diff --git a/.tekton/collector-component-pipeline.yaml b/.tekton/collector-component-pipeline.yaml index 65e9a974dc..0544039efe 100644 --- a/.tekton/collector-component-pipeline.yaml +++ b/.tekton/collector-component-pipeline.yaml @@ -2,9 +2,7 @@ apiVersion: tekton.dev/v1 kind: Pipeline metadata: name: collector-component-pipeline - spec: - finally: - name: slack-notification params: @@ -13,10 +11,10 @@ spec: - name: key-name value: 'acs-konflux-notifications' when: - # Run when any task has Failed + # Run when any task has Failed - input: $(tasks.status) operator: in - values: [ "Failed" ] + values: ["Failed"] taskRef: params: - name: name @@ -26,7 +24,6 @@ spec: - name: kind value: task resolver: bundles - - name: show-sbom params: - name: IMAGE_URL @@ -36,11 +33,10 @@ spec: - name: name value: show-sbom - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:1b1df4da95966d08ac6a5b8198710e09e68b5c2cdc707c37d9d19769e65884b2 + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:86c069cac0a669797e8049faa8aa4088e70ff7fcd579d5bdc37626a9e0488a05 - name: kind value: task resolver: bundles - - name: post-metric-end params: - name: AGGREGATE_TASKS_STATUS @@ -54,7 +50,6 @@ spec: - name: kind value: task resolver: bundles - params: - description: Source Repository URL name: git-url @@ -71,13 +66,11 @@ spec: name: output-tag-suffix type: string - default: . - description: Path to the source code of an application's component from where - to build image. + description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context + description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" @@ -96,8 +89,7 @@ spec: description: Build dependencies to be prefetched by Cachi2 name: prefetch-input type: string - - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. + - description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after type: string - default: "true" @@ -115,7 +107,6 @@ spec: description: This sets the expiration time for intermediate OCI artifacts produced and used during builds after which they can be garbage collected. name: oci-artifact-expires-after type: string - results: - description: "" name: IMAGE_URL @@ -129,21 +120,17 @@ spec: - description: "" name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository.results.commit) - workspaces: - name: git-auth - tasks: - - name: post-metric-start taskRef: *post-bigquery-metrics-ref - - name: init params: - name: image-url - # We can't provide a StackRox-style tag because it is not known at this time (requires cloning source, etc.) - # As a workaround, we still provide a unique tag that's based on a revision to this task to comply with its - # expected input. We later actually add this tag on a built image with build-image-index-extra task. + # We can't provide a StackRox-style tag because it is not known at this time (requires cloning source, etc.) + # As a workaround, we still provide a unique tag that's based on a revision to this task to comply with its + # expected input. We later actually add this tag on a built image with build-image-index-extra task. value: $(params.output-image-repo):konflux-$(params.revision) - name: rebuild value: $(params.rebuild) @@ -152,11 +139,10 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:66e90d31e1386bf516fb548cd3e3f0082b5d0234b8b90dbf9e0d4684b70dbe1a + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:1d8221c84f91b923d89de50bf16481ea729e3b68ea04a9a7cbe8485ddbb27ee6 - name: kind value: task resolver: bundles - - name: clone-repository params: - name: url @@ -185,11 +171,10 @@ spec: when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] + values: ["true"] workspaces: - name: basic-auth workspace: git-auth - - name: determine-image-expiration params: - name: DEFAULT_IMAGE_EXPIRES_AFTER @@ -205,7 +190,6 @@ spec: - name: kind value: task resolver: bundles - - name: determine-image-tag params: - name: TAG_SUFFIX @@ -221,7 +205,6 @@ spec: - name: kind value: task resolver: bundles - - name: prefetch-dependencies params: - name: input @@ -234,7 +217,7 @@ spec: value: $(params.oci-artifact-expires-after) - name: ACTIVATION_KEY value: subscription-manager-activation-key-prod - # Required for the RPM prefetching support. + # Required for the RPM prefetching support. - name: dev-package-managers value: "true" taskRef: @@ -242,14 +225,13 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:a1ddc34bf0a169bb2e64a98caf9027b66af8fc66a3a60f71bb451ce36af6a399 + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:f10a4841e6f75fbb314b1d8cbf14f652499c1fe7f59e59aed59f7431c680aa17 - name: kind value: task resolver: bundles workspaces: - name: git-basic-auth workspace: git-auth - - name: build-container-amd64 params: - name: IMAGE @@ -280,15 +262,14 @@ spec: - name: name value: buildah-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.4@sha256:48b99ad18fd3bde2d22ec2c397d36c55e45ca90ddf1620c9e00bdee518e297bf + value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.4@sha256:06f604af4c29f08b02c36a8d9bc3dfa1606a5836fd8eeb1f6ef46048319afc38 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] - + values: ["true"] - name: build-container-s390x params: - name: IMAGE @@ -321,16 +302,15 