Skip to content

Commit 214d35f

Browse files
thepetkthepetk
committed
Add shell and unicode sast pipeline tasks
https://issues.redhat.com/browse/KONFLUX-2264 Signed-off-by: thepetk <thepetk@gmail.com>
1 parent 639611d commit 214d35f

2 files changed

Lines changed: 96 additions & 208 deletions

File tree

.tekton/devfile-registry-main-pull-request.yaml

Lines changed: 48 additions & 104 deletions
Original file line numberDiff line numberDiff line change
@@ -399,6 +399,54 @@ spec:
399399
workspaces:
400400
- name: workspace
401401
workspace: workspace
402+
- name: sast-shell-check
403+
params:
404+
- name: image-digest
405+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
406+
- name: image-url
407+
value: $(tasks.build-image-index.results.IMAGE_URL)
408+
runAfter:
409+
- build-image-index
410+
taskRef:
411+
params:
412+
- name: name
413+
value: sast-shell-check
414+
- name: bundle
415+
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:1b3d68c33a92dfc3da3975581cae80c99c8d1995cab519ae98c6331b5677ded0
416+
- name: kind
417+
value: task
418+
resolver: bundles
419+
when:
420+
- input: $(params.skip-checks)
421+
operator: in
422+
values:
423+
- "false"
424+
workspaces:
425+
- name: workspace
426+
workspace: workspace
427+
- name: sast-unicode-check
428+
params:
429+
- name: image-url
430+
value: $(tasks.build-image-index.results.IMAGE_URL)
431+
runAfter:
432+
- build-image-index
433+
taskRef:
434+
params:
435+
- name: name
436+
value: sast-unicode-check
437+
- name: bundle
438+
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:b1a9af196a79baa75632ef494eb6db987f57e870d882d47f5b495e1441c01e3b
439+
- name: kind
440+
value: task
441+
resolver: bundles
442+
when:
443+
- input: $(params.skip-checks)
444+
operator: in
445+
values:
446+
- "false"
447+
workspaces:
448+
- name: workspace
449+
workspace: workspace
402450
- name: clamav-scan
403451
params:
404452
- name: image-digest
@@ -483,110 +531,6 @@ spec:
483531
operator: in
484532
values:
485533
- "false"
486-
- name: sast-shell-check
487-
params:
488-
- name: image-digest
489-
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
490-
- name: image-url
491-
value: $(tasks.build-image-index.results.IMAGE_URL)
492-
runAfter:
493-
- build-image-index
494-
taskRef:
495-
params:
496-
- name: name
497-
value: sast-shell-check
498-
- name: bundle
499-
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:1b3d68c33a92dfc3da3975581cae80c99c8d1995cab519ae98c6331b5677ded0
500-
- name: kind
501-
value: task
502-
resolver: bundles
503-
when:
504-
- input: $(params.skip-checks)
505-
operator: in
506-
values:
507-
- "false"
508-
workspaces:
509-
- name: workspace
510-
workspace: workspace
511-
- name: sast-shell-check-oci-ta
512-
params:
513-
- name: image-digest
514-
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
515-
- name: image-url
516-
value: $(tasks.build-image-index.results.IMAGE_URL)
517-
- name: SOURCE_ARTIFACT
518-
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
519-
- name: CACHI2_ARTIFACT
520-
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
521-
runAfter:
522-
- build-image-index
523-
taskRef:
524-
params:
525-
- name: name
526-
value: sast-shell-check-oci-ta
527-
- name: bundle
528-
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:a591675c72f06fb9c5b1a3d60e6e4c58e4df5f7da180c7a4691a692a6e7e6496
529-
- name: kind
530-
value: task
531-
resolver: bundles
532-
when:
533-
- input: $(params.skip-checks)
534-
operator: in
535-
values:
536-
- "false"
537-
workspaces:
538-
- name: workspace
539-
workspace: workspace
540-
- name: sast-unicode-check
541-
params:
542-
- name: image-url
543-
value: $(tasks.build-image-index.results.IMAGE_URL)
544-
runAfter:
545-
- build-image-index
546-
taskRef:
547-
params:
548-
- name: name
549-
value: sast-unicode-check
550-
- name: bundle
551-
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:b1a9af196a79baa75632ef494eb6db987f57e870d882d47f5b495e1441c01e3b
552-
- name: kind
553-
value: task
554-
resolver: bundles
555-
when:
556-
- input: $(params.skip-checks)
557-
operator: in
558-
values:
559-
- "false"
560-
workspaces:
561-
- name: workspace
562-
workspace: workspace
563-
- name: sast-unicode-check-oci-ta
564-
params:
565-
- name: image-url
566-
value: $(tasks.build-image-index.results.IMAGE_URL)
567-
- name: SOURCE_ARTIFACT
568-
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
569-
- name: CACHI2_ARTIFACT
570-
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
571-
runAfter:
572-
- build-image-index
573-
taskRef:
574-
params:
575-
- name: name
576-
value: sast-unicode-check-oci-ta
577-
- name: bundle
578-
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.1@sha256:424f2f659c02998dc3a43e1ce869e3148982c59adb74f953f8fa91ff1c9ab86e
579-
- name: kind
580-
value: task
581-
resolver: bundles
582-
when:
583-
- input: $(params.skip-checks)
584-
operator: in
585-
values:
586-
- "false"
587-
workspaces:
588-
- name: workspace
589-
workspace: workspace
590534
- name: apply-tags
591535
params:
592536
- name: IMAGE

