Switches around the fetch data tasks

stackrox · Jul 19, 2024 · bc911af · bc911af
1 parent dd4a001
commit bc911af
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 45 deletions.
diff --git a/.tekton/fetch-scanner-data-oci-ta.yaml b/.tekton/fetch-scanner-data-oci-ta.yaml
@@ -16,22 +16,55 @@ spec:
     description: Target directory relative to workspace where to save downloaded blobs.
     type: string
     default: "source"
+  - name: SOURCE_ARTIFACT
+    description: The Trusted Artifact URI pointing to the artifact with
+      the application source code. This should be the result of the git-clone task,
+      results from other tasks might fail as dirty.
+    type: string
+  - name: ociStorage
+    description: The OCI repository where the Trusted Artifacts are stored.
+    type: string
+  - name: ociArtifactExpiresAfter
+    description: Expiration date for the trusted artifacts created in the
+      OCI repository.
+    type: string
   results:
+  - name: SOURCE_ARTIFACT
+    description: The Trusted Artifact URI pointing to the artifact with the application source code
+      and additional smuggled activation key.
+    type: string
+  volumes:
+    - name: workdir
+      emptyDir: {}
+  stepTemplate:
+    volumeMounts: /var/workdir
+    name: workdir
   steps:
+  - name: use-trusted-artifact
+    image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:4e39fb97f4444c2946944482df47b39c5bbc195c54c6560b0647635f553ab23d
+    args:
+      - use
+      - $(params.SOURCE_ARTIFACT)=/var/workdir/source
   - name: fetch-scanner-data
     image: registry.access.redhat.com/ubi8/ubi-minimal:latest
     # The only functioning way to pass array parameter that I found is through args array.
     # Array params have weird limitations, see https://github.com/tektoncd/pipeline/blob/main/docs/tasks.md#substituting-array-parameters
     # Attempts to pass this in other places result in webhook errors and pipeline not starting.
     args: [ "$(params.blobs-to-fetch[*])" ]
+    workingDir: /var/workdir/source
     script: |
       #!/usr/bin/env bash
       set -euo pipefail
-      exec "$(workspaces.source.path)/source/scripts/konflux/fetch-scanner-data.sh" \
-                  "$(workspaces.source.path)/$(params.target-dir)" \
-                  "$@"
+      exec "scripts/konflux/fetch-scanner-data.sh" "$(params.target-dir)" "$@"
     # It should not take long to download blobs otherwise there's something odd going on.
     timeout: 10m
-  workspaces:
-  - name: source
-    description: Workspace with the source code.
+  - name: create-trusted-artifact
+    image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:4e39fb97f4444c2946944482df47b39c5bbc195c54c6560b0647635f553ab23d
+    args:
+      - create
+      - --store
+      - $(params.ociStorage)
+      - $(results.SOURCE_ARTIFACT.path)=/var/workdir/source
+    env:
+      - name: IMAGE_EXPIRES_AFTER
+        value: $(params.ociArtifactExpiresAfter)
diff --git a/.tekton/fetch-scanner-data-task.yaml b/.tekton/fetch-scanner-data-task.yaml
@@ -16,55 +16,22 @@ spec:
     description: Target directory relative to workspace where to save downloaded blobs.
     type: string
     default: "source"
-  - name: SOURCE_ARTIFACT
-    description: The Trusted Artifact URI pointing to the artifact with
-      the application source code. This should be the result of the git-clone task,
-      results from other tasks might fail as dirty.
-    type: string
-  - name: ociStorage
-    description: The OCI repository where the Trusted Artifacts are stored.
-    type: string
-  - name: ociArtifactExpiresAfter
-    description: Expiration date for the trusted artifacts created in the
-      OCI repository.
-    type: string
   results:
-  - name: SOURCE_ARTIFACT
-    description: The Trusted Artifact URI pointing to the artifact with the application source code
-      and additional smuggled activation key.
-    type: string
-  volumes:
-    - name: workdir
-      emptyDir: {}
-  stepTemplate:
-    volumeMounts: /var/workdir
-    name: workdir
   steps:
-  - name: use-trusted-artifact
-    image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:4e39fb97f4444c2946944482df47b39c5bbc195c54c6560b0647635f553ab23d
-    args:
-      - use
-      - $(params.SOURCE_ARTIFACT)=/var/workdir/source
   - name: fetch-scanner-data
     image: registry.access.redhat.com/ubi8/ubi-minimal:latest
     # The only functioning way to pass array parameter that I found is through args array.
     # Array params have weird limitations, see https://github.com/tektoncd/pipeline/blob/main/docs/tasks.md#substituting-array-parameters
     # Attempts to pass this in other places result in webhook errors and pipeline not starting.
     args: [ "$(params.blobs-to-fetch[*])" ]
-    workingDir: /var/workdir/source
     script: |
       #!/usr/bin/env bash
       set -euo pipefail
-      exec "scripts/konflux/fetch-scanner-data.sh" "$(params.target-dir)" "$@"
+      exec "$(workspaces.source.path)/source/scripts/konflux/fetch-scanner-data.sh" \
+                  "$(workspaces.source.path)/$(params.target-dir)" \
+                  "$@"
     # It should not take long to download blobs otherwise there's something odd going on.
     timeout: 10m
-  - name: create-trusted-artifact
-    image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:4e39fb97f4444c2946944482df47b39c5bbc195c54c6560b0647635f553ab23d
-    args:
-      - create
-      - --store
-      - $(params.ociStorage)
-      - $(results.SOURCE_ARTIFACT.path)=/var/workdir/source
-    env:
-      - name: IMAGE_EXPIRES_AFTER
-        value: $(params.ociArtifactExpiresAfter)
+  workspaces:
+  - name: source
+    description: Workspace with the source code.