From c5b4c778323b81652d5d44eef0d4f23ccb147acc Mon Sep 17 00:00:00 2001
From: Adam Cmiel <acmiel@redhat.com>
Date: Tue, 21 May 2024 12:30:47 +0200
Subject: [PATCH] upload-sbom: allow to ignore missing configuration

When FAIL_IF_TRUSTIFICATION_NOT_CONFIGURED=false and the required
Trustification configuration is missing, the task will exit with
success.

Signed-off-by: Adam Cmiel <acmiel@redhat.com>
---
 task/upload-sbom-to-trustification/0.1/README.md |  1 +
 .../0.1/upload-sbom-to-trustification.yaml       | 16 +++++++++++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/task/upload-sbom-to-trustification/0.1/README.md b/task/upload-sbom-to-trustification/0.1/README.md
index fff6ee2b5..b0edb75a8 100644
--- a/task/upload-sbom-to-trustification/0.1/README.md
+++ b/task/upload-sbom-to-trustification/0.1/README.md
@@ -29,6 +29,7 @@ Optional keys:
 |SBOMS_DIR|Directory containing SBOM files. The task will search for CycloneDX JSON SBOMs recursively in this directory and upload them all to Trustification. The path is relative to the 'sboms' workspace.|.|false|
 |HTTP_RETRIES|Maximum number of retries for transient HTTP(S) errors|3|false|
 |TRUSTIFICATION_SECRET_NAME|Name of the Secret containing auth and configuration|trustification-secret|false|
+|FAIL_IF_TRUSTIFICATION_NOT_CONFIGURED|Should the task fail if the Secret does not contain the required keys? (Set "true" to fail, "false" to skip uploading and exit with success).|true|false|
 
 ## Workspaces
 |name|description|optional|
diff --git a/task/upload-sbom-to-trustification/0.1/upload-sbom-to-trustification.yaml b/task/upload-sbom-to-trustification/0.1/upload-sbom-to-trustification.yaml
index 9e5891d1c..10021f7c3 100644
--- a/task/upload-sbom-to-trustification/0.1/upload-sbom-to-trustification.yaml
+++ b/task/upload-sbom-to-trustification/0.1/upload-sbom-to-trustification.yaml
@@ -44,6 +44,12 @@ spec:
     default: trustification-secret
     description: Name of the Secret containing auth and configuration
     type: string
+  - name: FAIL_IF_TRUSTIFICATION_NOT_CONFIGURED
+    default: "true"
+    description: >-
+      Should the task fail if the Secret does not contain the required keys?
+      (Set "true" to fail, "false" to skip uploading and exit with success).
+    type: string
   workspaces:
   - name: sboms
     description: Directory containing the SBOMs to upload
@@ -62,6 +68,8 @@ spec:
       value: $(params.TRUSTIFICATION_SECRET_NAME)
     - name: TRUSTIFICATION_SECRET_PATH
       value: /run/secrets/trustification
+    - name: FAIL_IF_TRUSTIFICATION_NOT_CONFIGURED
+      value: $(params.FAIL_IF_TRUSTIFICATION_NOT_CONFIGURED)
     - name: WORKDIR
       value: /tekton/home
     volumeMounts:
@@ -175,7 +183,13 @@ spec:
           echo "Missing configuration: $key" >&2
           echo "Does the '$TRUSTIFICATION_SECRET_NAME' secret exist in your namespace and contain the required keys?" >&2
           echo "Refer to the description of this Task for details." >&2
-          exit 1
+
+          if [[ "$FAIL_IF_TRUSTIFICATION_NOT_CONFIGURED" == "false" ]]; then
+            echo "WARNING: FAIL_IF_TRUSTIFICATION_NOT_CONFIGURED=false; exiting with success" >&2
+            exit 0
+          else
+            exit 1
+          fi
         fi
       }