From 64810cf3ee0842c0a008939b7b14a0d618ffdad3 Mon Sep 17 00:00:00 2001 From: "openshift-merge-bot[bot]" <148852131+openshift-merge-bot[bot]@users.noreply.github.com> Date: Wed, 6 May 2026 12:38:30 +0000 Subject: [PATCH] Discover new branches and update pipelines --- .github/workflows/release-generate-ci.yaml | 396 +++++++++++++++++++++ config/backstage-plugins.yaml | 13 + config/client.yaml | 15 + config/eventing-integrations.yaml | 24 ++ config/eventing-istio.yaml | 9 + config/eventing-kafka-broker.yaml | 14 + config/eventing.yaml | 13 + config/kn-plugin-event.yaml | 8 + config/kn-plugin-func.yaml | 8 + config/serverless-operator.yaml | 4 +- config/serving.yaml | 14 + pkg/konfluxgen/bundle-build.yaml | 40 ++- pkg/konfluxgen/docker-build.yaml | 42 ++- pkg/konfluxgen/docker-java-build.yaml | 42 ++- pkg/konfluxgen/fbc-builder.yaml | 24 +- pkg/konfluxgen/kustomize/docker-build.yaml | 42 ++- pkg/konfluxgen/kustomize/fbc-builder.yaml | 24 +- 17 files changed, 665 insertions(+), 67 deletions(-) diff --git a/.github/workflows/release-generate-ci.yaml b/.github/workflows/release-generate-ci.yaml index f0a474f1..bae9d8b9 100644 --- a/.github/workflows/release-generate-ci.yaml +++ b/.github/workflows/release-generate-ci.yaml @@ -411,6 +411,50 @@ jobs: git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/backstage-plugins + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[backstage-plugins - release-v1.22] Create Konflux PR' + run: | + set -x + repo="backstage-plugins" + branch="sync-konflux-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update Konflux configurations" --body "Update Konflux configurations" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/backstage-plugins + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[backstage-plugins - release-v1.22] Create OWNERS file update PR' + run: | + set -x + repo="backstage-plugins" + branch="sync-owners-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/backstage-plugins - env: GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} @@ -631,6 +675,50 @@ jobs: git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/client + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[client - release-v1.22] Create Konflux PR' + run: | + set -x + repo="client" + branch="sync-konflux-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update Konflux configurations" --body "Update Konflux configurations" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/client + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[client - release-v1.22] Create OWNERS file update PR' + run: | + set -x + repo="client" + branch="sync-owners-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/client - env: GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} @@ -829,6 +917,50 @@ jobs: git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/eventing-integrations + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[eventing-integrations - release-v1.22] Create Konflux PR' + run: | + set -x + repo="eventing-integrations" + branch="sync-konflux-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update Konflux configurations" --body "Update Konflux configurations" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/eventing-integrations + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[eventing-integrations - release-v1.22] Create OWNERS file update PR' + run: | + set -x + repo="eventing-integrations" + branch="sync-owners-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/eventing-integrations - env: GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} @@ -1049,6 +1181,50 @@ jobs: git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/eventing-istio + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[eventing-istio - release-v1.22] Create Konflux PR' + run: | + set -x + repo="eventing-istio" + branch="sync-konflux-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update Konflux configurations" --body "Update Konflux configurations" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/eventing-istio + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[eventing-istio - release-v1.22] Create OWNERS file update PR' + run: | + set -x + repo="eventing-istio" + branch="sync-owners-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/eventing-istio - env: GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} @@ -1269,6 +1445,50 @@ jobs: git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/eventing-kafka-broker + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[eventing-kafka-broker - release-v1.22] Create Konflux PR' + run: | + set -x + repo="eventing-kafka-broker" + branch="sync-konflux-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update Konflux configurations" --body "Update Konflux configurations" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/eventing-kafka-broker + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[eventing-kafka-broker - release-v1.22] Create OWNERS file update PR' + run: | + set -x + repo="eventing-kafka-broker" + branch="sync-owners-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/eventing-kafka-broker - env: GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} @@ -1489,6 +1709,50 @@ jobs: git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/eventing + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[eventing - release-v1.22] Create Konflux PR' + run: | + set -x + repo="eventing" + branch="sync-konflux-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update Konflux configurations" --body "Update Konflux configurations" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/eventing + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[eventing - release-v1.22] Create OWNERS file update PR' + run: | + set -x + repo="eventing" + branch="sync-owners-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/eventing - env: GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} @@ -1709,6 +1973,50 @@ jobs: git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/kn-plugin-event + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[kn-plugin-event - release-1.22] Create Konflux PR' + run: | + set -x + repo="kn-plugin-event" + branch="sync-konflux-release-1.22" + target_branch="release-1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update Konflux configurations" --body "Update Konflux configurations" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/kn-plugin-event + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[kn-plugin-event - release-1.22] Create OWNERS file update PR' + run: | + set -x + repo="kn-plugin-event" + branch="sync-owners-release-1.22" + target_branch="release-1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/kn-plugin-event - env: GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} @@ -1929,6 +2237,50 @@ jobs: git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/kn-plugin-func + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[kn-plugin-func - release-v1.22] Create Konflux PR' + run: | + set -x + repo="kn-plugin-func" + branch="sync-konflux-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update Konflux configurations" --body "Update Konflux configurations" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/kn-plugin-func + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[kn-plugin-func - release-v1.22] Create OWNERS file update PR' + run: | + set -x + repo="kn-plugin-func" + branch="sync-owners-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/kn-plugin-func - env: GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} @@ -2787,6 +3139,50 @@ jobs: git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/serving + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[serving - release-v1.22] Create Konflux PR' + run: | + set -x + repo="serving" + branch="sync-konflux-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update Konflux configurations" --body "Update Konflux configurations" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/serving + - env: + GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} + if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule') && github.ref_name == 'main' }} + name: '[serving - release-v1.22] Create OWNERS file update PR' + run: | + set -x + repo="serving" + branch="sync-owners-release-v1.22" + target_branch="release-v1.22" + git remote add fork "https://github.com/serverless-qe/$repo.git" || true # ignore: already exists errors + remote_exists=$(git ls-remote --heads fork "$branch") + if [ -z "$remote_exists" ]; then + # remote doesn't exist. + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f || exit 1 + fi + git fetch origin "$target_branch" + git fetch fork "$branch" + git rebase --quiet "$target_branch" "$branch" + git push "https://serverless-qe:${GH_TOKEN}@github.com/serverless-qe/$repo.git" "$branch:$branch" -f + gh pr create --base "$target_branch" --head "serverless-qe:$branch" --title "[$target_branch] Update OWNERS file" --body "Update OWNERS file" || true + working-directory: ./src/github.com/openshift-knative/hack/openshift-knative/serving - env: GH_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} GITHUB_TOKEN: ${{ secrets.SERVERLESS_QE_ROBOT }} diff --git a/config/backstage-plugins.yaml b/config/backstage-plugins.yaml index 87b600c8..15e9c776 100644 --- a/config/backstage-plugins.yaml +++ b/config/backstage-plugins.yaml @@ -48,6 +48,19 @@ config: - onDemand: true version: "4.16" promotion: {} + release-v1.22: + konflux: + enabled: true + openShiftVersions: + - candidateRelease: true + onDemand: true + skipCron: true + version: "4.22" + - useClusterPool: true + version: "4.21" + - onDemand: true + version: "4.16" + promotion: {} repositories: - dockerfiles: {} e2e: diff --git a/config/client.yaml b/config/client.yaml index 8dcf8916..bef48db4 100644 --- a/config/client.yaml +++ b/config/client.yaml @@ -56,6 +56,21 @@ config: useClusterPool: true version: "4.21" promotion: {} + release-v1.22: + konflux: + enabled: true + imageOverrides: + - name: CLI_ARTIFACTS + pullSpec: brew.registry.redhat.io/rh-osbs/openshift-serverless-1-kn-cli-artifacts-rhel8:1.16.0 + openShiftVersions: + - candidateRelease: true + onDemand: true + skipCron: true + version: "4.22" + - skipCron: true + useClusterPool: true + version: "4.21" + promotion: {} repositories: - canonicalGoRepository: github.com/knative/client dockerfiles: {} diff --git a/config/eventing-integrations.yaml b/config/eventing-integrations.yaml index 45c788a2..24b1280e 100644 --- a/config/eventing-integrations.yaml +++ b/config/eventing-integrations.yaml @@ -95,6 +95,30 @@ config: promotion: {} skipDockerFilesMatches: - .*hermetic.* + release-v1.22: + konflux: + enabled: true + javaImages: + - .*eventing-integrations-aws-ddb-streams-source + - .*eventing-integrations-aws-s3-sink + - .*eventing-integrations-aws-s3-source + - .