nicolas
/
demo-rhacs
mirror of https://github.com/nmasse-itix/demo-rhacs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
A demo of Red Hat Advanced Cluster Security
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
70 Commits
1 Branch
0 Tags
116 KiB
 
 
Tree: a62327c091
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a62327c091'
${ noResults }
demo-rhacs/cicd/70-tasks.yaml

93 lines
2.7 KiB
Raw Blame History

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: oc-start-build
namespace: vulnerable-cicd
spec:
params:
- name: namespace
default: default
description: The kubernetes namespace
- name: componentName
default: sample
description: The name of the component
steps:
- name: build-image
image: 'quay.io/openshift/origin-cli:latest'
command:
- /usr/bin/oc
args:
- -n
- $(inputs.params.namespace)
- start-build
- $(inputs.params.componentName)
- --follow
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: oc-deploy
namespace: vulnerable-cicd
spec:
params:
- name: namespace
default: default
description: The kubernetes namespace
- name: componentName
default: sample
description: The name of the component
steps:
- name: oc-deploy
image: quay.io/openshift/origin-cli:latest
command:
- "/usr/bin/oc"
args:
- delete
- pods
- -n
- $(inputs.params.namespace)
- -l
- deployment=$(inputs.params.componentName)
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: roxctl-image-check
namespace: vulnerable-cicd
spec:
params:
- description: >-
Secret containing the StackRox API token with CI permissions and the
address:port tuple for StackRox Central (example: rox.stackrox.io:443)
name: roxctlSecret
type: string
- description: 'Full name of image to scan (example -- gcr.io/rox/sample:5.0-rc1)'
name: image
type: string
results:
- description: Output of `roxctl image check`
name: check_output
steps:
- env:
- name: ROX_API_TOKEN
valueFrom:
secretKeyRef:
key: rox_api_token
name: $(params.roxctlSecret)
- name: ROX_CENTRAL_ENDPOINT
valueFrom:
secretKeyRef:
key: rox_central_endpoint
name: $(params.roxctlSecret)
image: quay.io/skopeo/stable:v1.5.2
name: roxctl-image-check
resources: {}
script: |
#!/bin/bash
set -Eeuo pipefail
TOKEN=`cat /var/run/secrets/kubernetes.io/serviceaccount/token`
DIGEST=`skopeo inspect "docker://$(params.image)" --format '{{.Digest}}' --creds token:$TOKEN`
NAME=`skopeo inspect "docker://$(params.image)" --format '{{.Name}}' --creds token:$TOKEN`
curl -s -k -L -H "Authorization: Bearer $ROX_API_TOKEN" "https://$ROX_CENTRAL_ENDPOINT/api/cli/download/roxctl-linux" --output /tmp/roxctl > /dev/null
chmod +x /tmp/roxctl
/tmp/roxctl image check --insecure-skip-tls-verify -e "$ROX_CENTRAL_ENDPOINT" --image "$NAME@$DIGEST" --send-notifications