Add descriptions to pipelines

Signed-off-by: arewm <[email protected]>

hack/generate-pipelines-readme.py

@@ -78,6 +78,7 @@ def main():
             continue
 
         pipeline_name = pipeline_data['metadata']['name']
+        pipeline_description = pipeline_data['spec'].get('description', '')
         pipelines_info[pipeline_name] = {'params': [], 'results': [], 'workspaces': [], 'tasks': []}
 
         for param in pipeline_data['spec'].get('params', []):
@@ -181,7 +182,9 @@ def main():
             for name, items in pipelines_info.items():
                 # print pipeline params
                 f.write(f"# \"{name} pipeline\"\n")
-                f.write(f"## Parameters\n")
+                if pipeline_description:
+                    f.write(f"{pipeline_description}")
+                f.write(f"\n## Parameters\n")
                 f.write("|name|description|default value|used in (taskname:taskrefversion:taskparam)|\n")
                 f.write("|---|---|---|---|\n")
                 for param in sorted(items['params'], key=lambda x: x['name']):
@@ -190,7 +193,7 @@ def main():
                     f.write(f"|{param['name']}| {desc}| {param['default']}| {used}|\n")
 
                 # print task params
-                f.write(f"## Available params from tasks\n")
+                f.write(f"\n## Available params from tasks\n")
                 for task in sorted(all_tasks, key=lambda x: x['name']):
                     if not task['params']:
                         continue

pipelines/docker-build-multi-platform-oci-ta/README.md

@@ -1,4 +1,9 @@
 # "docker-build-multi-platform-oci-ta pipeline"
+This pipeline is ideal for building multi-arch container images from a Containerfile while maintaining trust after pipeline customization.
+
+_Uses `buildah` to create a multi-platform container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. This pipeline requires that the [multi platform controller](https://github.com/konflux-ci/multi-platform-controller) is deployed and configured on your Konflux instance. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks.
+This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-multi-platform-oci-ta?tab=tags)_
+
 ## Parameters
 |name|description|default value|used in (taskname:taskrefversion:taskparam)|
 |---|---|---|---|
@@ -17,6 +22,7 @@
 |rebuild| Force rebuild image| false| init:0.2:rebuild|
 |revision| Revision of the Source Repository| | clone-repository:0.1:revision|
 |skip-checks| Skip checks against built image| false| init:0.2:skip-checks|
+
 ## Available params from tasks
 ### apply-tags:0.1 task parameters
 |name|description|default value|already set by|

pipelines/docker-build-multi-platform-oci-ta/patch.yaml

@@ -1,4 +1,11 @@
 ---
+- op: add
+  path: /spec/description
+  value: |
+    This pipeline is ideal for building multi-arch container images from a Containerfile while maintaining trust after pipeline customization.
+
+    _Uses `buildah` to create a multi-platform container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. This pipeline requires that the [multi platform controller](https://github.com/konflux-ci/multi-platform-controller) is deployed and configured on your Konflux instance. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks.
+    This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-multi-platform-oci-ta?tab=tags)_
 - op: replace
   path: /metadata/name
   value: docker-build-multi-platform-oci-ta

pipelines/docker-build-oci-ta/README.md

@@ -1,4 +1,9 @@
 # "docker-build-oci-ta pipeline"
+This pipeline is ideal for building container images from a Containerfile while maintaining trust after pipeline customization.
+
+_Uses `buildah` to create a container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks.
+This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-oci-ta?tab=tags)_
+
 ## Parameters
 |name|description|default value|used in (taskname:taskrefversion:taskparam)|
 |---|---|---|---|
@@ -16,6 +21,7 @@
 |rebuild| Force rebuild image| false| init:0.2:rebuild|
 |revision| Revision of the Source Repository| | clone-repository:0.1:revision|
 |skip-checks| Skip checks against built image| false| init:0.2:skip-checks|
+
 ## Available params from tasks
 ### apply-tags:0.1 task parameters
 |name|description|default value|already set by|

pipelines/docker-build-oci-ta/patch.yaml

@@ -1,4 +1,11 @@
 ---
+- op: add
+  path: /spec/description
+  value: |
+    This pipeline is ideal for building container images from a Containerfile while maintaining trust after pipeline customization.
+
+    _Uses `buildah` to create a container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks.
+    This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-oci-ta?tab=tags)_
 - op: replace
   path: /metadata/name
   value: docker-build-oci-ta

pipelines/docker-build-rhtap/README.md

@@ -1,4 +1,5 @@
 # "docker-build-rhtap pipeline"
+
 ## Parameters
 |name|description|default value|used in (taskname:taskrefversion:taskparam)|
 |---|---|---|---|
@@ -14,6 +15,7 @@
 |rebuild| Force rebuild image| false| init:0.2:rebuild|
 |revision| Revision of the Source Repository| | clone-repository:0.1:revision|
 |stackrox-secret| | rox-api-token| acs-image-check:0.1:rox-secret-name ; acs-image-scan:0.1:rox-secret-name ; acs-deploy-check:0.1:rox-secret-name|
+
 ## Available params from tasks
 ### acs-deploy-check:0.1 task parameters
 |name|description|default value|already set by|

