From 908b47de835c0267aab1d642438f4b0d161fbcc2 Mon Sep 17 00:00:00 2001 From: Scott Hebert Date: Mon, 16 Sep 2024 23:18:22 -0400 Subject: [PATCH] feat(KONFLUX-4136): add new reduce step - add new step to reduce snapshot for single component mode Signed-off-by: Scott Hebert --- .../pages/verify-enterprise-contract.adoc | 9 +++++ .../0.1/verify-enterprise-contract.yaml | 36 ++++++++++++++++++- 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/docs/modules/ROOT/pages/verify-enterprise-contract.adoc b/docs/modules/ROOT/pages/verify-enterprise-contract.adoc index 64d4400c7..6c5fb032f 100644 --- a/docs/modules/ROOT/pages/verify-enterprise-contract.adoc +++ b/docs/modules/ROOT/pages/verify-enterprise-contract.adoc @@ -70,6 +70,15 @@ paths can be provided by using the `:` separator. *WORKERS* (`string`):: Number of parallel workers to use for policy evaluation. + *Default*: `1` +*SINGLE_COMPONENT* (`string`):: Reduce the Snapshot to only the component whose build caused the Snapshot to be created ++ +*Default*: `false` +*SINGLE_COMPONENT_CUSTOM_RESOURCE* (`string`):: Name, including kind, of the Kubernetes resource to query for labels when single component mode is enabled, e.g. pr/somepipeline. + ++ +*Default*: `unknown` +*SINGLE_COMPONENT_CUSTOM_RESOURCE_NS* (`string`):: Kubernetes namespace where the SINGLE_COMPONENT_NAME is found. Only used when single component mode is enabled. + == Results diff --git a/tasks/verify-enterprise-contract/0.1/verify-enterprise-contract.yaml b/tasks/verify-enterprise-contract/0.1/verify-enterprise-contract.yaml index 800d1c40a..97303d271 100644 --- a/tasks/verify-enterprise-contract/0.1/verify-enterprise-contract.yaml +++ b/tasks/verify-enterprise-contract/0.1/verify-enterprise-contract.yaml @@ -135,6 +135,25 @@ spec: description: Number of parallel workers to use for policy evaluation. default: "1" + - name: SINGLE_COMPONENT + description: Reduce the Snapshot to only the component whose build caused the Snapshot to be created + type: string + default: "false" + + - name: SINGLE_COMPONENT_CUSTOM_RESOURCE + description: > + Name, including kind, of the Kubernetes resource to query for labels when single + component mode is enabled, e.g. pr/somepipeline. + type: string + default: "unknown" + + - name: SINGLE_COMPONENT_CUSTOM_RESOURCE_NS + description: > + Kubernetes namespace where the SINGLE_COMPONENT_NAME is found. Only used + when single component mode is enabled. + type: string + default: "" + workspaces: - name: data description: The workspace where the snapshot spec json file resides @@ -168,6 +187,21 @@ spec: - name: TUF_MIRROR value: "$(params.TUF_MIRROR)" + - name: reduce + env: + - name: SNAPSHOT + value: $(params.IMAGES) + - name: SINGLE_COMPONENT + value: $(params.SINGLE_COMPONENT) + - name: CUSTOM_RESOURCE + value: $(params.SINGLE_COMPONENT_CUSTOM_RESOURCE) + - name: CUSTOM_RESOURCE_NAMESPACE + value: $(params.SINGLE_COMPONENT_CUSTOM_RESOURCE_NS) + - name: SNAPSHOT_PATH + value: $(params.HOMEDIR)/snapshot.json + image: quay.io/enterprise-contract/ec-cli:snapshot + onError: continue # progress even if the step fails so we can see the debug logs + command: [reduce-snapshot.sh] - name: validate image: quay.io/enterprise-contract/ec-cli:snapshot onError: continue # progress even if the step fails so we can see the debug logs @@ -177,7 +211,7 @@ spec: - image - "--verbose" - "--images" - - "$(params.IMAGES)" + - "/tekton/home/snapshot.json" - "--policy" - "$(params.POLICY_CONFIGURATION)" - "--public-key"