStorage - value: $(params.output-image).prefetch - - name: ociArtifactExpiresAfter - value: $(params.image-expires-after) - - name: build-container-amd64 - taskRef: - resolver: bundles - params: - - name: name - value: buildah-remote-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.2@sha256:bd704cf7eb042f1fd48bfbd872a3f5a3632697a117602e242653ed323e6db52e - - name: kind - value: task - runAfter: - - prefetch-dependencies - when: - - input: "$(tasks.init.results.build)" - operator: in - values: - - 'true' - - input: "$(params.enable-amd64-build)" - operator: in - values: - - 'true' - params: - - name: IMAGE - value: "$(params.output-image)-amd64" - - name: DOCKERFILE - value: "$(params.dockerfile)" - - name: CONTEXT - value: "$(params.path-context)" - - name: HERMETIC - value: "$(params.hermetic)" - - name: PREFETCH_INPUT - value: "$(params.prefetch-input)" - - name: IMAGE_EXPIRES_AFTER - value: "$(params.image-expires-after)" - - name: COMMIT_SHA - value: "$(tasks.clone-repository.results.commit)" - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: BUILD_ARGS_FILE - value: $(params.build-args-file) - - name: PLATFORM - value: $(params.amd64-platform) - - name: build-container-arm64 - taskRef: - resolver: bundles - params: - - name: name - value: buildah-remote-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.2@sha256:bd704cf7eb042f1fd48bfbd872a3f5a3632697a117602e242653ed323e6db52e - - name: kind - value: task - runAfter: - - prefetch-dependencies - when: - - input: "$(tasks.init.results.build)" - operator: in - values: - - 'true' - - input: "$(params.enable-arm64-build)" - operator: in - values: - - 'true' - params: - - name: IMAGE - value: "$(params.output-image)-arm64" - - name: DOCKERFILE - value: "$(params.dockerfile)" - - name: CONTEXT - value: "$(params.path-context)" - - name: HERMETIC - value: "$(params.hermetic)" - - name: PREFETCH_INPUT - value: "$(params.prefetch-input)" - - name: IMAGE_EXPIRES_AFTER - value: "$(params.image-expires-after)" - - name: COMMIT_SHA - value: "$(tasks.clone-repository.results.commit)" - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: BUILD_ARGS_FILE - value: $(params.build-args-file) - - name: PLATFORM - value: $(params.arm64-platform) - - name: build-container-ppc64le - taskRef: - resolver: bundles - params: - - name: name - value: buildah-remote-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.2@sha256:bd704cf7eb042f1fd48bfbd872a3f5a3632697a117602e242653ed323e6db52e - - name: kind - value: task - runAfter: - - prefetch-dependencies - when: - - input: "$(tasks.init.results.build)" - operator: in - values: - - 'true' - - input: "$(params.enable-ppc64le-build)" - operator: in - values: - - 'true' - params: - - name: IMAGE - value: "$(params.output-image)-ppc64le" - - name: DOCKERFILE - value: "$(params.dockerfile)" - - name: CONTEXT - value: "$(params.path-context)" - - name: HERMETIC - value: "$(params.hermetic)" - - name: PREFETCH_INPUT - value: "$(params.prefetch-input)" - - name: IMAGE_EXPIRES_AFTER - value: "$(params.image-expires-after)" - - name: COMMIT_SHA - value: "$(tasks.clone-repository.results.commit)" - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: BUILD_ARGS_FILE - value: $(params.build-args-file) - - name: PLATFORM - value: $(params.ppc64le-platform) - - name: build-container-s390x - taskRef: - resolver: bundles - params: - - name: name - value: buildah-remote-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.2@sha256:bd704cf7eb042f1fd48bfbd872a3f5a3632697a117602e242653ed323e6db52e - - name: kind - value: task - runAfter: - - prefetch-dependencies - when: - - input: "$(tasks.init.results.build)" - operator: in - values: - - 'true' - - input: "$(params.enable-s390x-build)" - operator: in - values: - - 'true' - params: - - name: IMAGE - value: "$(params.output-image)-s390x" - - name: DOCKERFILE - value: "$(params.dockerfile)" - - name: CONTEXT - value: "$(params.path-context)" - - name: HERMETIC - value: "$(params.hermetic)" - - name: PREFETCH_INPUT - value: "$(params.prefetch-input)" - - name: IMAGE_EXPIRES_AFTER - value: "$(params.image-expires-after)" - - name: COMMIT_SHA - value: "$(tasks.clone-repository.results.commit)" - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: BUILD_ARGS_FILE - value: $(params.build-args-file) - - name: PLATFORM - value: $(params.s390x-platform) - - name: build-image-index - params: - - name: IMAGE - value: $(params.output-image) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: IMAGES - value: - - $(tasks.build-container-amd64.results.IMAGE_URL)@$(tasks.build-container-amd64.results.IMAGE_DIGEST) - # - $(tasks.build-container-arm64.results.IMAGE_URL)@$(tasks.build-container-arm64.results.IMAGE_DIGEST) - - $(tasks.build-container-s390x.results.IMAGE_URL)@$(tasks.build-container-s390x.results.IMAGE_DIGEST) - # - $(tasks.build-container-ppc64le.results.IMAGE_URL)@$(tasks.build-container-ppc64le.results.IMAGE_DIGEST) - runAfter: - - build-container-amd64 - - build-container-arm64 - - build-container-s390x - - build-container-ppc64le - taskRef: - params: - - name: name - value: build-image-manifest - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-manifest:0.1@sha256:b0cf7cb6749ac811c01a7c47596e6b8381c98100c4c6050567b02f4e8d7ddcb1 - - name: kind - value: task - resolver: bundles - when: - - input: "$(tasks.init.results.build)" - operator: in - values: - - 'true' - - name: build-source-image - taskRef: - resolver: bundles - params: - - name: name - value: source-build-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:261f075fd5a096f7b28a999b505136b2a3a5aef390087148b3131fd3ec295db3 - - name: kind - value: task - when: - - input: "$(tasks.init.results.build)" - operator: in - values: - - 'true' - - input: "$(params.build-source-image)" - operator: in - values: - - 'true' - runAfter: - - build-image-index - params: - - name: BINARY_IMAGE - value: "$(params.output-image)" - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: deprecated-base-image-check - taskRef: - resolver: bundles - params: - - name: name - value: deprecated-image-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:b4f9599f5770ea2e6e4d031224ccc932164c1ecde7f85f68e16e99c98d754003 - - name: kind - value: task - when: - - input: "$(params.skip-checks)" - operator: in - values: - - 'false' - runAfter: - - build-image-index - params: - - name: IMAGE_URL - value: $(tasks.build-image-index.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: clair-scan - taskRef: - resolver: bundles - params: - - name: name - value: clair-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:28fee4bf5da87f2388c973d9336086749cad8436003f9a514e22ac99735e056b - - name: kind - value: task - when: - - input: "$(params.skip-checks)" - operator: in - values: - - 'false' - runAfter: - - build-image-index - params: - - name: image-digest - value: "$(tasks.build-image-index.results.IMAGE_DIGEST)" - - name: image-url - value: "$(tasks.build-image-index.results.IMAGE_URL)" - - name: ecosystem-cert-preflight-checks - taskRef: - resolver: bundles - params: - - name: name - value: ecosystem-cert-preflight-checks - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:5131cce0f93d0b728c7bcc0d6cee4c61d4c9f67c6d619c627e41e3c9775b497d - - name: kind - value: task - when: - - input: "$(params.skip-checks)" - operator: in - values: - - 'false' - runAfter: - - build-image-index - params: - - name: image-url - value: "$(tasks.build-image-index.results.IMAGE_URL)" - - name: sast-snyk-check - taskRef: - resolver: bundles - params: - - name: name - value: sast-snyk-check-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:92af5ba1bb9d6bf442c8d3b317ada71d44a9c1ab59959a37bbb5d163205a104f - - name: kind - value: task - when: - - input: "$(params.skip-checks)" - operator: in - values: - - 'false' - runAfter: - - clone-repository - params: - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: clamav-scan - taskRef: - resolver: bundles - params: - - name: name - value: clamav-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:a94b6523ba0b691dc276e37594321c2eff3594d2753014e5c920803b47627df1 - - name: kind - value: task - when: - - input: "$(params.skip-checks)" - operator: in - values: - - 'false' - runAfter: - - build-image-index - params: - - name: image-digest - value: "$(tasks.build-image-index.results.IMAGE_DIGEST)" - - name: image-url - value: "$(tasks.build-image-index.results.IMAGE_URL)" - - name: apply-tags - params: - - name: IMAGE - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - build-image-index - taskRef: - params: - - name: name - value: apply-tags - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:f485e250fb060060892b633c495a3d7e38de1ec105ae1be48608b0401530ab2c - - name: kind - value: task - resolver: bundles - params: - - name: git-url - type: string - description: Source Repository URL - - name: revision - type: string - description: Revision of the Source Repository - default: '' - - name: output-image - type: string - description: Fully Qualified Output Image - - name: path-context - type: string - description: Path to the source code of an application's component from where to - build image. - default: "." - - name: dockerfile - type: string - description: Path to the Dockerfile inside the context specified by parameter path-context - default: Dockerfile - - name: rebuild - type: string - description: Force rebuild image - default: 'false' - - default: "false" - description: Skip checks against built image - name: skip-checks - type: string - - default: "false" - description: Execute the build with network isolation - name: hermetic - type: string - - default: '' - description: Build dependencies to be prefetched by Cachi2 - name: prefetch-input - type: string - - default: "true" - description: Enable dev-package-managers in prefetch task - name: prefetch-dev-package-managers-enabled - type: string - - name: java - type: string - description: Java build - default: 'false' - - name: image-expires-after - description: