Skip to content

Commit 64328ac

Browse files
dfarrell07dfarrell07
committed
Add Konflux config for lighthouse-agent 0.22 with gomod-only prefetch
Signed-off-by: Daniel Farrell <[email protected]>
1 parent c50bdc9 commit 64328ac

File tree

3 files changed

+150
-88
lines changed

3 files changed

+150
-88
lines changed

.tekton/lighthouse-agent-0-22-pull-request.yaml

Lines changed: 43 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -30,14 +30,37 @@ spec:
3030
- name: build-platforms
3131
value:
3232
- linux/x86_64
33+
- linux/ppc64le
34+
- linux/s390x
35+
- linux/arm64
3336
- name: dockerfile
34-
value: package/Dockerfile.lighthouse-agent
37+
value: package/Dockerfile.lighthouse-agent.konflux
38+
- name: prefetch-input
39+
value: '[{"type": "gomod", "path": "."}, {"type": "gomod", "path": "tools"}]'
40+
- name: hermetic
41+
value: "true"
42+
- name: build-source-image
43+
value: "true"
3544
pipelineSpec:
3645
description: |
3746
This pipeline is ideal for building multi-arch container images from a Containerfile while maintaining trust after pipeline customization.
3847
3948
_Uses `buildah` to create a multi-platform container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. This pipeline requires that the [multi platform controller](https://github.com/konflux-ci/multi-platform-controller) is deployed and configured on your Konflux instance. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://conforma.dev/docs/policy/packages/release_trusted_task.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks.
4049
This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-multi-platform-oci-ta?tab=tags)_
50+
finally:
51+
- name: show-sbom
52+
params:
53+
- name: IMAGE_URL
54+
value: $(tasks.build-image-index.results.IMAGE_URL)
55+
taskRef:
56+
params:
57+
- name: name
58+
value: show-sbom
59+
- name: bundle
60+
value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:beb0616db051952b4b861dd8c3e00fa1c0eccbd926feddf71194d3bb3ace9ce7
61+
- name: kind
62+
value: task
63+
resolver: bundles
4164
params:
4265
- description: Source Repository URL
4366
name: git-url
@@ -72,7 +95,7 @@ spec:
7295
name: hermetic
7396
type: string
7497
- default: ""
75-
description: Build dependencies to be prefetched
98+
description: Build dependencies to be prefetched by Cachi2
7699
name: prefetch-input
77100
type: string
78101
- default: ""
@@ -88,11 +111,6 @@ spec:
88111
description: Add built image into an OCI image index
89112
name: build-image-index
90113
type: string
91-
- default: docker
92-
description: The format for the resulting image's mediaType. Valid values are
93-
oci or docker.
94-
name: buildah-format
95-
type: string
96114
- default: []
97115
description: Array of --build-arg values ("arg=value" strings) for buildah
98116
name: build-args
@@ -139,7 +157,7 @@ spec:
139157
- name: name
140158
value: init
141159
- name: bundle
142-
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:4072de81ade0a75ad1eaa5449a7ff02bba84757064549a81b48c28fab3aeca59
160+
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:3ca52e1d8885fc229bd9067275f44d5b21a9a609981d0324b525ddeca909bf10
143161
- name: kind
144162
value: task
145163
resolver: bundles
@@ -160,7 +178,7 @@ spec:
160178
- name: name
161179
value: git-clone-oci-ta
162180
- name: bundle
163-
value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:ea64f5b99202621e78ed3d74b00df5750cbf572c391e6da1956396f5945e4e11
181+
value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:bb2f8f1edec47faa08c1929f2ffc6748f3a96af9644e6c40000081c6ff3ec894
164182
- name: kind
165183
value: task
166184
resolver: bundles
@@ -182,14 +200,16 @@ spec:
182200
value: $(params.output-image).prefetch
183201
- name: ociArtifactExpiresAfter
184202
value: $(params.image-expires-after)
203+
- name: dev-package-managers
204+
value: "true"
185205
runAfter:
186206
- clone-repository
187207
taskRef:
188208
params:
189209
- name: name
190210
value: prefetch-dependencies-oci-ta
191211
- name: bundle
192-
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:9dbb38efdfca525b00dc502acf44723ac4a6c413bb2ab97459a13cd3a6056f17
212+
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:0503f9313dfe70e4defda88a7226ec91a74af42198dccfa3280397d965aa16d6
193213
- name: kind
194214
value: task
195215
resolver: bundles
@@ -226,10 +246,6 @@ spec:
226246
value: $(params.build-args-file)
227247
- name: PRIVILEGED_NESTED
228248
value: $(params.privileged-nested)
229-
- name: SOURCE_URL
230-
value: $(tasks.clone-repository.results.url)
231-
- name: BUILDAH_FORMAT
232-
value: $(params.buildah-format)
233249
- name: SOURCE_ARTIFACT
234250
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
235251
- name: CACHI2_ARTIFACT
@@ -243,7 +259,7 @@ spec:
243259
- name: name
244260
value: buildah-remote-oci-ta
245261
- name: bundle
246-
value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.7@sha256:c597a9f523b1115a88b9910267dd8f71057b0fa4f78e3dadf5a5c0affc5ea773
262+
value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.6@sha256:3832edaec1aae546c225c86ada53611e42717c784e2068e0536831a99cb1922d
247263
- name: kind
248264
value: task