pipelines/docker-build/README.md

@@ -1,4 +1,9 @@
 # "docker-build pipeline"
+This pipeline is ideal for building container images from a Containerfile while reducing network traffic.
+
+_Uses `buildah` to create a container image. It also optionally creates a source image and runs some build-time tests. EC will flag a violation for [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) if any tasks are added to the pipeline.
+This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build?tab=tags)_
+
 ## Parameters
 |name|description|default value|used in (taskname:taskrefversion:taskparam)|
 |---|---|---|---|
@@ -16,6 +21,7 @@
 |rebuild| Force rebuild image| false| init:0.2:rebuild|
 |revision| Revision of the Source Repository| | clone-repository:0.1:revision|
 |skip-checks| Skip checks against built image| false| init:0.2:skip-checks|
+
 ## Available params from tasks
 ### apply-tags:0.1 task parameters
 |name|description|default value|already set by|

pipelines/docker-build/patch.yaml

@@ -1,4 +1,11 @@
 ---
+- op: add
+  path: /spec/description
+  value: |
+    This pipeline is ideal for building container images from a Containerfile while reducing network traffic.
+
+    _Uses `buildah` to create a container image. It also optionally creates a source image and runs some build-time tests. EC will flag a violation for [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) if any tasks are added to the pipeline.
+    This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build?tab=tags)_
 - op: replace
   path: /metadata/name
   value: docker-build

pipelines/fbc-builder/README.md

@@ -1,4 +1,9 @@
 # "fbc-builder pipeline"
+This pipeline is ideal for building and verifying [file-based catalogs](https://konflux-ci.dev/docs/advanced-how-tos/building-olm.adoc#building-the-file-based-catalog).
+
+_Uses `buildah` to create a container image. Its build-time tests are limited to verifying the included catalog and do not scan the image.
+This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-fbc-builder?tab=tags)_
+
 ## Parameters
 |name|description|default value|used in (taskname:taskrefversion:taskparam)|
 |---|---|---|---|
@@ -14,6 +19,7 @@
 |rebuild| Force rebuild image| false| init:0.2:rebuild|
 |revision| Revision of the Source Repository| | clone-repository:0.1:revision|
 |skip-checks| Skip checks against built image| false| init:0.2:skip-checks|
+
 ## Available params from tasks
 ### apply-tags:0.1 task parameters
 |name|description|default value|already set by|

pipelines/fbc-builder/patch.yaml

@@ -1,4 +1,11 @@
 ---
+- op: add
+  path: /spec/description
+  value: |
+    This pipeline is ideal for building and verifying [file-based catalogs](https://konflux-ci.dev/docs/advanced-how-tos/building-olm.adoc#building-the-file-based-catalog).
+
+    _Uses `buildah` to create a container image. Its build-time tests are limited to verifying the included catalog and do not scan the image.
+    This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-fbc-builder?tab=tags)_
 - op: replace
   path: /metadata/name
   value: fbc-builder

pipelines/gitops-pull-request-rhtap/README.md

@@ -1,4 +1,5 @@
 # "gitops-pull-request pipeline"
+
 ## Parameters
 |name|description|default value|used in (taskname:taskrefversion:taskparam)|
 |---|---|---|---|
@@ -12,6 +13,7 @@
 |revision| Gitops repo revision| | clone-repository:0.1:revision|
 |target-branch| The target branch for the pull request| main| get-images-to-verify:0.1:TARGET_BRANCH ; get-images-to-upload-sbom:0.1:TARGET_BRANCH|
 |trustification-secret-name| The name of the Secret that contains Trustification (TPA) configuration| tpa-secret| upload-sboms-to-trustification:0.1:TRUSTIFICATION_SECRET_NAME|
+
 ## Available params from tasks
 ### download-sbom-from-url-in-attestation:0.1 task parameters
 |name|description|default value|already set by|

pipelines/java-builder/README.md

@@ -1,4 +1,5 @@
 # "java-builder pipeline"
+
 ## Parameters
 |name|description|default value|used in (taskname:taskrefversion:taskparam)|
 |---|---|---|---|
@@ -14,6 +15,7 @@
 |rebuild| Force rebuild image| false| init:0.2:rebuild|
 |revision| Revision of the Source Repository| | clone-repository:0.1:revision|
 |skip-checks| Skip checks against built image| false| init:0.2:skip-checks|
+
 ## Available params from tasks
 ### apply-tags:0.1 task parameters
 |name|description|default value|already set by|

pipelines/nodejs-builder/README.md

@@ -1,4 +1,5 @@
 # "nodejs-builder pipeline"
+
 ## Parameters
 |name|description|default value|used in (taskname:taskrefversion:taskparam)|
 |---|---|---|---|
@@ -14,6 +15,7 @@
 |rebuild| Force rebuild image| false| init:0.2:rebuild|
 |revision| Revision of the Source Repository| | clone-repository:0.1:revision|
 |skip-checks| Skip checks against built image| false| init:0.2:skip-checks|
+
 ## Available params from tasks
 ### apply-tags:0.1 task parameters
 |name|description|default value|already set by|

pipelines/tekton-bundle-builder/README.md

@@ -1,4 +1,5 @@
 # "tekton-bundle-builder pipeline"
+
 ## Parameters
 |name|description|default value|used in (taskname:taskrefversion:taskparam)|
 |---|---|---|---|
@@ -14,6 +15,7 @@
 |rebuild| Force rebuild image| false| init:0.2:rebuild|
 |revision| Revision of the Source Repository| | clone-repository:0.1:revision|
 |skip-checks| Skip checks against built image| false| init:0.2:skip-checks|
+
 ## Available params from tasks
 ### apply-tags:0.1 task parameters
 |name|description|default value|already set by|