sast-coverity-check: rename the workspace to source

... to make the interface compatible with the `build-container` task Related: konflux-ci#1653
kdudka · Dec 17, 2024 · 9b1a1ee · 9b1a1ee
1 parent 3860c4f
commit 9b1a1ee
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 10 deletions.
diff --git a/pipelines/docker-build/README.md b/pipelines/docker-build/README.md
@@ -331,7 +331,7 @@ This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/reposito
 |---|---|---|---|
 |git-auth| |True| clone-repository:0.1:basic-auth ; prefetch-dependencies:0.1:git-basic-auth|
 |netrc| |True| prefetch-dependencies:0.1:netrc|
-|workspace| |False| show-summary:0.2:workspace ; clone-repository:0.1:output ; prefetch-dependencies:0.1:source ; build-container:0.2:source ; build-source-image:0.1:workspace ; sast-snyk-check:0.3:workspace ; sast-coverity-check:0.2:workspace ; sast-shell-check:0.1:workspace ; sast-unicode-check:0.1:workspace ; push-dockerfile:0.1:workspace|
+|workspace| |False| show-summary:0.2:workspace ; clone-repository:0.1:output ; prefetch-dependencies:0.1:source ; build-container:0.2:source ; build-source-image:0.1:workspace ; sast-snyk-check:0.3:workspace ; sast-coverity-check:0.2:source ; sast-shell-check:0.1:workspace ; sast-unicode-check:0.1:workspace ; push-dockerfile:0.1:workspace|
 ## Available workspaces from tasks
 ### buildah:0.2 task workspaces
 |name|description|optional|workspace from pipeline
@@ -356,7 +356,7 @@ This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/reposito
 ### sast-coverity-check:0.2 task workspaces
 |name|description|optional|workspace from pipeline
 |---|---|---|---|
-|workspace| | False| workspace|
+|source| | False| workspace|
 ### sast-shell-check:0.1 task workspaces
 |name|description|optional|workspace from pipeline
 |---|---|---|---|

diff --git a/pipelines/template-build/template-build.yaml b/pipelines/template-build/template-build.yaml
@@ -255,7 +255,7 @@ spec:
         - name: image-url
           value: $(tasks.build-image-index.results.IMAGE_URL)
       workspaces:
-        - name: workspace
+        - name: source
           workspace: workspace
     - name: coverity-availability-check
       when:

diff --git a/task/sast-coverity-check/0.2/MIGRATION.md b/task/sast-coverity-check/0.2/MIGRATION.md
@@ -1,7 +1,11 @@
 # Migration from 0.1 to 0.2
 
+- The workspace has been renamed to `source` to make the interface compatible
+  with the `build-container` task.
+
 - The unused `IMAGE_DIGEST` parameter has been removed.
 
 ## Action from users
 
+- The workspace for this task in the build pipeline should be renamed to `source`.
 - The parameter definition can be removed for this task in the build pipeline.
diff --git a/task/sast-coverity-check/0.2/sast-coverity-check.yaml b/task/sast-coverity-check/0.2/sast-coverity-check.yaml
@@ -86,7 +86,7 @@ spec:
           cpu: "16"
       # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting
       # the cluster will set imagePullPolicy to IfNotPresent
-      workingDir: $(workspaces.workspace.path)/hacbs/$(context.task.name)
+      workingDir: $(workspaces.source.path)/hacbs/$(context.task.name)
       volumeMounts:
         - name: cov-license
           mountPath: "/etc/secrets/cov"
@@ -130,9 +130,9 @@ spec:
         echo "The PROJECT_NAME used is: ${PROJECT_NAME}"
 
         COVERITY_DIR=/var/tmp/coverity/idir
-        COVERITY_RESULTS_FILE=$(workspaces.workspace.path)/coverity-buildless-results.json
+        COVERITY_RESULTS_FILE=$(workspaces.source.path)/coverity-buildless-results.json
         COV_LICENSE_PATH=/etc/secrets/cov/cov-license
-        SOURCE_CODE_DIR=$(workspaces.workspace.path)
+        SOURCE_CODE_DIR=$(workspaces.source.path)
 
         # Installing Coverity license
         cp "$COV_LICENSE_PATH" /opt/coverity/bin/license.dat
@@ -227,23 +227,23 @@ spec:
           (set -x $$ csgrep --mode=evtstat filtered_sast_coverity_buildless_check_all_findings.json)
         fi
 
-        csgrep --mode=sarif filtered_sast_coverity_buildless_check_all_findings.json > "$(workspaces.workspace.path)"/coverity-results.sarif
+        csgrep --mode=sarif filtered_sast_coverity_buildless_check_all_findings.json > "$(workspaces.source.path)"/coverity-results.sarif
 
         if [[ -z "$(csgrep --mode=evtstat filtered_sast_coverity_buildless_check_all_findings.json)" ]]; then
           note="Task $(context.task.name) success: No finding was detected"
           ERROR_OUTPUT=$(make_result_json -r SUCCESS -t "$note")
           echo "${ERROR_OUTPUT}" | tee "$(results.TEST_OUTPUT.path)"
         else
           TEST_OUTPUT=
-          parse_test_output "$(context.task.name)" sarif "$(workspaces.workspace.path)"/coverity-results.sarif || true
+          parse_test_output "$(context.task.name)" sarif "$(workspaces.source.path)"/coverity-results.sarif || true
           note="Task $(context.task.name) failed: For details, check Tekton task log."
           echo "${ERROR_OUTPUT}" | tee "$(results.TEST_OUTPUT.path)"
         fi
 
         echo "${TEST_OUTPUT:-${ERROR_OUTPUT}}" | tee "$(results.TEST_OUTPUT.path)"
     - name: upload
       image: quay.io/konflux-ci/oras:latest@sha256:99737f436051e6d3866eb8a8706463c35abf72c87f05090ff42ff642f6729661
-      workingDir: $(workspaces.workspace.path)
+      workingDir: $(workspaces.source.path)
       env:
         - name: IMAGE_URL
           value: $(params.image-url)
@@ -273,4 +273,4 @@ spec:
           oras attach --no-tty --registry-config "$HOME/auth.json" --artifact-type "${MEDIA_TYPE}" "${IMAGE_URL}" "${UPLOAD_FILE}:${MEDIA_TYPE}"
         done
   workspaces:
-    - name: workspace
+    - name: source