From 1d1f6af177b5f176fc1b605a777e31877f9eb045 Mon Sep 17 00:00:00 2001 From: ccronca Date: Wed, 14 Aug 2024 14:56:20 +0200 Subject: [PATCH 1/2] fix(KONFLUX-3663): format Tekton PipelineRun files Format PipelineRun files with yq for consistent indentation and format Signed-off-by: ccronca --- .tekton/kserve-controller-pull-request.yaml | 14 ++++---------- .tekton/kserve-controller-push.yaml | 14 ++++---------- .tekton/kserve-router-pull-request.yaml | 14 ++++---------- .tekton/kserve-router-push.yaml | 14 ++++---------- .../kserve-storage-initializer-pull-request.yaml | 9 +++------ .tekton/kserve-storage-initializer-push.yaml | 9 +++------ 6 files changed, 22 insertions(+), 52 deletions(-) diff --git a/.tekton/kserve-controller-pull-request.yaml b/.tekton/kserve-controller-pull-request.yaml index 4fd9861cc04..2a272649f41 100644 --- a/.tekton/kserve-controller-pull-request.yaml +++ b/.tekton/kserve-controller-pull-request.yaml @@ -7,10 +7,7 @@ metadata: build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: | - event == "pull_request" - && target_branch == "master" - && ( !".tekton/**".pathChanged() || ".tekton/kserve-controller-pull-request.yaml".pathChanged() ) + pipelinesascode.tekton.dev/on-cel-expression: "event == \"pull_request\" \n&& target_branch == \"master\" \n&& ( !\".tekton/**\".pathChanged() || \".tekton/kserve-controller-pull-request.yaml\".pathChanged() )\n" creationTimestamp: null labels: appstudio.openshift.io/application: kserve-controller @@ -78,13 +75,11 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where - to build image. + description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context + description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" @@ -108,8 +103,7 @@ spec: name: java type: string - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "false" description: Build a source image. diff --git a/.tekton/kserve-controller-push.yaml b/.tekton/kserve-controller-push.yaml index 588223217ce..929a9f226c2 100644 --- a/.tekton/kserve-controller-push.yaml +++ b/.tekton/kserve-controller-push.yaml @@ -6,10 +6,7 @@ metadata: build.appstudio.redhat.com/commit_sha: '{{revision}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: | - event == "push" - && target_branch == "master" - && ( !".tekton/**".pathChanged() || ".tekton/kserve-controller-push.yaml".pathChanged() ) + pipelinesascode.tekton.dev/on-cel-expression: "event == \"push\" \n&& target_branch == \"master\" \n&& ( !\".tekton/**\".pathChanged() || \".tekton/kserve-controller-push.yaml\".pathChanged() )\n" creationTimestamp: null labels: appstudio.openshift.io/application: kserve-controller @@ -75,13 +72,11 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where - to build image. + description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context + description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" @@ -105,8 +100,7 @@ spec: name: java type: string - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "false" description: Build a source image. diff --git a/.tekton/kserve-router-pull-request.yaml b/.tekton/kserve-router-pull-request.yaml index 60363b46562..99dfe0c79fd 100644 --- a/.tekton/kserve-router-pull-request.yaml +++ b/.tekton/kserve-router-pull-request.yaml @@ -7,10 +7,7 @@ metadata: build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: | - event == "pull_request" - && target_branch == "master" - && ( !".tekton/**".pathChanged() || ".tekton/kserve-router-pull-request.yaml".pathChanged() ) + pipelinesascode.tekton.dev/on-cel-expression: "event == \"pull_request\" \n&& target_branch == \"master\" \n&& ( !\".tekton/**\".pathChanged() || \".tekton/kserve-router-pull-request.yaml\".pathChanged() )\n" creationTimestamp: null labels: appstudio.openshift.io/application: kserve-router @@ -78,13 +75,11 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where - to build image. + description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context + description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" @@ -108,8 +103,7 @@ spec: name: java type: string - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "false" description: Build a source image. diff --git a/.tekton/kserve-router-push.yaml b/.tekton/kserve-router-push.yaml index 8a3cdd2961f..10a8572327c 100644 --- a/.tekton/kserve-router-push.yaml +++ b/.tekton/kserve-router-push.yaml @@ -6,10 +6,7 @@ metadata: build.appstudio.redhat.com/commit_sha: '{{revision}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: | - event == "push" - && target_branch == "master" - && ( !".tekton/**".pathChanged() || ".tekton/kserve-router-push.yaml".pathChanged() ) + pipelinesascode.tekton.dev/on-cel-expression: "event == \"push\" \n&& target_branch == \"master\" \n&& ( !