From 9c543a9218805999850346d7441587c8915995d8 Mon Sep 17 00:00:00 2001 From: Ruben Romero Montes Date: Thu, 20 Jun 2024 08:48:15 +0200 Subject: [PATCH] chore: use same pipeline as ONGuard Signed-off-by: Ruben Romero Montes --- .tekton/osv-ingester-pull-request.yaml | 84 ++++++-------------------- .tekton/osv-ingester-push.yaml | 84 ++++++-------------------- 2 files changed, 34 insertions(+), 134 deletions(-) diff --git a/.tekton/osv-ingester-pull-request.yaml b/.tekton/osv-ingester-pull-request.yaml index 81858c8..4c1e58f 100644 --- a/.tekton/osv-ingester-pull-request.yaml +++ b/.tekton/osv-ingester-pull-request.yaml @@ -39,7 +39,7 @@ spec: - name: name value: show-sbom - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:bb6de6584cc47524ac69d2fb0bc310e546696b707e4052a465966e2446e33a15 + value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:9cd4bf015b18621834f40ed02c8dccda1f7834c7d989521a8314bdb3a596e96b - name: kind value: task resolver: bundles @@ -58,13 +58,13 @@ spec: - name: name value: summary - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:fc1b0a4efc83c91cd4a24020daabb874b3f33a87c34cd157cda0b7e6d4b7779a + value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:51d5aaa4e13e9fb4303f667e38d07e758820040032ed9fb3ab5f6afaaffc60d8 - name: kind value: task resolver: bundles workspaces: - - name: workspace - workspace: workspace + - name: workspace + workspace: workspace params: - description: Source Repository URL name: git-url @@ -114,14 +114,6 @@ spec: description: Build a source image. name: build-source-image type: string - - default: [] - description: Array of --build-arg values ("arg=value" strings) for buildah - name: build-args - type: array - - default: "" - description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file - name: build-args-file - type: string results: - description: "" name: IMAGE_URL @@ -152,7 +144,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:83b7df553a736def52dd47bca2a3614c8fa2c88d112d691a4834289cf8c2abf5 + value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:b23c7a924f303a67b3a00b32a6713ae1a4fccbc5327daa76a6edd250501ea7a3 - name: kind value: task resolver: bundles @@ -169,7 +161,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:9ea6101d110d96dd95216ee5fb73213c394ee62280f2bf1d61bb460f56dac027 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:2be7c9c83159c5247f1f9aab8fa1a2cb29d0df66f6c5bb48a012320bdcb03c7d - name: kind value: task resolver: bundles @@ -194,20 +186,18 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:c22f2537b73add9b9cef0c1ac92187abb8d265756eaa1e6e568a4f4215720cc3 + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:9aec3ae9f0f50a05abdc739faf4cbc82832cff16c77ac74e1d54072a882c0503 - name: kind value: task resolver: bundles when: - - input: $(params.prefetch-input) - operator: notin + - input: $(params.hermetic) + operator: in values: - - "" + - "true" workspaces: - name: source workspace: workspace - - name: git-basic-auth - workspace: git-auth - name: build-container params: - name: IMAGE @@ -224,11 +214,6 @@ spec: value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - $(params.build-args[*]) - - name: BUILD_ARGS_FILE - value: $(params.build-args-file) runAfter: - prefetch-dependencies taskRef: @@ -236,7 +221,7 @@ spec: - name: name value: buildah-8gb - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-8gb@sha256:8653b4eb7c3f3e28834bdb9821a2b9bf905714011d347168e019e94151147640 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-8gb:0.1@sha256:3dbec109b54aaec4ea7265f008155109a8a70426cab4a8a040b7c92d5360b463 - name: kind value: task resolver: bundles @@ -261,7 +246,7 @@ spec: - name: name value: source-build - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:eacb3f49a4fefc112e5d68f67f9418584e1f942e33b027aaf80612d7eff332d0 + value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:1a976a35adee9163e455d0c5aee5d9bf9cb3c6a770656ae347558f8c54977709 - name: kind value: task resolver: bundles @@ -292,7 +277,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:d70d970e689a26f1c9e6a1db69580a06cde989c7278c402316278d78c17d2927 + value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.4@sha256:3793fbf59e7dadff9d1f7e7ea4cc430c69a2de620b20c7fd69d71bdd5f6c4a60 - name: kind value: task resolver: bundles @@ -314,27 +299,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1@sha256:f38e2740eceadac1dd3c131f093d6f87feecf31cfa9d3765fb3fa3a25ed804c8 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: ecosystem-cert-preflight-checks - params: - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: ecosystem-cert-preflight-checks - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:8838d3e1628dbe61f4851b3640d2e3a9a3079d3ff3da955f4a3e4c2c95a013df + value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:44d0df70080e082e72d2694b14130ff512e5e7f2611190161a9b016b4df9fb22 - name: kind value: task resolver: bundles @@ -351,7 +316,7 @@ spec: - name: name value: sast-snyk-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.1@sha256:4c672aeda06ed1b9997a3c003153e1764c258195aa46a5f227ab521a81823a84 + value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:242acc527a06a11fac9dd6524467f62f3a086c186c5f885973e5780a04d4289c - name: kind value: task resolver: bundles @@ -376,7 +341,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:110ecfa4656ece3241336e434ded12aa4191a96ff1d0d6ca6deebba59be50f40 + value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:5dbe6c646c3502ddc7fbe6016b8584bed6ce3ab7028b0c405ebaabc7e6e9e64c - name: kind value: task resolver: bundles @@ -398,7 +363,7 @@ spec: - name: name value: sbom-json-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1@sha256:fe6e910cf25664dc6c192023f178a4066e20307d7f888f6d0fe0304c5c11a3c4 + value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:f9cc253c3a07594bfb51e09c78b46598591cb353e19b16ef514f8312a8b0bada - name: kind value: task resolver: bundles @@ -407,21 +372,6 @@ spec: operator: in values: - "false" - - name: apply-tags - params: - - name: IMAGE - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: apply-tags - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:175162b0a1c55e911d0d25ddef97e90932b5043f0b523cf83ed4824363840d74 - - name: kind - value: task - resolver: bundles workspaces: - name: workspace - name: git-auth diff --git a/.tekton/osv-ingester-push.yaml b/.tekton/osv-ingester-push.yaml index cc74140..fabb8a7 100644 --- a/.tekton/osv-ingester-push.yaml +++ b/.tekton/osv-ingester-push.yaml @@ -36,7 +36,7 @@ spec: - name: name value: show-sbom - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:bb6de6584cc47524ac69d2fb0bc310e546696b707e4052a465966e2446e33a15 + value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:9cd4bf015b18621834f40ed02c8dccda1f7834c7d989521a8314bdb3a596e96b - name: kind value: task resolver: bundles @@ -55,13 +55,13 @@ spec: - name: name value: summary - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:fc1b0a4efc83c91cd4a24020daabb874b3f33a87c34cd157cda0b7e6d4b7779a + value: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.2@sha256:51d5aaa4e13e9fb4303f667e38d07e758820040032ed9fb3ab5f6afaaffc60d8 - name: kind value: task resolver: bundles workspaces: - - name: workspace - workspace: workspace + - name: workspace + workspace: workspace params: - description: Source Repository URL name: git-url @@ -111,14 +111,6 @@ spec: description: Build a source image. name: build-source-image type: string - - default: [] - description: Array of --build-arg values ("arg=value" strings) for buildah - name: build-args - type: array - - default: "" - description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file - name: build-args-file - type: string results: - description: "" name: IMAGE_URL @@ -149,7 +141,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:83b7df553a736def52dd47bca2a3614c8fa2c88d112d691a4834289cf8c2abf5 + value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:b23c7a924f303a67b3a00b32a6713ae1a4fccbc5327daa76a6edd250501ea7a3 - name: kind value: task resolver: bundles @@ -166,7 +158,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:9ea6101d110d96dd95216ee5fb73213c394ee62280f2bf1d61bb460f56dac027 