Jonathan Christison
3 years ago
2 changed files with 78 additions and 3 deletions
@ -1,6 +1,74 @@
|
||||
package com.redhat.pctsec.tekton; |
||||
|
||||
import io.fabric8.kubernetes.api.model.ConfigMapVolumeSource; |
||||
import io.fabric8.kubernetes.api.model.PersistentVolumeClaimVolumeSource; |
||||
import io.fabric8.kubernetes.api.model.PodSecurityContext; |
||||
import io.fabric8.kubernetes.api.model.PodSecurityContextBuilder; |
||||
import io.fabric8.tekton.client.DefaultTektonClient; |
||||
import io.fabric8.tekton.client.TektonClient; |
||||
import io.fabric8.tekton.client.DefaultTektonClient; |
||||
import io.fabric8.tekton.client.TektonClient; |
||||
import io.fabric8.tekton.pipeline.v1beta1.*; |
||||
import jakarta.enterprise.context.ApplicationScoped; |
||||
import jakarta.inject.Singleton; |
||||
import org.apache.commons.lang3.RandomStringUtils; |
||||
|
||||
import java.util.ArrayList; |
||||
import java.util.List; |
||||
|
||||
public class scmUrlPipelineRun { |
||||
public static final String NAMESPACE = "pct-security-tooling"; |
||||
public static final String REPO_URL = "repo-url"; |
||||
public static final String REVISION = "revision"; |
||||
public static final String PIPELINE_REFERENCE = "osh-client-from-source"; |
||||
public static final String SERVICE_ACCOUNT = "osh-wrapper-client-sa"; |
||||
|
||||
TektonClient tektonClient = new DefaultTektonClient(); |
||||
|
||||
public String invokeOshScmScanPipeline(String repo, String ref) { |
||||
|
||||
PodSecurityContext securityContext = new PodSecurityContextBuilder() |
||||
.withRunAsNonRoot(true) |
||||
.withRunAsUser(65532L) |
||||
.build(); |
||||
|
||||
WorkspaceBinding sourcesWorkspaceBinding = new WorkspaceBindingBuilder() |
||||
.withName("sources") |
||||
.withPersistentVolumeClaim(new PersistentVolumeClaimVolumeSource("osh-client-sources", null)) |
||||
.build(); |
||||
|
||||
WorkspaceBinding sourceTarsWorkspaceBinding = new WorkspaceBindingBuilder() |
||||
.withName("source-tars") |
||||
.withPersistentVolumeClaim(new PersistentVolumeClaimVolumeSource("osh-client-source-tars", null)) |
||||
.build(); |
||||
|
||||
WorkspaceBinding sslCaDirectoryWorkspaceBinding = new WorkspaceBindingBuilder() |
||||
.withName("ssl-ca-directory") |
||||
.withConfigMap(new ConfigMapVolumeSource(null, null, "config-trusted-cabundle", null)) |
||||
.build(); |
||||
|
||||
List<WorkspaceBinding> workspaceBindings = new ArrayList<>(); |
||||
workspaceBindings.add(sourcesWorkspaceBinding); |
||||
workspaceBindings.add(sourceTarsWorkspaceBinding); |
||||
workspaceBindings.add(sslCaDirectoryWorkspaceBinding); |
||||
|
||||
PipelineRun pipelineRun = new PipelineRunBuilder() |
||||
.withNewMetadata().withName("osh-scm-scan-" + RandomStringUtils.randomAlphanumeric(8).toLowerCase()).endMetadata() |
||||
.withNewSpec() |
||||
.withNewPodTemplate() |
||||
.withSecurityContext(securityContext) |
||||
.endPodTemplate() |
||||
.withServiceAccountName(SERVICE_ACCOUNT) |
||||
.withNewPipelineRef().withName(PIPELINE_REFERENCE).endPipelineRef() |
||||
.addNewParam().withName(REPO_URL).withNewValue(repo).endParam() |
||||
.addNewParam().withName(REVISION).withNewValue(ref).endParam() |
||||
.withWorkspaces(workspaceBindings) |
||||
.endSpec() |
||||
.build(); |
||||
|
||||
tektonClient.v1beta1().pipelineRuns().inNamespace(NAMESPACE).resource(pipelineRun).create(); |
||||
|
||||
return "Scan invoked. PipelineRun name: " + pipelineRun.getMetadata().getName(); |
||||
} |
||||
|
||||
} |
||||
|
||||
Loading…
Reference in new issue