psturc-org · psturc · Aug 11, 2022 · Dec 13, 2022
diff --git a/.tekton/testgo-pull-request.yaml b/.tekton/testgo-pull-request.yaml
@@ -0,0 +1,360 @@
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  annotations:
+    build.appstudio.redhat.com/commit_sha: '{{revision}}'
+    build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}'
+    build.appstudio.redhat.com/target_branch: '{{target_branch}}'
+    pipelinesascode.tekton.dev/max-keep-runs: "3"
+    pipelinesascode.tekton.dev/on-event: '[pull_request]'
+    pipelinesascode.tekton.dev/on-target-branch: '[main,master]'
+  creationTimestamp: null
+  labels:
+    appstudio.openshift.io/application: test-app
+    appstudio.openshift.io/component: testgo
+    pipelines.appstudio.openshift.io/type: build
+  name: testgo-on-pull-request
+  namespace: pipeline-selection
+spec:
+  params:
+  - name: git-url
+    value: '{{repo_url}}'
+  - name: revision
+    value: '{{revision}}'
+  - name: output-image
+    value: quay.io/psturc/test-images:on-pr-{{revision}}
+  - name: dockerfile
+    value: docker/Dockerfile
+  - name: path-context
+    value: .
+  pipelineSpec:
+    finally:
+    - name: show-summary
+      params:
+      - name: pipeline-run-name
+        value: $(context.pipelineRun.name)
+      - name: git-url
+        value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit)
+      - name: image-url
+        value: $(params.output-image)
+      taskRef:
+        bundle: quay.io/redhat-appstudio-tekton-catalog/task-summary:0.1@sha256:59d49758686c141bd26b3c193e52fd23bb47831c2a5d5872388ad6824684735e
+        name: summary
+    params:
+    - description: Source Repository URL
+      name: git-url
+      type: string
+    - default: ""
+      description: Revision of the Source Repository
+      name: revision
+      type: string
+    - description: Fully Qualified Output Image
+      name: output-image
+      type: string
+    - default: .
+      description: The path to your source code
+      name: path-context
+      type: string
+    - default: Dockerfile
+      description: Path to the Dockerfile
+      name: dockerfile
+      type: string
+    - default: "false"
+      description: Force rebuild image
+      name: rebuild
+      type: string
+    - default: "false"
+      description: Enable HACBS tasks
+      name: hacbs
+      type: string
+    - default: "false"
+      description: Java build
+      name: java
+      type: string
+    results:
+    - description: ""
+      name: IMAGE_URL
+      value: $(tasks.build-container.results.IMAGE_URL)
+    - description: ""
+      name: IMAGE_DIGEST
+      value: $(tasks.build-container.results.IMAGE_DIGEST)
+    - description: ""
+      name: CHAINS-GIT_URL
+      value: $(tasks.clone-repository.results.url)
+    - description: ""
+      name: CHAINS-GIT_COMMIT
+      value: $(tasks.clone-repository.results.commit)
+    - description: ""
+      name: JAVA_COMMUNITY_DEPENDENCIES
+      value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES)
+    tasks:
+    - name: appstudio-init
+      params:
+      - name: image-url
+        value: $(params.output-image)
+      - name: rebuild
+        value: $(params.rebuild)
+      - name: hacbs
+        value: $(params.hacbs)
+      - name: pipeline-run-name
+        value: $(context.pipelineRun.name)
+      taskRef:
+        bundle: quay.io/redhat-appstudio-tekton-catalog/task-init:0.1@sha256:aa9c545f70d0618a5d119addedf3136619914c923cb67740283c11219f3f3a1e
+        name: init
+    - name: clone-repository
+      params:
+      - name: url
+        value: $(params.git-url)
+      - name: revision
+        value: $(params.revision)
+      runAfter:
+      - appstudio-init
+      taskRef:
+        bundle: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:5e409aeff2f143a0d368dc8c53d1f4d8b9fc5be83f7111a99d0d367487655229
+        name: git-clone
+      when:
+      - input: $(tasks.appstudio-init.results.build)
+        operator: in
+        values:
+        - "true"
+      workspaces:
+      - name: output
+        workspace: workspace
+      - name: basic-auth
+        workspace: git-auth
+    - name: appstudio-configure-build
+      runAfter:
+      - clone-repository
+      taskRef:
+        bundle: quay.io/redhat-appstudio-tekton-catalog/task-configure-build:0.1@sha256:9f8b5438fda511507e51a0372b4d85892d6f695bd4f54ce067e1c1a1fbc70b30
+        name: configure-build
+      when:
+      - input: $(tasks.appstudio-init.results.build)
+        operator: in
+        values:
+        - "true"
+      workspaces:
+      - name: source
+        workspace: workspace
+      - name: registry-auth
+        workspace: registry-auth
+    - name: prefetch-dependencies
+      params:
+      - name: package-type
+        value: gomod
+      - name: package-path
+        value: $(params.path-context)
+      runAfter:
+      - appstudio-configure-build
+      taskRef:
+        bundle: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:068c26c173a3c548678c3c5a4095dfa393c815c0a3ab8437ae9ad846ba1f6cf4
+        name: prefetch-dependencies
+      when:
+      - input: $(tasks.clone-repository.results.hermetic-build)
+        operator: in
+        values:
+        - "true"
+      workspaces:
+      - name: source
+        workspace: workspace
+    - name: build-container
+      params:
+      - name: IMAGE
+        value: $(params.output-image)
+      - name: DOCKERFILE
+        value: $(params.dockerfile)
+      - name: CONTEXT
+        value: $(params.path-context)
+      - name: BUILD_EXTRA_ARGS
+        value: $(tasks.appstudio-configure-build.results.buildah-auth-param)
+      - name: PUSH_EXTRA_ARGS
+        value: $(tasks.appstudio-configure-build.results.buildah-auth-param)
+      - name: HERMETIC_BUILD
+        value: $(tasks.clone-repository.results.hermetic-build)
+      runAfter:
+      - prefetch-dependencies
+      taskRef:
+        bundle: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.1@sha256:0310f911d5686e2906514f56a16ff29e4bdc4c2775ea5473e3d920fd96fdd0ed
+        name: buildah
+      when:
+      - input: $(tasks.appstudio-init.results.build)
+        operator: in
+        values:
+        - "true"
+      workspaces:
+      - name: source
+        workspace: workspace
+    - name: sanity-inspect-image
+      params:
+      - name: IMAGE_URL
+        value: $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)
+      runAfter:
+      - build-container
+      taskRef:
+        bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-inspect-image:0.1@sha256:1ff8cea8259a415a7ca6de7d47ade692813721653f89166f549e732cecaf2dcf
+        name: sanity-inspect-image
+      when:
+      - input: $(params.hacbs)
+        operator: in
+        values:
+        - "true"
+      workspaces:
+      - name: workspace
+        workspace: workspace
+    - name: sanity-label-check
+      runAfter:
+      - sanity-inspect-image
+      taskRef:
+        bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-label-check:0.1@sha256:3bd4633b70548dd0055068a970322811b3a96a8a5d98d0b483c748d37135a7a5
+        name: sanity-label-check
+      when:
+      - input: $(params.hacbs)
+        operator: in
+        values:
+        - "true"
+      workspaces:
+      - name: workspace
+        workspace: workspace
+    - name: sanity-optional-label-check
+      params:
+      - name: POLICY_NAMESPACE
+        value: optional_checks
+      runAfter:
+      - sanity-inspect-image
+      taskRef:
+        bundle: quay.io/redhat-appstudio-tekton-catalog/task-sanity-label-check:0.1@sha256:3bd4633b70548dd0055068a970322811b3a96a8a5d98d0b483c748d37135a7a5
+        name: sanity-label-check
+      when:
+      - input: $(params.hacbs)
+        operator: in
+        values:
+        - "true"
+      workspaces:
