From 49055ab70f66cea0cf59b515b096ff8f155b4b7f Mon Sep 17 00:00:00 2001 From: red-hat-konflux Date: Wed, 13 Nov 2024 09:05:04 +0000 Subject: [PATCH 1/5] Red Hat Konflux update compliance-frontend Signed-off-by: red-hat-konflux --- .tekton/compliance-frontend-pull-request.yaml | 282 ++++------------- .tekton/compliance-frontend-push.yaml | 287 ++++-------------- 2 files changed, 124 insertions(+), 445 deletions(-) diff --git a/.tekton/compliance-frontend-pull-request.yaml b/.tekton/compliance-frontend-pull-request.yaml index 4835d94df..6937883dc 100644 --- a/.tekton/compliance-frontend-pull-request.yaml +++ b/.tekton/compliance-frontend-pull-request.yaml @@ -32,10 +32,10 @@ spec: value: . pipelineSpec: description: | - This pipeline is ideal for building container images from a Containerfile while reducing network traffic. + This pipeline is ideal for building container images from a Containerfile while maintaining trust after pipeline customization. - _Uses `buildah` to create a container image. It also optionally creates a source image and runs some build-time tests. EC will flag a violation for [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) if any tasks are added to the pipeline. - This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build?tab=tags)_ + _Uses `buildah` to create a container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks. + This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-oci-ta?tab=tags)_ finally: - name: show-sbom params: @@ -50,28 +50,6 @@ spec: - name: kind value: task resolver: bundles - - name: show-summary - params: - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: git-url - value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - - name: image-url - value: $(params.output-image) - - name: build-task-status - value: $(tasks.build-image-index.status) - taskRef: - params: - - name: name - value: summary - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:d97c04ab42f277b1103eb6f3a053b247849f4f5b3237ea302a8ecada3b24e15b - - name: kind - value: task - resolver: bundles - workspaces: - - name: workspace - workspace: workspace params: - description: Source Repository URL name: git-url @@ -166,14 +144,18 @@ spec: value: $(params.git-url) - name: revision value: $(params.revision) + - name: ociStorage + value: $(params.output-image).git + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) runAfter: - init taskRef: params: - name: name - value: git-clone + value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:2cccdf8729ad4d5adf65e8b66464f8efa1e1c87ba16d343b4a6c621a2a40f7e1 + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:d1e63ec00bed1c9f0f571fa76b4da570be49a7c255c610544a461495230ba1b1 - name: kind value: task resolver: bundles @@ -183,166 +165,34 @@ spec: values: - "true" workspaces: - - name: output - workspace: workspace - name: basic-auth workspace: git-auth - name: prefetch-dependencies params: - name: input value: $(params.prefetch-input) + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image).prefetch + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) runAfter: - clone-repository taskRef: params: - name: name - value: prefetch-dependencies + value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:f53fe5482599b39ae2d1004cf09a2026fd9dd3822ab6ef46b51b4a398b0a3232 + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:3c11f5de6a0281bf93857f0c85bbbdfeda4cc118337da273fef0c138bda5eebb - name: kind value: task resolver: bundles - when: - - input: $(params.prefetch-input) - operator: notin - values: - - "" workspaces: - - name: source - workspace: workspace - name: git-basic-auth workspace: git-auth - name: netrc workspace: netrc - - name: parse-build-deploy-script - params: - - name: path-context - value: $(params.path-context) - taskRef: - resolver: git - params: - - name: url - value: https://github.com/RedHatInsights/konflux-consoledot-frontend-build - - name: revision - value: a6838b71b88dc1e84f11764c9734e4880096585d # replace with the latest commit from https://github.com/RedHatInsights/konflux-consoledot-frontend-build/commits - - name: pathInRepo - value: tasks/parse-build-deploy-script/parse-build-deploy-script.yaml - workspaces: - - name: source - workspace: workspace - runAfter: - - clone-repository - - name: create-frontend-dockerfile - taskRef: - resolver: git - params: - - name: url - value: https://github.com/RedHatInsights/konflux-consoledot-frontend-build - - name: revision - value: a6838b71b88dc1e84f11764c9734e4880096585d # replace with the latest commit from https://github.com/RedHatInsights/konflux-consoledot-frontend-build/commits - - name: pathInRepo - value: tasks/create-frontend-dockerfile/create-frontend-dockerfile.yaml - workspaces: - - name: source - workspace: workspace - params: - - name: path-context - value: $(params.path-context) - - name: component - value: $(tasks.parse-build-deploy-script.results.component) - - name: image - value: $(tasks.parse-build-deploy-script.results.image) - - name: node-build-version - value: $(tasks.parse-build-deploy-script.results.node-build-version) - - name: quay-expire-time - value: $(tasks.parse-build-deploy-script.results.quay-expire-time) - - name: npm-build-script - value: $(tasks.parse-build-deploy-script.results.npm-build-script) - - name: yarn-build-script - value: $(tasks.parse-build-deploy-script.results.yarn-build-script) - - name: route-path - value: $(tasks.parse-build-deploy-script.results.route-path) - - name: beta-route-path - value: $(tasks.parse-build-deploy-script.results.beta-route-path) - - name: preview-route-path - value: $(tasks.parse-build-deploy-script.results.preview-route-path) - - name: ci-root - value: $(tasks.parse-build-deploy-script.results.ci-root) - - name: server-name - value: $(tasks.parse-build-deploy-script.results.server-name) - - name: dist-folder - value: $(tasks.parse-build-deploy-script.results.dist-folder) - runAfter: - - parse-build-deploy-script - - name: clone-repository-oci-ta - params: - - name: url - value: $(params.git-url) - - name: revision - value: $(params.revision) - - name: ociStorage - value: $(params.output-image).git - runAfter: - - init - taskRef: - params: - - name: name - value: git-clone-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta@sha256:0f4360ce144d46171ebd2e8f4d4575539a0600e02208ba5fc9beeb2c27ddfd4c - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: basic-auth - workspace: git-auth - # - name: run-unit-tests - # description: Validates frontend unit tests - # params: - # - name: SOURCE_ARTIFACT - # value: $(tasks.clone-repository-oci-ta.results.SOURCE_ARTIFACT) - # runAfter: - # - clone-repository-oci-ta - # workspaces: - # - name: basic-auth - # workspace: git-auth - # taskSpec: - # params: - # - description: The Trusted Artifact URI pointing to the artifact with the application source code. - # name: SOURCE_ARTIFACT - # type: string - # volumes: - # # New volume to store a copy of the source code accessible only to this Task. - # - name: workdir - # emptyDir: {} - # stepTemplate: - # volumeMounts: - # - mountPath: /var/workdir - # name: workdir - # readOnly: false - # sidecars: - # steps: - # - name: use-trusted-artifact - # image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:8391272c4e5011120e9e7fee2c1f339e9405366110bf239dadcbc21e953ce099 - # args: - # - use - # - $(params.SOURCE_ARTIFACT)=/var/workdir - # - image: registry.access.redhat.com/ubi8/nodejs-20 - # workingDir: /var/workdir - # name: unit-tests - # securityContext: - # runAsUser: 0 - # script: | - # #!/bin/bash - # set -ex - - # npm install - # npm test - name: build-container params: - name: IMAGE @@ -364,15 +214,18 @@ spec: - $(params.build-args[*]) - name: BUILD_ARGS_FILE value: $(params.build-args-file) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - prefetch-dependencies - - create-frontend-dockerfile taskRef: params: - name: name - value: buildah + value: buildah-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.2@sha256:27357fc687be3605f1139227ddf81a5d0d56eccb2ed2bfb8adb5f9342ab690b1 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:8e83e9406fb7f9b89b4a425bbecc3022de85b5501fca03c58330a32c9ba36b33 - name: kind value: task resolver: bundles @@ -381,9 +234,6 @@ spec: operator: in values: - "true" - workspaces: - - name: source - workspace: workspace - name: build-image-index params: - name: IMAGE @@ -413,37 +263,22 @@ spec: operator: in values: - "true" - - name: rpms-signature-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - - name: fail-unsigned - value: true - runAfter: - - build-container - taskRef: - params: - - name: name - value: rpms-signature-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:0c9667fba291af05997397a32e5e938ccaa46e93a2e14bad228e64a6427c5545 - - name: kind - value: task - resolver: bundles - name: build-source-image params: - name: BINARY_IMAGE value: $(params.output-image) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - build-image-index taskRef: params: - name: name - value: source-build + value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:53a41b0838b61cbacc7ecd4ffd87cf3f41b28a4aa9e095fe95779982c688dc85 + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:178298b5c8bbc2f8fa91ef94aca57a5a2dcb3834c71c8835bae51a20fe30e4e7 - name: kind value: task resolver: bundles @@ -456,9 +291,6 @@ spec: operator: in values: - "true" - workspaces: - - name: workspace - workspace: workspace - name: deprecated-base-image-check params: - name: IMAGE_URL @@ -529,14 +361,18 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - build-image-index taskRef: params: - name: name - value: sast-snyk-check + value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.3@sha256:8aab0fde56996cab117b5c0dd85a0efeb27b9e49e52d1a8302c16737cd0b0c60 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.2@sha256:cd325a22a4384979ddc629e743e7bcda2a839513f4d34952cd954baa7ae25e4c - name: kind value: task resolver: bundles @@ -545,9 +381,6 @@ spec: operator: in values: - "false" - workspaces: - - name: workspace - workspace: workspace - name: clamav-scan params: - name: image-digest @@ -561,7 +394,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:1981b5aa330a4d59f59d760e54a36ebd596948abf6a36e45e103d4fd82ecbcf3 + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:21c7d037df3b430fc5c21b932e2062d0b82b046f39a2dc965aba7dff7a9cfc57 - name: kind value: task resolver: bundles @@ -595,39 +428,48 @@ spec: value: $(params.dockerfile) - name: CONTEXT value: $(params.path-context) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) runAfter: - build-image-index taskRef: params: - name: name - value: push-dockerfile + value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:a216178a1cd4906b6d7a9133d88a803a1d8cae1f8c764f4dd89e9a551e310166 + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:eee2eb7b5ce2e55dde37114fefe842080c8a8e443dcc2ccf324cfb22b0453db4 - name: kind value: task resolver: bundles - workspaces: - - name: workspace - workspace: workspace + - name: rpms-signature-scan + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:0c9667fba291af05997397a32e5e938ccaa46e93a2e14bad228e64a6427c5545 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" workspaces: - - name: workspace - name: git-auth optional: true - name: netrc optional: true taskRunTemplate: {} workspaces: - - name: workspace - volumeClaimTemplate: - metadata: - creationTimestamp: null - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - status: {} - name: git-auth secret: secretName: '{{ git_auth_secret }}' diff --git a/.tekton/compliance-frontend-push.yaml b/.tekton/compliance-frontend-push.yaml index 495097cdb..b35c4e9cf 100644 --- a/.tekton/compliance-frontend-push.yaml +++ b/.tekton/compliance-frontend-push.yaml @@ -29,10 +29,10 @@ spec: value: . pipelineSpec: description: | - This pipeline is ideal for building container images from a Containerfile while reducing network traffic. + This pipeline is ideal for building container images from a Containerfile while maintaining trust after pipeline customization. - _Uses `buildah` to create a container image. It also optionally creates a source image and runs some build-time tests. EC will flag a violation for [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) if any tasks are added to the pipeline. - This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build?tab=tags)_ + _Uses `buildah` to create a container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks. + This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-oci-ta?tab=tags)_ finally: - name: show-sbom params: @@ -47,28 +47,6 @@ spec: - name: kind value: task resolver: bundles - - name: show-summary - params: - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: git-url - value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - - name: image-url - value: $(params.output-image) - - name: build-task-status - value: $(tasks.build-image-index.status) - taskRef: - params: - - name: name - value: summary - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:d97c04ab42f277b1103eb6f3a053b247849f4f5b3237ea302a8ecada3b24e15b - - name: kind - value: task - resolver: bundles - workspaces: - - name: workspace - workspace: workspace params: - description: Source Repository URL name: git-url @@ -163,14 +141,18 @@ spec: value: $(params.git-url) - name: revision value: $(params.revision) + - name: ociStorage + value: $(params.output-image).git + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) runAfter: - init taskRef: params: - name: name - value: git-clone + value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:2cccdf8729ad4d5adf65e8b66464f8efa1e1c87ba16d343b4a6c621a2a40f7e1 + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:d1e63ec00bed1c9f0f571fa76b4da570be49a7c255c610544a461495230ba1b1 - name: kind value: task resolver: bundles @@ -180,171 +162,34 @@ spec: values: - "true" workspaces: - - name: output - workspace: workspace - name: basic-auth workspace: git-auth - name: prefetch-dependencies params: - name: input value: $(params.prefetch-input) + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image).prefetch + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) runAfter: - clone-repository taskRef: params: - name: name - value: prefetch-dependencies + value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:f53fe5482599b39ae2d1004cf09a2026fd9dd3822ab6ef46b51b4a398b0a3232 + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:3c11f5de6a0281bf93857f0c85bbbdfeda4cc118337da273fef0c138bda5eebb - name: kind value: task resolver: bundles - when: - - input: $(params.prefetch-input) - operator: notin - values: - - "" workspaces: - - name: source - workspace: workspace - name: git-basic-auth workspace: git-auth - name: netrc workspace: netrc - - name: parse-build-deploy-script - params: - - name: path-context - value: $(params.path-context) - taskRef: - resolver: git - params: - - name: url - value: https://github.com/RedHatInsights/konflux-consoledot-frontend-build - - name: revision - value: 2fcdfa9b4858ac941b50ad37317c4f9aaabf91b4 - - name: pathInRepo - value: tasks/parse-build-deploy-script/parse-build-deploy-script.yaml - workspaces: - - name: source - workspace: workspace - runAfter: - - clone-repository - - name: create-frontend-dockerfile - taskRef: - resolver: git - params: - - name: url - value: https://github.com/RedHatInsights/konflux-consoledot-frontend-build - - name: revision - value: 2fcdfa9b4858ac941b50ad37317c4f9aaabf91b4 - - name: pathInRepo - value: tasks/create-frontend-dockerfile/create-frontend-dockerfile.yaml - workspaces: - - name: source - workspace: workspace - params: - - name: path-context - value: $(params.path-context) - - name: component - value: $(tasks.parse-build-deploy-script.results.component) - - name: image - value: $(tasks.parse-build-deploy-script.results.image) - - name: node-build-version - value: $(tasks.parse-build-deploy-script.results.node-build-version) - - name: quay-expire-time - value: $(tasks.parse-build-deploy-script.results.quay-expire-time) - - name: npm-build-script - value: $(tasks.parse-build-deploy-script.results.npm-build-script) - - name: yarn-build-script - value: $(tasks.parse-build-deploy-script.results.yarn-build-script) - - name: route-path - value: $(tasks.parse-build-deploy-script.results.route-path) - - name: beta-route-path - value: $(tasks.parse-build-deploy-script.results.beta-route-path) - - name: preview-route-path - value: $(tasks.parse-build-deploy-script.results.preview-route-path) - - name: ci-root - value: $(tasks.parse-build-deploy-script.results.ci-root) - - name: server-name - value: $(tasks.parse-build-deploy-script.results.server-name) - - name: dist-folder - value: $(tasks.parse-build-deploy-script.results.dist-folder) - runAfter: - - parse-build-deploy-script - - name: clone-repository-oci-ta - params: - - name: url - value: $(params.git-url) - - name: revision - value: $(params.revision) - - name: ociStorage - value: $(params.output-image).git - runAfter: - - init - taskRef: - params: - - name: name - value: git-clone-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta@sha256:0f4360ce144d46171ebd2e8f4d4575539a0600e02208ba5fc9beeb2c27ddfd4c - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: basic-auth - workspace: git-auth - # - name: run-unit-tests - # description: Validates frontend unit tests - # params: - # - name: SOURCE_ARTIFACT - # value: $(tasks.clone-repository-oci-ta.results.SOURCE_ARTIFACT) - # runAfter: - # - clone-repository-oci-ta - # computeResources: - # requests: - # memory: 1Gi - # requests: - # memory: 2Gi - # workspaces: - # - name: basic-auth - # workspace: git-auth - # taskSpec: - # params: - # - description: The Trusted Artifact URI pointing to the artifact with the application source code. - # name: SOURCE_ARTIFACT - # type: string - # volumes: - # # New volume to store a copy of the source code accessible only to this Task. - # - name: workdir - # emptyDir: {} - # stepTemplate: - # volumeMounts: - # - mountPath: /var/workdir - # name: workdir - # readOnly: false - # sidecars: - # steps: - # - name: use-trusted-artifact - # image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:8391272c4e5011120e9e7fee2c1f339e9405366110bf239dadcbc21e953ce099 - # args: - # - use - # - $(params.SOURCE_ARTIFACT)=/var/workdir - # - image: registry.access.redhat.com/ubi8/nodejs-20 - # workingDir: /var/workdir - # name: unit-tests - # securityContext: - # runAsUser: 0 - # script: | - # #!/bin/bash - # set -ex - - # npm install - # npm test - name: build-container params: - name: IMAGE @@ -366,15 +211,18 @@ spec: - $(params.build-args[*]) - name: BUILD_ARGS_FILE value: $(params.build-args-file) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - prefetch-dependencies - - create-frontend-dockerfile taskRef: params: - name: name - value: buildah + value: buildah-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.2@sha256:27357fc687be3605f1139227ddf81a5d0d56eccb2ed2bfb8adb5f9342ab690b1 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:8e83e9406fb7f9b89b4a425bbecc3022de85b5501fca03c58330a32c9ba36b33 - name: kind value: task resolver: bundles @@ -383,9 +231,6 @@ spec: operator: in values: - "true" - workspaces: - - name: source - workspace: workspace - name: build-image-index params: - name: IMAGE @@ -415,37 +260,22 @@ spec: operator: in values: - "true" - - name: rpms-signature-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - - name: fail-unsigned - value: true - runAfter: - - build-container - taskRef: - params: - - name: name - value: rpms-signature-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:0c9667fba291af05997397a32e5e938ccaa46e93a2e14bad228e64a6427c5545 - - name: kind - value: task - resolver: bundles - name: build-source-image params: - name: BINARY_IMAGE value: $(params.output-image) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - build-image-index taskRef: params: - name: name - value: source-build + value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:53a41b0838b61cbacc7ecd4ffd87cf3f41b28a4aa9e095fe95779982c688dc85 + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:178298b5c8bbc2f8fa91ef94aca57a5a2dcb3834c71c8835bae51a20fe30e4e7 - name: kind value: task resolver: bundles @@ -458,9 +288,6 @@ spec: operator: in values: - "true" - workspaces: - - name: workspace - workspace: workspace - name: deprecated-base-image-check params: - name: IMAGE_URL @@ -531,14 +358,18 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - build-image-index taskRef: params: - name: name - value: sast-snyk-check + value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.3@sha256:8aab0fde56996cab117b5c0dd85a0efeb27b9e49e52d1a8302c16737cd0b0c60 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.2@sha256:cd325a22a4384979ddc629e743e7bcda2a839513f4d34952cd954baa7ae25e4c - name: kind value: task resolver: bundles @@ -547,9 +378,6 @@ spec: operator: in values: - "false" - workspaces: - - name: workspace - workspace: workspace - name: clamav-scan params: - name: image-digest @@ -563,7 +391,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:1981b5aa330a4d59f59d760e54a36ebd596948abf6a36e45e103d4fd82ecbcf3 + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:21c7d037df3b430fc5c21b932e2062d0b82b046f39a2dc965aba7dff7a9cfc57 - name: kind value: task resolver: bundles @@ -597,39 +425,48 @@ spec: value: $(params.dockerfile) - name: CONTEXT value: $(params.path-context) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) runAfter: - build-image-index taskRef: params: - name: name - value: push-dockerfile + value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:a216178a1cd4906b6d7a9133d88a803a1d8cae1f8c764f4dd89e9a551e310166 + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:eee2eb7b5ce2e55dde37114fefe842080c8a8e443dcc2ccf324cfb22b0453db4 - name: kind value: task resolver: bundles - workspaces: - - name: workspace - workspace: workspace + - name: rpms-signature-scan + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:0c9667fba291af05997397a32e5e938ccaa46e93a2e14bad228e64a6427c5545 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" workspaces: - - name: workspace - name: git-auth optional: true - name: netrc optional: true taskRunTemplate: {} workspaces: - - name: workspace - volumeClaimTemplate: - metadata: - creationTimestamp: null - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - status: {} - name: git-auth secret: secretName: '{{ git_auth_secret }}' From d7f65fc1cb78056b0431a1dd53c07f2b8da90de0 Mon Sep 17 00:00:00 2001 From: Egor Shamardin <33912805+LightOfHeaven1994@users.noreply.github.com> Date: Wed, 13 Nov 2024 10:12:46 +0100 Subject: [PATCH 2/5] feat(Konflux): Update template (#2267) --- .tekton/compliance-frontend-pull-request.yaml | 130 ++++++++++++++++++ .tekton/compliance-frontend-push.yaml | 130 ++++++++++++++++++ 2 files changed, 260 insertions(+) diff --git a/.tekton/compliance-frontend-pull-request.yaml b/.tekton/compliance-frontend-pull-request.yaml index 6937883dc..2c3116a07 100644 --- a/.tekton/compliance-frontend-pull-request.yaml +++ b/.tekton/compliance-frontend-pull-request.yaml @@ -193,6 +193,135 @@ spec: workspace: git-auth - name: netrc workspace: netrc + - name: parse-build-deploy-script + params: + - name: path-context + value: $(params.path-context) + taskRef: + resolver: git + params: + - name: url + value: https://github.com/RedHatInsights/konflux-consoledot-frontend-build + - name: revision + value: a6838b71b88dc1e84f11764c9734e4880096585d # replace with the latest commit from https://github.com/RedHatInsights/konflux-consoledot-frontend-build/commits + - name: pathInRepo + value: tasks/parse-build-deploy-script/parse-build-deploy-script.yaml + workspaces: + - name: source + workspace: workspace + runAfter: + - clone-repository + - name: create-frontend-dockerfile + taskRef: + resolver: git + params: + - name: url + value: https://github.com/RedHatInsights/konflux-consoledot-frontend-build + - name: revision + value: a6838b71b88dc1e84f11764c9734e4880096585d # replace with the latest commit from https://github.com/RedHatInsights/konflux-consoledot-frontend-build/commits + - name: pathInRepo + value: tasks/create-frontend-dockerfile/create-frontend-dockerfile.yaml + workspaces: + - name: source + workspace: workspace + params: + - name: path-context + value: $(params.path-context) + - name: component + value: $(tasks.parse-build-deploy-script.results.component) + - name: image + value: $(tasks.parse-build-deploy-script.results.image) + - name: node-build-version + value: $(tasks.parse-build-deploy-script.results.node-build-version) + - name: quay-expire-time + value: $(tasks.parse-build-deploy-script.results.quay-expire-time) + - name: npm-build-script + value: $(tasks.parse-build-deploy-script.results.npm-build-script) + - name: yarn-build-script + value: $(tasks.parse-build-deploy-script.results.yarn-build-script) + - name: route-path + value: $(tasks.parse-build-deploy-script.results.route-path) + - name: beta-route-path + value: $(tasks.parse-build-deploy-script.results.beta-route-path) + - name: preview-route-path + value: $(tasks.parse-build-deploy-script.results.preview-route-path) + - name: ci-root + value: $(tasks.parse-build-deploy-script.results.ci-root) + - name: server-name + value: $(tasks.parse-build-deploy-script.results.server-name) + - name: dist-folder + value: $(tasks.parse-build-deploy-script.results.dist-folder) + runAfter: + - parse-build-deploy-script + - name: clone-repository-oci-ta + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + - name: ociStorage + value: $(params.output-image).git + runAfter: + - init + taskRef: + params: + - name: name + value: git-clone-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta@sha256:0f4360ce144d46171ebd2e8f4d4575539a0600e02208ba5fc9beeb2c27ddfd4c + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: basic-auth + workspace: git-auth + # - name: run-unit-tests + # description: Validates frontend unit tests + # params: + # - name: SOURCE_ARTIFACT + # value: $(tasks.clone-repository-oci-ta.results.SOURCE_ARTIFACT) + # runAfter: + # - clone-repository-oci-ta + # workspaces: + # - name: basic-auth + # workspace: git-auth + # taskSpec: + # params: + # - description: The Trusted Artifact URI pointing to the artifact with the application source code. + # name: SOURCE_ARTIFACT + # type: string + # volumes: + # # New volume to store a copy of the source code accessible only to this Task. + # - name: workdir + # emptyDir: {} + # stepTemplate: + # volumeMounts: + # - mountPath: /var/workdir + # name: workdir + # readOnly: false + # sidecars: + # steps: + # - name: use-trusted-artifact + # image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:8391272c4e5011120e9e7fee2c1f339e9405366110bf239dadcbc21e953ce099 + # args: + # - use + # - $(params.SOURCE_ARTIFACT)=/var/workdir + # - image: registry.access.redhat.com/ubi8/nodejs-20 + # workingDir: /var/workdir + # name: unit-tests + # securityContext: + # runAsUser: 0 + # script: | + # #!/bin/bash + # set -ex + + # npm install + # npm test - name: build-container params: - name: IMAGE @@ -220,6 +349,7 @@ spec: value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - prefetch-dependencies + - create-frontend-dockerfile taskRef: params: - name: name diff --git a/.tekton/compliance-frontend-push.yaml b/.tekton/compliance-frontend-push.yaml index b35c4e9cf..718f77e8c 100644 --- a/.tekton/compliance-frontend-push.yaml +++ b/.tekton/compliance-frontend-push.yaml @@ -190,6 +190,135 @@ spec: workspace: git-auth - name: netrc workspace: netrc + - name: parse-build-deploy-script + params: + - name: path-context + value: $(params.path-context) + taskRef: + resolver: git + params: + - name: url + value: https://github.com/RedHatInsights/konflux-consoledot-frontend-build + - name: revision + value: a6838b71b88dc1e84f11764c9734e4880096585d # replace with the latest commit from https://github.com/RedHatInsights/konflux-consoledot-frontend-build/commits + - name: pathInRepo + value: tasks/parse-build-deploy-script/parse-build-deploy-script.yaml + workspaces: + - name: source + workspace: workspace + runAfter: + - clone-repository + - name: create-frontend-dockerfile + taskRef: + resolver: git + params: + - name: url + value: https://github.com/RedHatInsights/konflux-consoledot-frontend-build + - name: revision + value: a6838b71b88dc1e84f11764c9734e4880096585d # replace with the latest commit from https://github.com/RedHatInsights/konflux-consoledot-frontend-build/commits + - name: pathInRepo + value: tasks/create-frontend-dockerfile/create-frontend-dockerfile.yaml + workspaces: + - name: source + workspace: workspace + params: + - name: path-context + value: $(params.path-context) + - name: component + value: $(tasks.parse-build-deploy-script.results.component) + - name: image + value: $(tasks.parse-build-deploy-script.results.image) + - name: node-build-version + value: $(tasks.parse-build-deploy-script.results.node-build-version) + - name: quay-expire-time + value: $(tasks.parse-build-deploy-script.results.quay-expire-time) + - name: npm-build-script + value: $(tasks.parse-build-deploy-script.results.npm-build-script) + - name: yarn-build-script + value: $(tasks.parse-build-deploy-script.results.yarn-build-script) + - name: route-path + value: $(tasks.parse-build-deploy-script.results.route-path) + - name: beta-route-path + value: $(tasks.parse-build-deploy-script.results.beta-route-path) + - name: preview-route-path + value: $(tasks.parse-build-deploy-script.results.preview-route-path) + - name: ci-root + value: $(tasks.parse-build-deploy-script.results.ci-root) + - name: server-name + value: $(tasks.parse-build-deploy-script.results.server-name) + - name: dist-folder + value: $(tasks.parse-build-deploy-script.results.dist-folder) + runAfter: + - parse-build-deploy-script + - name: clone-repository-oci-ta + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + - name: ociStorage + value: $(params.output-image).git + runAfter: + - init + taskRef: + params: + - name: name + value: git-clone-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta@sha256:0f4360ce144d46171ebd2e8f4d4575539a0600e02208ba5fc9beeb2c27ddfd4c + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: basic-auth + workspace: git-auth + # - name: run-unit-tests + # description: Validates frontend unit tests + # params: + # - name: SOURCE_ARTIFACT + # value: $(tasks.clone-repository-oci-ta.results.SOURCE_ARTIFACT) + # runAfter: + # - clone-repository-oci-ta + # workspaces: + # - name: basic-auth + # workspace: git-auth + # taskSpec: + # params: + # - description: The Trusted Artifact URI pointing to the artifact with the application source code. + # name: SOURCE_ARTIFACT + # type: string + # volumes: + # # New volume to store a copy of the source code accessible only to this Task. + # - name: workdir + # emptyDir: {} + # stepTemplate: + # volumeMounts: + # - mountPath: /var/workdir + # name: workdir + # readOnly: false + # sidecars: + # steps: + # - name: use-trusted-artifact + # image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:8391272c4e5011120e9e7fee2c1f339e9405366110bf239dadcbc21e953ce099 + # args: + # - use + # - $(params.SOURCE_ARTIFACT)=/var/workdir + # - image: registry.access.redhat.com/ubi8/nodejs-20 + # workingDir: /var/workdir + # name: unit-tests + # securityContext: + # runAsUser: 0 + # script: | + # #!/bin/bash + # set -ex + + # npm install + # npm test - name: build-container params: - name: IMAGE @@ -217,6 +346,7 @@ spec: value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - prefetch-dependencies + - create-frontend-dockerfile taskRef: params: - name: name From 76e0663b541c15be9175e0462911c7dd0b2474ee Mon Sep 17 00:00:00 2001 From: eshamard Date: Wed, 13 Nov 2024 10:36:14 +0100 Subject: [PATCH 3/5] feat(Konflux): Update template 2 --- .tekton/compliance-frontend-pull-request.yaml | 4 ++-- .tekton/compliance-frontend-push.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.tekton/compliance-frontend-pull-request.yaml b/.tekton/compliance-frontend-pull-request.yaml index 2c3116a07..b216253c9 100644 --- a/.tekton/compliance-frontend-pull-request.yaml +++ b/.tekton/compliance-frontend-pull-request.yaml @@ -203,7 +203,7 @@ spec: - name: url value: https://github.com/RedHatInsights/konflux-consoledot-frontend-build - name: revision - value: a6838b71b88dc1e84f11764c9734e4880096585d # replace with the latest commit from https://github.com/RedHatInsights/konflux-consoledot-frontend-build/commits + value: c23c5a5f3024104120d4be8c2cf26dbeb29e5a22 # replace with the latest commit from https://github.com/RedHatInsights/konflux-consoledot-frontend-build/commits - name: pathInRepo value: tasks/parse-build-deploy-script/parse-build-deploy-script.yaml workspaces: @@ -218,7 +218,7 @@ spec: - name: url value: https://github.com/RedHatInsights/konflux-consoledot-frontend-build - name: revision - value: a6838b71b88dc1e84f11764c9734e4880096585d # replace with the latest commit from https://github.com/RedHatInsights/konflux-consoledot-frontend-build/commits + value: c23c5a5f3024104120d4be8c2cf26dbeb29e5a22 # replace with the latest commit from https://github.com/RedHatInsights/konflux-consoledot-frontend-build/commits - name: pathInRepo value: tasks/create-frontend-dockerfile/create-frontend-dockerfile.yaml workspaces: diff --git a/.tekton/compliance-frontend-push.yaml b/.tekton/compliance-frontend-push.yaml index 718f77e8c..60dd6c8ff 100644 --- a/.tekton/compliance-frontend-push.yaml +++ b/.tekton/compliance-frontend-push.yaml @@ -200,7 +200,7 @@ spec: - name: url value: https://github.com/RedHatInsights/konflux-consoledot-frontend-build - name: revision - value: a6838b71b88dc1e84f11764c9734e4880096585d # replace with the latest commit from https://github.com/RedHatInsights/konflux-consoledot-frontend-build/commits + value: c23c5a5f3024104120d4be8c2cf26dbeb29e5a22 # replace with the latest commit from https://github.com/RedHatInsights/konflux-consoledot-frontend-build/commits - name: pathInRepo value: tasks/parse-build-deploy-script/parse-build-deploy-script.yaml workspaces: @@ -215,7 +215,7 @@ spec: - name: url value: https://github.com/RedHatInsights/konflux-consoledot-frontend-build - name: revision - value: a6838b71b88dc1e84f11764c9734e4880096585d # replace with the latest commit from https://github.com/RedHatInsights/konflux-consoledot-frontend-build/commits + value: c23c5a5f3024104120d4be8c2cf26dbeb29e5a22 # replace with the latest commit from https://github.com/RedHatInsights/konflux-consoledot-frontend-build/commits - name: pathInRepo value: tasks/create-frontend-dockerfile/create-frontend-dockerfile.yaml workspaces: From 1049594ffd09334a0116fda90723a5f664f4d320 Mon Sep 17 00:00:00 2001 From: eshamard Date: Wed, 13 Nov 2024 11:15:11 +0100 Subject: [PATCH 4/5] feat(Konflux): test older commit hash --- .tekton/compliance-frontend-pull-request.yaml | 4 ++-- .tekton/compliance-frontend-push.