diff --git a/.tekton/docker-build.yaml b/.tekton/docker-build.yaml index e690a85b41..13347b7c7b 100755 --- a/.tekton/docker-build.yaml +++ b/.tekton/docker-build.yaml @@ -50,6 +50,10 @@ spec: - name: workspace workspace: workspace params: + - default: --all-projects --org=3e1a4cca-ebfb-495f-b64c-3cc960d566b4 --exclude=test*,vendor,third_party + description: Append arguments to Snyk code command. + name: snyk-args + type: string - default: "true" description: Build a source image. name: build-source-image @@ -128,6 +132,33 @@ spec: name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository.results.commit) tasks: + - name: sast-snyk-check + params: + - name: ARGS + value: $(params.snyk-args) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-snyk-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2@sha256:82c42d27c9c59db6cf6c235e89f7b37f5cdfc75d0d361ca0ee91ae703ba72301 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace - name: prefetch-dependencies params: - name: dev-package-managers @@ -378,31 +409,6 @@ spec: operator: in values: - "false" - - name: sast-snyk-check - params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - build-image-index - taskRef: - params: - - name: name - value: sast-snyk-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2@sha256:82c42d27c9c59db6cf6c235e89f7b37f5cdfc75d0d361ca0ee91ae703ba72301 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - workspace: workspace - name: clamav-scan params: - name: image-digest diff --git a/.tekton/fbc-builder.yaml b/.tekton/fbc-builder.yaml index 2f76dd0287..7d3b77da9a 100755 --- a/.tekton/fbc-builder.yaml +++ b/.tekton/fbc-builder.yaml @@ -86,7 +86,7 @@ spec: description: Skip checks against built image name: skip-checks type: string - - default: "false" + - default: "true" description: Execute the build with network isolation name: hermetic type: string @@ -116,39 +116,6 @@ spec: name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository.results.commit) tasks: - - name: build-container - params: - - name: HERMETIC - value: $(params.hermetic) - - name: IMAGE - value: $(params.output-image) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - runAfter: - - clone-repository - taskRef: - params: - - name: name - value: buildah - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.2@sha256:a523f60203d90e149f96ec776b47ce85a7acfd6d634ddfc18f4a03f14e08ea0e - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: source - workspace: workspace - name: apply-tags params: - name: ADDITIONAL_TAGS @@ -210,6 +177,39 @@ spec: workspace: workspace - name: basic-auth workspace: git-auth + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: buildah + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.2@sha256:a523f60203d90e149f96ec776b47ce85a7acfd6d634ddfc18f4a03f14e08ea0e + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace - name: build-image-index params: - name: IMAGE diff --git a/.tekton/serverless-bundle-135-pull-request.yaml b/.tekton/serverless-bundle-135-pull-request.yaml index 750bf03d58..1e80753f94 100755 --- a/.tekton/serverless-bundle-135-pull-request.yaml +++ b/.tekton/serverless-bundle-135-pull-request.yaml @@ -7,8 +7,7 @@ metadata: build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch - == "main" + pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main" && ( files.all.exists(x, x.matches('^olm-catalog/serverless-operator/')) || files.all.exists(x, x.matches('^.tekton/')) ) creationTimestamp: null labels: appstudio.openshift.io/application: serverless-operator-135 diff --git a/.tekton/serverless-bundle-135-push.yaml b/.tekton/serverless-bundle-135-push.yaml index f5f8256cfb..c62be25cb1 100755 --- a/.tekton/serverless-bundle-135-push.yaml +++ b/.tekton/serverless-bundle-135-push.yaml @@ -6,8 +6,7 @@ metadata: build.appstudio.redhat.com/commit_sha: '{{revision}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch - == "main" + pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main" && ( files.all.exists(x, x.matches('^olm-catalog/serverless-operator/')) || files.all.exists(x, x.matches('^.tekton/')) ) creationTimestamp: null labels: appstudio.openshift.io/application: serverless-operator-135 diff --git a/.tekton/serverless-index-135-pull-request.yaml b/.tekton/serverless-index-135-pull-request.yaml index c1ef3a043d..a1e83ffbdd 100755 --- a/.tekton/serverless-index-135-pull-request.yaml +++ b/.tekton/serverless-index-135-pull-request.yaml @@ -7,8 +7,7 @@ metadata: build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch - == "main" + pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main" && ( files.all.exists(x, x.matches('^olm-catalog/serverless-operator-index/')) || files.all.exists(x, x.matches('^.tekton/')) ) creationTimestamp: null labels: appstudio.openshift.io/application: serverless-operator-135 @@ -19,7 +18,7 @@ metadata: spec: params: - name: dockerfile - value: olm-catalog/serverless-operator/index/Dockerfile + value: olm-catalog/serverless-operator-index/Dockerfile - name: build-args value: [ VERSION=1.35.0, ] - name: git-url diff --git a/.tekton/serverless-index-135-push.yaml b/.tekton/serverless-index-135-push.yaml index 667e8d7a84..9a6b1937db 100755 --- a/.tekton/serverless-index-135-push.yaml +++ b/.tekton/serverless-index-135-push.yaml @@ -6,8 +6,7 @@ metadata: build.appstudio.redhat.com/commit_sha: '{{revision}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch - == "main" + pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main" && ( files.all.exists(x, x.matches('^olm-catalog/serverless-operator-index/')) || files.all.exists(x, x.matches('^.tekton/')) ) creationTimestamp: null labels: appstudio.openshift.io/application: serverless-operator-135 @@ -18,7 +17,7 @@ metadata: spec: params: - name: dockerfile - value: olm-catalog/serverless-operator/index/Dockerfile + value: olm-catalog/serverless-operator-index/Dockerfile - name: build-args value: [ VERSION=1.35.0, ] - name: git-url diff --git a/.tekton/serverless-ingress-135-pull-request.yaml b/.tekton/serverless-ingress-135-pull-request.yaml index 1e4b5bada3..7e7a3fe851 100755 --- a/.tekton/serverless-ingress-135-pull-request.yaml +++ b/.tekton/serverless-ingress-135-pull-request.yaml @@ -8,7 +8,7 @@ metadata: build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch - == "main" + == "main" && ( files.all.exists(x, !x.matches('^olm-catalog/')) || files.all.exists(x, x.matches('^.tekton/')) ) creationTimestamp: null labels: appstudio.openshift.io/application: serverless-operator-135 diff --git a/.tekton/serverless-ingress-135-push.yaml b/.tekton/serverless-ingress-135-push.yaml index b959d3e56f..53ed14cce3 100755 --- a/.tekton/serverless-ingress-135-push.yaml +++ b/.tekton/serverless-ingress-135-push.yaml @@ -7,7 +7,7 @@ metadata: build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch - == "main" + == "main" && ( files.all.exists(x, !x.matches('^olm-catalog/')) || files.all.exists(x, x.matches('^.tekton/')) ) creationTimestamp: null labels: appstudio.openshift.io/application: serverless-operator-135 diff --git a/.tekton/serverless-kn-operator-135-pull-request.yaml b/.tekton/serverless-kn-operator-135-pull-request.yaml index 7b600cfbcb..e25a119510 100755 --- a/.tekton/serverless-kn-operator-135-pull-request.yaml +++ b/.tekton/serverless-kn-operator-135-pull-request.yaml @@ -8,7 +8,7 @@ metadata: build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch - == "main" && files.all.exists(x, !x.matches('^olm-catalog/|^openshift-knative-operator/')) + == "main" && ( files.all.exists(x, !x.matches('^olm-catalog/')) || files.all.exists(x, x.matches('^.tekton/')) ) creationTimestamp: null labels: appstudio.openshift.io/application: serverless-operator-135 diff --git a/.tekton/serverless-kn-operator-135-push.yaml b/.tekton/serverless-kn-operator-135-push.yaml index a8abbd3027..675047b339 100755 --- a/.tekton/serverless-kn-operator-135-push.yaml +++ b/.tekton/serverless-kn-operator-135-push.yaml @@ -7,7 +7,7 @@ metadata: build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch - == "main" && files.all.exists(x, !x.matches('^olm-catalog/|^openshift-knative-operator/')) + == "main" && ( files.all.exists(x, !x.matches('^olm-catalog/')) || files.all.exists(x, x.matches('^.tekton/')) ) creationTimestamp: null labels: appstudio.openshift.io/application: serverless-operator-135 diff --git a/.tekton/serverless-metadata-webhook-135-pull-request.yaml b/.tekton/serverless-metadata-webhook-135-pull-request.yaml index 16a51e1afa..cabcb76334 100755 --- a/.tekton/serverless-metadata-webhook-135-pull-request.yaml +++ b/.tekton/serverless-metadata-webhook-135-pull-request.yaml @@ -8,7 +8,7 @@ metadata: build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch - == "main" + == "main" && ( files.all.exists(x, !x.matches('^olm-catalog/')) || files.all.exists(x, x.matches('^.tekton/')) ) creationTimestamp: null labels: appstudio.openshift.io/application: serverless-operator-135 diff --git a/.tekton/serverless-metadata-webhook-135-push.yaml b/.tekton/serverless-metadata-webhook-135-push.yaml index 6f429a1b86..49daf33383 100755 --- a/.tekton/serverless-metadata-webhook-135-push.yaml +++ b/.tekton/serverless-metadata-webhook-135-push.yaml @@ -7,7 +7,7 @@ metadata: build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch - == "main" + == "main" && ( files.all.exists(x, !x.matches('^olm-catalog/')) || files.all.exists(x, x.matches('^.tekton/')) ) creationTimestamp: null labels: appstudio.openshift.io/application: serverless-operator-135 diff --git a/.tekton/serverless-openshift-kn-operator-135-pull-request.yaml b/.tekton/serverless-openshift-kn-operator-135-pull-request.yaml index 0e048b9e8b..b37ebd192d 100755 --- a/.tekton/serverless-openshift-kn-operator-135-pull-request.yaml +++ b/.tekton/serverless-openshift-kn-operator-135-pull-request.yaml @@ -8,7 +8,7 @@ metadata: build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch - == "main" && files.all.exists(x, !x.matches('^olm-catalog/|^knative-operator/')) + == "main" && ( files.all.exists(x, !x.matches('^olm-catalog/')) || files.all.exists(x, x.matches('^.tekton/')) ) creationTimestamp: null labels: appstudio.openshift.io/application: serverless-operator-135 diff --git a/.tekton/serverless-openshift-kn-operator-135-push.yaml b/.tekton/serverless-openshift-kn-operator-135-push.yaml index f3a170d7ff..fe8866b699 100755 --- a/.tekton/serverless-openshift-kn-operator-135-push.yaml +++ b/.tekton/serverless-openshift-kn-operator-135-push.yaml @@ -7,7 +7,7 @@ metadata: build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch - == "main" && files.all.exists(x, !x.matches('^olm-catalog/|^knative-operator/')) + == "main" && ( files.all.exists(x, !x.matches('^olm-catalog/')) || files.all.exists(x, x.matches('^.tekton/')) ) creationTimestamp: null labels: appstudio.openshift.io/application: serverless-operator-135 diff --git a/Makefile b/Makefile index 13598fc975..c34f468626 100644 --- a/Makefile +++ b/Makefile @@ -303,9 +303,9 @@ release-files: install-tool-sobranch install-tool-skopeo openshift/ci-operator/build-image/Dockerfile ./hack/generate/dockerfile.sh \ templates/index.Dockerfile \ - olm-catalog/serverless-operator/index/Dockerfile + olm-catalog/serverless-operator-index/Dockerfile ./hack/generate/index.sh \ - olm-catalog/serverless-operator/index/configs/index.yaml + olm-catalog/serverless-operator-index/configs/index.yaml ./hack/generate/quickstart.sh \ templates/serverless-application-quickstart.yaml \ knative-operator/deploy/resources/quickstart/serverless-application-quickstart.yaml diff --git a/hack/lib/catalogsource.bash b/hack/lib/catalogsource.bash index 82bd903bdd..c23ddb5252 100644 --- a/hack/lib/catalogsource.bash +++ b/hack/lib/catalogsource.bash @@ -65,7 +65,7 @@ function install_catalogsource { # will push images