Skip to content

Commit 974b2f0

Browse files
thepetkthepetk
authored
Fix unicode and shell sast checks (#601)
* Add shell and unicode sast pipeline tasks https://issues.redhat.com/browse/KONFLUX-2264 * Update konflux references Signed-off-by: thepetk <thepetk@gmail.com> * Add sast coverity pipeline task https://issues.redhat.com/browse/KONFLUX-2264 --------- Signed-off-by: thepetk <thepetk@gmail.com>
1 parent 11d0386 commit 974b2f0

File tree

2 files changed

+219
-209
lines changed

2 files changed

+219
-209
lines changed

.tekton/devfile-registry-main-pull-request.yaml

Lines changed: 110 additions & 105 deletions
Original file line numberDiff line numberDiff line change
@@ -156,7 +156,7 @@ spec:
156156
- name: name
157157
value: init
158158
- name: bundle
159-
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:db1285c571d7037684876df0a5b619305b3c8f2be88233ebead4d37caf5cb04b
159+
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:aac8127bc10c95fae3ca1248c1dd96576315f3313bca90c5c9378dbf37954a08
160160
- name: kind
161161
value: task
162162
resolver: bundles
@@ -173,7 +173,7 @@ spec:
173173
- name: name
174174
value: git-clone
175175
- name: bundle
176-
value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:92cf275b60f7bd23472acc4bc6e9a4bc9a9cbd78a680a23087fa4df668b85a34
176+
value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:3ced9a6b9d8520773d3ffbf062190515a362ecda11e72f56e38e4dd980294b57
177177
- name: kind
178178
value: task
179179
resolver: bundles
@@ -198,7 +198,7 @@ spec:
198198
- name: name
199199
value: prefetch-dependencies
200200
- name: bundle
201-
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.2@sha256:566272ce2983026d7fbb22b9e6fa855b61dad757e9bea450b32aa85780ca931e
201+
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.2@sha256:69d578ec4d61fffffd67c54a2c7ef834ed4be7f94c7b9f83d0752cf0d57f2c3d
202202
- name: kind
203203
value: task
204204
resolver: bundles
@@ -242,7 +242,7 @@ spec:
242242
- name: name
243243
value: buildah
244244
- name: bundle
245-
value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.4@sha256:84583fb98c461de1ac16bd27fc744d4bf4c95b9997f8ceabca1892bb0b76c5b1
245+
value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.4@sha256:029190a49bb0c6c6487fc2cd0be3a2fb4faa1091bc5a3bc2547722895353470b
246246
- name: kind
247247
value: task
248248
resolver: bundles
@@ -274,7 +274,7 @@ spec:
274274
- name: name
275275
value: build-image-index
276276
- name: bundle
277-
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:ec1f33e2e358a5beac831685cf69cd63714d519620953cff48af9d74246118b5
277+
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:70f2fe8ab9909c2bc8bb853ed5b880969f0de5022658f3af86f7dea15f95ff73
278278
- name: kind
279279
value: task
280280
resolver: bundles
@@ -294,7 +294,7 @@ spec:
294294
- name: name
295295
value: source-build
296296
- name: bundle
297-
value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.2@sha256:e8c321b8a67e421a9c3975fd9a938ca4e838976064e14c7c0eb4e1f261900b1c
297+
value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.2@sha256:9475a2d05f4d18898dc10c27c6e7c6842d99979f8851c4039d9d3c3097cd9564
298298
- name: kind
299299
value: task
300300
resolver: bundles
@@ -323,7 +323,7 @@ spec:
323323
- name: name
324324
value: deprecated-image-check
325325
- name: bundle
326-
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:5d63b920b71192906fe4d6c4903f594e6f34c5edcff9d21714a08b5edcfbc667
326+
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:eb8136b543147b4a3e88ca3cc661ca6a11e303f35f0db44059f69151beea8496
327327
- name: kind
328328
value: task
329329
resolver: bundles
@@ -345,7 +345,7 @@ spec:
345345
- name: name
346346
value: clair-scan
347347
- name: bundle
348-
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:712afcf63f3b5a97c371d37e637efbcc9e1c7ad158872339d00adc6413cd8851
348+
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:7c73e2beca9b8306387efeaf775831440ec799b05a5f5c008a65bb941a1e91f6
349349
- name: kind
350350
value: task
351351
resolver: bundles
@@ -365,7 +365,7 @@ spec:
365365
- name: name
366366
value: ecosystem-cert-preflight-checks
367367
- name: bundle
368-
value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:00b13d06d17328e105b11619ee4db98b215ca6ac02314a4776aa5fc2a974f9c1
368+
value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:592daabe90703434d4ec85a19d1742e33561c927e461d899d7b3ac99f11a2515
