diff --git a/.tekton/docker-build.yaml b/.tekton/docker-build.yaml index e6540a6d7..cba7fc208 100755 --- a/.tekton/docker-build.yaml +++ b/.tekton/docker-build.yaml @@ -50,6 +50,10 @@ spec: - name: workspace workspace: workspace params: + - default: --all-projects --org=3e1a4cca-ebfb-495f-b64c-3cc960d566b4 --exclude=test*,vendor,third_party + description: Append arguments to Snyk code command. + name: snyk-args + type: string - default: "true" description: Build a source image. name: build-source-image @@ -128,6 +132,33 @@ spec: name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository.results.commit) tasks: + - name: sast-snyk-check + params: + - name: ARGS + value: $(params.snyk-args) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-snyk-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2@sha256:06d9b14bed7c7f50593a289f723b074e3c0d6b025f74e61692224425713ece7e + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace - name: prefetch-dependencies params: - name: dev-package-managers @@ -378,31 +409,6 @@ spec: operator: in values: - "false" - - name: sast-snyk-check - params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - build-image-index - taskRef: - params: - - name: name - value: sast-snyk-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2@sha256:06d9b14bed7c7f50593a289f723b074e3c0d6b025f74e61692224425713ece7e - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - workspace: workspace - name: clamav-scan params: - name: image-digest diff --git a/.tekton/net-kourier-kourier-115-pull-request.yaml b/.tekton/net-kourier-kourier-115-pull-request.yaml index c095fb76b..b025083d6 100755 --- a/.tekton/net-kourier-kourier-115-pull-request.yaml +++ b/.tekton/net-kourier-kourier-115-pull-request.yaml @@ -21,7 +21,7 @@ spec: - name: dockerfile value: openshift/ci-operator/knative-images/kourier/Dockerfile - name: build-args - value: [ VERSION=release-1.35, GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_golang_1.22, GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal, ] + value: [ VERSION=1.35.0, GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_golang_1.22, GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal, ] - name: git-url value: '{{source_url}}' - name: hermetic diff --git a/.tekton/net-kourier-kourier-115-push.yaml b/.tekton/net-kourier-kourier-115-push.yaml index ca06028fe..9e627a6ac 100755 --- a/.tekton/net-kourier-kourier-115-push.yaml +++ b/.tekton/net-kourier-kourier-115-push.yaml @@ -20,7 +20,7 @@ spec: - name: dockerfile value: openshift/ci-operator/knative-images/kourier/Dockerfile - name: build-args - value: [ VERSION=release-1.35, GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_golang_1.22, GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal, ] + value: [ VERSION=1.35.0, GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_golang_1.22, GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal, ] - name: git-url value: '{{source_url}}' - name: hermetic @@ -30,7 +30,7 @@ spec: - name: revision value: '{{revision}}' - name: additional-tags - value: [ release-1.35, latest, ] + value: [ 1.35.0, latest, ] pipelineRef: name: docker-build taskRunTemplate: {}