to ${OLM_NAMESPACE} namespace, allow the ${OPERATORS_NAMESPACE} namespace to pull those images. oc adm policy add-role-to-group system:image-puller system:serviceaccounts:"${OPERATORS_NAMESPACE}" --namespace "${OLM_NAMESPACE}" - local index_dorkerfile_path="olm-catalog/serverless-operator/index/Dockerfile" + local index_dorkerfile_path="olm-catalog/serverless-operator-index/Dockerfile" logger.debug "Create a backup of the index Dockerfile." cp "${index_dorkerfile_path}" "${rootdir}/_output/bkp.Dockerfile" diff --git a/hack/lib/serverless.bash b/hack/lib/serverless.bash index 1152627343..bc6c4bd2cb 100644 --- a/hack/lib/serverless.bash +++ b/hack/lib/serverless.bash @@ -17,7 +17,7 @@ function ensure_serverless_installed { local csv if [[ "${INSTALL_OLDEST_COMPATIBLE}" == "true" ]]; then rootdir="$(dirname "$(dirname "$(dirname "$(realpath "${BASH_SOURCE[0]}")")")")" - csv=$(yq read --doc 0 "$rootdir/olm-catalog/serverless-operator/index/configs/index.yaml" 'entries[-1].name') + csv=$(yq read --doc 0 "$rootdir/olm-catalog/serverless-operator-index/configs/index.yaml" 'entries[-1].name') elif [[ "${INSTALL_PREVIOUS_VERSION}" == "true" ]]; then csv="$PREVIOUS_CSV" else diff --git a/hack/verify-diff.sh b/hack/verify-diff.sh index 7b9ef40ea1..8a9b7fcc59 100755 --- a/hack/verify-diff.sh +++ b/hack/verify-diff.sh @@ -3,7 +3,7 @@ # Define the files to exclude readonly EXCLUDE_FILES=( 'olm-catalog/serverless-operator/manifests/serverless-operator.clusterserviceversion.yaml' - 'olm-catalog/serverless-operator/index/Dockerfile' + 'olm-catalog/serverless-operator-index/Dockerfile' 'test/images-rekt.yaml' ) # Define the patterns to exclude diff --git a/olm-catalog/serverless-operator/index/Dockerfile b/olm-catalog/serverless-operator-index/Dockerfile similarity index 96% rename from olm-catalog/serverless-operator/index/Dockerfile rename to olm-catalog/serverless-operator-index/Dockerfile index 82ed0fa29e..07c5cfd805 100644 --- a/olm-catalog/serverless-operator/index/Dockerfile +++ b/olm-catalog/serverless-operator-index/Dockerfile @@ -5,7 +5,7 @@ FROM registry.access.redhat.com/ubi9/ubi-minimal as builder COPY --from=opm /bin/opm /bin/opm # Copy declarative config root into image at /configs -COPY olm-catalog/serverless-operator/index/configs /configs +COPY olm-catalog/serverless-operator-index/configs /configs RUN /bin/opm init serverless-operator --default-channel=stable --output yaml >> /configs/index.yaml RUN /bin/opm render --skip-tls-verify -o yaml \ diff --git a/olm-catalog/serverless-operator/index/configs/index.yaml b/olm-catalog/serverless-operator-index/configs/index.yaml similarity index 100% rename from olm-catalog/serverless-operator/index/configs/index.yaml rename to olm-catalog/serverless-operator-index/configs/index.yaml diff --git a/templates/index.Dockerfile b/templates/index.Dockerfile index 5656c35208..8071391b95 100644 --- a/templates/index.Dockerfile +++ b/templates/index.Dockerfile @@ -5,7 +5,7 @@ FROM registry.access.redhat.com/ubi9/ubi-minimal as builder COPY --from=opm /bin/opm /bin/opm # Copy declarative config root into image at /configs -COPY olm-catalog/serverless-operator/index/configs /configs +COPY olm-catalog/serverless-operator-index/configs /configs RUN /bin/opm init serverless-operator --default-channel=__DEFAULT_CHANNEL__ --output yaml >> /configs/index.yaml RUN /bin/opm render --skip-tls-verify -o yaml \ diff --git a/test/lib.bash b/test/lib.bash index 9876c63d49..c20b7ace8c 100644 --- a/test/lib.bash +++ b/test/lib.bash @@ -539,7 +539,7 @@ EOF function kitchensink_csvs { local csvs csvs_rev # shellcheck disable=SC2034,SC2207 - csvs=( $(yq read --doc 0 "$rootdir/olm-catalog/serverless-operator/index/configs/index.yaml" 'entries[*].name') ) + csvs=( $(yq read --doc 0 "$rootdir/olm-catalog/serverless-operator-index/configs/index.yaml" 'entries[*].name') ) array.reverse csvs csvs_rev # Remove first CSV as this is already installed.