diff --git a/.tekton/collector-component-pipeline.yaml b/.tekton/collector-component-pipeline.yaml index ea6b609531..28fb145d66 100644 --- a/.tekton/collector-component-pipeline.yaml +++ b/.tekton/collector-component-pipeline.yaml @@ -2,9 +2,7 @@ apiVersion: tekton.dev/v1 kind: Pipeline metadata: name: collector-component-pipeline - spec: - finally: - name: slack-notification params: @@ -13,10 +11,10 @@ spec: - name: key-name value: 'acs-konflux-notifications' when: - # Run when any task has Failed + # Run when any task has Failed - input: $(tasks.status) operator: in - values: [ "Failed" ] + values: ["Failed"] taskRef: params: - name: name @@ -26,7 +24,6 @@ spec: - name: kind value: task resolver: bundles - - name: show-sbom params: - name: IMAGE_URL @@ -40,7 +37,6 @@ spec: - name: kind value: task resolver: bundles - - name: post-metric-end params: - name: AGGREGATE_TASKS_STATUS @@ -54,7 +50,6 @@ spec: - name: kind value: task resolver: bundles - params: - description: Source Repository URL name: git-url @@ -71,13 +66,11 @@ spec: name: output-tag-suffix type: string - default: . - description: Path to the source code of an application's component from where - to build image. + description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context + description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" @@ -96,8 +89,7 @@ spec: description: Build dependencies to be prefetched by Cachi2 name: prefetch-input type: string - - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. + - description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after type: string - default: "true" @@ -115,7 +107,10 @@ spec: description: This sets the expiration time for intermediate OCI artifacts produced and used during builds after which they can be garbage collected. name: oci-artifact-expires-after type: string - + - name: buildah-format + default: docker + type: string + description: The format for the resulting image's mediaType. Valid values are oci or docker. results: - description: "" name: IMAGE_URL @@ -129,21 +124,17 @@ spec: - description: "" name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository.results.commit) - workspaces: - name: git-auth - tasks: - - name: post-metric-start taskRef: *post-bigquery-metrics-ref - - name: init params: - name: image-url - # We can't provide a StackRox-style tag because it is not known at this time (requires cloning source, etc.) - # As a workaround, we still provide a unique tag that's based on a revision in order for this task to comply with - # its expected input. We later actually add this tag on a built image with the apply-index-image-tag task. + # We can't provide a StackRox-style tag because it is not known at this time (requires cloning source, etc.) + # As a workaround, we still provide a unique tag that's based on a revision in order for this task to comply with + # its expected input. We later actually add this tag on a built image with the apply-index-image-tag task. value: $(params.output-image-repo):konflux-$(params.revision) - name: rebuild value: $(params.rebuild) @@ -152,11 +143,10 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:ec962d0be18f36ca7d331c99bf243800f569fc0a2ea6f8c8c3d3a574b71c44dc + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:bbf313b09740fb39b3343bc69ee94b2a2c21d16a9304f9b7c111c305558fc346 - name: kind value: task resolver: bundles - - name: clone-repository params: - name: url @@ -178,18 +168,17 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3f1b468066b301083d8550e036f5a654fcb064810bd29eb06fec6d8ad3e35b9c + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:0d80f66610efd1f957700f61dcd5080689321b10ad544e136d58fc4673290d1b - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] + values: ["true"] workspaces: - name: basic-auth workspace: git-auth - - name: determine-image-expiration params: - name: DEFAULT_IMAGE_EXPIRES_AFTER @@ -205,7 +194,6 @@ spec: - name: kind value: task resolver: bundles - - name: determine-image-tag params: - name: TAG_SUFFIX @@ -221,7 +209,6 @@ spec: - name: kind value: task resolver: bundles - - name: prefetch-dependencies params: - name: input @@ -234,7 +221,7 @@ spec: value: $(params.oci-artifact-expires-after) - name: ACTIVATION_KEY value: subscription-manager-activation-key-prod - # Required for the RPM prefetching support. + # Required for the RPM prefetching support. - name: dev-package-managers value: "true" taskRef: @@ -242,14 +229,13 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:098322d6b789824f716f2d9caca1862d4afdc083ebaaee61aadd22a8c179480a + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:dc82a7270aace9b1c26f7e96f8ccab2752e53d32980c41a45e1733baad76cde6 - name: kind value: task resolver: bundles workspaces: - name: git-basic-auth workspace: git-auth - - name: build-container-amd64 params: - name: IMAGE @@ -275,20 +261,21 @@ spec: value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) taskRef: params: - name: name value: buildah-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.5@sha256:203b7a3d8c04c1f3b5327db3f31a19647f8d46304e7ced1dd5dcbba19445ac10 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.5@sha256:38d08ea58511a67f8754dc025feebdec8ae342fb4e25bc67a3726ec84f7cb7d1 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] - + values: ["true"] - name: build-container-s390x params: - name: IMAGE @@ -321,16 +308,15 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:17a0b093c9e9d21e9e374c60a88eb293a0fa57e4e2b67baf20ccac9735aa20ff + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:5e59c05455619580f4383010726f7db8440ecf6959882e9053ac697dd6d277fd - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] + values: ["true"] timeout: 1h30m0s - - name: build-container-ppc64le params: - name: IMAGE @@ -363,16 +349,15 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:17a0b093c9e9d21e9e374c60a88eb293a0fa57e4e2b67baf20ccac9735aa20ff + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:5e59c05455619580f4383010726f7db8440ecf6959882e9053ac697dd6d277fd - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] + values: ["true"] timeout: 1h30m0s - - name: build-container-arm64 params: - name: IMAGE @@ -405,16 +390,15 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:17a0b093c9e9d21e9e374c60a88eb293a0fa57e4e2b67baf20ccac9735aa20ff + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:5e59c05455619580f4383010726f7db8440ecf6959882e9053ac697dd6d277fd - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] + values: ["true"] timeout: 1h30m0s - - name: build-image-index params: - name: IMAGE @@ -429,20 +413,21 @@ spec: - $(tasks.build-container-arm64.results.IMAGE_REF) - name: IMAGE_EXPIRES_AFTER value: $(tasks.determine-image-expiration.results.IMAGE_EXPIRES_AFTER) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) taskRef: params: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:8e5dfb2fac011148f8715bbe0b99415f88297683d269eae0dfcad52562195d45 + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:79784d53749584bc5a8de32142ec4e2f01cdbf42c20d94e59280e0b927c8597d - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] - + values: ["true"] - name: apply-index-image-tag params: - name: IMAGE_URL @@ -464,8 +449,7 @@ spec: when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] - + values: ["true"] - name: build-source-image params: - name: BINARY_IMAGE @@ -481,18 +465,17 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:b0d6cb28a23f20db4f5cf78ed78ae3a91b9a5adfe989696ed0bbc63840a485b6 + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:36d44f2924f60da00a079a9ab7ce25ad8b2ad593c16d90509203c125ff0ccd46 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] + values: ["true"] - input: $(params.build-source-image) operator: in - values: [ "true" ] - + values: ["true"] - name: deprecated-base-image-check params: - name: IMAGE_URL @@ -504,15 +487,14 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:2c32152a55f6bfba67b41be456da46b6e109bb3e348e25220eed4eed149958c5 + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:f59175d9a0a60411738228dfe568af4684af4aa5e7e05c832927cb917801d489 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: clair-scan params: - name: image-digest @@ -531,8 +513,7 @@ spec: when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: ecosystem-cert-preflight-checks params: - name: image-url @@ -549,8 +530,7 @@ spec: when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: sast-shell-check params: - name: image-digest @@ -573,8 +553,7 @@ spec: when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: sast-unicode-check params: - name: image-digest @@ -597,8 +576,7 @@ spec: when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: sast-snyk-check params: - name: SOURCE_ARTIFACT @@ -614,15 +592,14 @@ spec: - name: name value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:783f5de1b4def2fb3fad20b914f4b3afee46ffb8f652114946e321ef3fa86449 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:181d63c126e3119a9d57b8feed4eb66a875b5208c3e90724c22758e65dca8733 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: clamav-scan params: - name: image-digest @@ -641,8 +618,7 @@ spec: when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: rpms-signature-scan params: - name: image-digest @@ -661,8 +637,7 @@ spec: when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: push-dockerfile params: - name: IMAGE @@ -680,7 +655,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:49f778479f468e71c2cfef722e96aa813d7ef98bde8a612e1bf1a13cd70849ec + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:2bc5b3afc5de56da0f06eac60b65e86f6b861b16a63f48579fc0bac7d657e14c - name: kind value: task resolver: bundles