From 6b0177a1c3ad9727203ab4dbe63f39f9a73438ce Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 2 Dec 2024 16:26:04 +0100
Subject: [PATCH] hack/generate-sast-tasks.sh: build sast-coverity-check.yaml

---
 hack/generate-sast-tasks.sh                   | 19 +++++++++++++++++++
 .../0.2/sast-coverity-check-oci-ta.yaml       |  2 +-
 .../0.2/sast-coverity-check.yaml              |  2 +-
 3 files changed, 21 insertions(+), 2 deletions(-)
 create mode 100755 hack/generate-sast-tasks.sh

diff --git a/hack/generate-sast-tasks.sh b/hack/generate-sast-tasks.sh
new file mode 100755
index 0000000000..30ae9d4e7e
--- /dev/null
+++ b/hack/generate-sast-tasks.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o errtrace
+set -o nounset
+set -o pipefail
+set -o posix
+
+shopt -s globstar nullglob
+
+HACK_DIR="$(realpath "$(dirname "${BASH_SOURCE[0]}")")"
+ROOT_DIR="$(git rev-parse --show-toplevel)"
+TASK_DIR="$(realpath "${ROOT_DIR}/task")"
+
+# sast-coverity-check of version 0.2 and newer uses kustomize to build the task
+# definition from the buildah task and a locally maintained patch.yaml
+for dir in "${TASK_DIR}/sast-coverity-check"/0.[2-9]; do (
+    cd "$dir" && kustomize build > sast-coverity-check.yaml
+) done
diff --git a/task/sast-coverity-check-oci-ta/0.2/sast-coverity-check-oci-ta.yaml b/task/sast-coverity-check-oci-ta/0.2/sast-coverity-check-oci-ta.yaml
index cd97fa1a92..4e10f8e96a 100644
--- a/task/sast-coverity-check-oci-ta/0.2/sast-coverity-check-oci-ta.yaml
+++ b/task/sast-coverity-check-oci-ta/0.2/sast-coverity-check-oci-ta.yaml
@@ -7,7 +7,7 @@ metadata:
     tekton.dev/pipelines.minVersion: 0.12.1
     tekton.dev/tags: image-build, konflux
   labels:
-    app.kubernetes.io/version: "0.2"
+    app.kubernetes.io/version: 0.2.1
     build.appstudio.redhat.com/build_type: docker
 spec:
   description: Scans source code for security vulnerabilities, including common
diff --git a/task/sast-coverity-check/0.2/sast-coverity-check.yaml b/task/sast-coverity-check/0.2/sast-coverity-check.yaml
index 2679ea4a55..3b305c4942 100644
--- a/task/sast-coverity-check/0.2/sast-coverity-check.yaml
+++ b/task/sast-coverity-check/0.2/sast-coverity-check.yaml
@@ -5,7 +5,7 @@ metadata:
     tekton.dev/pipelines.minVersion: 0.12.1
     tekton.dev/tags: image-build, konflux
   labels:
-    app.kubernetes.io/version: "0.2"
+    app.kubernetes.io/version: 0.2.1
     build.appstudio.redhat.com/build_type: docker
   name: sast-coverity-check
 spec: