From bc911af10c9cd26303a9921558dbefce4f6b1cc0 Mon Sep 17 00:00:00 2001 From: Giles Hutton Date: Fri, 19 Jul 2024 14:31:47 +0100 Subject: [PATCH] Switches around the fetch data tasks --- .tekton/fetch-scanner-data-oci-ta.yaml | 45 ++++++++++++++++++++++---- .tekton/fetch-scanner-data-task.yaml | 45 ++++---------------------- 2 files changed, 45 insertions(+), 45 deletions(-) diff --git a/.tekton/fetch-scanner-data-oci-ta.yaml b/.tekton/fetch-scanner-data-oci-ta.yaml index 21fe1c01d..12cd396a5 100644 --- a/.tekton/fetch-scanner-data-oci-ta.yaml +++ b/.tekton/fetch-scanner-data-oci-ta.yaml @@ -16,22 +16,55 @@ spec: description: Target directory relative to workspace where to save downloaded blobs. type: string default: "source" + - name: SOURCE_ARTIFACT + description: The Trusted Artifact URI pointing to the artifact with + the application source code. This should be the result of the git-clone task, + results from other tasks might fail as dirty. + type: string + - name: ociStorage + description: The OCI repository where the Trusted Artifacts are stored. + type: string + - name: ociArtifactExpiresAfter + description: Expiration date for the trusted artifacts created in the + OCI repository. + type: string results: + - name: SOURCE_ARTIFACT + description: The Trusted Artifact URI pointing to the artifact with the application source code + and additional smuggled activation key. + type: string + volumes: + - name: workdir + emptyDir: {} + stepTemplate: + volumeMounts: /var/workdir + name: workdir steps: + - name: use-trusted-artifact + image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:4e39fb97f4444c2946944482df47b39c5bbc195c54c6560b0647635f553ab23d + args: + - use + - $(params.SOURCE_ARTIFACT)=/var/workdir/source - name: fetch-scanner-data image: registry.access.redhat.com/ubi8/ubi-minimal:latest # The only functioning way to pass array parameter that I found is through args array. # Array params have weird limitations, see https://github.com/tektoncd/pipeline/blob/main/docs/tasks.md#substituting-array-parameters # Attempts to pass this in other places result in webhook errors and pipeline not starting. args: [ "$(params.blobs-to-fetch[*])" ] + workingDir: /var/workdir/source script: | #!/usr/bin/env bash set -euo pipefail - exec "$(workspaces.source.path)/source/scripts/konflux/fetch-scanner-data.sh" \ - "$(workspaces.source.path)/$(params.target-dir)" \ - "$@" + exec "scripts/konflux/fetch-scanner-data.sh" "$(params.target-dir)" "$@" # It should not take long to download blobs otherwise there's something odd going on. timeout: 10m - workspaces: - - name: source - description: Workspace with the source code. + - name: create-trusted-artifact + image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:4e39fb97f4444c2946944482df47b39c5bbc195c54c6560b0647635f553ab23d + args: + - create + - --store + - $(params.ociStorage) + - $(results.SOURCE_ARTIFACT.path)=/var/workdir/source + env: + - name: IMAGE_EXPIRES_AFTER + value: $(params.ociArtifactExpiresAfter) diff --git a/.tekton/fetch-scanner-data-task.yaml b/.tekton/fetch-scanner-data-task.yaml index f0c649bb1..ea7bfe6eb 100644 --- a/.tekton/fetch-scanner-data-task.yaml +++ b/.tekton/fetch-scanner-data-task.yaml @@ -16,55 +16,22 @@ spec: description: Target directory relative to workspace where to save downloaded blobs. type: string default: "source" - - name: SOURCE_ARTIFACT - description: The Trusted Artifact URI pointing to the artifact with - the application source code. This should be the result of the git-clone task, - results from other tasks might fail as dirty. - type: string - - name: ociStorage - description: The OCI repository where the Trusted Artifacts are stored. - type: string - - name: ociArtifactExpiresAfter - description: Expiration date for the trusted artifacts created in the - OCI repository. - type: string results: - - name: SOURCE_ARTIFACT - description: The Trusted Artifact URI pointing to the artifact with the application source code - and additional smuggled activation key. - type: string - volumes: - - name: workdir - emptyDir: {} - stepTemplate: - volumeMounts: /var/workdir - name: workdir steps: - - name: use-trusted-artifact - image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:4e39fb97f4444c2946944482df47b39c5bbc195c54c6560b0647635f553ab23d - args: - - use - - $(params.SOURCE_ARTIFACT)=/var/workdir/source - name: fetch-scanner-data image: registry.access.redhat.com/ubi8/ubi-minimal:latest # The only functioning way to pass array parameter that I found is through args array. # Array params have weird limitations, see https://github.com/tektoncd/pipeline/blob/main/docs/tasks.md#substituting-array-parameters # Attempts to pass this in other places result in webhook errors and pipeline not starting. args: [ "$(params.blobs-to-fetch[*])" ] - workingDir: /var/workdir/source script: | #!/usr/bin/env bash set -euo pipefail - exec "scripts/konflux/fetch-scanner-data.sh" "$(params.target-dir)" "$@" + exec "$(workspaces.source.path)/source/scripts/konflux/fetch-scanner-data.sh" \ + "$(workspaces.source.path)/$(params.target-dir)" \ + "$@" # It should not take long to download blobs otherwise there's something odd going on. timeout: 10m - - name: create-trusted-artifact - image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:4e39fb97f4444c2946944482df47b39c5bbc195c54c6560b0647635f553ab23d - args: - - create - - --store - - $(params.ociStorage) - - $(results.SOURCE_ARTIFACT.path)=/var/workdir/source - env: - - name: IMAGE_EXPIRES_AFTER - value: $(params.ociArtifactExpiresAfter) + workspaces: + - name: source + description: Workspace with the source code.