alihan/openshift-mcp-server
1
0
Fork 0
mirror of https://github.com/openshift/openshift-mcp-server.git synced 2025-10-17 14:27:48 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
c762cdcbbc6080f069bc7138b2c636cc81e594b2
openshift-mcp-server/.tekton/openshift-mcp-server-push.yaml
red-hat-konflux[bot] c762cdcbbc chore(deps): update konflux references main 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
2025-09-20 12:12:06 +00:00

638 lines
23 KiB
YAML
Raw Blame History

apiVersion: tekton.dev/v1
kind: PipelineRun
metadata:
annotations:
build.appstudio.openshift.io/repo: https://github.com/openshift/openshift-mcp-server?rev={{revision}}
build.appstudio.redhat.com/commit_sha: '{{revision}}'
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
pipelinesascode.tekton.dev/cancel-in-progress: "false"
pipelinesascode.tekton.dev/max-keep-runs: "3"
pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main"
creationTimestamp:
labels:
appstudio.openshift.io/application: ols
appstudio.openshift.io/component: openshift-mcp-server
pipelines.appstudio.openshift.io/type: build
name: openshift-mcp-server-on-push
namespace: crt-nshift-lightspeed-tenant
spec:
params:
- name: build-source-image
value: "true"
- name: prefetch-input
value: '{"type": "gomod", "path": "."}'
- name: git-url
value: '{{source_url}}'
- name: revision
value: '{{revision}}'
- name: output-image
value: quay.io/redhat-user-workloads/crt-nshift-lightspeed-tenant/openshift-mcp-server:{{revision}}
- name: build-platforms
value:
- linux/x86_64
- linux/arm64
- name: hermetic
value: true
- name: dockerfile
value: Dockerfile.ocp
- name: path-context
value: .
pipelineSpec:
description: |
This pipeline is ideal for building multi-arch container images from a Containerfile while maintaining trust after pipeline customization.
_Uses `buildah` to create a multi-platform container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. This pipeline requires that the [multi platform controller](https://github.com/konflux-ci/multi-platform-controller) is deployed and configured on your Konflux instance. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://conforma.dev/docs/policy/packages/release_trusted_task.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks.
This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-multi-platform-oci-ta?tab=tags)_
finally:
- name: show-sbom
params:
- name: IMAGE_URL
value: $(tasks.build-image-index.results.IMAGE_URL)
taskRef:
params:
- name: name
value: show-sbom
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:beb0616db051952b4b861dd8c3e00fa1c0eccbd926feddf71194d3bb3ace9ce7
- name: kind
value: task
resolver: bundles
params:
- description: Source Repository URL
name: git-url
type: string
- default: ""
description: Revision of the Source Repository
name: revision
type: string
- description: Fully Qualified Output Image
name: output-image
type: string
- default: .
description: Path to the source code of an application's component from where to build image.
name: path-context
type: string
- default: Dockerfile
description: Path to the Dockerfile inside the context specified by parameter path-context
name: dockerfile
type: string
- default: "false"
description: Force rebuild image
name: rebuild
type: string
- default: "false"
description: Skip checks against built image
name: skip-checks
type: string
- default: "false"
description: Execute the build with network isolation
name: hermetic
type: string
- default: ""
description: Build dependencies to be prefetched by Cachi2
name: prefetch-input
type: string
- default: ""
description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.
name: image-expires-after
type: string
- default: "false"
description: Build a source image.
name: build-source-image
type: string
- default: "true"
description: Add built image into an OCI image index
name: build-image-index
type: string
- default: []
description: Array of --build-arg values ("arg=value" strings) for buildah
name: build-args
type: array
- default: ""
description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file
name: build-args-file
type: string
- default: "false"
description: Whether to enable privileged mode, should be used only with remote VMs
name: privileged-nested
type: string
- default:
- linux/x86_64
description: List of platforms to build the container images on. The available set of values is determined by the configuration of the multi-platform-controller.
