From d8f4afb1ab462ad97cc2ddd751cb2672d5ec2a98 Mon Sep 17 00:00:00 2001 From: konflux Date: Tue, 29 Apr 2025 13:28:40 +0000 Subject: [PATCH] Konflux build pipeline service account migration for deployment-validation-operator-bundle Signed-off-by: konflux --- ...lidation-operator-bundle-pull-request.yaml | 81 +++++++++---------- ...yment-validation-operator-bundle-push.yaml | 81 +++++++++---------- 2 files changed, 80 insertions(+), 82 deletions(-) diff --git a/.tekton/deployment-validation-operator-bundle-pull-request.yaml b/.tekton/deployment-validation-operator-bundle-pull-request.yaml index 402175f1..65d953c9 100644 --- a/.tekton/deployment-validation-operator-bundle-pull-request.yaml +++ b/.tekton/deployment-validation-operator-bundle-pull-request.yaml @@ -32,9 +32,9 @@ spec: - name: path-context value: konflux-ci/bundle - name: hermetic - value: 'true' + value: "true" - name: build-source-image - value: 'true' + value: "true" pipelineSpec: description: | This pipeline is ideal for building container images from a Containerfile while maintaining trust after pipeline customization. @@ -368,56 +368,54 @@ spec: - "false" - name: sast-shell-check params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - - build-image-index + - build-image-index taskRef: params: - - name: name - value: sast-shell-check-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:57b3262138eb06186ae7375f84ca53788bba2a66cfd03d39cb82c78df050aba5 - - name: kind - value: task + - name: name + value: sast-shell-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:57b3262138eb06186ae7375f84ca53788bba2a66cfd03d39cb82c78df050aba5 + - name: kind + value: task resolver: bundles when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: [] + - input: $(params.skip-checks) + operator: in + values: + - "false" - name: sast-unicode-check params: - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - - build-image-index + - build-image-index taskRef: params: - - name: name - value: sast-unicode-check-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.2@sha256:df185dbe4e2852668f9c46f938dd752e90ea9c79696363378435a6499596c319 - - name: kind - value: task + - name: name + value: sast-unicode-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.2@sha256:df185dbe4e2852668f9c46f938dd752e90ea9c79696363378435a6499596c319 + - name: kind + value: task resolver: bundles when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: [] + - input: $(params.skip-checks) + operator: in + values: + - "false" - name: clamav-scan params: - name: image-digest @@ -505,7 +503,8 @@ spec: optional: true - name: netrc optional: true - taskRunTemplate: {} + taskRunTemplate: + serviceAccountName: build-pipeline-deployment-validation-operator-bundle workspaces: - name: git-auth secret: diff --git a/.tekton/deployment-validation-operator-bundle-push.yaml b/.tekton/deployment-validation-operator-bundle-push.yaml index f9c7924b..ba9e4f0a 100644 --- a/.tekton/deployment-validation-operator-bundle-push.yaml +++ b/.tekton/deployment-validation-operator-bundle-push.yaml @@ -28,9 +28,9 @@ spec: - name: path-context value: konflux-ci/bundle - name: hermetic - value: 'true' + value: "true" - name: build-source-image - value: 'true' + value: "true" pipelineSpec: description: | This pipeline is ideal for building container images from a Containerfile while maintaining trust after pipeline customization. @@ -364,56 +364,54 @@ spec: - "false" - name: sast-shell-check params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - - build-image-index + - build-image-index taskRef: params: - - name: name - value: sast-shell-check-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:57b3262138eb06186ae7375f84ca53788bba2a66cfd03d39cb82c78df050aba5 - - name: kind - value: task + - name: name + value: sast-shell-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:57b3262138eb06186ae7375f84ca53788bba2a66cfd03d39cb82c78df050aba5 + - name: kind + value: task resolver: bundles when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: [] + - input: $(params.skip-checks) + operator: in + values: + - "false" - name: sast-unicode-check params: - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - - build-image-index + - build-image-index taskRef: params: - - name: name - value: sast-unicode-check-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.2@sha256:df185dbe4e2852668f9c46f938dd752e90ea9c79696363378435a6499596c319 - - name: kind - value: task + - name: name + value: sast-unicode-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.2@sha256:df185dbe4e2852668f9c46f938dd752e90ea9c79696363378435a6499596c319 + - name: kind + value: task resolver: bundles when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: [] + - input: $(params.skip-checks) + operator: in + values: + - "false" - name: clamav-scan params: - name: image-digest @@ -501,7 +499,8 @@ spec: optional: true - name: netrc optional: true - taskRunTemplate: {} + taskRunTemplate: + serviceAccountName: build-pipeline-deployment-validation-operator-bundle workspaces: - name: git-auth secret: