upload-sbom: allow to ignore missing configuration

When FAIL_IF_TRUSTIFICATION_NOT_CONFIGURED=false and the required Trustification configuration is missing, the task will exit with success. Signed-off-by: Adam Cmiel <[email protected]>
konflux-ci · May 22, 2024 · c5b4c77 · c5b4c77
1 parent 62005ff
commit c5b4c77
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 1 deletion.
diff --git a/task/upload-sbom-to-trustification/0.1/README.md b/task/upload-sbom-to-trustification/0.1/README.md
@@ -29,6 +29,7 @@ Optional keys:
 |SBOMS_DIR|Directory containing SBOM files. The task will search for CycloneDX JSON SBOMs recursively in this directory and upload them all to Trustification. The path is relative to the 'sboms' workspace.|.|false|
 |HTTP_RETRIES|Maximum number of retries for transient HTTP(S) errors|3|false|
 |TRUSTIFICATION_SECRET_NAME|Name of the Secret containing auth and configuration|trustification-secret|false|
+|FAIL_IF_TRUSTIFICATION_NOT_CONFIGURED|Should the task fail if the Secret does not contain the required keys? (Set "true" to fail, "false" to skip uploading and exit with success).|true|false|
 
 ## Workspaces
 |name|description|optional|

diff --git a/task/upload-sbom-to-trustification/0.1/upload-sbom-to-trustification.yaml b/task/upload-sbom-to-trustification/0.1/upload-sbom-to-trustification.yaml
@@ -44,6 +44,12 @@ spec:
     default: trustification-secret
     description: Name of the Secret containing auth and configuration
     type: string
+  - name: FAIL_IF_TRUSTIFICATION_NOT_CONFIGURED
+    default: "true"
+    description: >-
+      Should the task fail if the Secret does not contain the required keys?
+      (Set "true" to fail, "false" to skip uploading and exit with success).
+    type: string
   workspaces:
   - name: sboms
     description: Directory containing the SBOMs to upload
@@ -62,6 +68,8 @@ spec:
       value: $(params.TRUSTIFICATION_SECRET_NAME)
     - name: TRUSTIFICATION_SECRET_PATH
       value: /run/secrets/trustification
+    - name: FAIL_IF_TRUSTIFICATION_NOT_CONFIGURED
+      value: $(params.FAIL_IF_TRUSTIFICATION_NOT_CONFIGURED)
     - name: WORKDIR
       value: /tekton/home
     volumeMounts:
@@ -175,7 +183,13 @@ spec:
           echo "Missing configuration: $key" >&2
           echo "Does the '$TRUSTIFICATION_SECRET_NAME' secret exist in your namespace and contain the required keys?" >&2
           echo "Refer to the description of this Task for details." >&2
-          exit 1
+
+          if [[ "$FAIL_IF_TRUSTIFICATION_NOT_CONFIGURED" == "false" ]]; then
+            echo "WARNING: FAIL_IF_TRUSTIFICATION_NOT_CONFIGURED=false; exiting with success" >&2
+            exit 0
+          else
+            exit 1
+          fi
         fi
       }