-
Notifications
You must be signed in to change notification settings - Fork 17
Expand file tree
/
Copy pathscanner-db-slim-build.yaml
More file actions
73 lines (66 loc) · 2.06 KB
/
scanner-db-slim-build.yaml
File metadata and controls
73 lines (66 loc) · 2.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
apiVersion: tekton.dev/v1
kind: PipelineRun
metadata:
annotations:
build.appstudio.openshift.io/repo: https://github.com/stackrox/scanner?rev={{revision}}
build.appstudio.redhat.com/commit_sha: '{{revision}}'
build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}'
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
pipelinesascode.tekton.dev/max-keep-runs: "500"
pipelinesascode.tekton.dev/on-comment: "/konflux-retest scanner-db-slim-on-push"
pipelinesascode.tekton.dev/on-cel-expression: |
(event == "pull_request" && body.action != "ready_for_review") ||
(event == "push" && target_branch.matches("^(master|release-.*|refs/tags/.*)$"))
labels:
appstudio.openshift.io/application: acs
appstudio.openshift.io/component: scanner-db-slim
pipelines.appstudio.openshift.io/type: build
name: scanner-db-slim-on-push
namespace: rh-acs-tenant
spec:
params:
- name: dockerfile
value: image/db/rhel/konflux.Dockerfile
- name: git-url
value: '{{source_url}}'
- name: image-expires-after
value: '52w'
- name: output-image-repo
value: quay.io/rhacs-eng/release-scanner-db-slim
- name: path-context
value: .
- name: revision
value: '{{revision}}'
- name: rebuild
value: 'true'
- name: hermetic
value: "true"
# No dependencies are required for scanner-db-slim image.
- name: prefetch-input
value: ''
- name: build-source-image
value: 'true'
- name: build-target-stage
value: scanner-db-slim
- name: clone-depth
value: '0'
- name: clone-fetch-tags
value: 'true'
- name: blobs-to-fetch
value: [ ]
- name: extra-labels
value:
# X.Y in the cpe label must be adjusted for every version stream.
- "cpe=cpe:/a:redhat:advanced_cluster_security:X.Y::el9"
workspaces:
- name: git-auth
secret:
secretName: '{{ git_auth_secret }}'
taskRunTemplate:
serviceAccountName: build-pipeline-scanner-db-slim
timeouts:
tasks: 1h
finally: 10m
pipeline: 1h10m
pipelineRef:
name: scanner-component-pipeline