Skip to content

Commit

Permalink
fixup! Add step to make our tasks trusted
Browse files Browse the repository at this point in the history
  • Loading branch information
msugakov committed Dec 12, 2024
1 parent aa3cbfa commit 4056835
Showing 1 changed file with 16 additions and 11 deletions.
27 changes: 16 additions & 11 deletions .tekton/acs-konflux-tasks-push.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,10 @@ spec:
value: '{{source_url}}'
- name: revision
value: '{{revision}}'
- name: output-image
value: quay.io/rhacs-eng/konflux-tasks:rev-{{revision}}
- name: output-image-repo
value: quay.io/rhacs-eng/konflux-tasks
- name: output-image-tag
value: rev-{{revision}}
- name: output-trust-data-repo
value: quay.io/rhacs-eng/konflux-tasks-trust
- name: rebuild
Expand All @@ -52,8 +54,11 @@ spec:
description: Revision of the Source Repository
name: revision
type: string
- description: Fully Qualified Output Image
name: output-image
- description: Repository of the output image
name: output-image-repo
type: string
- description: Unique tag of the output image
name: output-image-tag
type: string
- description: Image repository where to update data about tasks trust
name: output-trust-data-repo
Expand Down Expand Up @@ -116,7 +121,7 @@ spec:
- name: slack-notification
params:
- name: message
value: ':x: `{{event_type}}` pipeline for <https://console.redhat.com/application-pipeline/workspaces/rh-acs/applications/acs/pipelineruns/$(context.pipelineRun.name)|$(context.pipelineRun.name)> (`$(params.output-image)`, revision <$(params.git-url)/commit/$(params.revision)|$(params.revision)>) has failed.'
value: ':x: `{{event_type}}` pipeline for <https://console.redhat.com/application-pipeline/workspaces/rh-acs/applications/acs/pipelineruns/$(context.pipelineRun.name)|$(context.pipelineRun.name)> (`$(params.output-image-repo)`, revision <$(params.git-url)/commit/$(params.revision)|$(params.revision)>) has failed.'
- name: key-name
value: 'acs-konflux-notifications'
when:
Expand Down Expand Up @@ -153,7 +158,7 @@ spec:
- name: init
params:
- name: image-url
value: $(params.output-image)
value: $(params.output-image-repo):$(params.output-image-tag)
- name: rebuild
value: $(params.rebuild)
- name: skip-checks
Expand All @@ -175,7 +180,7 @@ spec:
- name: revision
value: $(params.revision)
- name: ociStorage
value: $(params.output-image).git
value: $(params.output-image-repo):$(params.output-image-tag).git
- name: ociArtifactExpiresAfter
value: $(params.oci-artifact-expires-after)
taskRef:
Expand All @@ -202,7 +207,7 @@ spec:
- name: SOURCE_ARTIFACT
value: $(tasks.clone-repository.results.SOURCE_ARTIFACT)
- name: ociStorage
value: $(params.output-image).prefetch
value: $(params.output-image-repo):$(params.output-image-tag).prefetch
- name: ociArtifactExpiresAfter
value: $(params.oci-artifact-expires-after)
taskRef:
Expand All @@ -223,7 +228,7 @@ spec:
- name: build-container
params:
- name: IMAGE
value: $(params.output-image)
value: $(params.output-image-repo):$(params.output-image-tag)
- name: CONTEXT
value: $(params.path-context)
- name: SOURCE_ARTIFACT
Expand All @@ -245,7 +250,7 @@ spec:
- name: build-image-index
params:
- name: IMAGE
value: $(params.output-image)
value: $(params.output-image-repo):$(params.output-image-tag)
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit)
- name: IMAGE_EXPIRES_AFTER
Expand Down Expand Up @@ -526,7 +531,7 @@ spec:
description: Updates the image which allows to trust built tasks in EC.
params:
- name: TASKS_IMAGE
value: $(tasks.build-image-index.results.IMAGE_URL)@$(tasks.build-image-index.results.IMAGE_DIGEST)
value: $(params.output-image-repo):$(tasks.get-floating-tag.results.FLOATING_TAG)@$(tasks.build-image-index.results.IMAGE_DIGEST)
- name: OUTPUT_IMAGE
value: $(params.output-trust-data-repo):$(tasks.get-floating-tag.results.FLOATING_TAG)
taskSpec:
Expand Down

0 comments on commit 4056835

Please sign in to comment.