369369
- name: kind
370370
value: task
371371
resolver: bundles
@@ -387,7 +387,7 @@ spec:
387387
- name: name
388388
value: sast-snyk-check
389389
- name: bundle
390-
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.3@sha256:e0c1675c9813618910115f04fd6b3a9ff32d1bd4e2b9c975f1112aa1eae0d149
390+
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.4@sha256:0d22dbaa528c8edf59aafab3600a0537b5408b80a4f69dd9cb616620795ecdc8
391391
- name: kind
392392
value: task
393393
resolver: bundles
@@ -399,127 +399,135 @@ spec:
399399
workspaces:
400400
- name: workspace
401401
workspace: workspace
402-
- name: clamav-scan
402+
- name: sast-shell-check
403403
params:
404-
- name: image-digest
405-
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
406-
- name: image-url
407-
value: $(tasks.build-image-index.results.IMAGE_URL)
404+
- name: image-digest
405+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
406+
- name: image-url
407+
value: $(tasks.build-image-index.results.IMAGE_URL)
408408
runAfter:
409-
- build-image-index
409+
- build-image-index
410410
taskRef:
411411
params:
412-
- name: name
413-
value: clamav-scan
414-
- name: bundle
415-
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:44b7ee11aa2d80d80d407587bd3cef82a8bb86db730751920d0e286e3db95627
416-
- name: kind
417-
value: task
412+
- name: name
413+
value: sast-shell-check
414+
- name: bundle
415+
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:188a4f6a582ac43d4de46c3998ded3c2a8ee237fb0604d90559a3b6e0aa62b0f
416+
- name: kind
417+
value: task
418418
resolver: bundles
419419
when:
420-
- input: $(params.skip-checks)
421-
operator: in
422-
values:
423-
- "false"
424-
- name: sast-coverity-check
420+
- input: $(params.skip-checks)
421+
operator: in
422+
values:
423+
- "false"
424+
workspaces:
425+
- name: workspace
426+
workspace: workspace
427+
- name: sast-unicode-check
425428
params:
426-
- name: image-url
427-
value: $(tasks.build-container.results.IMAGE_URL)
428-
- name: IMAGE
429-
value: $(params.output-image)
430-
- name: DOCKERFILE
431-
value: $(params.dockerfile)
432-
- name: CONTEXT
433-
value: $(params.path-context)
434-
- name: HERMETIC
435-
value: $(params.hermetic)
436-
- name: PREFETCH_INPUT
437-
value: $(params.prefetch-input)
438-
- name: IMAGE_EXPIRES_AFTER
439-
value: $(params.image-expires-after)
440-
- name: COMMIT_SHA
441-
value: $(tasks.clone-repository.results.commit)
442-
- name: BUILD_ARGS
443-
value: $(params.build-args[*])
444-
- name: BUILD_ARGS_FILE
445-
value: $(params.build-args-file)
429+
- name: image-digest
430+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
431+
- name: image-url
432+
value: $(tasks.build-image-index.results.IMAGE_URL)
446433
runAfter:
447-
- coverity-availability-check
434+
- build-image-index
448435
taskRef:
449436
params:
450-
- name: name
451-
value: sast-coverity-check
452-
- name: bundle
453-
value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.2@sha256:aba8d22607fe4784c79f502b7c50c5a5cb8e1a24dcd4667cc3a90c8e5e9843e7
454-
- name: kind
455-
value: task
437+
- name: name
438+
value: sast-unicode-check
439+
- name: bundle
440+
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.2@sha256:e4a5215b45b1886a185a9db8ab392f8440c2b0848f76d719885637cf8d2628ed
441+
- name: kind
442+
value: task
456443
resolver: bundles
457444
when:
458-
- input: $(params.skip-checks)
459-
operator: in
460-
values:
461-
- "false"
462-
- input: $(tasks.coverity-availability-check.results.STATUS)
463-
operator: in
464-
values:
465-
- success
445+
- input: $(params.skip-checks)
446+
operator: in
447+
values:
448+
- "false"
466449
workspaces:
467-
- name: source
468-
workspace: workspace
469-
- name: coverity-availability-check
450+
- name: workspace
451+
workspace: workspace
452+
- name: sast-coverity-check
453+
params:
454+
- name: image-digest
455+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
456+
- name: image-url
457+
value: $(tasks.build-image-index.results.IMAGE_URL)
458+
- name: IMAGE
459+
value: $(params.output-image)
460+
- name: DOCKERFILE
461+
value: $(params.dockerfile)
462+
- name: CONTEXT
463+
value: $(params.path-context)
464+
- name: HERMETIC
465+
value: $(params.hermetic)
466+
- name: PREFETCH_INPUT
467+
value: $(params.prefetch-input)
468+
- name: IMAGE_EXPIRES_AFTER
469+
value: $(params.image-expires-after)
470+
- name: COMMIT_SHA
471+
value: $(tasks.clone-repository.results.commit)
