Jonathan Christison
3 years ago
2 changed files with 78 additions and 3 deletions
@ -1,6 +1,74 @@ |
|||||||
package com.redhat.pctsec.tekton; |
package com.redhat.pctsec.tekton; |
||||||
|
|
||||||
|
import io.fabric8.kubernetes.api.model.ConfigMapVolumeSource; |
||||||
|
import io.fabric8.kubernetes.api.model.PersistentVolumeClaimVolumeSource; |
||||||
|
import io.fabric8.kubernetes.api.model.PodSecurityContext; |
||||||
|
import io.fabric8.kubernetes.api.model.PodSecurityContextBuilder; |
||||||
|
import io.fabric8.tekton.client.DefaultTektonClient; |
||||||
|
import io.fabric8.tekton.client.TektonClient; |
||||||
|
import io.fabric8.tekton.client.DefaultTektonClient; |
||||||
|
import io.fabric8.tekton.client.TektonClient; |
||||||
|
import io.fabric8.tekton.pipeline.v1beta1.*; |
||||||
|
import jakarta.enterprise.context.ApplicationScoped; |
||||||
|
import jakarta.inject.Singleton; |
||||||
|
import org.apache.commons.lang3.RandomStringUtils; |
||||||
|
|
||||||
|
import java.util.ArrayList; |
||||||
|
import java.util.List; |
||||||
|
|
||||||
public class scmUrlPipelineRun { |
public class scmUrlPipelineRun { |
||||||
|
public static final String NAMESPACE = "pct-security-tooling"; |
||||||
|
public static final String REPO_URL = "repo-url"; |
||||||
|
public static final String REVISION = "revision"; |
||||||
|
public static final String PIPELINE_REFERENCE = "osh-client-from-source"; |
||||||
|
public static final String SERVICE_ACCOUNT = "osh-wrapper-client-sa"; |
||||||
|
|
||||||
|
TektonClient tektonClient = new DefaultTektonClient(); |
||||||
|
|
||||||
|
public String invokeOshScmScanPipeline(String repo, String ref) { |
||||||
|
|
||||||
|
PodSecurityContext securityContext = new PodSecurityContextBuilder() |
||||||
|
.withRunAsNonRoot(true) |
||||||
|
.withRunAsUser(65532L) |
||||||
|
.build(); |
||||||
|
|
||||||
|
WorkspaceBinding sourcesWorkspaceBinding = new WorkspaceBindingBuilder() |
||||||
|
.withName("sources") |
||||||
|
.withPersistentVolumeClaim(new PersistentVolumeClaimVolumeSource("osh-client-sources", null)) |
||||||
|
.build(); |
||||||
|
|
||||||
|
WorkspaceBinding sourceTarsWorkspaceBinding = new WorkspaceBindingBuilder() |
||||||
|
.withName("source-tars") |
||||||
|
.withPersistentVolumeClaim(new PersistentVolumeClaimVolumeSource("osh-client-source-tars", null)) |
||||||
|
.build(); |
||||||
|
|
||||||
|
WorkspaceBinding sslCaDirectoryWorkspaceBinding = new WorkspaceBindingBuilder() |
||||||
|
.withName("ssl-ca-directory") |
||||||
|
.withConfigMap(new ConfigMapVolumeSource(null, null, "config-trusted-cabundle", null)) |
||||||
|
.build(); |
||||||
|
|
||||||
|
List<WorkspaceBinding> workspaceBindings = new ArrayList<>(); |
||||||
|
workspaceBindings.add(sourcesWorkspaceBinding); |
||||||
|
workspaceBindings.add(sourceTarsWorkspaceBinding); |
||||||
|
workspaceBindings.add(sslCaDirectoryWorkspaceBinding); |
||||||
|
|
||||||
|
PipelineRun pipelineRun = new PipelineRunBuilder() |
||||||
|
.withNewMetadata().withName("osh-scm-scan-" + RandomStringUtils.randomAlphanumeric(8).toLowerCase()).endMetadata() |
||||||
|
.withNewSpec() |
||||||
|
.withNewPodTemplate() |
||||||
|
.withSecurityContext(securityContext) |
||||||
|
.endPodTemplate() |
||||||
|
.withServiceAccountName(SERVICE_ACCOUNT) |
||||||
|
.withNewPipelineRef().withName(PIPELINE_REFERENCE).endPipelineRef() |
||||||
|
.addNewParam().withName(REPO_URL).withNewValue(repo).endParam() |
||||||
|
.addNewParam().withName(REVISION).withNewValue(ref).endParam() |
||||||
|
.withWorkspaces(workspaceBindings) |
||||||
|
.endSpec() |
||||||
|
.build(); |
||||||
|
|
||||||
|
tektonClient.v1beta1().pipelineRuns().inNamespace(NAMESPACE).resource(pipelineRun).create(); |
||||||
|
|
||||||
|
return "Scan invoked. PipelineRun name: " + pipelineRun.getMetadata().getName(); |
||||||
|
} |
||||||
|
|
||||||
} |
} |
||||||
|
|||||||
Loading…
Reference in new issue