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:5b8d51fa889cdac873750904c3fccc0cca1c4f65af16902ebb2b573151f80657 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:aedd7ecaac00f16e20173bdcb894c2ef83de56c7bf9262eed6002f0000d910e4 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] + values: ["true"] timeout: 1h30m0s - - name: build-container-ppc64le params: - name: IMAGE @@ -363,16 +343,15 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:5b8d51fa889cdac873750904c3fccc0cca1c4f65af16902ebb2b573151f80657 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:aedd7ecaac00f16e20173bdcb894c2ef83de56c7bf9262eed6002f0000d910e4 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] + values: ["true"] timeout: 1h30m0s - - name: build-container-arm64 params: - name: IMAGE @@ -405,16 +384,15 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:5b8d51fa889cdac873750904c3fccc0cca1c4f65af16902ebb2b573151f80657 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:aedd7ecaac00f16e20173bdcb894c2ef83de56c7bf9262eed6002f0000d910e4 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] + values: ["true"] timeout: 1h30m0s - - name: build-image-index params: - name: IMAGE @@ -434,15 +412,14 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:846dc9975914f31380ec2712fdbac9df3b06c00a9cc7df678315a7f97145efc2 + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:3499772af90aad0d3935629be6d37dd9292195fb629e6f43ec839c7f545a0faa - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] - + values: ["true"] - name: build-image-index-extra params: - name: IMAGE @@ -462,15 +439,14 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:846dc9975914f31380ec2712fdbac9df3b06c00a9cc7df678315a7f97145efc2 + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:3499772af90aad0d3935629be6d37dd9292195fb629e6f43ec839c7f545a0faa - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] - + values: ["true"] - name: build-source-image params: - name: BINARY_IMAGE @@ -479,23 +455,24 @@ spec: value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + - name: BINARY_IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) taskRef: params: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.2@sha256:b424894fc8e806c12658daa565b835fd2d66e7f7608afc47529eb7b410f030d7 + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:b1eb49583b41872b27356fee20d5f0eb6ff7f5cdeacde7ffb39655f031104728 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] + values: ["true"] - input: $(params.build-source-image) operator: in - values: [ "true" ] - + values: ["true"] - name: deprecated-base-image-check params: - name: IMAGE_URL @@ -514,8 +491,7 @@ spec: when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: clair-scan params: - name: image-digest @@ -527,15 +503,14 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:d354939892f3a904223ec080cc3771bd11931085a5d202323ea491ee8e8c5e43 + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:417f44117f8d87a4a62fea6589b5746612ac61640b454dbd88f74892380411f2 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: ecosystem-cert-preflight-checks params: - name: image-url @@ -545,15 +520,14 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:ba7ed837f467904e7b38513174a707a9eec4009d009d6f272ff71d1250bc8854 + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:f99d2bdb02f13223d494077a2cde31418d09369f33c02134a8e7e5fad2f61eda - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: sast-shell-check params: - name: image-digest @@ -569,15 +543,14 @@ spec: - name: name value: sast-shell-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:808bcaf75271db6a999f53fdefb973a385add94a277d37fbd3df68f8ac7dfaa3 + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:437d1bc50cb0bcffb88345b75d2d119677d17d47f16fd67baf553a5e134a335e - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: sast-unicode-check params: - name: image-digest @@ -600,8 +573,7 @@ spec: when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: sast-snyk-check params: - name: SOURCE_ARTIFACT @@ -617,15 +589,14 @@ spec: - name: name value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:e61f541189b30d14292ef8df36ccaf13f7feb2378fed5f74cb6293b3e79eb687 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:fe5e5ba3a72632cd505910de2eacd62c9d11ed570c325173188f8d568ac60771 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: clamav-scan params: - name: image-digest @@ -637,15 +608,14 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:9cab95ac9e833d77a63c079893258b73b8d5a298d93aaf9bdd6722471bc2f338 + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:7749146f7e4fe530846f1b15c9366178ec9f44776ef1922a60d3e7e2b8c6426b - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: rpms-signature-scan params: - name: image-digest @@ -664,8 +634,7 @@ spec: when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: push-dockerfile params: - name: IMAGE @@ -683,7 +652,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:5d8013b6a27bbc5e4ff261144616268f28417ed0950d583ef36349fcd59d3d3d + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:8c75c4a747e635e5f3e12266a3bb6e5d3132bf54e37eaa53d505f89897dd8eca - name: kind value: task resolver: bundles