From 7016f0ddf13ca749425405ffbfbe44d4d00162ff Mon Sep 17 00:00:00 2001 From: Misha Sugakov Date: Thu, 12 Dec 2024 10:51:14 +0100 Subject: [PATCH] Add step to make our tasks trusted --- .tekton/acs-konflux-tasks-push.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/.tekton/acs-konflux-tasks-push.yaml b/.tekton/acs-konflux-tasks-push.yaml index 1983d84..e6e9750 100644 --- a/.tekton/acs-konflux-tasks-push.yaml +++ b/.tekton/acs-konflux-tasks-push.yaml @@ -28,6 +28,8 @@ spec: value: '{{revision}}' - name: output-image value: quay.io/rhacs-eng/konflux-tasks:rev-{{revision}} + - name: output-trust-data-repo + value: quay.io/rhacs-eng/konflux-tasks-trust - name: rebuild value: "true" - name: build-source-image @@ -53,6 +55,9 @@ spec: - description: Fully Qualified Output Image name: output-image type: string + - description: Image repository where to update data about tasks trust + name: output-trust-data-repo + type: string - default: . description: Path to the source code of an application's component from where to build image. @@ -523,3 +528,27 @@ spec: - input: $(params.skip-checks) operator: in values: [ "false" ] + + - name: update-tasks-trust + description: Updates the image which allows to trust built tasks in EC. + params: + - name: TASKS_IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL)@$(tasks.build-image-index.results.IMAGE_DIGEST) + - name: OUTPUT_IMAGE + value: $(params.output-trust-data-repo):$(tasks.get-floating-tag.results.FLOATING_TAG) + taskSpec: + params: + - name: TASKS_IMAGE + type: string + - name: OUTPUT_IMAGE + type: string + steps: + - name: update-tasks-trust + image: quay.io/konflux-ci/appstudio-utils:latest@sha256:5c77fe44dfd9615b1ba854e27e4ae2583146599eb4021ca8bd4662d2ba3ffa14 + script: | + #!/usr/bin/env bash + set -euo pipefail + + ec --verbose track bundle --freshen \ + --bundle "$(params.TASKS_IMAGE)" + --output "oci:$(params.OUTPUT_IMAGE)"