diff --git a/.tekton/docker-build.yaml b/.tekton/docker-build.yaml index 84dc50863..a03d4e2d0 100755 --- a/.tekton/docker-build.yaml +++ b/.tekton/docker-build.yaml @@ -50,6 +50,10 @@ spec: - name: workspace workspace: workspace params: + - default: --all-projects --org=3e1a4cca-ebfb-495f-b64c-3cc960d566b4 --exclude=test*,vendor,third_party + description: Append arguments to Snyk code command. + name: snyk-args + type: string - default: "true" description: Build a source image. name: build-source-image @@ -128,6 +132,33 @@ spec: name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository.results.commit) tasks: + - name: sast-snyk-check + params: + - name: ARGS + value: $(params.snyk-args) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-snyk-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2@sha256:69ae591831f0f96d31c85d360273c1ce436ae1dbbfa3d0b22a083cb228c9e82c + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace - name: prefetch-dependencies params: - name: dev-package-managers @@ -378,31 +409,6 @@ spec: operator: in values: - "false" - - name: sast-snyk-check - params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - build-image-index - taskRef: - params: - - name: name - value: sast-snyk-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2@sha256:69ae591831f0f96d31c85d360273c1ce436ae1dbbfa3d0b22a083cb228c9e82c - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - workspace: workspace - name: clamav-scan params: - name: image-digest diff --git a/.tekton/kn-eventing-istio-controller-115-pull-request.yaml b/.tekton/kn-eventing-istio-controller-115-pull-request.yaml index 3fff44e0c..9c80423f2 100755 --- a/.tekton/kn-eventing-istio-controller-115-pull-request.yaml +++ b/.tekton/kn-eventing-istio-controller-115-pull-request.yaml @@ -21,7 +21,7 @@ spec: - name: dockerfile value: openshift/ci-operator/knative-images/controller/Dockerfile - name: build-args - value: [ VERSION=release-1.35, GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_golang_1.22, GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal, ] + value: [ VERSION=1.35.0, GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_golang_1.22, GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal, ] - name: git-url value: '{{source_url}}' - name: hermetic diff --git a/.tekton/kn-eventing-istio-controller-115-push.yaml b/.tekton/kn-eventing-istio-controller-115-push.yaml index 58bb86a50..089ef5db4 100755 --- a/.tekton/kn-eventing-istio-controller-115-push.yaml +++ b/.tekton/kn-eventing-istio-controller-115-push.yaml @@ -20,7 +20,7 @@ spec: - name: dockerfile value: openshift/ci-operator/knative-images/controller/Dockerfile - name: build-args - value: [ VERSION=release-1.35, GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_golang_1.22, GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal, ] + value: [ VERSION=1.35.0, GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_golang_1.22, GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal, ] - name: git-url value: '{{source_url}}' - name: hermetic @@ -30,7 +30,7 @@ spec: - name: revision value: '{{revision}}' - name: additional-tags - value: [ release-1.35, latest, ] + value: [ 1.35.0, latest, ] pipelineRef: name: docker-build taskRunTemplate: {}