Skip to content

Commit f3e8f2a

Browse files
dfarrell07dfarrell07
committed
Add Konflux config for lighthouse-coredns
Signed-off-by: Daniel Farrell <[email protected]>
1 parent ce39ae5 commit f3e8f2a

File tree

3 files changed

+146
-88
lines changed

3 files changed

+146
-88
lines changed

.tekton/lighthouse-coredns-0-22-pull-request.yaml

Lines changed: 41 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -30,14 +30,37 @@ spec:
3030
- name: build-platforms
3131
value:
3232
- linux/x86_64
33+
- linux/ppc64le
34+
- linux/s390x
35+
- linux/arm64
3336
- name: dockerfile
34-
value: package/Dockerfile.lighthouse-coredns
37+
value: package/Dockerfile.lighthouse-coredns.konflux
38+
- name: prefetch-input
39+
value: '[{"type": "gomod", "path": "./coredns"}]'
40+
- name: hermetic
41+
value: "true"
42+
- name: build-source-image
43+
value: "true"
3544
pipelineSpec:
3645
description: |
3746
This pipeline is ideal for building multi-arch container images from a Containerfile while maintaining trust after pipeline customization.
3847
3948
_Uses `buildah` to create a multi-platform container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. This pipeline requires that the [multi platform controller](https://github.com/konflux-ci/multi-platform-controller) is deployed and configured on your Konflux instance. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://conforma.dev/docs/policy/packages/release_trusted_task.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks.
4049
This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-multi-platform-oci-ta?tab=tags)_
50+
finally:
51+
- name: show-sbom
52+
params:
53+
- name: IMAGE_URL
54+
value: $(tasks.build-image-index.results.IMAGE_URL)
55+
taskRef:
56+
params:
57+
- name: name
58+
value: show-sbom
59+
- name: bundle
60+
value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:beb0616db051952b4b861dd8c3e00fa1c0eccbd926feddf71194d3bb3ace9ce7
61+
- name: kind
62+
value: task
63+
resolver: bundles
4164
params:
4265
- description: Source Repository URL
4366
name: git-url
@@ -72,7 +95,7 @@ spec:
7295
name: hermetic
7396
type: string
7497
- default: ""
75-
description: Build dependencies to be prefetched
98+
description: Build dependencies to be prefetched by Cachi2
7699
name: prefetch-input
77100
type: string
78101
- default: ""
@@ -88,11 +111,6 @@ spec:
88111
description: Add built image into an OCI image index
89112
name: build-image-index
90113
type: string
91-
- default: docker
92-
description: The format for the resulting image's mediaType. Valid values are
93-
oci or docker.
94-
name: buildah-format
95-
type: string
96114
- default: []
97115
description: Array of --build-arg values ("arg=value" strings) for buildah
98116
name: build-args
@@ -139,7 +157,7 @@ spec:
139157
- name: name
140158
value: init
141159
- name: bundle
142-
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:4072de81ade0a75ad1eaa5449a7ff02bba84757064549a81b48c28fab3aeca59
160+
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:3ca52e1d8885fc229bd9067275f44d5b21a9a609981d0324b525ddeca909bf10
143161
- name: kind
144162
value: task
145163
resolver: bundles
@@ -160,7 +178,7 @@ spec:
160178
- name: name
161179
value: git-clone-oci-ta
162180
- name: bundle
163-
value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:ea64f5b99202621e78ed3d74b00df5750cbf572c391e6da1956396f5945e4e11
181+
value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:bb2f8f1edec47faa08c1929f2ffc6748f3a96af9644e6c40000081c6ff3ec894
164182
- name: kind
165183
value: task
166184
resolver: bundles
@@ -189,7 +207,7 @@ spec:
189207
- name: name
190208
value: prefetch-dependencies-oci-ta
191209
- name: bundle
192-
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:9dbb38efdfca525b00dc502acf44723ac4a6c413bb2ab97459a13cd3a6056f17
210+
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:0503f9313dfe70e4defda88a7226ec91a74af42198dccfa3280397d965aa16d6
193211
- name: kind
194212
value: task
195213
resolver: bundles
@@ -226,10 +244,6 @@ spec:
226244
value: $(params.build-args-file)
227245
- name: PRIVILEGED_NESTED
228246
value: $(params.privileged-nested)
229-
- name: SOURCE_URL
230-
value: $(tasks.clone-repository.results.url)
231-
- name: BUILDAH_FORMAT
232-
value: $(params.buildah-format)
233247
- name: SOURCE_ARTIFACT
234248
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
235249
- name: CACHI2_ARTIFACT
@@ -243,7 +257,7 @@ spec:
243257
- name: name
244258
value: buildah-remote-oci-ta
245259
- name: bundle
246-
value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.7@sha256:c597a9f523b1115a88b9910267dd8f71057b0fa4f78e3dadf5a5c0affc5ea773
260+
value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.6@sha256:3832edaec1aae546c225c86ada53611e42717c784e2068e0536831a99cb1922d
247261
- name: kind
248262
value: task
249263
resolver: bundles
@@ -265,16 +279,14 @@ spec:
265279
- name: IMAGES
266280
value:
267281
- $(tasks.build-images.results.IMAGE_REF[*])
268-
