Skip to content

Commit 9fee8ec

Browse files
thepetkthepetk
authored
Add shell and unicode sast pipeline tasks (#215)
* Add shell and unicode sast pipeline tasks https://issues.redhat.com/browse/KONFLUX-2264 Signed-off-by: thepetk <[email protected]> * Update dependencies Signed-off-by: thepetk <[email protected]> * Fix manifest * Fix issue with sha Signed-off-by: thepetk <[email protected]> * Update references * Revert coverity check Signed-off-by: thepetk <[email protected]> --------- Signed-off-by: thepetk <[email protected]>
1 parent 1a3abdc commit 9fee8ec

File tree

2 files changed

+134
-130
lines changed

2 files changed

+134
-130
lines changed

.tekton/registry-viewer-main-pull-request.yaml

Lines changed: 67 additions & 65 deletions
Original file line numberDiff line numberDiff line change
@@ -132,7 +132,7 @@ spec:
132132
- name: name
133133
value: init
134134
- name: bundle
135-
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:db1285c571d7037684876df0a5b619305b3c8f2be88233ebead4d37caf5cb04b
135+
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:aac8127bc10c95fae3ca1248c1dd96576315f3313bca90c5c9378dbf37954a08
136136
- name: kind
137137
value: task
138138
resolver: bundles
@@ -153,7 +153,7 @@ spec:
153153
- name: name
154154
value: git-clone-oci-ta
155155
- name: bundle
156-
value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:9709088bf3c581d4763e9804d9ee3a1f06ad6a61c23237277057c4f0cdc4f9c3
156+
value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:0761f97595d42c87c076797e0d0f66ff572146cad958106b7f5446b182d03394
157157
- name: kind
158158
value: task
159159
resolver: bundles
@@ -182,7 +182,7 @@ spec:
182182
- name: name
183183
value: prefetch-dependencies-oci-ta
184184
- name: bundle
185-
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:efc8aebec295bf5986597b6bbeebe093b2764fea79c66094e05ff3d283f54932
185+
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:3a1b3280d6300ebedb9923ddc441b91b6980512be5dae8da4b9d3be21feeb48e
186186
- name: kind
187187
value: task
188188
resolver: bundles
@@ -223,7 +223,7 @@ spec:
223223
- name: name
224224
value: buildah-oci-ta
225225
- name: bundle
226-
value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.4@sha256:25cd429104fc1e48cf2e4382d9ee475828759649a1e17c913cb8531b4729558b
226+
value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.4@sha256:03be9d41b9617edc1436ae5a29cbd130f5101e5031d198f24c463672009754ac
227227
- name: kind
228228
value: task
229229
resolver: bundles
@@ -252,7 +252,7 @@ spec:
252252
- name: name
253253
value: build-image-index
254254
- name: bundle
255-
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:ec1f33e2e358a5beac831685cf69cd63714d519620953cff48af9d74246118b5
255+
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:70f2fe8ab9909c2bc8bb853ed5b880969f0de5022658f3af86f7dea15f95ff73
256256
- name: kind
257257
value: task
258258
resolver: bundles
@@ -276,7 +276,7 @@ spec:
276276
- name: name
277277
value: source-build-oci-ta
278278
- name: bundle
279-
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.2@sha256:9fe82c9511f282287686f918bf1a543fcef417848e7a503357e988aab2887cee
279+
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.2@sha256:ac36a2233b0a09e7975b776f96aa49a6e61428e929ca8150dec9a717bd6c13ea
280280
- name: kind
281281
value: task
282282
resolver: bundles
@@ -302,7 +302,7 @@ spec:
302302
- name: name
303303
value: deprecated-image-check
304304
- name: bundle
305-
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:5d63b920b71192906fe4d6c4903f594e6f34c5edcff9d21714a08b5edcfbc667
305+
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:eb8136b543147b4a3e88ca3cc661ca6a11e303f35f0db44059f69151beea8496
306306
- name: kind
307307
value: task
308308
resolver: bundles
@@ -324,7 +324,7 @@ spec:
324324
- name: name
325325
value: clair-scan
326326
- name: bundle
327-
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:712afcf63f3b5a97c371d37e637efbcc9e1c7ad158872339d00adc6413cd8851
327+
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:7c73e2beca9b8306387efeaf775831440ec799b05a5f5c008a65bb941a1e91f6
328328
- name: kind
329329
value: task
330330
resolver: bundles
@@ -344,7 +344,7 @@ spec:
344344
- name: name
345345
value: ecosystem-cert-preflight-checks
346346
- name: bundle
347-
value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:00b13d06d17328e105b11619ee4db98b215ca6ac02314a4776aa5fc2a974f9c1
347+
value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:592daabe90703434d4ec85a19d1742e33561c927e461d899d7b3ac99f11a2515
348348
- name: kind
349349
value: task
350350
resolver: bundles
@@ -370,7 +370,7 @@ spec:
370370
- name: name
371371
value: sast-snyk-check-oci-ta
372372
- name: bundle
373-
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:a1cb59ed66a7be1949c9720660efb0a006e95ef05b3f67929dd8e310e1d7baef
373+
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:89aead32dc21404e4e0913be9668bdd2eea795db3e4caa762fb619044e479cb8
374374
- name: kind
375375
value: task
376376
resolver: bundles
@@ -379,6 +379,58 @@ spec:
379379
operator: in
380380
values:
381381
- "false"
382+
- name: sast-shell-check
383+
params:
384+
- name: image-digest