\".tekton/**\".pathChanged() || \".tekton/kserve-router-push.yaml\".pathChanged() )\n" creationTimestamp: null labels: appstudio.openshift.io/application: kserve-router @@ -75,13 +72,11 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where - to build image. + description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context + description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" @@ -105,8 +100,7 @@ spec: name: java type: string - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "false" description: Build a source image. diff --git a/.tekton/kserve-storage-initializer-pull-request.yaml b/.tekton/kserve-storage-initializer-pull-request.yaml index a4daef26dc4..7e6e2ec9b32 100644 --- a/.tekton/kserve-storage-initializer-pull-request.yaml +++ b/.tekton/kserve-storage-initializer-pull-request.yaml @@ -78,13 +78,11 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where - to build image. + description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context + description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" @@ -108,8 +106,7 @@ spec: name: java type: string - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "false" description: Build a source image. diff --git a/.tekton/kserve-storage-initializer-push.yaml b/.tekton/kserve-storage-initializer-push.yaml index 906444aaff5..e6eeb124a3d 100644 --- a/.tekton/kserve-storage-initializer-push.yaml +++ b/.tekton/kserve-storage-initializer-push.yaml @@ -75,13 +75,11 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where - to build image. + description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context + description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" @@ -105,8 +103,7 @@ spec: name: java type: string - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "false" description: Build a source image. From ba8ad97c03bd98d1fd48b69854df843a0139380d Mon Sep 17 00:00:00 2001 From: ccronca Date: Wed, 14 Aug 2024 14:56:20 +0200 Subject: [PATCH 2/2] fix(KONFLUX-3663): upload SAST results to quay.io Configure the SAST task to upload SARIF results to quay.io for long-term storage Signed-off-by: ccronca --- .tekton/kserve-controller-pull-request.yaml | 7 ++++++- .tekton/kserve-controller-push.yaml | 7 ++++++- .tekton/kserve-router-pull-request.yaml | 7 ++++++- .tekton/kserve-router-push.yaml | 7 ++++++- .tekton/kserve-storage-initializer-pull-request.yaml | 7 ++++++- .tekton/kserve-storage-initializer-push.yaml | 7 ++++++- 6 files changed, 36 insertions(+), 6 deletions(-) diff --git a/.tekton/kserve-controller-pull-request.yaml b/.tekton/kserve-controller-pull-request.yaml index 2a272649f41..653de6d03c5 100644 --- a/.tekton/kserve-controller-pull-request.yaml +++ b/.tekton/kserve-controller-pull-request.yaml @@ -305,7 +305,7 @@ spec: - "false" - name: sast-snyk-check runAfter: - - clone-repository + - build-container taskRef: params: - name: name @@ -323,6 +323,11 @@ spec: workspaces: - name: workspace workspace: workspace + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) - name: clamav-scan params: - name: image-digest diff --git a/.tekton/kserve-controller-push.yaml b/.tekton/kserve-controller-push.yaml index 929a9f226c2..8961c2af79c 100644 --- a/.tekton/kserve-controller-push.yaml +++ b/.tekton/kserve-controller-push.yaml @@ -298,7 +298,7 @@ spec: - "false" - name: sast-snyk-check runAfter: - - clone-repository + - build-container taskRef: params: - name: name @@ -316,6 +316,11 @@ spec: workspaces: - name: workspace workspace: workspace + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) - name: clamav-scan params: - name: image-digest diff --git a/.tekton/kserve-router-pull-request.yaml b/.tekton/kserve-router-pull-request.yaml index 99dfe0c79fd..a5550407490 100644 --- a/.tekton/kserve-router-pull-request.yaml +++ b/.tekton/kserve-router-pull-request.yaml @@ -305,7 +305,7 @@ spec: - "false" - name: sast-snyk-check runAfter: - - clone-repository + - build-container taskRef: params: - name: name @@ -323,6 +323,11 @@ spec: workspaces: - name: workspace workspace: workspace + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) - name: clamav-scan params: - name: image-digest diff --git a/.tekton/kserve-router-push.yaml b/.tekton/kserve-router-push.yaml index 10a8572327c..c65f9f5e595 100644 --- a/.tekton/kserve-router-push.yaml +++ b/.tekton/kserve-router-push.yaml @@ -298,7 +298,7 @@ spec: - "false" - name: sast-snyk-check runAfter: - - clone-repository + - build-container taskRef: params: - name: name @@ -316,6 +316,11 @@ spec: workspaces: - name: workspace workspace: workspace + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) - name: clamav-scan params: - name: image-digest diff --git a/.tekton/kserve-storage-initializer-pull-request.yaml b/.tekton/kserve-storage-initializer-pull-request.yaml index 7e6e2ec9b32..b937bd61cb6 100644 --- a/.tekton/kserve-storage-initializer-pull-request.yaml +++ b/.tekton/kserve-storage-initializer-pull-request.yaml @@ -308,7 +308,7 @@ spec: - "false" - name: sast-snyk-check runAfter: - - clone-repository + - build-container taskRef: params: - name: name @@ -326,6 +326,11 @@ spec: workspaces: - name: workspace workspace: workspace + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) - name: clamav-scan params: - name: image-digest diff --git a/.tekton/kserve-storage-initializer-push.yaml b/.tekton/kserve-storage-initializer-push.yaml index e6eeb124a3d..664df9a8cb2 100644 --- a/.tekton/kserve-storage-initializer-push.yaml +++ b/.tekton/kserve-storage-initializer-push.yaml @@ -301,7 +301,7 @@ spec: - "false" - name: sast-snyk-check runAfter: - - clone-repository + - build-container taskRef: params: - name: name @@ -319,6 +319,11 @@ spec: workspaces: - name: workspace workspace: workspace + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) - name: clamav-scan params: - name: image-digest