name: build-platforms
type: array
results:
- description: ""
name: IMAGE_URL
value: $(tasks.build-image-index.results.IMAGE_URL)
- description: ""
name: IMAGE_DIGEST
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
- description: ""
name: CHAINS-GIT_URL
value: $(tasks.clone-repository.results.url)
- description: ""
name: CHAINS-GIT_COMMIT
value: $(tasks.clone-repository.results.commit)
tasks:
- name: init
params:
- name: image-url
value: $(params.output-image)
- name: rebuild
value: $(params.rebuild)
- name: skip-checks
value: $(params.skip-checks)
taskRef:
params:
- name: name
value: init
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:ec962d0be18f36ca7d331c99bf243800f569fc0a2ea6f8c8c3d3a574b71c44dc
- name: kind
value: task
resolver: bundles
- name: clone-repository
params:
- name: url
value: $(params.git-url)
- name: revision
value: $(params.revision)
- name: ociStorage
value: $(params.output-image).git
- name: ociArtifactExpiresAfter
value: $(params.image-expires-after)
runAfter:
- init
taskRef:
params:
- name: name
value: git-clone-oci-ta
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3f1b468066b301083d8550e036f5a654fcb064810bd29eb06fec6d8ad3e35b9c
- name: kind
value: task
resolver: bundles
when:
- input: $(tasks.init.results.build)
operator: in
values:
- "true"
workspaces:
- name: basic-auth
workspace: git-auth
- name: prefetch-dependencies
params:
- name: input
value: $(params.prefetch-input)
- name: SOURCE_ARTIFACT
value: $(tasks.clone-repository.results.SOURCE_ARTIFACT)
- name: ociStorage
value: $(params.output-image).prefetch
- name: ociArtifactExpiresAfter
value: $(params.image-expires-after)
runAfter:
- clone-repository
taskRef:
params:
- name: name
value: prefetch-dependencies-oci-ta
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:098322d6b789824f716f2d9caca1862d4afdc083ebaaee61aadd22a8c179480a
- name: kind
value: task
resolver: bundles
workspaces:
- name: git-basic-auth
workspace: git-auth
- name: netrc
workspace: netrc
- matrix:
params:
- name: PLATFORM
value:
- $(params.build-platforms)
name: build-images
params:
- name: IMAGE
value: $(params.output-image)
- name: DOCKERFILE
value: $(params.dockerfile)
- name: CONTEXT
value: $(params.path-context)
- name: HERMETIC
value: $(params.hermetic)
- name: PREFETCH_INPUT
value: $(params.prefetch-input)
- name: IMAGE_EXPIRES_AFTER
value: $(params.image-expires-after)
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit)
- name: BUILD_ARGS
value:
- $(params.build-args[*])
- name: BUILD_ARGS_FILE
value: $(params.build-args-file)
- name: PRIVILEGED_NESTED
value: $(params.privileged-nested)
- name: SOURCE_ARTIFACT
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
- name: CACHI2_ARTIFACT
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
- name: IMAGE_APPEND_PLATFORM
value: "true"
runAfter:
- prefetch-dependencies
taskRef:
params:
- name: name
value: buildah-remote-oci-ta
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:17a0b093c9e9d21e9e374c60a88eb293a0fa57e4e2b67baf20ccac9735aa20ff
- name: kind
value: task
resolver: bundles
when:
- input: $(tasks.init.results.build)
operator: in
values:
- "true"
- name: build-image-index
params:
- name: IMAGE
value: $(params.output-image)
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit)
- name: IMAGE_EXPIRES_AFTER
value: $(params.image-expires-after)
- name: ALWAYS_BUILD_INDEX
value: $(params.build-image-index)
- name: IMAGES
value:
- $(tasks.build-images.results.IMAGE_REF[*])
runAfter:
- build-images
taskRef:
params:
- name: name
value: build-image-index
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:8e5dfb2fac011148f8715bbe0b99415f88297683d269eae0dfcad52562195d45
- name: kind
value: task
resolver: bundles
when:
- input: $(tasks.init.results.build)
operator: in
values:
- "true"
- name: build-source-image
params:
- name: BINARY_IMAGE
value: $(tasks.build-image-index.results.IMAGE_URL)
- name: BINARY_IMAGE_DIGEST
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
- name: SOURCE_ARTIFACT
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
- name: CACHI2_ARTIFACT
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
runAfter:
- build-image-index
taskRef:
params:
- name: name
value: source-build-oci-ta
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:b0d6cb28a23f20db4f5cf78ed78ae3a91b9a5adfe989696ed0bbc63840a485b6
- name: kind
value: task
resolver: bundles
when:
- input: $(tasks.init.results.build)
operator: in
values:
- "true"
- input: $(params.build-source-image)
operator: in
values:
- "true"
- name: deprecated-base-image-check
params:
- name: IMAGE_URL
value: $(tasks.build-image-index.results.IMAGE_URL)
- name: IMAGE_DIGEST
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
runAfter:
- build-image-index
taskRef:
params:
- name: name
value: deprecated-image-check
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:2c32152a55f6bfba67b41be456da46b6e109bb3e348e25220eed4eed149958c5
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
- matrix:
params:
- name: image-platform
value:
- $(params.build-platforms)
name: clair-scan
params:
- name: image-digest
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
- name: image-url
value: $(tasks.build-image-index.results.IMAGE_URL)
runAfter:
- build-image-index
taskRef:
params:
- name: name
value: clair-scan
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:a7cc183967f89c4ac100d04ab8f81e54733beee60a0528208107c9a22d3c43af
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
- matrix:
params:
- name: platform
value:
- $(params.build-platforms)
name: ecosystem-cert-preflight-checks
params:
- name: image-url
value: $(tasks.build-image-index.results.IMAGE_URL)
runAfter:
- build-image-index
taskRef:
params:
- name: name
value: ecosystem-cert-preflight-checks
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:dae8e28761cee4ab0baf04ab9f8f1a4b3cee3c7decf461fda2bacc5c01652a60
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
- name: sast-snyk-check
params:
- name: image-digest
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
- name: image-url
value: $(tasks.build-image-index.results.IMAGE_URL)
- name: SOURCE_ARTIFACT
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
- name: CACHI2_ARTIFACT
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
runAfter:
- build-image-index
taskRef:
params:
- name: name
value: sast-snyk-check-oci-ta
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:783f5de1b4def2fb3fad20b914f4b3afee46ffb8f652114946e321ef3fa86449
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
- matrix:
params:
- name: image-arch
value:
- $(params.build-platforms)
name: clamav-scan
params:
- name: image-digest
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
- name: image-url
value: $(tasks.build-image-index.results.IMAGE_URL)
runAfter:
- build-image-index
taskRef:
params:
- name: name
value: clamav-scan
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:b0bd59748cda4a7abf311e4f448e6c1d00c6b6d8c0ecc1c2eb33e08dc0e0b802
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
- name: sast-coverity-check
params:
- name: image-digest
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
- name: image-url
value: $(tasks.build-image-index.results.IMAGE_URL)
- name: IMAGE
value: $(params.output-image)
- name: DOCKERFILE
value: $(params.dockerfile)
- name: CONTEXT
value: $(params.path-context)
- name: HERMETIC
value: $(params.hermetic)
- name: PREFETCH_INPUT
value: $(params.prefetch-input)
- name: IMAGE_EXPIRES_AFTER
value: $(params.image-expires-after)
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit)
- name: BUILD_ARGS
value:
- $(params.build-args[*])
- name: BUILD_ARGS_FILE
value: $(params.build-args-file)
- name: SOURCE_ARTIFACT
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
- name: CACHI2_ARTIFACT
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
runAfter:
- coverity-availability-check
taskRef:
params:
- name: name
value: sast-coverity-check-oci-ta
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.3@sha256:cdbe1a968676e4f5519b082bf1e27a4cdcf66dd60af66dbc26b3e604f957f7e9
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
- input: $(tasks.coverity-availability-check.results.STATUS)
operator: in
values:
- success
- name: coverity-availability-check
runAfter:
- build-image-index
taskRef:
params:
- name: name
value: coverity-availability-check
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:db2b267dc15e4ed17f704ee91b8e9b38068e1a35b1018a328fdca621819d74c6
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
- name: sast-shell-check
params:
- name: image-digest
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
- name: image-url
value: $(tasks.build-image-index.results.IMAGE_URL)
- name: SOURCE_ARTIFACT
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
- name: CACHI2_ARTIFACT
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
runAfter:
- build-image-index
taskRef:
params:
- name: name
value: sast-shell-check-oci-ta
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:bf7bdde00b7212f730c1356672290af6f38d070da2c8a316987b5c32fd49e0b9
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
- name: sast-unicode-check
params:
- name: image-digest
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
- name: image-url
value: $(tasks.build-image-index.results.IMAGE_URL)
- name: SOURCE_ARTIFACT
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
- name: CACHI2_ARTIFACT
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
runAfter:
- build-image-index
taskRef:
params:
- name: name
value: sast-unicode-check-oci-ta
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.3@sha256:a2bde66f6b4164620298c7d709b8f08515409404000fa1dc2260d2508b135651
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
- name: apply-tags
params:
- name: IMAGE_URL
value: $(tasks.build-image-index.results.IMAGE_URL)
- name: IMAGE_DIGEST
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
runAfter:
- build-image-index
taskRef:
params:
- name: name
value: apply-tags
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:f44be1bf0262471f2f503f5e19da5f0628dcaf968c86272a2ad6b4871e708448
- name: kind
value: task
resolver: bundles
- name: push-dockerfile
params:
- name: IMAGE
value: $(tasks.build-image-index.results.IMAGE_URL)
- name: IMAGE_DIGEST
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
- name: DOCKERFILE
value: $(params.dockerfile)
- name: CONTEXT
value: $(params.path-context)
- name: SOURCE_ARTIFACT
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
runAfter:
- build-image-index
taskRef:
params:
- name: name
value: push-dockerfile-oci-ta
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:49f778479f468e71c2cfef722e96aa813d7ef98bde8a612e1bf1a13cd70849ec
- name: kind
value: task
resolver: bundles
- name: rpms-signature-scan
params:
- name: image-url
value: $(tasks.build-image-index.results.IMAGE_URL)
- name: image-digest
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
runAfter:
- build-image-index
taskRef:
params:
- name: name
value: rpms-signature-scan
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:1b6c20ab3dbfb0972803d3ebcb2fa72642e59400c77bd66dfd82028bdd09e120
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
operator: in
values:
- "false"
workspaces:
- name: git-auth
optional: true
- name: netrc
optional: true
taskRunTemplate:
serviceAccountName: build-pipeline-openshift-mcp-server
workspaces:
- name: git-auth
secret:
secretName: '{{ git_auth_secret }}'
status: {}
Reference in New Issue View Git Blame Copy Permalink