*eventing-integrations-aws-sns-sink + - .*eventing-integrations-aws-sqs-sink + - .*eventing-integrations-aws-sqs-source + - .*eventing-integrations-log-sink + - .*eventing-integrations-timer-source + openShiftVersions: + - candidateRelease: true + onDemand: true + skipCron: true + version: "4.21" + - useClusterPool: true + version: "4.20" + - onDemand: true + version: "4.14" + promotion: {} + skipDockerFilesMatches: + - .*hermetic.* repositories: - dockerfiles: {} e2e: diff --git a/config/eventing-istio.yaml b/config/eventing-istio.yaml index 0e585368..d4859400 100644 --- a/config/eventing-istio.yaml +++ b/config/eventing-istio.yaml @@ -51,6 +51,15 @@ config: - onDemand: true version: "4.16" promotion: {} + release-v1.22: + konflux: + enabled: true + openShiftVersions: + - useClusterPool: true + version: "4.20" + - onDemand: true + version: "4.14" + promotion: {} repositories: - dockerfiles: {} e2e: diff --git a/config/eventing-kafka-broker.yaml b/config/eventing-kafka-broker.yaml index be77f730..67a1e38c 100644 --- a/config/eventing-kafka-broker.yaml +++ b/config/eventing-kafka-broker.yaml @@ -81,6 +81,20 @@ config: promotion: {} skipDockerFilesMatches: - .*hermetic.* + release-v1.22: + konflux: + enabled: true + javaImages: + - .*eventing-kafka-broker-receiver + - .*eventing-kafka-broker-dispatcher + openShiftVersions: + - useClusterPool: true + version: "4.20" + - onDemand: true + version: "4.14" + promotion: {} + skipDockerFilesMatches: + - .*hermetic.* repositories: - dockerfiles: {} e2e: diff --git a/config/eventing.yaml b/config/eventing.yaml index ed81ffb7..85d1cc41 100644 --- a/config/eventing.yaml +++ b/config/eventing.yaml @@ -59,6 +59,19 @@ config: - onDemand: true version: "4.16" promotion: {} + release-v1.22: + konflux: + enabled: true + openShiftVersions: + - candidateRelease: true + onDemand: true + skipCron: true + version: "4.21" + - useClusterPool: true + version: "4.20" + - onDemand: true + version: "4.14" + promotion: {} repositories: - dockerfiles: {} e2e: diff --git a/config/kn-plugin-event.yaml b/config/kn-plugin-event.yaml index 75ee76d2..c1ce2971 100644 --- a/config/kn-plugin-event.yaml +++ b/config/kn-plugin-event.yaml @@ -38,6 +38,14 @@ config: useClusterPool: true version: "4.21" promotion: {} + release-1.22: + konflux: + enabled: true + openShiftVersions: + - skipCron: true + useClusterPool: true + version: "4.21" + promotion: {} release-next: openShiftVersions: - skipCron: true diff --git a/config/kn-plugin-func.yaml b/config/kn-plugin-func.yaml index cf914485..771277e2 100644 --- a/config/kn-plugin-func.yaml +++ b/config/kn-plugin-func.yaml @@ -46,6 +46,14 @@ config: useClusterPool: true version: "4.21" promotion: {} + release-v1.22: + konflux: + enabled: true + openShiftVersions: + - skipCron: true + useClusterPool: true + version: "4.20" + promotion: {} repositories: - dockerfiles: {} ignoreConfigs: {} diff --git a/config/serverless-operator.yaml b/config/serverless-operator.yaml index bfca3619..e297bd5c 100644 --- a/config/serverless-operator.yaml +++ b/config/serverless-operator.yaml @@ -30,11 +30,11 @@ config: excludes: - .*ocp-4.22-lp-interop.* skipE2EMatches: - - "^kitchensink-upgrade$" + - ^kitchensink-upgrade$ useClusterPool: true version: "4.21" - includeE2EMatches: - - "^kitchensink-upgrade$" + - ^kitchensink-upgrade$ onDemand: true skipPromotion: true version: "4.20" diff --git a/config/serving.yaml b/config/serving.yaml index 3904c6de..92e62a3f 100644 --- a/config/serving.yaml +++ b/config/serving.yaml @@ -70,6 +70,20 @@ config: skipE2EMatches: - perf-tests$ - .*e2e-tls$ + release-v1.22: + konflux: + enabled: true + openShiftVersions: + - useClusterPool: true + version: "4.20" + - onDemand: true + version: "4.14" + promotion: {} + skipDockerFilesMatches: + - openshift/ci-operator/knative-perf-images.* + skipE2EMatches: + - perf-tests$ + - .*e2e-tls$ repositories: - dockerfiles: excludes: diff --git a/pkg/konfluxgen/bundle-build.yaml b/pkg/konfluxgen/bundle-build.yaml index 59bb817c..c25f0d45 100644 --- a/pkg/konfluxgen/bundle-build.yaml +++ b/pkg/konfluxgen/bundle-build.yaml @@ -78,6 +78,14 @@ spec: - default: "false" description: Enable cache proxy configuration name: enable-cache-proxy + - default: "true" + description: Use the package registry proxy when prefetching dependencies + name: enable-package-registry-proxy + - default: . + description: Target directories in component's source code to scan with SAST tools. + Multiple values should be separated with commas. + name: sast-target-dirs + type: string - default: [] description: Array of --build-arg values ("arg=value" strings) for buildah name: build-args @@ -160,7 +168,7 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:0bc358b7c16a1ff9a829b6ce327ddb46f5c539b3cf90ade653739ffdf2925176 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:f667d1146533b1d49829c08097e31faf27db24563da576434a707353de62099f - name: kind value: task resolver: bundles @@ -172,6 +180,8 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: TARGET_DIRS + value: $(params.sast-target-dirs) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -183,7 +193,7 @@ spec: - name: name value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:6045ed6f2d37cfdf75cb3f2bf88706839c276a59f892ae027a315456c2914cf3 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:8f3ecbeaff579e41b8278f82d7fabac27845db17a8e687ea6c510c0c9aceabbb - name: kind value: task resolver: bundles @@ -198,6 +208,8 @@ spec: value: $(params.prefetch-input-dev-package-managers) - name: input value: $(params.prefetch-input) + - name: enable-package-registry-proxy + value: $(params.enable-package-registry-proxy) - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - name: ociStorage @@ -211,7 +223,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:9917d11f0a38c844184042d504b3d5605c009e6e43785fa113caae8b4c99b75e + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:a2efbcdcecfa5293a622eb356a18f5c88e5714046b214fe8730b43b1a7dbb77d - name: kind value: task resolver: bundles @@ -235,7 +247,7 @@ spec: - name: name value: apply-tags - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:de3722bac1bf5ae8a95319162ce7e23fb33a7e2b7c0ac91535549f31a75aac86 + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:a291081de7fb27f832c6fc3c4b078acf7e6162ca4c085db38b118ca87e8b5b66 - name: kind value: task resolver: bundles @@ -248,7 +260,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:f2de909151c733da85c7c05de8ecf37c55079c219dcf8db906175ae11fca0142 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:90f0e8e134c4bb919956bb095d62365907adeea4fbeb4cebbf5f3f94286bf967 - name: kind value: task resolver: bundles @@ -269,7 +281,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:f3f28a40fb7b4c8a5c1ec935df5576139bb6ba5b80f3531f42da2f1f2448a53b + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:13d49df7dc9ae301627e45f95a236011422996152f1bea46cd60217b0f057407 - name: kind value: task resolver: bundles @@ -294,7 +306,7 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:b65a1e0961e0e768dda1f118bc5b5cab9c7ca7f4ed094e6a4352e66f82b9fa0b + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:550afde50349e22ec11191ea0db9a49395ab46fef4e8317d820b6e946677ebeb - name: kind value: task resolver: bundles @@ -315,7 +327,7 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:0201377594e6e0e9d304aa23b2363e4f47e02f3ebb6fe5a410480c1a17c9edfb + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:0917cfc7772e82cb8e74743c2104f43bcf2596aceafe87eec6fce69a8cac5f06 - name: kind value: task resolver: bundles @@ -406,6 +418,8 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: TARGET_DIRS + value: $(params.sast-target-dirs) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -417,7 +431,7 @@ spec: - name: name value: sast-shell-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:c314b4d5369d7961af51c865be28cd792d5f233aef94ecf035b3f84acde398bf + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:c4ef47e3b4e0508572d266fb745be7e374c29dc02580328cbe9f4d472a8aca57 - name: kind value: task resolver: bundles @@ -432,6 +446,8 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: TARGET_DIRS + value: $(params.sast-target-dirs) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -443,7 +459,7 @@ spec: - name: name value: sast-unicode-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:3d8a6902ab7c5c2125be07263f395426342c5032b3abfd0140162ad838437bab + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:90efa582de7770d55102b74014a765cd16a25a56f2cf644b56a788c70c4dc749 - name: kind value: task resolver: bundles @@ -471,7 +487,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.3@sha256:aa0d54cdd04777562599195439186bb9ea28ced4529e9b860867611cca453a39 + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.3@sha256:7855471abfe87de080b914f2f3ca27c59e64f6448a7c2435e51435b764494c71 - name: kind value: task resolver: bundles @@ -488,7 +504,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:65b14e54b86c3b8e7332b53ff8d2e574693fa1335f9720aec21d47e9d15686f0 + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:4ceea61b0fa81bc5da05afb26d51e06e4843378d739e4d003b062d5d04cc5e90 - name: kind value: task resolver: bundles diff --git a/pkg/konfluxgen/docker-build.yaml b/pkg/konfluxgen/docker-build.yaml index 2b9135cb..b3df2933 100644 --- a/pkg/konfluxgen/docker-build.yaml +++ b/pkg/konfluxgen/docker-build.yaml @@ -87,6 +87,14 @@ spec: - default: "false" description: Enable cache proxy configuration name: enable-cache-proxy + - default: "true" + description: Use the package registry proxy when prefetching dependencies + name: enable-package-registry-proxy + - default: . + description: Target directories in component's source code to scan with SAST tools. + Multiple values should be separated with commas. + name: sast-target-dirs + type: string - default: [] description: Array of --build-arg values ("arg=value" strings) for buildah name: build-args @@ -122,6 +130,8 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: TARGET_DIRS + value: $(params.sast-target-dirs) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -133,7 +143,7 @@ spec: - name: name value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:6045ed6f2d37cfdf75cb3f2bf88706839c276a59f892ae027a315456c2914cf3 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:8f3ecbeaff579e41b8278f82d7fabac27845db17a8e687ea6c510c0c9aceabbb - name: kind value: task resolver: bundles @@ -148,6 +158,8 @@ spec: value: $(params.prefetch-input-dev-package-managers) - name: input value: $(params.prefetch-input) + - name: enable-package-registry-proxy + value: $(params.enable-package-registry-proxy) - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - name: ociStorage @@ -161,7 +173,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:9917d11f0a38c844184042d504b3d5605c009e6e43785fa113caae8b4c99b75e + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:a2efbcdcecfa5293a622eb356a18f5c88e5714046b214fe8730b43b1a7dbb77d - name: kind value: task resolver: bundles @@ -185,7 +197,7 @@ spec: - name: name value: apply-tags - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:de3722bac1bf5ae8a95319162ce7e23fb33a7e2b7c0ac91535549f31a75aac86 + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:a291081de7fb27f832c6fc3c4b078acf7e6162ca4c085db38b118ca87e8b5b66 - name: kind value: task resolver: bundles @@ -198,7 +210,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:f2de909151c733da85c7c05de8ecf37c55079c219dcf8db906175ae11fca0142 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:90f0e8e134c4bb919956bb095d62365907adeea4fbeb4cebbf5f3f94286bf967 - name: kind value: task resolver: bundles @@ -219,7 +231,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:f3f28a40fb7b4c8a5c1ec935df5576139bb6ba5b80f3531f42da2f1f2448a53b + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:13d49df7dc9ae301627e45f95a236011422996152f1bea46cd60217b0f057407 - name: kind value: task resolver: bundles @@ -275,7 +287,7 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:0bc358b7c16a1ff9a829b6ce327ddb46f5c539b3cf90ade653739ffdf2925176 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:f667d1146533b1d49829c08097e31faf27db24563da576434a707353de62099f - name: kind value: task resolver: bundles @@ -297,7 +309,7 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:b65a1e0961e0e768dda1f118bc5b5cab9c7ca7f4ed094e6a4352e66f82b9fa0b + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:550afde50349e22ec11191ea0db9a49395ab46fef4e8317d820b6e946677ebeb - name: kind value: task resolver: bundles @@ -318,7 +330,7 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:0201377594e6e0e9d304aa23b2363e4f47e02f3ebb6fe5a410480c1a17c9edfb + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:0917cfc7772e82cb8e74743c2104f43bcf2596aceafe87eec6fce69a8cac5f06 - name: kind value: task resolver: bundles @@ -392,7 +404,7 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:2d439dce35dc07bec38dcf450bcba949851686141a256d87eb6f42e5a217f6e2 + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:e2bcf1174a6dae9969b8f12e94babe2a5881bc77a509f10823b6a9eac6392850 - name: kind value: task resolver: bundles @@ -434,6 +446,8 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: TARGET_DIRS + value: $(params.sast-target-dirs) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -445,7 +459,7 @@ spec: - name: name value: sast-shell-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:c314b4d5369d7961af51c865be28cd792d5f233aef94ecf035b3f84acde398bf + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:c4ef47e3b4e0508572d266fb745be7e374c29dc02580328cbe9f4d472a8aca57 - name: kind value: task resolver: bundles @@ -460,6 +474,8 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: TARGET_DIRS + value: $(params.sast-target-dirs) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -471,7 +487,7 @@ spec: - name: name value: sast-unicode-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:3d8a6902ab7c5c2125be07263f395426342c5032b3abfd0140162ad838437bab + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:90efa582de7770d55102b74014a765cd16a25a56f2cf644b56a788c70c4dc749 - name: kind value: task resolver: bundles @@ -499,7 +515,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.3@sha256:aa0d54cdd04777562599195439186bb9ea28ced4529e9b860867611cca453a39 + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.3@sha256:7855471abfe87de080b914f2f3ca27c59e64f6448a7c2435e51435b764494c71 - name: kind value: task resolver: bundles @@ -516,7 +532,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:65b14e54b86c3b8e7332b53ff8d2e574693fa1335f9720aec21d47e9d15686f0 + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:4ceea61b0fa81bc5da05afb26d51e06e4843378d739e4d003b062d5d04cc5e90 - name: kind value: task resolver: bundles diff --git a/pkg/konfluxgen/docker-java-build.yaml b/pkg/konfluxgen/docker-java-build.yaml index 77ec58b4..9ef1b275 100644 --- a/pkg/konfluxgen/docker-java-build.yaml +++ b/pkg/konfluxgen/docker-java-build.yaml @@ -87,6 +87,14 @@ spec: - default: "false" description: Enable cache proxy configuration name: enable-cache-proxy + - default: "true" + description: Use the package registry proxy when prefetching dependencies + name: enable-package-registry-proxy + - default: . + description: Target directories in component's source code to scan with SAST tools. + Multiple values should be separated with commas. + name: sast-target-dirs + type: string - default: [] description: Array of --build-arg values ("arg=value" strings) for buildah name: build-args @@ -122,6 +130,8 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: TARGET_DIRS + value: $(params.sast-target-dirs) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -133,7 +143,7 @@ spec: - name: name value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:6045ed6f2d37cfdf75cb3f2bf88706839c276a59f892ae027a315456c2914cf3 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:8f3ecbeaff579e41b8278f82d7fabac27845db17a8e687ea6c510c0c9aceabbb - name: kind value: task resolver: bundles @@ -148,6 +158,8 @@ spec: value: $(params.prefetch-input-dev-package-managers) - name: input value: $(params.prefetch-input) + - name: enable-package-registry-proxy + value: $(params.enable-package-registry-proxy) - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - name: ociStorage @@ -161,7 +173,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:9917d11f0a38c844184042d504b3d5605c009e6e43785fa113caae8b4c99b75e + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:a2efbcdcecfa5293a622eb356a18f5c88e5714046b214fe8730b43b1a7dbb77d - name: kind value: task resolver: bundles @@ -185,7 +197,7 @@ spec: - name: name value: apply-tags - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:de3722bac1bf5ae8a95319162ce7e23fb33a7e2b7c0ac91535549f31a75aac86 + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:a291081de7fb27f832c6fc3c4b078acf7e6162ca4c085db38b118ca87e8b5b66 - name: kind value: task resolver: bundles @@ -198,7 +210,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:f2de909151c733da85c7c05de8ecf37c55079c219dcf8db906175ae11fca0142 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:90f0e8e134c4bb919956bb095d62365907adeea4fbeb4cebbf5f3f94286bf967 - name: kind value: task resolver: bundles @@ -219,7 +231,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:f3f28a40fb7b4c8a5c1ec935df5576139bb6ba5b80f3531f42da2f1f2448a53b + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:13d49df7dc9ae301627e45f95a236011422996152f1bea46cd60217b0f057407 - name: kind value: task resolver: bundles @@ -275,7 +287,7 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:0bc358b7c16a1ff9a829b6ce327ddb46f5c539b3cf90ade653739ffdf2925176 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:f667d1146533b1d49829c08097e31faf27db24563da576434a707353de62099f - name: kind value: task resolver: bundles @@ -297,7 +309,7 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:b65a1e0961e0e768dda1f118bc5b5cab9c7ca7f4ed094e6a4352e66f82b9fa0b + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:550afde50349e22ec11191ea0db9a49395ab46fef4e8317d820b6e946677ebeb - name: kind value: task resolver: bundles @@ -318,7 +330,7 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:0201377594e6e0e9d304aa23b2363e4f47e02f3ebb6fe5a410480c1a17c9edfb + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:0917cfc7772e82cb8e74743c2104f43bcf2596aceafe87eec6fce69a8cac5f06 - name: kind value: task resolver: bundles @@ -392,7 +404,7 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:2d439dce35dc07bec38dcf450bcba949851686141a256d87eb6f42e5a217f6e2 + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:e2bcf1174a6dae9969b8f12e94babe2a5881bc77a509f10823b6a9eac6392850 - name: kind value: task resolver: bundles @@ -434,6 +446,8 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: TARGET_DIRS + value: $(params.sast-target-dirs) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -445,7 +459,7 @@ spec: - name: name value: sast-shell-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:c314b4d5369d7961af51c865be28cd792d5f233aef94ecf035b3f84acde398bf + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:c4ef47e3b4e0508572d266fb745be7e374c29dc02580328cbe9f4d472a8aca57 - name: kind value: task resolver: bundles @@ -460,6 +474,8 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: TARGET_DIRS + value: $(params.sast-target-dirs) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -471,7 +487,7 @@ spec: - name: name value: sast-unicode-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:3d8a6902ab7c5c2125be07263f395426342c5032b3abfd0140162ad838437bab + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:90efa582de7770d55102b74014a765cd16a25a56f2cf644b56a788c70c4dc749 - name: kind value: task resolver: bundles @@ -499,7 +515,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.3@sha256:aa0d54cdd04777562599195439186bb9ea28ced4529e9b860867611cca453a39 + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.3@sha256:7855471abfe87de080b914f2f3ca27c59e64f6448a7c2435e51435b764494c71 - name: kind value: task resolver: bundles @@ -516,7 +532,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:65b14e54b86c3b8e7332b53ff8d2e574693fa1335f9720aec21d47e9d15686f0 + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:4ceea61b0fa81bc5da05afb26d51e06e4843378d739e4d003b062d5d04cc5e90 - name: kind value: task resolver: bundles diff --git a/pkg/konfluxgen/fbc-builder.yaml b/pkg/konfluxgen/fbc-builder.yaml index 7f3827b7..5bf6132e 100644 --- a/pkg/konfluxgen/fbc-builder.yaml +++ b/pkg/konfluxgen/fbc-builder.yaml @@ -91,6 +91,14 @@ spec: - default: "false" description: Enable cache proxy configuration name: enable-cache-proxy + - default: "true" + description: Use the package registry proxy when prefetching dependencies + name: enable-package-registry-proxy + - default: . + description: Target directories in component's source code to scan with SAST tools. + Multiple values should be separated with commas. + name: sast-target-dirs + type: string - default: [] description: Array of --build-arg values ("arg=value" strings) for buildah name: build-args @@ -156,7 +164,7 @@ spec: - name: name value: apply-tags - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:de3722bac1bf5ae8a95319162ce7e23fb33a7e2b7c0ac91535549f31a75aac86 + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:a291081de7fb27f832c6fc3c4b078acf7e6162ca4c085db38b118ca87e8b5b66 - name: kind value: task resolver: bundles @@ -169,7 +177,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:f2de909151c733da85c7c05de8ecf37c55079c219dcf8db906175ae11fca0142 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:90f0e8e134c4bb919956bb095d62365907adeea4fbeb4cebbf5f3f94286bf967 - name: kind value: task resolver: bundles @@ -190,7 +198,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:f3f28a40fb7b4c8a5c1ec935df5576139bb6ba5b80f3531f42da2f1f2448a53b + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:13d49df7dc9ae301627e45f95a236011422996152f1bea46cd60217b0f057407 - name: kind value: task resolver: bundles @@ -201,6 +209,8 @@ spec: params: - name: input value: $(params.prefetch-input) + - name: enable-package-registry-proxy + value: $(params.enable-package-registry-proxy) - name: SOURCE_ARTIFACT value: $(tasks.run-opm-command.results.SOURCE_ARTIFACT) - name: ociStorage @@ -214,7 +224,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:9917d11f0a38c844184042d504b3d5605c009e6e43785fa113caae8b4c99b75e + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:a2efbcdcecfa5293a622eb356a18f5c88e5714046b214fe8730b43b1a7dbb77d - name: kind value: task resolver: bundles @@ -268,7 +278,7 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:0bc358b7c16a1ff9a829b6ce327ddb46f5c539b3cf90ade653739ffdf2925176 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:f667d1146533b1d49829c08097e31faf27db24563da576434a707353de62099f - name: kind value: task resolver: bundles @@ -288,7 +298,7 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:b65a1e0961e0e768dda1f118bc5b5cab9c7ca7f4ed094e6a4352e66f82b9fa0b + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:550afde50349e22ec11191ea0db9a49395ab46fef4e8317d820b6e946677ebeb - name: kind value: task resolver: bundles @@ -377,7 +387,7 @@ spec: - name: name value: fbc-fips-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-fbc-fips-check-oci-ta:0.1@sha256:54bcb482534272463f3c515fcf969d5b81b5770c0e69d711dbf25510813613b2 + value: quay.io/konflux-ci/tekton-catalog/task-fbc-fips-check-oci-ta:0.1@sha256:247616a7e353ac77f2433989802cd3854c0b3b674386e160cae80c075a95f7db - name: kind value: task resolver: bundles diff --git a/pkg/konfluxgen/kustomize/docker-build.yaml b/pkg/konfluxgen/kustomize/docker-build.yaml index a156a494..8e0b5c21 100644 --- a/pkg/konfluxgen/kustomize/docker-build.yaml +++ b/pkg/konfluxgen/kustomize/docker-build.yaml @@ -66,6 +66,14 @@ spec: - default: "false" description: Enable cache proxy configuration name: enable-cache-proxy + - default: "true" + description: Use the package registry proxy when prefetching dependencies + name: enable-package-registry-proxy + - default: . + description: Target directories in component's source code to scan with SAST tools. + Multiple values should be separated with commas. + name: sast-target-dirs + type: string - default: [] description: Array of --build-arg values ("arg=value" strings) for buildah name: build-args @@ -108,7 +116,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:f2de909151c733da85c7c05de8ecf37c55079c219dcf8db906175ae11fca0142 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:90f0e8e134c4bb919956bb095d62365907adeea4fbeb4cebbf5f3f94286bf967 - name: kind value: task resolver: bundles @@ -129,7 +137,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:f3f28a40fb7b4c8a5c1ec935df5576139bb6ba5b80f3531f42da2f1f2448a53b + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:13d49df7dc9ae301627e45f95a236011422996152f1bea46cd60217b0f057407 - name: kind value: task resolver: bundles @@ -140,6 +148,8 @@ spec: params: - name: input value: $(params.prefetch-input) + - name: enable-package-registry-proxy + value: $(params.enable-package-registry-proxy) - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - name: ociStorage @@ -153,7 +163,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:9917d11f0a38c844184042d504b3d5605c009e6e43785fa113caae8b4c99b75e + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:a2efbcdcecfa5293a622eb356a18f5c88e5714046b214fe8730b43b1a7dbb77d - name: kind value: task resolver: bundles @@ -211,7 +221,7 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:0bc358b7c16a1ff9a829b6ce327ddb46f5c539b3cf90ade653739ffdf2925176 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:f667d1146533b1d49829c08097e31faf27db24563da576434a707353de62099f - name: kind value: task resolver: bundles @@ -233,7 +243,7 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:b65a1e0961e0e768dda1f118bc5b5cab9c7ca7f4ed094e6a4352e66f82b9fa0b + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:550afde50349e22ec11191ea0db9a49395ab46fef4e8317d820b6e946677ebeb - name: kind value: task resolver: bundles @@ -254,7 +264,7 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:0201377594e6e0e9d304aa23b2363e4f47e02f3ebb6fe5a410480c1a17c9edfb + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:0917cfc7772e82cb8e74743c2104f43bcf2596aceafe87eec6fce69a8cac5f06 - name: kind value: task resolver: bundles @@ -328,7 +338,7 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:2d439dce35dc07bec38dcf450bcba949851686141a256d87eb6f42e5a217f6e2 + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:e2bcf1174a6dae9969b8f12e94babe2a5881bc77a509f10823b6a9eac6392850 - name: kind value: task resolver: bundles @@ -343,6 +353,8 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: TARGET_DIRS + value: $(params.sast-target-dirs) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -354,7 +366,7 @@ spec: - name: name value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:6045ed6f2d37cfdf75cb3f2bf88706839c276a59f892ae027a315456c2914cf3 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:8f3ecbeaff579e41b8278f82d7fabac27845db17a8e687ea6c510c0c9aceabbb - name: kind value: task resolver: bundles @@ -396,6 +408,8 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: TARGET_DIRS + value: $(params.sast-target-dirs) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -407,7 +421,7 @@ spec: - name: name value: sast-shell-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:c314b4d5369d7961af51c865be28cd792d5f233aef94ecf035b3f84acde398bf + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:c4ef47e3b4e0508572d266fb745be7e374c29dc02580328cbe9f4d472a8aca57 - name: kind value: task resolver: bundles @@ -422,6 +436,8 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: TARGET_DIRS + value: $(params.sast-target-dirs) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -433,7 +449,7 @@ spec: - name: name value: sast-unicode-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:3d8a6902ab7c5c2125be07263f395426342c5032b3abfd0140162ad838437bab + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:90efa582de7770d55102b74014a765cd16a25a56f2cf644b56a788c70c4dc749 - name: kind value: task resolver: bundles @@ -455,7 +471,7 @@ spec: - name: name value: apply-tags - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:de3722bac1bf5ae8a95319162ce7e23fb33a7e2b7c0ac91535549f31a75aac86 + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:a291081de7fb27f832c6fc3c4b078acf7e6162ca4c085db38b118ca87e8b5b66 - name: kind value: task resolver: bundles @@ -478,7 +494,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.3@sha256:aa0d54cdd04777562599195439186bb9ea28ced4529e9b860867611cca453a39 + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.3@sha256:7855471abfe87de080b914f2f3ca27c59e64f6448a7c2435e51435b764494c71 - name: kind value: task resolver: bundles @@ -495,7 +511,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:65b14e54b86c3b8e7332b53ff8d2e574693fa1335f9720aec21d47e9d15686f0 + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:4ceea61b0fa81bc5da05afb26d51e06e4843378d739e4d003b062d5d04cc5e90 - name: kind value: task resolver: bundles diff --git a/pkg/konfluxgen/kustomize/fbc-builder.yaml b/pkg/konfluxgen/kustomize/fbc-builder.yaml index 5c1cfdf7..8a263131 100644 --- a/pkg/konfluxgen/kustomize/fbc-builder.yaml +++ b/pkg/konfluxgen/kustomize/fbc-builder.yaml @@ -61,6 +61,14 @@ spec: - default: "false" description: Enable cache proxy configuration name: enable-cache-proxy + - default: "true" + description: Use the package registry proxy when prefetching dependencies + name: enable-package-registry-proxy + - default: . + description: Target directories in component's source code to scan with SAST tools. + Multiple values should be separated with commas. + name: sast-target-dirs + type: string - default: [] description: Array of --build-arg values ("arg=value" strings) for buildah name: build-args @@ -98,7 +106,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:f2de909151c733da85c7c05de8ecf37c55079c219dcf8db906175ae11fca0142 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:90f0e8e134c4bb919956bb095d62365907adeea4fbeb4cebbf5f3f94286bf967 - name: kind value: task resolver: bundles @@ -119,7 +127,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:f3f28a40fb7b4c8a5c1ec935df5576139bb6ba5b80f3531f42da2f1f2448a53b + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:13d49df7dc9ae301627e45f95a236011422996152f1bea46cd60217b0f057407 - name: kind value: task resolver: bundles @@ -155,6 +163,8 @@ spec: params: - name: input value: $(params.prefetch-input) + - name: enable-package-registry-proxy + value: $(params.enable-package-registry-proxy) - name: SOURCE_ARTIFACT value: $(tasks.run-opm-command.results.SOURCE_ARTIFACT) - name: ociStorage @@ -168,7 +178,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:9917d11f0a38c844184042d504b3d5605c009e6e43785fa113caae8b4c99b75e + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:a2efbcdcecfa5293a622eb356a18f5c88e5714046b214fe8730b43b1a7dbb77d - name: kind value: task resolver: bundles @@ -222,7 +232,7 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:0bc358b7c16a1ff9a829b6ce327ddb46f5c539b3cf90ade653739ffdf2925176 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:f667d1146533b1d49829c08097e31faf27db24563da576434a707353de62099f - name: kind value: task resolver: bundles @@ -242,7 +252,7 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:b65a1e0961e0e768dda1f118bc5b5cab9c7ca7f4ed094e6a4352e66f82b9fa0b + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:550afde50349e22ec11191ea0db9a49395ab46fef4e8317d820b6e946677ebeb - name: kind value: task resolver: bundles @@ -281,7 +291,7 @@ spec: - name: name value: apply-tags - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:de3722bac1bf5ae8a95319162ce7e23fb33a7e2b7c0ac91535549f31a75aac86 + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:a291081de7fb27f832c6fc3c4b078acf7e6162ca4c085db38b118ca87e8b5b66 - name: kind value: task resolver: bundles @@ -348,7 +358,7 @@ spec: - name: name value: fbc-fips-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-fbc-fips-check-oci-ta:0.1@sha256:54bcb482534272463f3c515fcf969d5b81b5770c0e69d711dbf25510813613b2 + value: quay.io/konflux-ci/tekton-catalog/task-fbc-fips-check-oci-ta:0.1@sha256:247616a7e353ac77f2433989802cd3854c0b3b674386e160cae80c075a95f7db - name: kind value: task resolver: bundles