Skip to content

Commit

Permalink
Merge pull request #168 from ccronca/update-sast-snyk-check-main
Browse files Browse the repository at this point in the history
fix(KONFLUX-3663): format PipelineRun files and upload SAST results
  • Loading branch information
openshift-merge-bot[bot] authored Aug 16, 2024
2 parents 123e39c + 8bc8570 commit 6d4f939
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 32 deletions.
33 changes: 17 additions & 16 deletions .tekton/fulcio-pull-request.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,7 @@ metadata:
build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}'
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
pipelinesascode.tekton.dev/max-keep-runs: "3"
pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
== "main"
pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main"
creationTimestamp: null
labels:
appstudio.openshift.io/application: fulcio
Expand Down Expand Up @@ -82,13 +81,11 @@ spec:
name: output-image
type: string
- default: .
description: Path to the source code of an application's component from where
to build image.
description: Path to the source code of an application's component from where to build image.
name: path-context
type: string
- default: Dockerfile
description: Path to the Dockerfile inside the context specified by parameter
path-context
description: Path to the Dockerfile inside the context specified by parameter path-context
name: dockerfile
type: string
- default: "false"
Expand Down Expand Up @@ -116,8 +113,7 @@ spec:
name: java
type: string
- default: ""
description: Image tag expiration time, time values could be something like
1h, 2d, 3w for hours, days, and weeks, respectively.
description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.
name: image-expires-after
- default: "false"
description: Build a source image.
Expand Down Expand Up @@ -315,7 +311,7 @@ spec:
- "false"
- name: sast-snyk-check
runAfter:
- clone-repository
- build-container
taskRef:
params:
- name: name
Expand All @@ -333,6 +329,11 @@ spec:
workspaces:
- name: workspace
workspace: workspace
params:
- name: image-digest
value: $(tasks.build-container.results.IMAGE_DIGEST)
- name: image-url
value: $(tasks.build-container.results.IMAGE_URL)
- name: clamav-scan
params:
- name: image-digest
Expand Down Expand Up @@ -390,19 +391,19 @@ spec:
value: task
resolver: bundles
workspaces:
- name: source
workspace: workspace
- name: source
workspace: workspace
workspaces:
- name: workspace
- name: git-auth
optional: true
taskRunTemplate: {}
taskRunSpecs:
- pipelineTaskName: run-unit-test
serviceAccountName: appstudio-pipeline
podTemplate:
imagePullSecrets:
- name: brew-registry-pull-secret
- pipelineTaskName: run-unit-test
serviceAccountName: appstudio-pipeline
podTemplate:
imagePullSecrets:
- name: brew-registry-pull-secret
workspaces:
- name: workspace
volumeClaimTemplate:
Expand Down
33 changes: 17 additions & 16 deletions .tekton/fulcio-push.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,7 @@ metadata:
build.appstudio.redhat.com/commit_sha: '{{revision}}'
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
pipelinesascode.tekton.dev/max-keep-runs: "3"
pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
== "main"
pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main"
build.appstudio.openshift.io/build-nudge-files: "controllers/constants/*"
creationTimestamp: null
labels:
Expand Down Expand Up @@ -80,13 +79,11 @@ spec:
name: output-image
type: string
- default: .
description: Path to the source code of an application's component from where
to build image.
description: Path to the source code of an application's component from where to build image.
name: path-context
type: string
- default: Dockerfile
description: Path to the Dockerfile inside the context specified by parameter
path-context
description: Path to the Dockerfile inside the context specified by parameter path-context
name: dockerfile
type: string
- default: "false"
Expand Down Expand Up @@ -114,8 +111,7 @@ spec:
name: java
type: string
- default: ""
description: Image tag expiration time, time values could be something like
1h, 2d, 3w for hours, days, and weeks, respectively.
description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.
name: image-expires-after
- default: "false"
description: Build a source image.
Expand Down Expand Up @@ -313,7 +309,7 @@ spec:
- "false"
- name: sast-snyk-check
runAfter:
- clone-repository
- build-container
taskRef:
params:
- name: name
Expand All @@ -331,6 +327,11 @@ spec:
workspaces:
- name: workspace
workspace: workspace
params:
- name: image-digest
value: $(tasks.build-container.results.IMAGE_DIGEST)
- name: image-url
value: $(tasks.build-container.results.IMAGE_URL)
- name: clamav-scan
params:
- name: image-digest
Expand Down Expand Up @@ -388,19 +389,19 @@ spec:
value: task
resolver: bundles
workspaces:
- name: source
workspace: workspace
- name: source
workspace: workspace
workspaces:
- name: workspace
- name: git-auth
optional: true
taskRunTemplate: {}
taskRunSpecs:
- pipelineTaskName: run-unit-test
serviceAccountName: appstudio-pipeline
podTemplate:
imagePullSecrets:
- name: brew-registry-pull-secret
- pipelineTaskName: run-unit-test
serviceAccountName: appstudio-pipeline
podTemplate:
imagePullSecrets:
- name: brew-registry-pull-secret
workspaces:
- name: workspace
volumeClaimTemplate:
Expand Down

0 comments on commit 6d4f939

Please sign in to comment.