+      - name: workspace
+        workspace: workspace
+    - name: deprecated-base-image-check
+      params:
+      - name: IMAGE_REGISTRY
+        value: registry.access.redhat.com
+      - name: IMAGE_REPOSITORY
+        value: $(tasks.sanity-inspect-image.results.BASE_IMAGE_REPOSITORY)
+      runAfter:
+      - sanity-inspect-image
+      taskRef:
+        bundle: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.1@sha256:a7e8f82a7c5c4b2e8bf86338f8aedf44b5606daf591462b9aa5adb35f7df6cac
+        name: deprecated-image-check
+      when:
+      - input: $(params.hacbs)
+        operator: in
+        values:
+        - "true"
+      workspaces:
+      - name: sanity-ws
+        workspace: workspace
+    - name: get-clair-results
+      params:
+      - name: image-digest
+        value: $(tasks.build-container.results.IMAGE_DIGEST)
+      - name: image-url
+        value: $(tasks.build-container.results.IMAGE_URL)
+      runAfter:
+      - build-container
+      taskRef:
+        bundle: quay.io/redhat-appstudio-tekton-catalog/task-get-clair-scan:0.1@sha256:f5259b6194f73e43f8f1d8ec8f7cd7466209fbf8aaf8b8ac4cf653fc54fc6b3b
+        name: get-clair-scan
+      when:
+      - input: $(params.hacbs)
+        operator: in
+        values:
+        - "true"
+      workspaces:
+      - name: clair-ws
+        workspace: workspace
+      - name: registry-auth
+        workspace: registry-auth
+    - name: conftest-clair
+      runAfter:
+      - get-clair-results
+      taskRef:
+        bundle: quay.io/redhat-appstudio-tekton-catalog/task-conftest-clair:0.1@sha256:afd12c004c1e4f0a86f117fc1fee85ab19c9f090e281e2e0db0c0c14adecff35
+        name: conftest-clair
+      when:
+      - input: $(params.hacbs)
+        operator: in
+        values:
+        - "true"
+      workspaces:
+      - name: conftest-ws
+        workspace: workspace
+    - name: sast-snyk-check
+      runAfter:
+      - clone-repository
+      taskRef:
+        bundle: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:3da394c1123a31a7a3c38e51dc7035e4f468998f6b160d8873d6e9634b6caa6b
+        name: sast-snyk-check
+      when:
+      - input: $(params.hacbs)
+        operator: in
+        values:
+        - "true"
+      workspaces:
+      - name: workspace
+        workspace: workspace
+    - name: clamav-scan
+      params:
+      - name: image-digest
+        value: $(tasks.build-container.results.IMAGE_DIGEST)
+      - name: image-url
+        value: $(tasks.build-container.results.IMAGE_URL)
+      runAfter:
+      - build-container
+      taskRef:
+        bundle: quay.io/redhat-appstudio-tekton-catalog/task-clamav-scan:0.1@sha256:641d749124ff7d80a67e0890198b211db08be77da074deb0e8f206ebfade19db
+        name: clamav-scan
+      when:
+      - input: $(params.hacbs)
+        operator: in
+        values:
+        - "true"
+      workspaces:
+      - name: registry-auth
+        workspace: registry-auth
+    - name: sbom-json-check
+      params:
+      - name: IMAGE_URL
+        value: $(tasks.build-container.results.IMAGE_URL)
+      runAfter:
+      - build-container
+      taskRef:
+        bundle: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:9d228fedb0429e4ae6f383e9355615823e0684a36ab3c2453a3f3cd56f518944
+        name: sbom-json-check
+      when:
+      - input: $(params.hacbs)
+        operator: in
+        values:
+        - "true"
+      workspaces:
+      - name: workspace
+        workspace: workspace
+    workspaces:
+    - name: workspace
+    - name: registry-auth
+      optional: true
+    - name: git-auth
+      optional: true
+  workspaces:
+  - name: workspace
+    volumeClaimTemplate:
+      metadata:
+        creationTimestamp: null
+      spec:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 1Gi
+      status: {}
+  - name: registry-auth
+    secret:
+      secretName: redhat-appstudio-registry-pull-secret
+status: {}