249265
resolver: bundles
@@ -265,16 +281,14 @@ spec:
265281
- name: IMAGES
266282
value:
267283
- $(tasks.build-images.results.IMAGE_REF[*])
268-
- name: BUILDAH_FORMAT
269-
value: $(params.buildah-format)
270284
runAfter:
271285
- build-images
272286
taskRef:
273287
params:
274288
- name: name
275289
value: build-image-index
276290
- name: bundle
277-
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:0e90cf8259c7f54baad27d2a538294115f725ceb269ef789957fe68790803cbd
291+
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:d94cad7f41be61074dd21c7dff26dab9217c3435a16f62813c1cb8382dd9aae6
278292
- name: kind
279293
value: task
280294
resolver: bundles
@@ -300,7 +314,7 @@ spec:
300314
- name: name
301315
value: source-build-oci-ta
302316
- name: bundle
303-
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:f62ef32f7d25f0ee50904b57b160e3fd5403fab5ec040c7aa99f5982fdd92ef4
317+
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:5f9069a07a6dc16aae7a05adf49d2b6792815f3fabd116377578860743f4e0ec
304318
- name: kind
305319
value: task
306320
resolver: bundles
@@ -335,12 +349,7 @@ spec:
335349
operator: in
336350
values:
337351
- "false"
338-
- matrix:
339-
params:
340-
- name: image-platform
341-
value:
342-
- $(params.build-platforms)
343-
name: clair-scan
352+
- name: clair-scan
344353
params:
345354
- name: image-digest
346355
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
@@ -353,7 +362,7 @@ spec:
353362
- name: name
354363
value: clair-scan
355364
- name: bundle
356-
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:8ec7d7b9438ace5ef3fb03a533d9440d0fd81e51c73b0dc1eb51602fb7cd044e
365+
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:076d5cde62b55bbfcdda2b4782392256bbda5ad38f839013b4330b3aba70a973
357366
- name: kind
358367
value: task
359368
resolver: bundles
@@ -362,12 +371,7 @@ spec:
362371
operator: in
363372
values:
364373
- "false"
365-
- matrix:
366-
params:
367-
- name: platform
368-
value:
369-
- $(params.build-platforms)
370-
name: ecosystem-cert-preflight-checks
374+
- name: ecosystem-cert-preflight-checks
371375
params:
372376
- name: image-url
373377
value: $(tasks.build-image-index.results.IMAGE_URL)
@@ -378,7 +382,7 @@ spec:
378382
- name: name
379383
value: ecosystem-cert-preflight-checks
380384
- name: bundle
381-
value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:04f75593558f79a27da2336400bc63d460bf0c5669e3c13f40ee2fb650b1ad1e
385+
value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:9568c51a5158d534248908b9b561cf67d2826ed4ea164ffd95628bb42380e6ec
382386
- name: kind
383387
value: task
384388
resolver: bundles
@@ -413,12 +417,7 @@ spec:
413417
operator: in
414418
values:
415419
- "false"
416-
- matrix:
417-
params:
418-
- name: image-arch
419-
value:
420-
- $(params.build-platforms)
421-
name: clamav-scan
420+
- name: clamav-scan
422421
params:
423422
- name: image-digest
424423
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
@@ -431,7 +430,7 @@ spec:
431430
- name: name
432431
value: clamav-scan
433432
- name: bundle
434-
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:f3d2d179cddcc07d0228d9f52959a233037a3afa2619d0a8b2effbb467db80c3
433+
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:40555593de346dd3083410c9517d52c3f27e27cb66f447054f4f66fcff56e23f
435434
- name: kind
436435
value: task
437436
resolver: bundles
@@ -549,7 +548,7 @@ spec:
549548
- name: name
550549
value: sast-unicode-check-oci-ta
551550
- name: bundle
552-
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.3@sha256:1833c618170ab9deb8455667f220df8e88d16ccd630a2361366f594e2bdcb712
551+
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.2@sha256:5a93fe7f1f3990167d87cb3f30bc13293e02cf5a6da88f46cf0368b3328c2d56
553552
- name: kind
554553
value: task
555554
resolver: bundles
@@ -571,7 +570,7 @@ spec:
571570
- name: name
572571
value: apply-tags
573572
- name: bundle
574-
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:ade0bf9c2e9c169f588fbfe71fb489c2f7053fe41884e7969f270b317d9eb548
573+
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:f44be1bf0262471f2f503f5e19da5f0628dcaf968c86272a2ad6b4871e708448
575574
- name: kind
576575
value: task
577576
resolver: bundles
@@ -594,7 +593,7 @@ spec:
594593
- name: name
595594
value: push-dockerfile-oci-ta
596595
- name: bundle
597-
value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:08bba4a659ecd48f871bef00b80af58954e5a09fcbb28a1783ddd640c4f6535e
596+
value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:738e6e2108bee5b50309a37b54bc1adf8433ac63598dbb6830d6cb4ac65d9de6
598597
- name: kind
599598
value: task
600599
resolver: bundles
@@ -611,7 +610,7 @@ spec:
611610
- name: name
612611
value: rpms-signature-scan
613612
- name: bundle
614-
value: quay.io/konflux-ci/konflux-vanguard/task-rpms-signature-scan:0.2@sha256:78c8d7960c6db284356d94aaae64d1fca34fff4de6a6e20d897a088af0c81cf5
613+
value: quay.io/konflux-ci/konflux-vanguard/task-rpms-signature-scan:0.2@sha256:3d9fbf2c0a732f736b050c293380b63c8c72ab38d0ef79fcf9d1b7d8fcd25efb
615614
- name: kind
616615
value: task
617616
resolver: bundles

0 commit comments

Comments
 (0)