- name: BUILDAH_FORMAT
269-
value: $(params.buildah-format)
270282
runAfter:
271283
- build-images
272284
taskRef:
273285
params:
274286
- name: name
275287
value: build-image-index
276288
- name: bundle
277-
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:0e90cf8259c7f54baad27d2a538294115f725ceb269ef789957fe68790803cbd
289+
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:d94cad7f41be61074dd21c7dff26dab9217c3435a16f62813c1cb8382dd9aae6
278290
- name: kind
279291
value: task
280292
resolver: bundles
@@ -300,7 +312,7 @@ spec:
300312
- name: name
301313
value: source-build-oci-ta
302314
- name: bundle
303-
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:f62ef32f7d25f0ee50904b57b160e3fd5403fab5ec040c7aa99f5982fdd92ef4
315+
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:5f9069a07a6dc16aae7a05adf49d2b6792815f3fabd116377578860743f4e0ec
304316
- name: kind
305317
value: task
306318
resolver: bundles
@@ -335,12 +347,7 @@ spec:
335347
operator: in
336348
values:
337349
- "false"
338-
- matrix:
339-
params:
340-
- name: image-platform
341-
value:
342-
- $(params.build-platforms)
343-
name: clair-scan
350+
- name: clair-scan
344351
params:
345352
- name: image-digest
346353
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
@@ -353,7 +360,7 @@ spec:
353360
- name: name
354361
value: clair-scan
355362
- name: bundle
356-
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:8ec7d7b9438ace5ef3fb03a533d9440d0fd81e51c73b0dc1eb51602fb7cd044e
363+
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:076d5cde62b55bbfcdda2b4782392256bbda5ad38f839013b4330b3aba70a973
357364
- name: kind
358365
value: task
359366
resolver: bundles
@@ -362,12 +369,7 @@ spec:
362369
operator: in
363370
values:
364371
- "false"
365-
- matrix:
366-
params:
367-
- name: platform
368-
value:
369-
- $(params.build-platforms)
370-
name: ecosystem-cert-preflight-checks
372+
- name: ecosystem-cert-preflight-checks
371373
params:
372374
- name: image-url
373375
value: $(tasks.build-image-index.results.IMAGE_URL)
@@ -378,7 +380,7 @@ spec:
378380
- name: name
379381
value: ecosystem-cert-preflight-checks
380382
- name: bundle
381-
value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:04f75593558f79a27da2336400bc63d460bf0c5669e3c13f40ee2fb650b1ad1e
383+
value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:9568c51a5158d534248908b9b561cf67d2826ed4ea164ffd95628bb42380e6ec
382384
- name: kind
383385
value: task
384386
resolver: bundles
@@ -413,12 +415,7 @@ spec:
413415
operator: in
414416
values:
415417
- "false"
416-
- matrix:
417-
params:
418-
- name: image-arch
419-
value:
420-
- $(params.build-platforms)
421-
name: clamav-scan
418+
- name: clamav-scan
422419
params:
423420
- name: image-digest
424421
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
@@ -431,7 +428,7 @@ spec:
431428
- name: name
432429
value: clamav-scan
433430
- name: bundle
434-
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:f3d2d179cddcc07d0228d9f52959a233037a3afa2619d0a8b2effbb467db80c3
431+
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:40555593de346dd3083410c9517d52c3f27e27cb66f447054f4f66fcff56e23f
435432
- name: kind
436433
value: task
437434
resolver: bundles
@@ -549,7 +546,7 @@ spec:
549546
- name: name
550547
value: sast-unicode-check-oci-ta
551548
- name: bundle
552-
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.3@sha256:1833c618170ab9deb8455667f220df8e88d16ccd630a2361366f594e2bdcb712
549+
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.2@sha256:5a93fe7f1f3990167d87cb3f30bc13293e02cf5a6da88f46cf0368b3328c2d56
553550
- name: kind
554551
value: task
555552
resolver: bundles
@@ -571,7 +568,7 @@ spec:
571568
- name: name
572569
value: apply-tags
573570
- name: bundle
574-
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:ade0bf9c2e9c169f588fbfe71fb489c2f7053fe41884e7969f270b317d9eb548
571+
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:f44be1bf0262471f2f503f5e19da5f0628dcaf968c86272a2ad6b4871e708448
575572
- name: kind
576573
value: task
577574
resolver: bundles
@@ -594,7 +591,7 @@ spec:
594591
- name: name
595592
value: push-dockerfile-oci-ta
596593
- name: bundle
597-
value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:08bba4a659ecd48f871bef00b80af58954e5a09fcbb28a1783ddd640c4f6535e
594+
value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:738e6e2108bee5b50309a37b54bc1adf8433ac63598dbb6830d6cb4ac65d9de6
598595
- name: kind
599596
value: task
600597
resolver: bundles
@@ -611,7 +608,7 @@ spec:
611608
- name: name
612609
value: rpms-signature-scan
613610
- name: bundle
614-
value: quay.io/konflux-ci/konflux-vanguard/task-rpms-signature-scan:0.2@sha256:78c8d7960c6db284356d94aaae64d1fca34fff4de6a6e20d897a088af0c81cf5
611+
value: quay.io/konflux-ci/konflux-vanguard/task-rpms-signature-scan:0.2@sha256:3d9fbf2c0a732f736b050c293380b63c8c72ab38d0ef79fcf9d1b7d8fcd25efb
615612
- name: kind
616613
value: task
617614
resolver: bundles

0 commit comments

Comments
 (0)