From 5f5f6fa7a778ed9f8fae34d8b7de2aad3fb36ba3 Mon Sep 17 00:00:00 2001 From: RHTAP bot Date: Wed, 17 Jan 2024 00:07:11 +0000 Subject: [PATCH] Sync build-definitions --- pac/pipelines/docker-build-dance.yaml | 10 ---------- pac/pipelines/docker-build.yaml | 10 ---------- pac/pipelines/java-builder.yaml | 10 ---------- pac/pipelines/nodejs-builder.yaml | 10 ---------- pac/tasks/buildah-10gb.yaml | 2 +- pac/tasks/buildah-6gb.yaml | 2 +- pac/tasks/buildah-8gb.yaml | 2 +- pac/tasks/buildah-remote.yaml | 2 +- pac/tasks/buildah.yaml | 2 +- pac/tasks/clair-scan.yaml | 2 +- pac/tasks/clamav-scan.yaml | 6 +++--- pac/tasks/deprecated-image-check.yaml | 2 +- pac/tasks/fbc-related-image-check.yaml | 2 +- pac/tasks/fbc-validation.yaml | 2 +- pac/tasks/init.yaml | 21 ++------------------- pac/tasks/inspect-image.yaml | 2 +- pac/tasks/prefetch-dependencies.yaml | 2 +- pac/tasks/sast-snyk-check.yaml | 2 +- pac/tasks/sbom-json-check.yaml | 2 +- 19 files changed, 18 insertions(+), 75 deletions(-) diff --git a/pac/pipelines/docker-build-dance.yaml b/pac/pipelines/docker-build-dance.yaml index 35bc774..185838a 100644 --- a/pac/pipelines/docker-build-dance.yaml +++ b/pac/pipelines/docker-build-dance.yaml @@ -53,10 +53,6 @@ spec: description: Skip checks against built image name: skip-checks type: string - - default: "true" - description: Skip optional checks, set false if you want to run optional checks - name: skip-optional - type: string - default: "false" description: Execute the build with network isolation name: hermetic @@ -100,12 +96,6 @@ spec: value: $(params.rebuild) - name: skip-checks value: $(params.skip-checks) - - name: skip-optional - value: $(params.skip-optional) - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: pipelinerun-uid - value: $(context.pipelineRun.uid) taskRef: name: init - name: clone-repository diff --git a/pac/pipelines/docker-build.yaml b/pac/pipelines/docker-build.yaml index e1aadab..dd9015b 100644 --- a/pac/pipelines/docker-build.yaml +++ b/pac/pipelines/docker-build.yaml @@ -53,10 +53,6 @@ spec: description: Skip checks against built image name: skip-checks type: string - - default: "true" - description: Skip optional checks, set false if you want to run optional checks - name: skip-optional - type: string - default: "false" description: Execute the build with network isolation name: hermetic @@ -96,12 +92,6 @@ spec: value: $(params.rebuild) - name: skip-checks value: $(params.skip-checks) - - name: skip-optional - value: $(params.skip-optional) - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: pipelinerun-uid - value: $(context.pipelineRun.uid) taskRef: name: init - name: clone-repository diff --git a/pac/pipelines/java-builder.yaml b/pac/pipelines/java-builder.yaml index e59ee46..3183cfc 100644 --- a/pac/pipelines/java-builder.yaml +++ b/pac/pipelines/java-builder.yaml @@ -53,10 +53,6 @@ spec: description: Skip checks against built image name: skip-checks type: string - - default: "true" - description: Skip optional checks, set false if you want to run optional checks - name: skip-optional - type: string - default: "false" description: Execute the build with network isolation name: hermetic @@ -96,12 +92,6 @@ spec: value: $(params.rebuild) - name: skip-checks value: $(params.skip-checks) - - name: skip-optional - value: $(params.skip-optional) - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: pipelinerun-uid - value: $(context.pipelineRun.uid) taskRef: name: init - name: clone-repository diff --git a/pac/pipelines/nodejs-builder.yaml b/pac/pipelines/nodejs-builder.yaml index ac9698e..59efd89 100644 --- a/pac/pipelines/nodejs-builder.yaml +++ b/pac/pipelines/nodejs-builder.yaml @@ -53,10 +53,6 @@ spec: description: Skip checks against built image name: skip-checks type: string - - default: "true" - description: Skip optional checks, set false if you want to run optional checks - name: skip-optional - type: string - default: "false" description: Execute the build with network isolation name: hermetic @@ -94,12 +90,6 @@ spec: value: $(params.rebuild) - name: skip-checks value: $(params.skip-checks) - - name: skip-optional - value: $(params.skip-optional) - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: pipelinerun-uid - value: $(context.pipelineRun.uid) taskRef: name: init - name: clone-repository diff --git a/pac/tasks/buildah-10gb.yaml b/pac/tasks/buildah-10gb.yaml index c6dca23..aaabb50 100644 --- a/pac/tasks/buildah-10gb.yaml +++ b/pac/tasks/buildah-10gb.yaml @@ -279,7 +279,7 @@ spec: securityContext: runAsUser: 0 workingDir: $(workspaces.source.path) - - image: quay.io/redhat-appstudio/cachi2:0.3.0@sha256:46097f22b57e4d48a3fce96d931e08ccfe3a3e6421362d5f9353961279078eef + - image: quay.io/redhat-appstudio/cachi2:0.4.0@sha256:001acfbad47e132a90998d45076a0dbe0d8beacf0bec12b4d9a5aa796f4a9cad name: merge-cachi2-sbom script: | if [ -n "${PREFETCH_INPUT}" ]; then diff --git a/pac/tasks/buildah-6gb.yaml b/pac/tasks/buildah-6gb.yaml index 6a2fbcd..eaca301 100644 --- a/pac/tasks/buildah-6gb.yaml +++ b/pac/tasks/buildah-6gb.yaml @@ -279,7 +279,7 @@ spec: securityContext: runAsUser: 0 workingDir: $(workspaces.source.path) - - image: quay.io/redhat-appstudio/cachi2:0.3.0@sha256:46097f22b57e4d48a3fce96d931e08ccfe3a3e6421362d5f9353961279078eef + - image: quay.io/redhat-appstudio/cachi2:0.4.0@sha256:001acfbad47e132a90998d45076a0dbe0d8beacf0bec12b4d9a5aa796f4a9cad name: merge-cachi2-sbom script: | if [ -n "${PREFETCH_INPUT}" ]; then diff --git a/pac/tasks/buildah-8gb.yaml b/pac/tasks/buildah-8gb.yaml index e984e5c..54920e8 100644 --- a/pac/tasks/buildah-8gb.yaml +++ b/pac/tasks/buildah-8gb.yaml @@ -279,7 +279,7 @@ spec: securityContext: runAsUser: 0 workingDir: $(workspaces.source.path) - - image: quay.io/redhat-appstudio/cachi2:0.3.0@sha256:46097f22b57e4d48a3fce96d931e08ccfe3a3e6421362d5f9353961279078eef + - image: quay.io/redhat-appstudio/cachi2:0.4.0@sha256:001acfbad47e132a90998d45076a0dbe0d8beacf0bec12b4d9a5aa796f4a9cad name: merge-cachi2-sbom script: | if [ -n "${PREFETCH_INPUT}" ]; then diff --git a/pac/tasks/buildah-remote.yaml b/pac/tasks/buildah-remote.yaml index 62d54bd..abe6d77 100644 --- a/pac/tasks/buildah-remote.yaml +++ b/pac/tasks/buildah-remote.yaml @@ -360,7 +360,7 @@ spec: runAsUser: 0 workingDir: $(workspaces.source.path) - computeResources: {} - image: quay.io/redhat-appstudio/cachi2:0.3.0@sha256:46097f22b57e4d48a3fce96d931e08ccfe3a3e6421362d5f9353961279078eef + image: quay.io/redhat-appstudio/cachi2:0.4.0@sha256:001acfbad47e132a90998d45076a0dbe0d8beacf0bec12b4d9a5aa796f4a9cad name: merge-cachi2-sbom script: | if [ -n "${PREFETCH_INPUT}" ]; then diff --git a/pac/tasks/buildah.yaml b/pac/tasks/buildah.yaml index 3f2bf2a..fc0deae 100644 --- a/pac/tasks/buildah.yaml +++ b/pac/tasks/buildah.yaml @@ -293,7 +293,7 @@ spec: runAsUser: 0 - name: merge-cachi2-sbom - image: quay.io/redhat-appstudio/cachi2:0.3.0@sha256:46097f22b57e4d48a3fce96d931e08ccfe3a3e6421362d5f9353961279078eef + image: quay.io/redhat-appstudio/cachi2:0.4.0@sha256:001acfbad47e132a90998d45076a0dbe0d8beacf0bec12b4d9a5aa796f4a9cad # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent # also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released. diff --git a/pac/tasks/clair-scan.yaml b/pac/tasks/clair-scan.yaml index c7cafde..f31e426 100644 --- a/pac/tasks/clair-scan.yaml +++ b/pac/tasks/clair-scan.yaml @@ -42,7 +42,7 @@ spec: clair-action report --image-ref=$imageanddigest --db-path=/tmp/matcher.db --format=quay | tee /tekton/home/clair-result.json || true - name: conftest-vulnerabilities - image: quay.io/redhat-appstudio/hacbs-test:v1.1.8@sha256:8de0ec0875c7c6a41e0208b0030090992169f501166154edaded8a4f6121b164 + image: quay.io/redhat-appstudio/hacbs-test:v1.1.9@sha256:866675ee3064cf4768691ecca478063ce12f0556fb9d4f24ca95c98664ffbd43 # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent # also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released. diff --git a/pac/tasks/clamav-scan.yaml b/pac/tasks/clamav-scan.yaml index dbb2a48..4bc3157 100644 --- a/pac/tasks/clamav-scan.yaml +++ b/pac/tasks/clamav-scan.yaml @@ -24,7 +24,7 @@ spec: steps: - name: extract-and-scan-image - image: quay.io/redhat-appstudio/hacbs-test:v1.1.8@sha256:8de0ec0875c7c6a41e0208b0030090992169f501166154edaded8a4f6121b164 + image: quay.io/redhat-appstudio/hacbs-test:v1.1.9@sha256:866675ee3064cf4768691ecca478063ce12f0556fb9d4f24ca95c98664ffbd43 # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent # also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released. @@ -87,7 +87,7 @@ spec: - mountPath: /work name: work - name: modify-clam-output-to-json - image: quay.io/redhat-appstudio/hacbs-test:v1.1.8@sha256:8de0ec0875c7c6a41e0208b0030090992169f501166154edaded8a4f6121b164 + image: quay.io/redhat-appstudio/hacbs-test:v1.1.9@sha256:866675ee3064cf4768691ecca478063ce12f0556fb9d4f24ca95c98664ffbd43 # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent # also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released. @@ -139,7 +139,7 @@ spec: if __name__ == "__main__": main() - name: store-hacbs-test-output-result - image: quay.io/redhat-appstudio/hacbs-test:v1.1.8@sha256:8de0ec0875c7c6a41e0208b0030090992169f501166154edaded8a4f6121b164 + image: quay.io/redhat-appstudio/hacbs-test:v1.1.9@sha256:866675ee3064cf4768691ecca478063ce12f0556fb9d4f24ca95c98664ffbd43 # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent # also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released. diff --git a/pac/tasks/deprecated-image-check.yaml b/pac/tasks/deprecated-image-check.yaml index d032dab..f2487b3 100644 --- a/pac/tasks/deprecated-image-check.yaml +++ b/pac/tasks/deprecated-image-check.yaml @@ -29,7 +29,7 @@ spec: steps: - name: check-images - image: quay.io/redhat-appstudio/hacbs-test:v1.1.8@sha256:8de0ec0875c7c6a41e0208b0030090992169f501166154edaded8a4f6121b164 + image: quay.io/redhat-appstudio/hacbs-test:v1.1.9@sha256:866675ee3064cf4768691ecca478063ce12f0556fb9d4f24ca95c98664ffbd43 # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent # also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released. diff --git a/pac/tasks/fbc-related-image-check.yaml b/pac/tasks/fbc-related-image-check.yaml index b6107af..96d6c66 100644 --- a/pac/tasks/fbc-related-image-check.yaml +++ b/pac/tasks/fbc-related-image-check.yaml @@ -17,7 +17,7 @@ spec: - name: workspace steps: - name: check-related-images - image: quay.io/redhat-appstudio/hacbs-test:v1.1.8@sha256:8de0ec0875c7c6a41e0208b0030090992169f501166154edaded8a4f6121b164 + image: quay.io/redhat-appstudio/hacbs-test:v1.1.9@sha256:866675ee3064cf4768691ecca478063ce12f0556fb9d4f24ca95c98664ffbd43 # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent # also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released. diff --git a/pac/tasks/fbc-validation.yaml b/pac/tasks/fbc-validation.yaml index da81bf8..75b47e5 100644 --- a/pac/tasks/fbc-validation.yaml +++ b/pac/tasks/fbc-validation.yaml @@ -26,7 +26,7 @@ spec: - name: workspace steps: - name: extract-and-check-binaries - image: quay.io/redhat-appstudio/hacbs-test:v1.1.8@sha256:8de0ec0875c7c6a41e0208b0030090992169f501166154edaded8a4f6121b164 + image: quay.io/redhat-appstudio/hacbs-test:v1.1.9@sha256:866675ee3064cf4768691ecca478063ce12f0556fb9d4f24ca95c98664ffbd43 # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent # also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released. diff --git a/pac/tasks/init.yaml b/pac/tasks/init.yaml index a1473bc..e6dd5c9 100644 --- a/pac/tasks/init.yaml +++ b/pac/tasks/init.yaml @@ -1,8 +1,8 @@ -apiVersion: tekton.dev/v1 +apiVersion: tekton.dev/v1beta1 kind: Task metadata: labels: - app.kubernetes.io/version: "0.1" + app.kubernetes.io/version: "0.2" annotations: tekton.dev/pipelines.minVersion: "0.12.1" tekton.dev/tags: "appstudio, hacbs" @@ -19,27 +19,13 @@ spec: - name: skip-checks description: Skip checks against built image default: "false" - - name: skip-optional - default: "true" - description: Skip optional checks, set false if you want to run optional checks - - name: pipelinerun-name - description: unused, should be removed in next task version - default: "" - - name: pipelinerun-uid - description: unused, should be removed in next task version - default: "" results: - name: build description: Defines if the image in param image-url should be built - - name: container-registry-secret - description: unused, should be removed in next task version steps: - name: init image: registry.redhat.io/openshift4/ose-cli:4.13@sha256:73df37794ffff7de1101016c23dc623e4990810390ebdabcbbfa065214352c7c - # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting - # the cluster will set imagePullPolicy to IfNotPresent - # also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released. env: - name: IMAGE_URL value: $(params.image-url) @@ -47,8 +33,6 @@ spec: value: $(params.rebuild) - name: SKIP_CHECKS value: $(params.skip-checks) - - name: SKIP_OPTIONAL - value: $(params.skip-optional) script: | #!/bin/bash echo "Build Initialize: $IMAGE_URL" @@ -61,4 +45,3 @@ spec: else echo -n "false" > $(results.build.path) fi - echo unused > $(results.container-registry-secret.path) diff --git a/pac/tasks/inspect-image.yaml b/pac/tasks/inspect-image.yaml index 75f3f34..1354d0f 100644 --- a/pac/tasks/inspect-image.yaml +++ b/pac/tasks/inspect-image.yaml @@ -33,7 +33,7 @@ spec: - name: source steps: - name: inspect-image - image: quay.io/redhat-appstudio/hacbs-test:v1.1.8@sha256:8de0ec0875c7c6a41e0208b0030090992169f501166154edaded8a4f6121b164 + image: quay.io/redhat-appstudio/hacbs-test:v1.1.9@sha256:866675ee3064cf4768691ecca478063ce12f0556fb9d4f24ca95c98664ffbd43 # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent # also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released. diff --git a/pac/tasks/prefetch-dependencies.yaml b/pac/tasks/prefetch-dependencies.yaml index 95632cb..680febb 100644 --- a/pac/tasks/prefetch-dependencies.yaml +++ b/pac/tasks/prefetch-dependencies.yaml @@ -15,7 +15,7 @@ spec: - description: Configures project packages that will have their dependencies prefetched. name: input steps: - - image: quay.io/redhat-appstudio/cachi2:0.3.0@sha256:46097f22b57e4d48a3fce96d931e08ccfe3a3e6421362d5f9353961279078eef + - image: quay.io/redhat-appstudio/cachi2:0.4.0@sha256:001acfbad47e132a90998d45076a0dbe0d8beacf0bec12b4d9a5aa796f4a9cad # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent # also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released. diff --git a/pac/tasks/sast-snyk-check.yaml b/pac/tasks/sast-snyk-check.yaml index 795c760..828f933 100644 --- a/pac/tasks/sast-snyk-check.yaml +++ b/pac/tasks/sast-snyk-check.yaml @@ -28,7 +28,7 @@ spec: optional: true steps: - name: sast-snyk-check - image: quay.io/redhat-appstudio/hacbs-test:v1.1.8@sha256:8de0ec0875c7c6a41e0208b0030090992169f501166154edaded8a4f6121b164 + image: quay.io/redhat-appstudio/hacbs-test:v1.1.9@sha256:866675ee3064cf4768691ecca478063ce12f0556fb9d4f24ca95c98664ffbd43 # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent # also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released. diff --git a/pac/tasks/sbom-json-check.yaml b/pac/tasks/sbom-json-check.yaml index e45e396..190d0c2 100644 --- a/pac/tasks/sbom-json-check.yaml +++ b/pac/tasks/sbom-json-check.yaml @@ -18,7 +18,7 @@ spec: name: TEST_OUTPUT steps: - name: sbom-json-check - image: quay.io/redhat-appstudio/hacbs-test:v1.1.8@sha256:8de0ec0875c7c6a41e0208b0030090992169f501166154edaded8a4f6121b164 + image: quay.io/redhat-appstudio/hacbs-test:v1.1.9@sha256:866675ee3064cf4768691ecca478063ce12f0556fb9d4f24ca95c98664ffbd43 # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent # also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released.