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.tekton/compliance-frontend-pull-request.yaml b/.tekton/compliance-frontend-pull-request.yaml index b216253c9..51ecf9c02 100644 --- a/.tekton/compliance-frontend-pull-request.yaml +++ b/.tekton/compliance-frontend-pull-request.yaml @@ -203,7 +203,7 @@ spec: - name: url value: https://github.com/RedHatInsights/konflux-consoledot-frontend-build - name: revision - value: c23c5a5f3024104120d4be8c2cf26dbeb29e5a22 # replace with the latest commit from https://github.com/RedHatInsights/konflux-consoledot-frontend-build/commits + value: a6838b71b88dc1e84f11764c9734e4880096585d - name: pathInRepo value: tasks/parse-build-deploy-script/parse-build-deploy-script.yaml workspaces: @@ -218,7 +218,7 @@ spec: - name: url value: https://github.com/RedHatInsights/konflux-consoledot-frontend-build - name: revision - value: c23c5a5f3024104120d4be8c2cf26dbeb29e5a22 # replace with the latest commit from https://github.com/RedHatInsights/konflux-consoledot-frontend-build/commits + value: a6838b71b88dc1e84f11764c9734e4880096585d - name: pathInRepo value: tasks/create-frontend-dockerfile/create-frontend-dockerfile.yaml workspaces: diff --git a/.tekton/compliance-frontend-push.yaml b/.tekton/compliance-frontend-push.yaml index 60dd6c8ff..723b44894 100644 --- a/.tekton/compliance-frontend-push.yaml +++ b/.tekton/compliance-frontend-push.yaml @@ -200,7 +200,7 @@ spec: - name: url value: https://github.com/RedHatInsights/konflux-consoledot-frontend-build - name: revision - value: c23c5a5f3024104120d4be8c2cf26dbeb29e5a22 # replace with the latest commit from https://github.com/RedHatInsights/konflux-consoledot-frontend-build/commits + value: a6838b71b88dc1e84f11764c9734e4880096585d - name: pathInRepo value: tasks/parse-build-deploy-script/parse-build-deploy-script.yaml workspaces: @@ -215,7 +215,7 @@ spec: - name: url value: https://github.com/RedHatInsights/konflux-consoledot-frontend-build - name: revision - value: c23c5a5f3024104120d4be8c2cf26dbeb29e5a22 # replace with the latest commit from https://github.com/RedHatInsights/konflux-consoledot-frontend-build/commits + value: a6838b71b88dc1e84f11764c9734e4880096585d - name: pathInRepo value: tasks/create-frontend-dockerfile/create-frontend-dockerfile.yaml workspaces: From 5100ee08b021842352f94e4790915e43e153fa63 Mon Sep 17 00:00:00 2001 From: eshamard Date: Wed, 13 Nov 2024 11:20:45 +0100 Subject: [PATCH 5/5] feat(Konflux): use latest commit frontend-build --- .tekton/compliance-frontend-pull-request.yaml | 4 ++-- .tekton/compliance-frontend-push.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.tekton/compliance-frontend-pull-request.yaml b/.tekton/compliance-frontend-pull-request.yaml index 51ecf9c02..6113e117c 100644 --- a/.tekton/compliance-frontend-pull-request.yaml +++ b/.tekton/compliance-frontend-pull-request.yaml @@ -203,7 +203,7 @@ spec: - name: url value: https://github.com/RedHatInsights/konflux-consoledot-frontend-build - name: revision - value: a6838b71b88dc1e84f11764c9734e4880096585d + value: c23c5a5f3024104120d4be8c2cf26dbeb29e5a22 - name: pathInRepo value: tasks/parse-build-deploy-script/parse-build-deploy-script.yaml workspaces: @@ -218,7 +218,7 @@ spec: - name: url value: https://github.com/RedHatInsights/konflux-consoledot-frontend-build - name: revision - value: a6838b71b88dc1e84f11764c9734e4880096585d + value: c23c5a5f3024104120d4be8c2cf26dbeb29e5a22 - name: pathInRepo value: tasks/create-frontend-dockerfile/create-frontend-dockerfile.yaml workspaces: diff --git a/.tekton/compliance-frontend-push.yaml b/.tekton/compliance-frontend-push.yaml index 723b44894..2cb185614 100644 --- a/.tekton/compliance-frontend-push.yaml +++ b/.tekton/compliance-frontend-push.yaml @@ -200,7 +200,7 @@ spec: - name: url value: https://github.com/RedHatInsights/konflux-consoledot-frontend-build - name: revision - value: a6838b71b88dc1e84f11764c9734e4880096585d + value: c23c5a5f3024104120d4be8c2cf26dbeb29e5a22 - name: pathInRepo value: tasks/parse-build-deploy-script/parse-build-deploy-script.yaml workspaces: @@ -215,7 +215,7 @@ spec: - name: url value: https://github.com/RedHatInsights/konflux-consoledot-frontend-build - name: revision - value: a6838b71b88dc1e84f11764c9734e4880096585d + value: c23c5a5f3024104120d4be8c2cf26dbeb29e5a22 - name: pathInRepo value: tasks/create-frontend-dockerfile/create-frontend-dockerfile.yaml workspaces: