Add condition for running scan image

Adds support for a condition that will look for a secret.  This is integrated with the pipeline to skip the scan-image step if sysdig secret isn't there, unfortunately optional steps are not supported yet in Tekton so the whole rest of the pipeline will fail if there is no secret per here: tektoncd/pipeline#1023

kube/tekton/conditions/secret-exists-condition.yaml

@@ -0,0 +1,27 @@
+apiVersion: tekton.dev/v1alpha1
+kind: Condition
+metadata:
+  name: secret-exists
+spec:
+  params:
+    - name: SECRET_NAME
+      description: "The name of the secret to check for in the specified project"
+    - name: PROJECT
+      description: "The name of the project in which to seek SECRET_NAME.  Defaults to the project this condition is defined in"
+      default: ""
+  check:
+    image: quay.io/openshift/origin-cli:latest
+    script: |
+        #!/usr/bin/env bash
+        set -e -o pipefail
+
+        declare CHECK_PRJ="$(params.PROJECT)"
+        if [[ -z "${CHECK_PRJ}" ]]; then
+            echo "Looking to the pod to determine the current namespace"
+            CHECK_PRJ=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
+        fi
+
+        echo "command to run is: oc get secret $(params.SECRET_NAME) -n ${CHECK_PRJ} 2>/dev/null"
+
+        # check for non-empty string result looking for secret
+        test -n "$(oc get secret $(params.SECRET_NAME) -n ${CHECK_PRJ} 2>/dev/null)"

kube/tekton/pipelines/fraud-model-dev-pipeline.yaml

@@ -146,6 +146,14 @@ spec:
     - name: workvol
       workspace: local-workspace
   - name: scan-image
+    # FIXME: Unfortunately, we can't skip this step and have the rest of the pipeline run in this version of tekton
+    # See feature request here: https://github.com/tektoncd/pipeline/issues/1023
+    conditions:
+      - conditionRef: secret-exists
+        params:
+        - name: SECRET_NAME
+          value: sysdig-secret
+    # END FIXME
     taskRef:
       name: sysdig-image-scan
     runAfter: