diff --git a/.tekton/ansible-chatbot-service-push.yaml b/.tekton/ansible-chatbot-service-push.yaml index 4f1073b6..d63d7df9 100644 --- a/.tekton/ansible-chatbot-service-push.yaml +++ b/.tekton/ansible-chatbot-service-push.yaml @@ -2,20 +2,20 @@ apiVersion: tekton.dev/v1 kind: PipelineRun metadata: annotations: - build.appstudio.openshift.io/repo: https://github.com/openshift/lightspeed-service?rev={{revision}} - build.appstudio.redhat.com/commit_sha: "{{revision}}" - build.appstudio.redhat.com/target_branch: "{{target_branch}}" + build.appstudio.openshift.io/repo: https://github.com/ansible/ansible-chatbot-service?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: "event == \"push\" && \ntarget_branch == \"main\"\n" + pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main" build.appstudio.openshift.io/build-nudge-files: | .*Dockerfile.*, bundle/manifests/lightspeed-operator.clusterserviceversion.yaml, config/default/kustomization.yaml, lightspeed-catalog-4.15/index.yaml, lightspeed-catalog-4.16/index.yaml creationTimestamp: null labels: - appstudio.openshift.io/application: ols - appstudio.openshift.io/component: lightspeed-service + appstudio.openshift.io/application: ansible-chatbot-service + appstudio.openshift.io/component: ansible-chatbot-service pipelines.appstudio.openshift.io/type: build - name: lightspeed-service-on-push - namespace: crt-nshift-lightspeed-tenant + name: ansible-chatbot-service-on-push + namespace: ansible-lightspeed-tenant spec: params: - name: dockerfile @@ -23,39 +23,11 @@ spec: - name: git-url value: "{{source_url}}" - name: output-image - value: quay.io/redhat-user-workloads/crt-nshift-lightspeed-tenant/ols/lightspeed-service:{{revision}} + value: quay.io/ansible/ansible-chatbot-service:{{revision}} - name: path-context value: . - name: revision value: "{{revision}}" - - name: build-source-image - value: "true" - - name: prefetch-input - value: '[{"type": "rpm", "path": "."}, {"type": "pip", "path": ".", "allow_binary": "true"}]' - - name: hermetic - value: "true" - taskRunSpecs: - - pipelineTaskName: build-source-image - computeResources: - requests: - cpu: '1' - memory: 1Gi - limits: - memory: 4Gi - - pipelineTaskName: clair-scan - computeResources: - requests: - cpu: '1' - memory: 1Gi - limits: - memory: 8Gi - - pipelineTaskName: ecosystem-cert-preflight-checks - computeResources: - requests: - cpu: '1' - memory: 1Gi - limits: - memory: 8Gi pipelineSpec: finally: - name: show-sbom @@ -67,7 +39,7 @@ spec: - name: name value: show-sbom - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:9bfc6b99ef038800fe131d7b45ff3cd4da3a415dd536f7c657b3527b01c4a13b + value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:8e0f8cad75e6f674d72a874385b69c4651afc0c9dcc59feffe0d85844687d852 - name: kind value: task resolver: bundles @@ -93,6 +65,44 @@ spec: workspaces: - name: workspace workspace: workspace + - name: slack-notification-when-failed + params: + - name: message + value: Konflux https://console.redhat.com/application-pipeline/workspaces/ansible-lightspeed/applications/ansible-chatbot-service/pipelineruns/$(context.pipelineRun.name) status=$(tasks.status) + - name: secret-name + value: slack-webhook-urls + - name: key-name + value: team-wisdom-eng + taskRef: + params: + - name: bundle + value: quay.io/redhat-appstudio-tekton-catalog/task-slack-webhook-notification:0.1 + - name: name + value: slack-webhook-notification + - name: kind + value: Task + resolver: bundles + when: + - input: $(tasks.status) + operator: in + values: [ "Failed" ] + - name: slack-notification + params: + - name: message + value: Konflux https://console.redhat.com/application-pipeline/workspaces/ansible-lightspeed/applications/ansible-chatbot-service/pipelineruns/$(context.pipelineRun.name) status=$(tasks.status) + - name: secret-name + value: slack-webhook-urls + - name: key-name + value: wisdom-cicd-events + taskRef: + params: + - name: bundle + value: quay.io/redhat-appstudio-tekton-catalog/task-slack-webhook-notification:0.1 + - name: name + value: slack-webhook-notification + - name: kind + value: Task + resolver: bundles params: - description: Source Repository URL name: git-url @@ -139,10 +149,6 @@ spec: description: Build a source image. name: build-source-image type: string - - default: [] - description: Array of --build-arg values ("arg=value" strings) for buildah - name: build-args - type: array - default: "" description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file name: build-args-file @@ -177,7 +183,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:092c113b614f6551113f17605ae9cb7e822aa704d07f0e37ed209da23ce392cc + value: quay.io/redhat-appstudio-tekton-catalog/task-init:0.2@sha256:596b7c11572bb94eb67d9ffb4375068426e2a8249ff2792ce04ad2a4bc593a63 - name: kind value: task resolver: bundles @@ -194,7 +200,7 @@ spec: - name: name value: git-clone - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:2cccdf8729ad4d5adf65e8b66464f8efa1e1c87ba16d343b4a6c621a2a40f7e1 + value: quay.io/redhat-appstudio-tekton-catalog/task-git-clone:0.1@sha256:9e6c4db5a666ea0e1e747e03d63f46e5617a6b9852c26871f9d50891d778dfa2 - name: kind value: task resolver: bundles @@ -221,7 +227,7 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:fe7234e3824d1e65d6a7aac352e7a6bbce623d90d8d7da9aceeee108ad2c61be + value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:eea8bd511343b4014dab46a77e7215510f7a63820937d1267c6dc428e10ffbe4 - name: kind value: task resolver: bundles @@ -230,6 +236,10 @@ spec: operator: notin values: - "" + - input: $(params.hermetic) + operator: in + values: + - "true" workspaces: - name: source workspace: workspace @@ -251,11 +261,12 @@ spec: value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - $(params.build-args[*]) - name: BUILD_ARGS_FILE - value: build.args + value: $(params.build-args-file) + - name: TARGET_STAGE + value: production + - name: BUILD_ARGS + value: [ "IMAGE_TAGS=latest 1.0.$(tasks.git-metadata.results.commit-timestamp)", "GIT_COMMIT=$(tasks.clone-repository.results.commit)" ] runAfter: - prefetch-dependencies taskRef: @@ -263,7 +274,7 @@ spec: - name: name value: buildah-10gb - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-10gb:0.2@sha256:fe86b7c7e746f0d0a5ee6791d29eae5569138a5d31df42fadebcb6a9d2722ccb + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-10gb:0.2 - name: kind value: task resolver: bundles @@ -275,6 +286,42 @@ spec: workspaces: - name: source workspace: workspace + - name: apply-tags + params: + - name: IMAGE + value: $(tasks.build-container.results.IMAGE_URL) + - name: ADDITIONAL_TAGS + value: [ "latest", "1.0.$(tasks.git-metadata.results.commit-timestamp)" ] + runAfter: + - build-container + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/redhat-appstudio-tekton-catalog/task-apply-tags:0.1 + - name: kind + value: task + resolver: bundles + - name: git-metadata + runAfter: + - clone-repository + workspaces: + - name: source + workspace: workspace + taskSpec: + workspaces: + - name: source + steps: + - name: get-commit-timestamp + image: alpine/git + script: | + #!/bin/sh + set -euo pipefail + cd "$(workspaces.source.path)/source" + echo -n $(date -d @$(git log -1 --format=%at) "+%Y%m%d%H%M") > $(results.commit-timestamp.path) + results: + - name: commit-timestamp - name: build-source-image params: - name: BINARY_IMAGE @@ -286,7 +333,7 @@ spec: - name: name value: source-build - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:21cb5ebaff7a9216903cf78933dc4ec4dd6283a52636b16590a5f52ceb278269 + value: quay.io/redhat-appstudio-tekton-catalog/task-source-build:0.1@sha256:14b91ad9124b722b44222685013faaf9af8ac5b66030d9abeb1c61da3c118cdd - name: kind value: task resolver: bundles @@ -315,7 +362,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:b4f9599f5770ea2e6e4d031224ccc932164c1ecde7f85f68e16e99c98d754003 + value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.4@sha256:1f17ef7ab9859d6e2215ef2ed532ebc15e516ba09226b8cae77907a7a8b7cedd - name: kind value: task resolver: bundles @@ -337,7 +384,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:28fee4bf5da87f2388c973d9336086749cad8436003f9a514e22ac99735e056b + value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:b8c51079ea1110e1095c229e184e3c340120ba211a63a200e836706f5a35361c - name: kind value: task resolver: bundles @@ -357,7 +404,7 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:5131cce0f93d0b728c7bcc0d6cee4c61d4c9f67c6d619c627e41e3c9775b497d + value: quay.io/redhat-appstudio-tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:fc2cda064580364bb80c3ad6f438002de0033963fc33985d01ad249346b93433 - name: kind value: task resolver: bundles @@ -374,7 +421,7 @@ spec: - name: name value: sast-snyk-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2@sha256:c1ea706405f9ae146e31baef4abfea49b1e855a75bfc44c33eb0eb29516831b3 + value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.2@sha256:479bd0d9aaa7b377ff5f8ad93168d44807455646f2161688637cb2e4e0b990d9 - name: kind value: task resolver: bundles @@ -404,7 +451,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:1e29eebe916b81b7100138d62db0e03e22d03657274d37041c59cbaca5fdbf7d + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:7bb17b937c9342f305468e8a6d0a22493e3ecde58977bd2ffc8b50e2fa234d58 - name: kind value: task resolver: bundles @@ -413,21 +460,6 @@ spec: operator: in values: - "false" - - name: apply-tags - params: - - name: IMAGE - value: $(tasks.build-container.results.IMAGE_URL) - runAfter: - - build-container - taskRef: - params: - - name: name - value: apply-tags - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:f485e250fb060060892b633c495a3d7e38de1ec105ae1be48608b0401530ab2c - - name: kind - value: task - resolver: bundles workspaces: - name: workspace - name: git-auth