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:2be7c9c83159c5247f1f9aab8fa1a2cb29d0df66f6c5bb48a012320bdcb03c7d - name: kind value: task resolver: bundles @@ -191,20 +183,18 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:c22f2537b73add9b9cef0c1ac92187abb8d265756eaa1e6e568a4f4215720cc3 + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:9aec3ae9f0f50a05abdc739faf4cbc82832cff16c77ac74e1d54072a882c0503 - name: kind value: task resolver: bundles when: - - input: $(params.prefetch-input) - operator: notin + - input: $(params.hermetic) + operator: in values: - - "" + - "true" workspaces: - name: source workspace: workspace - - name: git-basic-auth - workspace: git-auth - name: build-container params: - name: IMAGE @@ -221,11 +211,6 @@ spec: value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - $(params.build-args[*]) - - name: BUILD_ARGS_FILE - value: $(params.build-args-file) runAfter: - prefetch-dependencies taskRef: @@ -233,7 +218,7 @@ spec: - name: name value: buildah-8gb - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-8gb@sha256:8653b4eb7c3f3e28834bdb9821a2b9bf905714011d347168e019e94151147640 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-8gb:0.1@sha256:3dbec109b54aaec4ea7265f008155109a8a70426cab4a8a040b7c92d5360b463 - name: kind value: task resolver: bundles @@ -258,7 +243,7 @@ spec: - name: name value: source-build - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:eacb3f49a4fefc112e5d68f67f9418584e1f942e33b027aaf80612d7eff332d0 + value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:1a976a35adee9163e455d0c5aee5d9bf9cb3c6a770656ae347558f8c54977709 - name: kind value: task resolver: bundles @@ -289,7 +274,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:d70d970e689a26f1c9e6a1db69580a06cde989c7278c402316278d78c17d2927 + value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.4@sha256:3793fbf59e7dadff9d1f7e7ea4cc430c69a2de620b20c7fd69d71bdd5f6c4a60 - name: kind value: task resolver: bundles @@ -311,27 +296,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1@sha256:f38e2740eceadac1dd3c131f093d6f87feecf31cfa9d3765fb3fa3a25ed804c8 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: ecosystem-cert-preflight-checks - params: - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: ecosystem-cert-preflight-checks - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:8838d3e1628dbe61f4851b3640d2e3a9a3079d3ff3da955f4a3e4c2c95a013df + value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:44d0df70080e082e72d2694b14130ff512e5e7f2611190161a9b016b4df9fb22 - name: kind value: task resolver: bundles @@ -348,7 +313,7 @@ spec: - name: name value: sast-snyk-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.1@sha256:4c672aeda06ed1b9997a3c003153e1764c258195aa46a5f227ab521a81823a84 + value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:242acc527a06a11fac9dd6524467f62f3a086c186c5f885973e5780a04d4289c - name: kind value: task resolver: bundles @@ -373,7 +338,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:110ecfa4656ece3241336e434ded12aa4191a96ff1d0d6ca6deebba59be50f40 + value: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:5dbe6c646c3502ddc7fbe6016b8584bed6ce3ab7028b0c405ebaabc7e6e9e64c - name: kind value: task resolver: bundles @@ -395,7 +360,7 @@ spec: - name: name value: sbom-json-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1@sha256:fe6e910cf25664dc6c192023f178a4066e20307d7f888f6d0fe0304c5c11a3c4 + value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:f9cc253c3a07594bfb51e09c78b46598591cb353e19b16ef514f8312a8b0bada - name: kind value: task resolver: bundles @@ -404,21 +369,6 @@ spec: operator: in values: - "false" - - name: apply-tags - params: - - name: IMAGE - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: apply-tags - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:175162b0a1c55e911d0d25ddef97e90932b5043f0b523cf83ed4824363840d74 - - name: kind - value: task - resolver: bundles workspaces: - name: workspace - name: git-auth