From 93eb47fcfe34703c2e4fbf6e6ebf700a8f11225a Mon Sep 17 00:00:00 2001 From: John Duimovich Date: Sun, 11 Feb 2024 11:01:25 -0500 Subject: [PATCH] remove unused pac contents - remote openshift formatted templates - remote node.java and old docker-build pac - update the pac caller to match the template (currently a manual process) --- openshift-pipelines/poc-demo/README.md | 5 - .../advanced-ssc-rhtab-docker-edit-me.yaml | 282 ------------ .../poc-demo/advanced-ssc-rhtab-docker.yaml | 269 ------------ pac/docker-build-dance/README.md | 14 - .../docker-pull-request.yaml | 46 -- pac/docker-build-dance/docker-push.yaml | 45 -- pac/docker-build-rhtap/README.md | 21 +- .../docker-pull-request.yaml | 400 ++---------------- pac/docker-build-rhtap/docker-push.yaml | 400 ++---------------- pac/docker-build-shared/README.md | 14 - .../docker-pull-request.yaml | 48 --- pac/docker-build-shared/docker-push.yaml | 47 -- pac/nodejs-build/README.md | 14 - pac/nodejs-build/node-pull-request.yaml | 39 -- pac/nodejs-build/node-push.yaml | 39 -- pac/repository.yaml | 3 +- 16 files changed, 84 insertions(+), 1602 deletions(-) delete mode 100644 openshift-pipelines/poc-demo/README.md delete mode 100644 openshift-pipelines/poc-demo/advanced-ssc-rhtab-docker-edit-me.yaml delete mode 100644 openshift-pipelines/poc-demo/advanced-ssc-rhtab-docker.yaml delete mode 100644 pac/docker-build-dance/README.md delete mode 100644 pac/docker-build-dance/docker-pull-request.yaml delete mode 100644 pac/docker-build-dance/docker-push.yaml delete mode 100644 pac/docker-build-shared/README.md delete mode 100644 pac/docker-build-shared/docker-pull-request.yaml delete mode 100644 pac/docker-build-shared/docker-push.yaml delete mode 100644 pac/nodejs-build/README.md delete mode 100644 pac/nodejs-build/node-pull-request.yaml delete mode 100644 pac/nodejs-build/node-push.yaml diff --git a/openshift-pipelines/poc-demo/README.md b/openshift-pipelines/poc-demo/README.md deleted file mode 100644 index 6c1f441..0000000 --- a/openshift-pipelines/poc-demo/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# openshift-pipelines formatted pipelines - -### The pipelines in this directory are used in the OpenShift console. - -Install into OCP for integration in Console Create Application flow diff --git a/openshift-pipelines/poc-demo/advanced-ssc-rhtab-docker-edit-me.yaml b/openshift-pipelines/poc-demo/advanced-ssc-rhtab-docker-edit-me.yaml deleted file mode 100644 index f25d3d0..0000000 --- a/openshift-pipelines/poc-demo/advanced-ssc-rhtab-docker-edit-me.yaml +++ /dev/null @@ -1,282 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: Pipeline -metadata: - annotations: {} - name: advanced-ssc-rhtab-docker-edit-me -spec: - finally: - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - kind: Task - name: show-sbom - - name: show-summary - params: - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: git-url - value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - - name: image-url - value: $(params.output-image) - - name: build-task-status - value: $(tasks.build-container.status) - taskRef: - kind: Task - name: summary - params: - - description: Source Repository URL - name: git-url - type: string - - description: Revision of the Source Repository - name: revision - type: string - - description: Fully Qualified Output Image - name: output-image - type: string - - default: . - description: Path to the source code of an application's component from where - to build image. - name: path-context - type: string - - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context - name: dockerfile - type: string - - default: "false" - description: Force rebuild image - name: rebuild - type: string - - default: "false" - description: Skip checks against built image - name: skip-checks - type: string - - default: "true" - description: Skip optional checks, set false if you want to run optional checks - name: skip-optional - type: string - - default: "false" - description: Execute the build with network isolation - name: hermetic - type: string - - description: Build dependencies to be prefetched by Cachi2 - name: prefetch-input - type: string - - default: "false" - description: Java build - name: java - type: string - - description: Image tag expiration time, time values could be something like 1h, - 2d, 3w for hours, days, and weeks, respectively. - name: image-expires-after - type: string - - default: "false" - description: Build a source image. - name: build-source-image - type: string - results: - - description: "" - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - description: "" - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - - description: "" - name: CHAINS-GIT_URL - value: $(tasks.clone-repository.results.url) - - description: "" - name: CHAINS-GIT_COMMIT - value: $(tasks.clone-repository.results.commit) - - description: "" - name: JAVA_COMMUNITY_DEPENDENCIES - value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) - tasks: - - name: init - params: - - name: image-url - value: $(params.output-image) - - name: rebuild - value: $(params.rebuild) - - name: skip-checks - value: $(params.skip-checks) - - name: skip-optional - value: $(params.skip-optional) - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: pipelinerun-uid - value: $(context.pipelineRun.uid) - taskRef: - kind: Task - name: init - - name: clone-repository - params: - - name: url - value: $(params.git-url) - - name: revision - value: $(params.revision) - runAfter: - - init - taskRef: - kind: Task - name: git-clone - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: output - workspace: workspace - - name: basic-auth - workspace: git-auth - - name: prefetch-dependencies - params: - - name: input - value: $(params.prefetch-input) - runAfter: - - clone-repository - taskRef: - kind: Task - name: prefetch-dependencies - when: - - input: $(params.hermetic) - operator: in - values: - - "true" - workspaces: - - name: source - workspace: workspace - - name: build-container - params: - - name: IMAGE - value: $(params.output-image) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - runAfter: - - prefetch-dependencies - taskRef: - kind: Task - name: buildah - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: source - workspace: workspace - - name: build-source-image - params: - - name: BINARY_IMAGE - value: $(params.output-image) - - name: BASE_IMAGES - value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) - runAfter: - - build-container - taskRef: - kind: Task - name: source-build - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - - input: $(params.build-source-image) - operator: in - values: - - "true" - workspaces: - - name: workspace - workspace: workspace - - name: deprecated-base-image-check - params: - - name: BASE_IMAGES_DIGESTS - value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) - runAfter: - - build-container - taskRef: - kind: Task - name: deprecated-image-check - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: clair-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - kind: Task - name: clair-scan - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sast-snyk-check - runAfter: - - clone-repository - taskRef: - kind: Task - name: sast-snyk-check - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - workspace: workspace - - name: clamav-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - kind: Task - name: clamav-scan - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sbom-json-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - kind: Task - name: sbom-json-check - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - - name: git-auth - optional: true diff --git a/openshift-pipelines/poc-demo/advanced-ssc-rhtab-docker.yaml b/openshift-pipelines/poc-demo/advanced-ssc-rhtab-docker.yaml deleted file mode 100644 index f1c855d..0000000 --- a/openshift-pipelines/poc-demo/advanced-ssc-rhtab-docker.yaml +++ /dev/null @@ -1,269 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Pipeline -metadata: - name: advanced-ssc-rhtab-docker - namespace: openshift -spec: - results: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: CHAINS-GIT_URL - value: $(tasks.clone-repository.results.url) - - name: CHAINS-GIT_COMMIT - value: $(tasks.clone-repository.results.commit) - - name: JAVA_COMMUNITY_DEPENDENCIES - value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) - params: - - description: Source Repository URL - name: git-url - type: string - - description: Revision of the Source Repository - name: revision - type: string - - description: Fully Qualified Output Image - name: output-image - type: string - - default: . - description: >- - Path to the source code of an application's component from where to - build image. - name: path-context - type: string - - default: Dockerfile - description: >- - Path to the Dockerfile inside the context specified by parameter - path-context - name: dockerfile - type: string - - default: 'false' - description: Force rebuild image - name: rebuild - type: string - - default: 'false' - description: Skip checks against built image - name: skip-checks - type: string - - default: 'true' - description: 'Skip optional checks, set false if you want to run optional checks' - name: skip-optional - type: string - - default: 'false' - description: Execute the build with network isolation - name: hermetic - type: string - - description: Build dependencies to be prefetched by Cachi2 - name: prefetch-input - type: string - - default: 'false' - description: Java build - name: java - type: string - - description: >- - Image tag expiration time, time values could be something like 1h, 2d, - 3w for hours, days, and weeks, respectively. - name: image-expires-after - - default: 'false' - description: Build a source image. - name: build-source-image - type: string - resources: [] - workspaces: - - name: workspace - - name: git-auth - optional: true - tasks: - - name: init - params: - - name: image-url - value: $(params.output-image) - - name: rebuild - value: $(params.rebuild) - - name: skip-checks - value: $(params.skip-checks) - - name: skip-optional - value: $(params.skip-optional) - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: pipelinerun-uid - value: $(context.pipelineRun.uid) - taskRef: - name: init - - name: clone-repository - params: - - name: url - value: $(params.git-url) - - name: revision - value: $(params.revision) - runAfter: - - init - taskRef: - name: git-clone - when: - - input: $(tasks.init.results.build) - operator: in - values: - - 'true' - workspaces: - - name: output - workspace: workspace - - name: basic-auth - workspace: git-auth - - name: prefetch-dependencies - params: - - name: input - value: $(params.prefetch-input) - runAfter: - - clone-repository - taskRef: - name: prefetch-dependencies - when: - - input: $(params.hermetic) - operator: in - values: - - 'true' - workspaces: - - name: source - workspace: workspace - - name: build-container - params: - - name: IMAGE - value: $(params.output-image) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - runAfter: - - prefetch-dependencies - taskRef: - name: buildah - when: - - input: $(tasks.init.results.build) - operator: in - values: - - 'true' - workspaces: - - name: source - workspace: workspace - - name: build-source-image - params: - - name: BINARY_IMAGE - value: $(params.output-image) - - name: BASE_IMAGES - value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) - runAfter: - - build-container - taskRef: - name: source-build - when: - - input: $(tasks.init.results.build) - operator: in - values: - - 'true' - - input: $(params.build-source-image) - operator: in - values: - - 'true' - workspaces: - - name: workspace - workspace: workspace - - name: deprecated-base-image-check - params: - - name: BASE_IMAGES_DIGESTS - value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) - runAfter: - - build-container - taskRef: - name: deprecated-image-check - when: - - input: $(params.skip-checks) - operator: in - values: - - 'false' - - name: clair-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - name: clair-scan - when: - - input: $(params.skip-checks) - operator: in - values: - - 'false' - - name: sast-snyk-check - runAfter: - - clone-repository - taskRef: - name: sast-snyk-check - when: - - input: $(params.skip-checks) - operator: in - values: - - 'false' - workspaces: - - name: workspace - workspace: workspace - - name: clamav-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - name: clamav-scan - when: - - input: $(params.skip-checks) - operator: in - values: - - 'false' - - name: sbom-json-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - name: sbom-json-check - when: - - input: $(params.skip-checks) - operator: in - values: - - 'false' - finally: - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - name: show-sbom - - name: show-summary - params: - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: git-url - value: >- - $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - - name: image-url - value: $(params.output-image) - - name: build-task-status - value: $(tasks.build-container.status) - taskRef: - name: summary diff --git a/pac/docker-build-dance/README.md b/pac/docker-build-dance/README.md deleted file mode 100644 index 9969095..0000000 --- a/pac/docker-build-dance/README.md +++ /dev/null @@ -1,14 +0,0 @@ -# docker-build-shared with shared pipeline references - -This pipeline is used to create dockerfile builds. -The task references come from this repository ` ../pipelines` `../tasks` and are referenced by URL - -When the pipleines in this repo are updated, all future runs are shared. - -A developer can override these tasks with a local copy and updated annotations. - -Example - - `pipelinesascode.tekton.dev/task: "./tasks/show-sbom.yaml ` - - diff --git a/pac/docker-build-dance/docker-pull-request.yaml b/pac/docker-build-dance/docker-pull-request.yaml deleted file mode 100644 index cbbcf73..0000000 --- a/pac/docker-build-dance/docker-pull-request.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: PipelineRun -metadata: - name: {{values.name}}-on-pull-request - namespace: {{values.namespace}} - annotations: - pipelinesascode.tekton.dev/on-event: "[pull_request]" - pipelinesascode.tekton.dev/on-target-branch: "[main]" - pipelinesascode.tekton.dev/max-keep-runs: "2" - pipelinesascode.tekton.dev/pipeline: "{{values.rawUrl}}/pac/pipelines/docker-build-dance.yaml" - pipelinesascode.tekton.dev/task-0: "{{values.rawUrl}}/pac/tasks/init.yaml" - pipelinesascode.tekton.dev/task-1: "{{values.rawUrl}}/pac/tasks/git-clone.yaml" - pipelinesascode.tekton.dev/task-2: "{{values.rawUrl}}/pac/tasks/buildah-rhtap.yaml" - pipelinesascode.tekton.dev/task-3: "{{values.rawUrl}}/pac/tasks/source-build.yaml" - pipelinesascode.tekton.dev/task-4: "{{values.rawUrl}}/pac/tasks/clair-scan.yaml" - pipelinesascode.tekton.dev/task-5: "{{values.rawUrl}}/new-for-dance/tasks/task-acs-image-check.yaml" - pipelinesascode.tekton.dev/task-6: "{{values.rawUrl}}/new-for-dance/tasks/task-acs-image-scan.yaml" - pipelinesascode.tekton.dev/task-7: "{{values.rawUrl}}/new-for-dance/tasks/task-acs-deploy-check.yaml" - pipelinesascode.tekton.dev/task-8: "{{values.rawUrl}}/pac/tasks/show-sbom.yaml" - pipelinesascode.tekton.dev/task-9: "{{values.rawUrl}}/pac/tasks/summary.yaml" -spec: - params: - - name: dockerfile - value: {{values.dockerfileLocation}} - - name: git-url - value: '{{repo_url}}' - - name: image-expires-after - value: 5d - - name: output-image - value: {{values.image}}:on-pr-{{revision}} - - name: path-context - value: {{values.buildContext}} - - name: revision - value: '{{revision}}' - pipelineRef: - name: docker-build-dance - workspaces: - - name: workspace - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - \ No newline at end of file diff --git a/pac/docker-build-dance/docker-push.yaml b/pac/docker-build-dance/docker-push.yaml deleted file mode 100644 index 8b06409..0000000 --- a/pac/docker-build-dance/docker-push.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: PipelineRun -metadata: - name: {{values.name}}-on-push - namespace: {{values.namespace}} - annotations: - pipelinesascode.tekton.dev/on-event: "[push]" - pipelinesascode.tekton.dev/on-target-branch: "[main]" - pipelinesascode.tekton.dev/max-keep-runs: "2" - pipelinesascode.tekton.dev/pipeline: "{{values.rawUrl}}/pac/pipelines/docker-build-dance.yaml" - pipelinesascode.tekton.dev/task-0: "{{values.rawUrl}}/pac/tasks/init.yaml" - pipelinesascode.tekton.dev/task-1: "{{values.rawUrl}}/pac/tasks/git-clone.yaml" - pipelinesascode.tekton.dev/task-2: "{{values.rawUrl}}/pac/tasks/buildah-rhtap.yaml" - pipelinesascode.tekton.dev/task-3: "{{values.rawUrl}}/pac/tasks/source-build.yaml" - pipelinesascode.tekton.dev/task-4: "{{values.rawUrl}}/pac/tasks/clair-scan.yaml" - pipelinesascode.tekton.dev/task-5: "{{values.rawUrl}}/new-for-dance/tasks/task-acs-image-check.yaml" - pipelinesascode.tekton.dev/task-6: "{{values.rawUrl}}/new-for-dance/tasks/task-acs-image-scan.yaml" - pipelinesascode.tekton.dev/task-7: "{{values.rawUrl}}/new-for-dance/tasks/task-acs-deploy-check.yaml" - pipelinesascode.tekton.dev/task-8: "{{values.rawUrl}}/pac/tasks/show-sbom.yaml" - pipelinesascode.tekton.dev/task-9: "{{values.rawUrl}}/pac/tasks/summary.yaml" -spec: - params: - - name: dockerfile - value: {{values.dockerfileLocation}} - - name: git-url - value: '{{repo_url}}' - - name: image-expires-after - value: 5d - - name: output-image - value: {{values.image}}:{{revision}} - - name: path-context - value: {{values.buildContext}} - - name: revision - value: '{{revision}}' - pipelineRef: - name: docker-build-dance - workspaces: - - name: workspace - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi \ No newline at end of file diff --git a/pac/docker-build-rhtap/README.md b/pac/docker-build-rhtap/README.md index fa02f64..6ce919b 100644 --- a/pac/docker-build-rhtap/README.md +++ b/pac/docker-build-rhtap/README.md @@ -1,4 +1,19 @@ -# docker-build in RHTAP format +# docker-build-rhtap + +## Shared Git resolver model for shared pipeline and tasks. + +This pipeline is used to create dockerfile based sscs builds. +Tasks tasks references come from this repository ` ../pipelines` `../tasks` and are referenced by URL using the git resolver in tekton. + +When the pipleines in this repo are updated, all future runs are shared. + +A developer can override these tasks with a local copy and updated annotations. + +Example + + `pipelinesascode.tekton.dev/task: "./tasks/show-sbom.yaml ` + + +## Templates +These pipelines are in template format. The references to this repository in the PaC template is `{{values.rawUrl}}` which is updated to point to this repo or the fork of this repo. -The PaC templates are in RHTAP format with inline task definitions. -This pipeline is used to create dockerfile builds. \ No newline at end of file diff --git a/pac/docker-build-rhtap/docker-pull-request.yaml b/pac/docker-build-rhtap/docker-pull-request.yaml index 6eab03b..8904978 100644 --- a/pac/docker-build-rhtap/docker-pull-request.yaml +++ b/pac/docker-build-rhtap/docker-pull-request.yaml @@ -1,382 +1,46 @@ apiVersion: tekton.dev/v1 kind: PipelineRun metadata: - annotations: - pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-event: '[pull_request]' - pipelinesascode.tekton.dev/on-target-branch: '[main]' - labels: - appstudio.openshift.io/application: {{values.appName}} - appstudio.openshift.io/component: {{values.name}} - pipelines.appstudio.openshift.io/type: build - name: {{values.name}}-on-pull-request - namespace: {{values.namespace}} -spec: + name: ${{ values.name }}-on-pull-request + namespace: ${{ values.namespace }} + annotations: + pipelinesascode.tekton.dev/on-event: "[pull_request]" + pipelinesascode.tekton.dev/on-target-branch: "[main]" + pipelinesascode.tekton.dev/max-keep-runs: "2" + pipelinesascode.tekton.dev/pipeline: "{{values.rawUrl}}/pac/pipelines/docker-build-rhtap.yaml" + pipelinesascode.tekton.dev/task-0: "{{values.rawUrl}}/pac/tasks/init.yaml" + pipelinesascode.tekton.dev/task-1: "{{values.rawUrl}}/pac/tasks/git-clone.yaml" + pipelinesascode.tekton.dev/task-2: "{{values.rawUrl}}/pac/tasks/buildah-rhtap.yaml" + pipelinesascode.tekton.dev/task-3: "{{values.rawUrl}}/pac/tasks/source-build.yaml" + pipelinesascode.tekton.dev/task-4: "{{values.rawUrl}}/pac/tasks/clair-scan.yaml" + pipelinesascode.tekton.dev/task-5: "{{values.rawUrl}}/pac/tasks/acs-image-check.yaml" + pipelinesascode.tekton.dev/task-6: "{{values.rawUrl}}/pac/tasks/acs-image-scan.yaml" + pipelinesascode.tekton.dev/task-7: "{{values.rawUrl}}/pac/tasks/acs-deploy-check.yaml" + pipelinesascode.tekton.dev/task-8: "{{values.rawUrl}}/pac/tasks/show-sbom.yaml" + pipelinesascode.tekton.dev/task-9: "{{values.rawUrl}}/pac/tasks/summary.yaml" +spec: params: - name: dockerfile - value: {{values.dockerfileLocation}} + value: ${{ values.dockerfile }} - name: git-url value: '{{repo_url}}' - name: image-expires-after value: 5d - name: output-image - value: {{values.image}}:on-pr-{{revision}} + value: ${{ values.image }}:on-pr-{{revision}} - name: path-context - value: {{values.buildContext}} + value: ${{ values.buildContext }} - name: revision value: '{{revision}}' - pipelineSpec: - finally: - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - params: - - name: name - value: show-sbom - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:7db0af43dcebaeb33e34413148370e17078c30fd2fc78fb84c8941b444199f36 - - name: kind - value: task - resolver: bundles - - name: show-summary - params: - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: git-url - value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - - name: image-url - value: $(params.output-image) - - name: build-task-status - value: $(tasks.build-container.status) - taskRef: - params: - - name: name - value: summary - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:9d43202379cb83358942ce2e936c0297e30faaa0c73811324318c6260a6edc25 - - name: kind - value: task - resolver: bundles - params: - - description: Source Repository URL - name: git-url - type: string - - default: "" - description: Revision of the Source Repository - name: revision - type: string - - description: Fully Qualified Output Image - name: output-image - type: string - - default: . - description: Path to the source code of an application's component from where - to build image. - name: path-context - type: string - - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context - name: dockerfile - type: string - - default: "false" - description: Force rebuild image - name: rebuild - type: string - - default: "false" - description: Skip checks against built image - name: skip-checks - type: string - - default: "true" - description: Skip optional checks, set false if you want to run optional checks - name: skip-optional - type: string - - default: "false" - description: Execute the build with network isolation - name: hermetic - type: string - - default: "" - description: Build dependencies to be prefetched by Cachi2 - name: prefetch-input - type: string - - default: "false" - description: Java build - name: java - type: string - - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. - name: image-expires-after - results: - - description: "" - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - description: "" - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - - description: "" - name: CHAINS-GIT_URL - value: $(tasks.clone-repository.results.url) - - description: "" - name: CHAINS-GIT_COMMIT - value: $(tasks.clone-repository.results.commit) - - description: "" - name: JAVA_COMMUNITY_DEPENDENCIES - value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) - tasks: - - name: init - params: - - name: image-url - value: $(params.output-image) - - name: rebuild - value: $(params.rebuild) - - name: skip-checks - value: $(params.skip-checks) - - name: skip-optional - value: $(params.skip-optional) - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: pipelinerun-uid - value: $(context.pipelineRun.uid) - taskRef: - params: - - name: name - value: init - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:26586a7ef08c3e86dfdaf0a5cc38dd3d70c4c02db1331b469caaed0a0f5b3d86 - - name: kind - value: task - resolver: bundles - - name: clone-repository - params: - - name: url - value: $(params.git-url) - - name: revision - value: $(params.revision) - runAfter: - - init - taskRef: - params: - - name: name - value: git-clone - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:1f84973a21aabea38434b1f663abc4cb2d86565a9c7aae1f90decb43a8fa48eb - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: output - workspace: workspace - - name: basic-auth - workspace: git-auth - - name: prefetch-dependencies - params: - - name: input - value: $(params.prefetch-input) - runAfter: - - clone-repository - taskRef: - params: - - name: name - value: prefetch-dependencies - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:c7b7f13d5d2a1545e95c2d56521327001d56ba54645900db41aa414607eff1e5 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.hermetic) - operator: in - values: - - "true" - workspaces: - - name: source - workspace: workspace - - name: build-container - params: - - name: IMAGE - value: $(params.output-image) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - runAfter: - - prefetch-dependencies - taskRef: - params: - - name: name - value: buildah - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:3ab862223beab868839476ed455b2530043ff8ce4453eb4618ab37c137bfe2d8 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: source - workspace: workspace - - name: inspect-image - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - params: - - name: name - value: inspect-image - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:7880c08c67e81f22d3de1d012905e5c9d333108188ceaea60b3a4c3857c2c4b7 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: source - workspace: workspace - - name: deprecated-base-image-check - params: - - name: BASE_IMAGES_DIGESTS - value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) - taskRef: - params: - - name: name - value: deprecated-image-check - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.3@sha256:6df3f9a88242224048837a69e269d640799e7ee83984880ba2f57d8b0155990e - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: clair-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: clair-scan - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:4d8588502c3265cca7c43f131d77661f9254b4b12e5af0cf093afcc464bfb850 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sast-snyk-check - runAfter: - - clone-repository - taskRef: - params: - - name: name - value: sast-snyk-check - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:ce73b27a7a345a99ff88a730388d938243678af42704da8db69387bdf547b8ad - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - workspace: workspace - - name: clamav-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: clamav-scan - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:884697be1f7377a5b680aa79629d183c541277badeac13573d497233986ebfb7 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sbom-json-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - params: - - name: name - value: sbom-json-check - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:d8d114daa23c299aefecc9b5c8440f6cf3106635c92788b56208b41358e8f819 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - - name: git-auth - optional: true + pipelineRef: + name: docker-build-rhtap workspaces: - - name: workspace - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - status: {} - - name: git-auth - secret: - secretName: '{{ git_auth_secret }}' -status: {} + - name: workspace + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + diff --git a/pac/docker-build-rhtap/docker-push.yaml b/pac/docker-build-rhtap/docker-push.yaml index d6aebe0..5491940 100644 --- a/pac/docker-build-rhtap/docker-push.yaml +++ b/pac/docker-build-rhtap/docker-push.yaml @@ -1,379 +1,45 @@ apiVersion: tekton.dev/v1 kind: PipelineRun metadata: - annotations: - pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-event: '[push]' - pipelinesascode.tekton.dev/on-target-branch: '[main]' - labels: - appstudio.openshift.io/application: {{values.appName}} - appstudio.openshift.io/component: {{values.name}} - pipelines.appstudio.openshift.io/type: build - name: {{values.name}}-on-push - namespace: {{values.namespace}} -spec: + name: ${{ values.name }}-on-push + namespace: ${{ values.namespace }} + annotations: + pipelinesascode.tekton.dev/on-event: "[push]" + pipelinesascode.tekton.dev/on-target-branch: "[main]" + pipelinesascode.tekton.dev/max-keep-runs: "2" + pipelinesascode.tekton.dev/pipeline: "{{values.rawUrl}}/pac/pipelines/docker-build-rhtap.yaml" + pipelinesascode.tekton.dev/task-0: "{{values.rawUrl}}/pac/tasks/init.yaml" + pipelinesascode.tekton.dev/task-1: "{{values.rawUrl}}/pac/tasks/git-clone.yaml" + pipelinesascode.tekton.dev/task-2: "{{values.rawUrl}}/pac/tasks/buildah-rhtap.yaml" + pipelinesascode.tekton.dev/task-3: "{{values.rawUrl}}/pac/tasks/source-build.yaml" + pipelinesascode.tekton.dev/task-4: "{{values.rawUrl}}/pac/tasks/clair-scan.yaml" + pipelinesascode.tekton.dev/task-5: "{{values.rawUrl}}/pac/tasks/acs-image-check.yaml" + pipelinesascode.tekton.dev/task-6: "{{values.rawUrl}}/pac/tasks/acs-image-scan.yaml" + pipelinesascode.tekton.dev/task-7: "{{values.rawUrl}}/pac/tasks/acs-deploy-check.yaml" + pipelinesascode.tekton.dev/task-8: "{{values.rawUrl}}/pac/tasks/show-sbom.yaml" + pipelinesascode.tekton.dev/task-9: "{{values.rawUrl}}/pac/tasks/summary.yaml" +spec: params: - name: dockerfile - value: Dockerfile + value: ${{ values.dockerfile }} - name: git-url value: '{{repo_url}}' + - name: image-expires-after + value: 5d - name: output-image - value: {{values.image}}:{{revision}} + value: ${{ values.image }}:{{revision}} - name: path-context - value: . + value: ${{ values.buildContext }} - name: revision value: '{{revision}}' - pipelineSpec: - finally: - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - params: - - name: name - value: show-sbom - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:7db0af43dcebaeb33e34413148370e17078c30fd2fc78fb84c8941b444199f36 - - name: kind - value: task - resolver: bundles - - name: show-summary - params: - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: git-url - value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - - name: image-url - value: $(params.output-image) - - name: build-task-status - value: $(tasks.build-container.status) - taskRef: - params: - - name: name - value: summary - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:9d43202379cb83358942ce2e936c0297e30faaa0c73811324318c6260a6edc25 - - name: kind - value: task - resolver: bundles - params: - - description: Source Repository URL - name: git-url - type: string - - default: "" - description: Revision of the Source Repository - name: revision - type: string - - description: Fully Qualified Output Image - name: output-image - type: string - - default: . - description: Path to the source code of an application's component from where - to build image. - name: path-context - type: string - - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context - name: dockerfile - type: string - - default: "false" - description: Force rebuild image - name: rebuild - type: string - - default: "false" - description: Skip checks against built image - name: skip-checks - type: string - - default: "true" - description: Skip optional checks, set false if you want to run optional checks - name: skip-optional - type: string - - default: "false" - description: Execute the build with network isolation - name: hermetic - type: string - - default: "" - description: Build dependencies to be prefetched by Cachi2 - name: prefetch-input - type: string - - default: "false" - description: Java build - name: java - type: string - - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. - name: image-expires-after - results: - - description: "" - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - description: "" - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - - description: "" - name: CHAINS-GIT_URL - value: $(tasks.clone-repository.results.url) - - description: "" - name: CHAINS-GIT_COMMIT - value: $(tasks.clone-repository.results.commit) - - description: "" - name: JAVA_COMMUNITY_DEPENDENCIES - value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) - tasks: - - name: init - params: - - name: image-url - value: $(params.output-image) - - name: rebuild - value: $(params.rebuild) - - name: skip-checks - value: $(params.skip-checks) - - name: skip-optional - value: $(params.skip-optional) - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: pipelinerun-uid - value: $(context.pipelineRun.uid) - taskRef: - params: - - name: name - value: init - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:26586a7ef08c3e86dfdaf0a5cc38dd3d70c4c02db1331b469caaed0a0f5b3d86 - - name: kind - value: task - resolver: bundles - - name: clone-repository - params: - - name: url - value: $(params.git-url) - - name: revision - value: $(params.revision) - runAfter: - - init - taskRef: - params: - - name: name - value: git-clone - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:1f84973a21aabea38434b1f663abc4cb2d86565a9c7aae1f90decb43a8fa48eb - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: output - workspace: workspace - - name: basic-auth - workspace: git-auth - - name: prefetch-dependencies - params: - - name: input - value: $(params.prefetch-input) - runAfter: - - clone-repository - taskRef: - params: - - name: name - value: prefetch-dependencies - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:c7b7f13d5d2a1545e95c2d56521327001d56ba54645900db41aa414607eff1e5 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.hermetic) - operator: in - values: - - "true" - workspaces: - - name: source - workspace: workspace - - name: build-container - params: - - name: IMAGE - value: $(params.output-image) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - runAfter: - - prefetch-dependencies - taskRef: - params: - - name: name - value: buildah - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:3ab862223beab868839476ed455b2530043ff8ce4453eb4618ab37c137bfe2d8 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: source - workspace: workspace - - name: inspect-image - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - params: - - name: name - value: inspect-image - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:7880c08c67e81f22d3de1d012905e5c9d333108188ceaea60b3a4c3857c2c4b7 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: source - workspace: workspace - - name: deprecated-base-image-check - params: - - name: BASE_IMAGES_DIGESTS - value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) - taskRef: - params: - - name: name - value: deprecated-image-check - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.3@sha256:6df3f9a88242224048837a69e269d640799e7ee83984880ba2f57d8b0155990e - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: clair-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: clair-scan - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:4d8588502c3265cca7c43f131d77661f9254b4b12e5af0cf093afcc464bfb850 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sast-snyk-check - runAfter: - - clone-repository - taskRef: - params: - - name: name - value: sast-snyk-check - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:ce73b27a7a345a99ff88a730388d938243678af42704da8db69387bdf547b8ad - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - workspace: workspace - - name: clamav-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: clamav-scan - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:884697be1f7377a5b680aa79629d183c541277badeac13573d497233986ebfb7 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sbom-json-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - params: - - name: name - value: sbom-json-check - - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:d8d114daa23c299aefecc9b5c8440f6cf3106635c92788b56208b41358e8f819 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - - name: git-auth - optional: true + pipelineRef: + name: docker-build-rhtap workspaces: - - name: workspace - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - status: {} - - name: git-auth - secret: - secretName: '{{git_auth_secret}}' + - name: workspace + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/pac/docker-build-shared/README.md b/pac/docker-build-shared/README.md deleted file mode 100644 index 9969095..0000000 --- a/pac/docker-build-shared/README.md +++ /dev/null @@ -1,14 +0,0 @@ -# docker-build-shared with shared pipeline references - -This pipeline is used to create dockerfile builds. -The task references come from this repository ` ../pipelines` `../tasks` and are referenced by URL - -When the pipleines in this repo are updated, all future runs are shared. - -A developer can override these tasks with a local copy and updated annotations. - -Example - - `pipelinesascode.tekton.dev/task: "./tasks/show-sbom.yaml ` - - diff --git a/pac/docker-build-shared/docker-pull-request.yaml b/pac/docker-build-shared/docker-pull-request.yaml deleted file mode 100644 index c9b6a1c..0000000 --- a/pac/docker-build-shared/docker-pull-request.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: PipelineRun -metadata: - name: {{values.name}}-on-pull-request - namespace: {{values.namespace}} - annotations: - pipelinesascode.tekton.dev/on-event: "[pull_request]" - pipelinesascode.tekton.dev/on-target-branch: "[main]" - pipelinesascode.tekton.dev/max-keep-runs: "2" - pipelinesascode.tekton.dev/pipeline: "{{values.rawUrl}}/pac/pipelines/docker-build.yaml" - pipelinesascode.tekton.dev/task: "{{values.rawUrl}}/pac/tasks/show-sbom.yaml" - pipelinesascode.tekton.dev/task-1: "{{values.rawUrl}}/pac/tasks/summary.yaml" - pipelinesascode.tekton.dev/task-2: "{{values.rawUrl}}/pac/tasks/init.yaml" - pipelinesascode.tekton.dev/task-3: "{{values.rawUrl}}/pac/tasks/git-clone.yaml" - pipelinesascode.tekton.dev/task-4: "{{values.rawUrl}}/pac/tasks/prefetch-dependencies.yaml" - pipelinesascode.tekton.dev/task-5: "{{values.rawUrl}}/pac/tasks/buildah.yaml" - pipelinesascode.tekton.dev/task-6: "{{values.rawUrl}}/pac/tasks/source-build.yaml" - pipelinesascode.tekton.dev/task-7: "{{values.rawUrl}}/pac/tasks/deprecated-image-check.yaml" - pipelinesascode.tekton.dev/task-8: "{{values.rawUrl}}/pac/tasks/clair-scan.yaml" - pipelinesascode.tekton.dev/task-9: "{{values.rawUrl}}/pac/tasks/sast-snyk-check.yaml" - pipelinesascode.tekton.dev/task-10: "{{values.rawUrl}}/pac/tasks/clamav-scan.yaml" - pipelinesascode.tekton.dev/task-11: "{{values.rawUrl}}/pac/tasks/sbom-json-check.yaml" -spec: - params: - - name: dockerfile - value: {{values.dockerfileLocation}} - - name: git-url - value: '{{repo_url}}' - - name: image-expires-after - value: 5d - - name: output-image - value: {{values.image}}:on-pr-{{revision}} - - name: path-context - value: {{values.buildContext}} - - name: revision - value: '{{revision}}' - pipelineRef: - name: docker-build - workspaces: - - name: workspace - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - \ No newline at end of file diff --git a/pac/docker-build-shared/docker-push.yaml b/pac/docker-build-shared/docker-push.yaml deleted file mode 100644 index 0242cfb..0000000 --- a/pac/docker-build-shared/docker-push.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: PipelineRun -metadata: - name: {{values.name}}-on-push - namespace: {{values.namespace}} - annotations: - pipelinesascode.tekton.dev/on-event: "[push]" - pipelinesascode.tekton.dev/on-target-branch: "[main]" - pipelinesascode.tekton.dev/max-keep-runs: "2" - pipelinesascode.tekton.dev/pipeline: "{{values.rawUrl}}/pac/pipelines/docker-build.yaml" - pipelinesascode.tekton.dev/task: "{{values.rawUrl}}/pac/tasks/show-sbom.yaml" - pipelinesascode.tekton.dev/task-1: "{{values.rawUrl}}/pac/tasks/summary.yaml" - pipelinesascode.tekton.dev/task-2: "{{values.rawUrl}}/pac/tasks/init.yaml" - pipelinesascode.tekton.dev/task-3: "{{values.rawUrl}}/pac/tasks/git-clone.yaml" - pipelinesascode.tekton.dev/task-4: "{{values.rawUrl}}/pac/tasks/prefetch-dependencies.yaml" - pipelinesascode.tekton.dev/task-5: "{{values.rawUrl}}/pac/tasks/buildah.yaml" - pipelinesascode.tekton.dev/task-6: "{{values.rawUrl}}/pac/tasks/source-build.yaml" - pipelinesascode.tekton.dev/task-7: "{{values.rawUrl}}/pac/tasks/deprecated-image-check.yaml" - pipelinesascode.tekton.dev/task-8: "{{values.rawUrl}}/pac/tasks/clair-scan.yaml" - pipelinesascode.tekton.dev/task-9: "{{values.rawUrl}}/pac/tasks/sast-snyk-check.yaml" - pipelinesascode.tekton.dev/task-10: "{{values.rawUrl}}/pac/tasks/clamav-scan.yaml" - pipelinesascode.tekton.dev/task-11: "{{values.rawUrl}}/pac/tasks/sbom-json-check.yaml" -spec: - params: - - name: dockerfile - value: {{values.dockerfileLocation}} - - name: git-url - value: '{{repo_url}}' - - name: image-expires-after - value: 5d - - name: output-image - value: {{values.image}}:{{revision}} - - name: path-context - value: {{values.buildContext}} - - name: revision - value: '{{revision}}' - pipelineRef: - name: docker-build - workspaces: - - name: workspace - volumeClaimTemplate: - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi \ No newline at end of file diff --git a/pac/nodejs-build/README.md b/pac/nodejs-build/README.md deleted file mode 100644 index f72497f..0000000 --- a/pac/nodejs-build/README.md +++ /dev/null @@ -1,14 +0,0 @@ -# nodejs-build with shared pipeline references - -This pipeline is used to create nodejs builds. -The task references come from this repository ` ../pipelines` `../tasks` and are referenced by URL - -When the pipleines in this repo are updated, all future runs are shared. - -A developer can override these tasks with a local copy and updated annotations. - -Example - - `pipelinesascode.tekton.dev/task: "./tasks/show-sbom.yaml ` - - diff --git a/pac/nodejs-build/node-pull-request.yaml b/pac/nodejs-build/node-pull-request.yaml deleted file mode 100644 index 7601d80..0000000 --- a/pac/nodejs-build/node-pull-request.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: PipelineRun -metadata: - name: {{values.name}}-on-pull-request - namespace: {{values.namespace}} - annotations: - pipelinesascode.tekton.dev/on-event: "[pull_request]" - pipelinesascode.tekton.dev/on-target-branch: "[main]" - pipelinesascode.tekton.dev/max-keep-runs: "2" - pipelinesascode.tekton.dev/pipeline: "{{values.rawUrl}}/pac/pipelines/nodejs-build.yaml" - pipelinesascode.tekton.dev/task: "{{values.rawUrl}}/pac/tasks/show-sbom.yaml" - pipelinesascode.tekton.dev/task-1: "{{values.rawUrl}}/pac/tasks/summary.yaml" - pipelinesascode.tekton.dev/task-2: "{{values.rawUrl}}/pac/tasks/init.yaml" - pipelinesascode.tekton.dev/task-3: "{{values.rawUrl}}/pac/tasks/git-clone.yaml" - pipelinesascode.tekton.dev/task-4: "{{values.rawUrl}}/pac/tasks/prefetch-dependencies.yaml" - pipelinesascode.tekton.dev/task-5: "{{values.rawUrl}}/pac/tasks/buildah.yaml" - pipelinesascode.tekton.dev/task-6: "{{values.rawUrl}}/pac/tasks/source-build.yaml" - pipelinesascode.tekton.dev/task-7: "{{values.rawUrl}}/pac/tasks/deprecated-image-check.yaml" - pipelinesascode.tekton.dev/task-8: "{{values.rawUrl}}/pac/tasks/clair-scan.yaml" - pipelinesascode.tekton.dev/task-9: "{{values.rawUrl}}/pac/tasks/sast-snyk-check.yaml" - pipelinesascode.tekton.dev/task-10: "{{values.rawUrl}}/pac/tasks/clamav-scan.yaml" - pipelinesascode.tekton.dev/task-11: "{{values.rawUrl}}/pac/tasks/sbom-json-check.yaml" -spec: - params: - - name: dockerfile - value: {{values.dockerfileLocation}} - - name: git-url - value: '{{repo_url}}' - - name: image-expires-after - value: 5d - - name: output-image - value: {{values.image}}:on-pr-{{revision}} - - name: path-context - value: {{values.buildContext}} - - name: revision - value: '{{revision}}' - pipelineRef: - name: nodejs-build - \ No newline at end of file diff --git a/pac/nodejs-build/node-push.yaml b/pac/nodejs-build/node-push.yaml deleted file mode 100644 index 64e5912..0000000 --- a/pac/nodejs-build/node-push.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: PipelineRun -metadata: - name: {{values.name}}-on-push - namespace: {{values.namespace}} - annotations: - pipelinesascode.tekton.dev/on-event: "[push]" - pipelinesascode.tekton.dev/on-target-branch: "[main]" - pipelinesascode.tekton.dev/max-keep-runs: "2" - pipelinesascode.tekton.dev/pipeline: "{{values.rawUrl}}/pac/pipelines/nodejs-build.yaml" - pipelinesascode.tekton.dev/task: "{{values.rawUrl}}/pac/tasks/show-sbom.yaml" - pipelinesascode.tekton.dev/task-1: "{{values.rawUrl}}/pac/tasks/summary.yaml" - pipelinesascode.tekton.dev/task-2: "{{values.rawUrl}}/pac/tasks/init.yaml" - pipelinesascode.tekton.dev/task-3: "{{values.rawUrl}}/pac/tasks/git-clone.yaml" - pipelinesascode.tekton.dev/task-4: "{{values.rawUrl}}/pac/tasks/prefetch-dependencies.yaml" - pipelinesascode.tekton.dev/task-5: "{{values.rawUrl}}/pac/tasks/buildah.yaml" - pipelinesascode.tekton.dev/task-6: "{{values.rawUrl}}/pac/tasks/source-build.yaml" - pipelinesascode.tekton.dev/task-7: "{{values.rawUrl}}/pac/tasks/deprecated-image-check.yaml" - pipelinesascode.tekton.dev/task-8: "{{values.rawUrl}}/pac/tasks/clair-scan.yaml" - pipelinesascode.tekton.dev/task-9: "{{values.rawUrl}}/pac/tasks/sast-snyk-check.yaml" - pipelinesascode.tekton.dev/task-10: "{{values.rawUrl}}/pac/tasks/clamav-scan.yaml" - pipelinesascode.tekton.dev/task-11: "{{values.rawUrl}}/pac/tasks/sbom-json-check.yaml" -spec: - params: - - name: dockerfile - value: {{values.dockerfileLocation}} - - name: git-url - value: '{{repo_url}}' - - name: image-expires-after - value: 5d - - name: output-image - value: {{values.image}}:{{revision}} - - name: path-context - value: {{values.buildContext}} - - name: revision - value: '{{revision}}' - pipelineRef: - name: nodejs-build - \ No newline at end of file diff --git a/pac/repository.yaml b/pac/repository.yaml index 046fa85..5449abb 100644 --- a/pac/repository.yaml +++ b/pac/repository.yaml @@ -1,8 +1,7 @@ apiVersion: "pipelinesascode.tekton.dev/v1alpha1" kind: Repository metadata: - name: {{values.name}} - namespace: {{values.namespace}} + name: {{values.name}} spec: url: {{values.repoURL}}