Image tag expiration time, time values could be something like 1h, - 2d, 3w for hours, days, and weeks, respectively. - default: '' - - name: build-source-image - type: string - description: Build a source image. - default: 'false' - - name: build-args-file - type: string - description: Path to a file with build arguments, see https://www.mankier.com/1/buildah-build#--build-arg-file - default: "" - - name: enable-amd64-build - type: string - description: Enable amd64 builds - default: "true" - - name: enable-arm64-build - type: string - description: Enable arm64 builds - default: "true" - - name: enable-ppc64le-build - type: string - description: Enable ppc64le builds - default: "true" - - name: enable-s390x-build - type: string - description: Enable s390x builds - default: "true" - - name: amd64-platform - type: string - description: Enable the amd64 platform to be changed from the PipelineRun file - default: linux/amd64 - - name: arm64-platform - type: string - description: Enable the arm64 platform to be changed from the PipelineRun file - default: linux/arm64 - - name: ppc64le-platform - type: string - description: Enable the ppc64le platform to be changed from the PipelineRun file - default: linux/ppc64le - - name: s390x-platform - type: string - description: Enable the s390x platform to be changed from the PipelineRun file - default: linux/s390x - workspaces: - - name: git-auth - optional: true - results: - - name: IMAGE_URL - description: '' - value: "$(tasks.build-image-index.results.IMAGE_URL)" - - name: IMAGE_DIGEST - description: '' - value: "$(tasks.build-image-index.results.IMAGE_DIGEST)" - - name: CHAINS-GIT_URL - description: '' - value: "$(tasks.clone-repository.results.url)" - - name: CHAINS-GIT_COMMIT - description: '' - value: "$(tasks.clone-repository.results.commit)" - - name: JAVA_COMMUNITY_DEPENDENCIES - description: '' - value: "$(tasks.build-container-amd64.results.JAVA_COMMUNITY_DEPENDENCIES)" - finally: - - name: show-sbom - taskRef: - resolver: bundles - params: - - name: name - value: show-sbom - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:52f8b96b96ce4203d4b74d850a85f963125bf8eef0683ea5acdd80818d335a28 - - name: kind - value: task - params: - - name: IMAGE_URL - value: "$(tasks.build-image-index.results.IMAGE_URL)" - - name: show-summary - taskRef: - resolver: bundles - params: - - name: name - value: summary - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:d97c04ab42f277b1103eb6f3a053b247849f4f5b3237ea302a8ecada3b24e15b - - name: kind - value: task - params: - - name: pipelinerun-name - value: "$(context.pipelineRun.name)" - - name: git-url - value: "$(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit)" - - name: image-url - value: "$(params.output-image)" - - name: build-task-status - value: "$(tasks.build-image-index.status)" diff --git a/.tekton/trustee-pull-request.yaml b/.tekton/trustee-pull-request.yaml index 318860bce..ef7594607 100644 --- a/.tekton/trustee-pull-request.yaml +++ b/.tekton/trustee-pull-request.yaml @@ -32,19 +32,24 @@ spec: value: '{{revision}}' - name: build-source-image value: "true" - - name: enable-amd64-build - value: "true" - - name: enable-arm64-build - value: "false" - - name: enable-ppc64le-build - value: "false" - - name: enable-s390x-build - value: "true" + - name: build-platforms + value: + - linux/x86_64 + - linux/s390x pipelineRef: - name: multi-arch-build-pipeline + resolver: bundles + params: + - name: name + value: docker-build-multi-platform-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/pipeline-docker-build-multi-platform-oci-ta@sha256:615b78b471bde880e94a7caa27cb25ffd9a0962f3bdcaaf4780858cec6093836 + - name: kind + value: pipeline taskRunTemplate: {} workspaces: - name: git-auth secret: secretName: '{{ git_auth_secret }}' + timeouts: + pipeline: "2h" status: {} diff --git a/.tekton/trustee-push.yaml b/.tekton/trustee-push.yaml index 02e93fb16..dc8058715 100644 --- a/.tekton/trustee-push.yaml +++ b/.tekton/trustee-push.yaml @@ -7,7 +7,7 @@ metadata: build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch - == "main" + == "main" creationTimestamp: null labels: appstudio.openshift.io/application: trustee @@ -29,19 +29,24 @@ spec: value: '{{revision}}' - name: build-source-image value: "true" - - name: enable-amd64-build - value: "true" - - name: enable-arm64-build - value: "false" - - name: enable-ppc64le-build - value: "false" - - name: enable-s390x-build - value: "true" + - name: build-platforms + value: + - linux/x86_64 + - linux/s390x pipelineRef: - name: multi-arch-build-pipeline + resolver: bundles + params: + - name: name + value: docker-build-multi-platform-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/pipeline-docker-build-multi-platform-oci-ta@sha256:615b78b471bde880e94a7caa27cb25ffd9a0962f3bdcaaf4780858cec6093836 + - name: kind + value: pipeline taskRunTemplate: {} workspaces: - name: git-auth secret: secretName: '{{ git_auth_secret }}' + timeouts: + pipeline: "2h" status: {}