.tekton/devfile-registry-main-push.yaml

Lines changed: 48 additions & 104 deletions
Original file line numberDiff line numberDiff line change
@@ -396,6 +396,54 @@ spec:
396396
workspaces:
397397
- name: workspace
398398
workspace: workspace
399+
- name: sast-shell-check
400+
params:
401+
- name: image-digest
402+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
403+
- name: image-url
404+
value: $(tasks.build-image-index.results.IMAGE_URL)
405+
runAfter:
406+
- build-image-index
407+
taskRef:
408+
params:
409+
- name: name
410+
value: sast-shell-check
411+
- name: bundle
412+
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:1b3d68c33a92dfc3da3975581cae80c99c8d1995cab519ae98c6331b5677ded0
413+
- name: kind
414+
value: task
415+
resolver: bundles
416+
when:
417+
- input: $(params.skip-checks)
418+
operator: in
419+
values:
420+
- "false"
421+
workspaces:
422+
- name: workspace
423+
workspace: workspace
424+
- name: sast-unicode-check
425+
params:
426+
- name: image-url
427+
value: $(tasks.build-image-index.results.IMAGE_URL)
428+
runAfter:
429+
- build-image-index
430+
taskRef:
431+
params:
432+
- name: name
433+
value: sast-unicode-check
434+
- name: bundle
435+
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:b1a9af196a79baa75632ef494eb6db987f57e870d882d47f5b495e1441c01e3b
436+
- name: kind
437+
value: task
438+
resolver: bundles
439+
when:
440+
- input: $(params.skip-checks)
441+
operator: in
442+
values:
443+
- "false"
444+
workspaces:
445+
- name: workspace
446+
workspace: workspace
399447
- name: clamav-scan
400448
params:
401449
- name: image-digest
@@ -480,110 +528,6 @@ spec:
480528
operator: in
481529
values:
482530
- "false"
483-
- name: sast-shell-check
484-
params:
485-
- name: image-digest
486-
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
487-
- name: image-url
488-
value: $(tasks.build-image-index.results.IMAGE_URL)
489-
runAfter:
490-
- build-image-index
491-
taskRef:
492-
params:
493-
- name: name
494-
value: sast-shell-check
495-
- name: bundle
496-
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:1b3d68c33a92dfc3da3975581cae80c99c8d1995cab519ae98c6331b5677ded0
497-
- name: kind
498-
value: task
499-
resolver: bundles
500-
when:
501-
- input: $(params.skip-checks)
502-
operator: in
503-
values:
504-
- "false"
505-
workspaces:
506-
- name: workspace
507-
workspace: workspace
508-
- name: sast-shell-check-oci-ta
509-
params:
510-
- name: image-digest
511-
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
512-
- name: image-url
513-
value: $(tasks.build-image-index.results.IMAGE_URL)
514-
- name: SOURCE_ARTIFACT
515-
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
516-
- name: CACHI2_ARTIFACT
517-
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
518-
runAfter:
519-
- build-image-index
520-
taskRef:
521-
params:
522-
- name: name
523-
value: sast-shell-check-oci-ta
524-
- name: bundle
525-
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:a591675c72f06fb9c5b1a3d60e6e4c58e4df5f7da180c7a4691a692a6e7e6496
526-
- name: kind
527-
value: task
528-
resolver: bundles
529-
when:
530-
- input: $(params.skip-checks)
531-
operator: in
532-
values:
533-
- "false"
534-
workspaces:
535-
- name: workspace
536-
workspace: workspace
537-
- name: sast-unicode-check
538-
params:
539-
- name: image-url
540-
value: $(tasks.build-image-index.results.IMAGE_URL)
541-
runAfter:
542-
- build-image-index
543-
taskRef:
544-
params:
545-
- name: name
546-
value: sast-unicode-check
547-
- name: bundle
548-
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:b1a9af196a79baa75632ef494eb6db987f57e870d882d47f5b495e1441c01e3b
549-
- name: kind
550-
value: task
551-
resolver: bundles
552-
when:
553-
- input: $(params.skip-checks)
554-
operator: in
555-
values:
556-
- "false"
557-
workspaces:
558-
- name: workspace
559-
workspace: workspace
560-
- name: sast-unicode-check-oci-ta
561-
params:
562-
- name: image-url
563-
value: $(tasks.build-image-index.results.IMAGE_URL)
564-
- name: SOURCE_ARTIFACT
565-
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
566-
- name: CACHI2_ARTIFACT
567-
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
568-
runAfter:
569-
- build-image-index
570-
taskRef:
571-
params:
572-
- name: name
573-
value: sast-unicode-check-oci-ta
574-
- name: bundle
575-
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.1@sha256:424f2f659c02998dc3a43e1ce869e3148982c59adb74f953f8fa91ff1c9ab86e
576-
- name: kind
577-
value: task
578-
resolver: bundles
579-
when:
580-
- input: $(params.skip-checks)
581-
operator: in
582-
values:
583-
- "false"
584-
workspaces:
585-
- name: workspace
586-
workspace: workspace
587531
- name: apply-tags
588532
params:
589533
- name: IMAGE

0 commit comments

Comments
 (0)