472+
- name: BUILD_ARGS
473+
value:
474+
- $(params.build-args[*])
475+
- name: BUILD_ARGS_FILE
476+
value: $(params.build-args-file)
470477
runAfter:
471-
- build-image-index
478+
- coverity-availability-check
472479
taskRef:
473480
params:
474-
- name: name
475-
value: coverity-availability-check
476-
- name: bundle
477-
value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:0b35292eed661c5e3ca307c0ba7f594d17555db2a1da567903b0b47697fa23ed
478-
- name: kind
479-
value: task
481+
- name: name
482+
value: sast-coverity-check
483+
- name: bundle
484+
value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.3@sha256:fe1f5bfb484c075b44bae3abd02e270eea2bfb1fbd50006bd9556cac75977d5a
485+
- name: kind
486+
value: task
480487
resolver: bundles
481488
when:
482-
- input: $(params.skip-checks)
483-
operator: in
484-
values:
485-
- "false"
486-
- name: sast-shell-check
487-
params:
488-
- name: image-digest
489-
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
490-
- name: image-url
491-
value: $(tasks.build-image-index.results.IMAGE_URL)
489+
- input: $(params.skip-checks)
490+
operator: in
491+
values:
492+
- "false"
493+
- input: $(tasks.coverity-availability-check.results.STATUS)
494+
operator: in
495+
values:
496+
- success
497+
workspaces:
498+
- name: source
499+
workspace: workspace
500+
- name: coverity-availability-check
492501
runAfter:
493-
- build-image-index
502+
- build-image-index
494503
taskRef:
495504
params:
496-
- name: name
497-
value: sast-shell-check
498-
- name: bundle
499-
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:1b3d68c33a92dfc3da3975581cae80c99c8d1995cab519ae98c6331b5677ded0
500-
- name: kind
501-
value: task
505+
- name: name
506+
value: coverity-availability-check
507+
- name: bundle
508+
value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:8b58c4fae00c0dfe3937abfb8a9a61aa3c408cca4278b817db53d518428d944e
509+
- name: kind
510+
value: task
502511
resolver: bundles
503512
when:
504-
- input: $(params.skip-checks)
505-
operator: in
506-
values:
507-
- "false"
508-
workspaces:
509-
- name: workspace
510-
workspace: workspace
511-
- name: sast-unicode-check
513+
- input: $(params.skip-checks)
514+
operator: in
515+
values:
516+
- "false"
517+
- name: clamav-scan
512518
params:
519+
- name: image-digest
520+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
513521
- name: image-url
514522
value: $(tasks.build-image-index.results.IMAGE_URL)
515523
runAfter:
516524
- build-image-index
517525
taskRef:
518526
params:
519527
- name: name
520-
value: sast-unicode-check
528+
value: clamav-scan
521529
- name: bundle
522-
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:b1a9af196a79baa75632ef494eb6db987f57e870d882d47f5b495e1441c01e3b
530+
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:11b1684965b64f1fa7c65f90a3524413022246a3863eaba188c84eb4bf0b687a
523531
- name: kind
524532
value: task
525533
resolver: bundles
@@ -528,9 +536,6 @@ spec:
528536
operator: in
529537
values:
530538
- "false"
531-
workspaces:
532-
- name: workspace
533-
workspace: workspace
534539
- name: apply-tags
535540
params:
536541
- name: IMAGE
@@ -542,7 +547,7 @@ spec:
542547
- name: name
543548
value: apply-tags
544549
- name: bundle
545-
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:1ef12328e89d7cd517e447e6ca331233df0807794cabf6be1046bc8a976b3f35
550+
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:4973fa42a8f06238613447fbdb3d0c55eb2d718fd16f2f2591a577c29c1edb17
546551
- name: kind
547552
value: task
548553
resolver: bundles
@@ -563,7 +568,7 @@ spec:
563568
- name: name
564569
value: push-dockerfile
565570
- name: bundle
566-
value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:d82f3e188589f13943b774258ce08fab0396e576024f1888093640b816f8d8ee
571+
value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:6124587dffebd15b2123f73ca25807c5e69ff349489b31d4af6ff46a5d0228d6
567572
- name: kind
568573
value: task
569574
resolver: bundles
@@ -583,7 +588,7 @@ spec:
583588
- name: name
584589
value: rpms-signature-scan
585590
- name: bundle
586-
value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:c0798ff85ad04f1553d349fe34aa4918597fb35b3b74e344dfbd5af2f3494300
591+
value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:c7c1a5f5534ba22ecb93553632ee9e7c14f8f903dbb2ddde7b265e738686b0ea
587592
- name: kind
588593
value: task
589594
resolver: bundles

0 commit comments

Comments
 (0)