385+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
386+
- name: image-url
387+
value: $(tasks.build-image-index.results.IMAGE_URL)
388+
- name: SOURCE_ARTIFACT
389+
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
390+
- name: CACHI2_ARTIFACT
391+
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
392+
runAfter:
393+
- build-image-index
394+
taskRef:
395+
params:
396+
- name: name
397+
value: sast-shell-check-oci-ta
398+
- name: bundle
399+
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:57b3262138eb06186ae7375f84ca53788bba2a66cfd03d39cb82c78df050aba5
400+
- name: kind
401+
value: task
402+
resolver: bundles
403+
when:
404+
- input: $(params.skip-checks)
405+
operator: in
406+
values:
407+
- "false"
408+
workspaces: []
409+
- name: sast-unicode-check
410+
params:
411+
- name: image-url
412+
value: $(tasks.build-image-index.results.IMAGE_URL)
413+
- name: SOURCE_ARTIFACT
414+
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
415+
- name: CACHI2_ARTIFACT
416+
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
417+
runAfter:
418+
- build-image-index
419+
taskRef:
420+
params:
421+
- name: name
422+
value: sast-unicode-check-oci-ta
423+
- name: bundle
424+
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.1@sha256:424f2f659c02998dc3a43e1ce869e3148982c59adb74f953f8fa91ff1c9ab86e
425+
- name: kind
426+
value: task
427+
resolver: bundles
428+
when:
429+
- input: $(params.skip-checks)
430+
operator: in
431+
values:
432+
- "false"
433+
workspaces: []
382434
- name: clamav-scan
383435
params:
384436
- name: image-digest
@@ -392,7 +444,7 @@ spec:
392444
- name: name
393445
value: clamav-scan
394446
- name: bundle
395-
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:44b7ee11aa2d80d80d407587bd3cef82a8bb86db730751920d0e286e3db95627
447+
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:11b1684965b64f1fa7c65f90a3524413022246a3863eaba188c84eb4bf0b687a
396448
- name: kind
397449
value: task
398450
resolver: bundles
@@ -456,57 +508,7 @@ spec:
456508
- name: name
457509
value: coverity-availability-check
458510
- name: bundle
459-
value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:0b35292eed661c5e3ca307c0ba7f594d17555db2a1da567903b0b47697fa23ed
460-
- name: kind
461-
value: task
462-
resolver: bundles
463-
when:
464-
- input: $(params.skip-checks)
465-
operator: in
466-
values:
467-
- "false"
468-
- name: sast-shell-check
469-
params:
470-
- name: image-digest
471-
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
472-
- name: image-url
473-
value: $(tasks.build-image-index.results.IMAGE_URL)
474-
- name: SOURCE_ARTIFACT
475-
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
476-
- name: CACHI2_ARTIFACT
477-
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
478-
runAfter:
479-
- build-image-index
480-
taskRef:
481-
params:
482-
- name: name
483-
value: sast-shell-check-oci-ta
484-
- name: bundle
485-
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:a591675c72f06fb9c5b1a3d60e6e4c58e4df5f7da180c7a4691a692a6e7e6496
486-
- name: kind
487-
value: task
488-
resolver: bundles
489-
when:
490-
- input: $(params.skip-checks)
491-
operator: in
492-
values:
493-
- "false"
494-
- name: sast-unicode-check
495-
params:
496-
- name: image-url
497-
value: $(tasks.build-image-index.results.IMAGE_URL)
498-
- name: SOURCE_ARTIFACT
499-
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
500-
- name: CACHI2_ARTIFACT
501-
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
502-
runAfter:
503-
- build-image-index
504-
taskRef:
505-
params:
506-
- name: name
507-
value: sast-shell-check-oci-ta
508-
- name: bundle
509-
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:a591675c72f06fb9c5b1a3d60e6e4c58e4df5f7da180c7a4691a692a6e7e6496
511+
value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:8b58c4fae00c0dfe3937abfb8a9a61aa3c408cca4278b817db53d518428d944e
510512
- name: kind
511513
value: task
512514
resolver: bundles
@@ -526,7 +528,7 @@ spec:
526528
- name: name
527529
value: apply-tags
528530
- name: bundle
529-
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:1ef12328e89d7cd517e447e6ca331233df0807794cabf6be1046bc8a976b3f35
531+
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:4973fa42a8f06238613447fbdb3d0c55eb2d718fd16f2f2591a577c29c1edb17
530532
- name: kind
531533
value: task
532534
resolver: bundles
@@ -549,7 +551,7 @@ spec:
549551
- name: name
550552
value: push-dockerfile-oci-ta
551553
- name: bundle
552-
value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:c3f8fd807121fec3b895f327cec7f0d89a94c454945f143268763cf6327503cd
554+
value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:c4f87c44c4cf99f3d90435d72ad93e550b14d2928ba943715daf9015bcc1af73
553555
- name: kind
554556
value: task
555557
resolver: bundles
@@ -566,7 +568,7 @@ spec:
566568
- name: name
567569
value: rpms-signature-scan
568570
- name: bundle
569-
value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:c0798ff85ad04f1553d349fe34aa4918597fb35b3b74e344dfbd5af2f3494300
571+
value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:c7c1a5f5534ba22ecb93553632ee9e7c14f8f903dbb2ddde7b265e738686b0ea
570572
- name: kind
571573
value: task
572574
resolver: bundles

0 commit comments

Comments
 (0)