Skip to content

Commit 53e5970

Browse files
avi-bitonavi-biton
authored
Merge pull request #1 from avi-biton/appstudio-devfile-sample-python-basic
Red Hat Trusted App Pipeline update devfile-sample-python-basic
2 parents 52324dc + e861982 commit 53e5970

File tree

2 files changed

+777
-0
lines changed

2 files changed

+777
-0
lines changed

.tekton/devfile-sample-python-basic-pull-request.yaml

Lines changed: 390 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,390 @@
1+
apiVersion: tekton.dev/v1beta1
2+
kind: PipelineRun
3+
metadata:
4+
annotations:
5+
build.appstudio.openshift.io/repo: https://github.com/avi-biton/devfile-sample-python-basic?rev={{revision}}
6+
build.appstudio.redhat.com/commit_sha: '{{revision}}'
7+
build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}'
8+
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
9+
pipelinesascode.tekton.dev/max-keep-runs: "3"
10+
pipelinesascode.tekton.dev/on-event: '[pull_request]'
11+
pipelinesascode.tekton.dev/on-target-branch: '[main]'
12+
creationTimestamp: null
13+
labels:
14+
appstudio.openshift.io/application: devfile-sample-python-basic
15+
appstudio.openshift.io/component: devfile-sample-python-basic
16+
pipelines.appstudio.openshift.io/type: build
17+
name: devfile-sample-python-basic-on-pull-request
18+
namespace: abiton-tenant
19+
spec:
20+
params:
21+
- name: dockerfile
22+
value: docker/Dockerfile
23+
- name: git-url
24+
value: '{{repo_url}}'
25+
- name: image-expires-after
26+
value: 5d
27+
- name: output-image
28+
value: quay.io/redhat-user-workloads/abiton-tenant/devfile-sample-python-basic/devfile-sample-python-basic:on-pr-{{revision}}
29+
- name: path-context
30+
value: .
31+
- name: revision
32+
value: '{{revision}}'
33+
pipelineSpec:
34+
finally:
35+
- name: show-sbom
36+
params:
37+
- name: IMAGE_URL
38+
value: $(tasks.build-container.results.IMAGE_URL)
39+
taskRef:
40+
params:
41+
- name: name
42+
value: show-sbom
43+
- name: bundle
44+
value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:7db0af43dcebaeb33e34413148370e17078c30fd2fc78fb84c8941b444199f36
45+
- name: kind
46+
value: task
47+
resolver: bundles
48+
- name: show-summary
49+
params:
50+
- name: pipelinerun-name
51+
value: $(context.pipelineRun.name)
52+
- name: git-url
53+
value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit)
54+
- name: image-url
55+
value: $(params.output-image)
56+
- name: build-task-status
57+
value: $(tasks.build-container.status)
58+
taskRef:
59+
params:
60+
- name: name
61+
value: summary
62+
- name: bundle
63+
value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:e69f53a3991d7088d8aa2827365ab761ab7524d4269f296b4a78b0f085789d30
64+
- name: kind
65+
value: task
66+
resolver: bundles
67+
params:
68+
- description: Source Repository URL
69+
name: git-url
70+
type: string
71+
- default: ""
72+
description: Revision of the Source Repository
73+
name: revision
74+
type: string
75+
- description: Fully Qualified Output Image
76+
name: output-image
77+
type: string
78+
- default: .
79+
description: The path to your source code
80+
name: path-context
81+
type: string
82+
- default: Dockerfile
83+
description: Path to the Dockerfile
84+
name: dockerfile
85+
type: string
86+
- default: "false"
87+
description: Force rebuild image
88+
name: rebuild
89+
type: string
90+
- default: "false"
91+
description: Skip checks against built image
92+
name: skip-checks
93+
type: string
94+
- default: "true"
95+
description: Skip optional checks, set false if you want to run optional checks
96+
name: skip-optional
97+
type: string
98+
- default: "false"
99+
description: Execute the build with network isolation
100+
name: hermetic
101+
type: string
102+
- default: ""
103+
description: Build dependencies to be prefetched by Cachi2
104+
name: prefetch-input
105+
type: string
106+
- default: "false"
107+
description: Java build
108+
name: java
109+
type: string
110+
- default: ""
111+
description: Image tag expiration time, time values could be something like
112+
1h, 2d, 3w for hours, days, and weeks, respectively.
113+
name: image-expires-after
114+
results:
115+
- description: ""
116+
name: IMAGE_URL
117+
value: $(tasks.build-container.results.IMAGE_URL)
118+
- description: ""
119+
name: IMAGE_DIGEST
120+
value: $(tasks.build-container.results.IMAGE_DIGEST)
121+
- description: ""
122+
name: CHAINS-GIT_URL
123+
value: $(tasks.clone-repository.results.url)
124+
- description: ""
125+
name: CHAINS-GIT_COMMIT
126+
value: $(tasks.clone-repository.results.commit)
127+
- description: ""
128+
name: JAVA_COMMUNITY_DEPENDENCIES
129+
value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES)
130+
tasks:
131+
- name: init
132+
params:
133+
- name: image-url
134+
value: $(params.output-image)
135+
- name: rebuild
136+
value: $(params.rebuild)
137+
- name: skip-checks
138+
value: $(params.skip-checks)
139+
- name: skip-optional
140+
value: $(params.skip-optional)
141+
- name: pipelinerun-name
142+
value: $(context.pipelineRun.name)
143+
- name: pipelinerun-uid
144+
value: $(context.pipelineRun.uid)
145+
taskRef:
146+
params:
147+
- name: name
148+
value: init
149+
- name: bundle
150+
value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:26586a7ef08c3e86dfdaf0a5cc38dd3d70c4c02db1331b469caaed0a0f5b3d86
151+
- name: kind
152+
value: task
153+
resolver: bundles
154+
- name: clone-repository
155+
params:
156+
- name: url
157+
value: $(params.git-url)
158+
- name: revision
159+
value: $(params.revision)
160+
runAfter:
161+
- init
162+
taskRef:
163+
params:
164+
- name: name
165+
value: git-clone
166+
- name: bundle
167+
value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:1f84973a21aabea38434b1f663abc4cb2d86565a9c7aae1f90decb43a8fa48eb
168+
- name: kind
169+
value: task
170+
resolver: bundles
171+
when:
172+
- input: $(tasks.init.results.build)
173+
operator: in
174+
values:
175+
- "true"
176+
workspaces:
177+
- name: output
178+
workspace: workspace
179+
- name: basic-auth
180+
workspace: git-auth
181+
- name: prefetch-dependencies
182+
params:
183+
- name: input
184+
value: $(params.prefetch-input)
185+
runAfter:
186+
- clone-repository
187+
taskRef:
188+
params:
189+
- name: name
190+
value: prefetch-dependencies
191+
- name: bundle
192+
value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:c7b7f13d5d2a1545e95c2d56521327001d56ba54645900db41aa414607eff1e5
193+
- name: kind
194+
value: task
195+
resolver: bundles
196+
when:
197+
- input: $(params.hermetic)
198+
operator: in
199+
values:
200+
- "true"
201+
workspaces:
202+
- name: source
203+
workspace: workspace
204+
- name: build-container
205+
params:
206+
- name: IMAGE
207+
value: $(params.output-image)
208+
- name: DOCKERFILE
209+
value: $(params.dockerfile)
210+
- name: CONTEXT
211+
value: $(params.path-context)
212+
- name: HERMETIC
213+
value: $(params.hermetic)
214+
- name: PREFETCH_INPUT
215+
value: $(params.prefetch-input)
216+
- name: IMAGE_EXPIRES_AFTER
217+
value: $(params.image-expires-after)
218+
- name: COMMIT_SHA
219+
value: $(tasks.clone-repository.results.commit)
220+
runAfter:
221+
- prefetch-dependencies
222+
taskRef:
223+
params:
224+
- name: name
225+
value: buildah
226+
- name: bundle
227+
value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:ebbf3859d0fe10e655dd9df47a1133157d0f2d11ea2faa7d060df0f9268e2a4e
228+
- name: kind
229+
value: task
230+
resolver: bundles
231+
when:
232+
- input: $(tasks.init.results.build)
233+
operator: in
234+
values:
235+
- "true"
236+
workspaces:
237+
- name: source
238+
workspace: workspace
239+
- name: inspect-image
240+
params:
241+
- name: IMAGE_URL
242+
value: $(tasks.build-container.results.IMAGE_URL)
243+
- name: IMAGE_DIGEST
244+
value: $(tasks.build-container.results.IMAGE_DIGEST)
245+
runAfter:
246+
- build-container
247+
taskRef:
248+
params:
249+
- name: name
250+
value: inspect-image
251+
- name: bundle
252+
value: quay.io/redhat-appstudio-tekton-catalog/task-inspect-image:0.1@sha256:bbc286f0a2ad94e671ceb9d0f1debd96f36b8c38c1147c5030957820b4125fc6
253+
- name: kind
254+
value: task
255+
resolver: bundles
256+
when:
257+
- input: $(params.skip-checks)
258+
operator: in
259+
values:
260+
- "false"
261+
workspaces:
262+
- name: source
263+
workspace: workspace
264+
- name: deprecated-base-image-check
265+
params:
266+
- name: BASE_IMAGES_DIGESTS
267+
value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS)
268+
taskRef:
269+
params:
270+
- name: name
271+
value: deprecated-image-check
272+
- name: bundle
273+
value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.2@sha256:58d16de95b4ca597f7f860fb85d6206e549910fa7a8d2a2cc229558f791ad329
274+
- name: kind
275+
value: task
276+
resolver: bundles
277+
when:
278+
- input: $(params.skip-checks)
279+
operator: in
280+
values:
281+
- "false"
282+
workspaces:
283+
- name: test-ws
284+
workspace: workspace
285+
- name: clair-scan
286+
params:
287+
- name: image-digest
288+
value: $(tasks.build-container.results.IMAGE_DIGEST)
289+
- name: image-url
290+
value: $(tasks.build-container.results.IMAGE_URL)
291+
runAfter:
292+
- build-container
293+
taskRef:
294+
params:
295+
- name: name
296+
value: clair-scan
297+
- name: bundle
298+
value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:c5602d9d6dd797da98e98fde8471ea55a788c30f74f2192807910ce5436e9b66
299+
- name: kind
300+
value: task
301+
resolver: bundles
302+
when:
303+
- input: $(params.skip-checks)
304+
operator: in
305+
values:
306+
- "false"
307+
- name: sast-snyk-check
308+
runAfter:
309+
- clone-repository
310+
taskRef:
311+
params:
312+
- name: name
313+
value: sast-snyk-check
314+
- name: bundle
315+
value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:9dcd450b454705b9fe22c5f8f7bb7305cebc3cb73e783b85e047f7e721994189
316+
- name: kind
317+
value: task
318+
resolver: bundles
319+
when:
320+
- input: $(params.skip-checks)
321+
operator: in
322+
values:
323+
- "false"
324+
workspaces:
325+
- name: workspace
326+
workspace: workspace
327+
- name: clamav-scan
328+
params:
329+
- name: image-digest
330+
value: $(tasks.build-container.results.IMAGE_DIGEST)
331+
- name: image-url
332+
value: $(tasks.build-container.results.IMAGE_URL)
333+
runAfter:
334+
- build-container
335+
taskRef:
336+
params:
337+
- name: name
338+
value: clamav-scan
339+
- name: bundle
340+
value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:cd4e301dd849cbdf7b8e38fd8f4915970b5b60174770df632a6b38ea93028d44
341+
- name: kind
342+
value: task
343+
resolver: bundles
344+
when:
345+
- input: $(params.skip-checks)
346+
operator: in
347+
values:
348+
- "false"
349+
- name: sbom-json-check
350+
params:
351+
- name: IMAGE_URL
352+
value: $(tasks.build-container.results.IMAGE_URL)
353+
- name: IMAGE_DIGEST
354+
value: $(tasks.build-container.results.IMAGE_DIGEST)
355+
runAfter:
356+
- build-container
357+
taskRef:
358+
params:
359+
- name: name
360+
value: sbom-json-check
361+
- name: bundle
362+
value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:397cb2fb20f413dec9653134231bec86edb80806a3441081fbf473677fc40917
363+
- name: kind
364+
value: task
365+
resolver: bundles
366+
when:
367+
- input: $(params.skip-checks)
368+
operator: in
369+
values:
370+
- "false"
371+
workspaces:
372+
- name: workspace
373+
- name: git-auth
374+
optional: true
375+
workspaces:
376+
- name: workspace
377+
volumeClaimTemplate:
378+
metadata:
379+
creationTimestamp: null
380+
spec:
381+
accessModes:
382+
- ReadWriteOnce
383+
resources:
384+
requests:
385+
storage: 1Gi
386+
status: {}
387+
- name: git-auth
388+
secret:
389+
secretName: '{{ git_auth_secret }}'
390+
status: {}

0 commit comments

Comments
 (0)