Minor alterations for prod deploy

3 years ago · dc8de982f0
5 changed files with 16 additions and 16 deletions
--- a/k8s/prod/app/service-account.yaml
+++ b/k8s/prod/app/service-account.yaml
@ -2,11 +2,11 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  labels:
-    app.kubernetes.io/name: osh-wrapper-client-sa
+    app.kubernetes.io/name: osh
    app.kubernetes.io/version: 1.0.0-SNAPSHOT
    app.openshift.io/runtime: quarkus
    env: prod
-  name: osh-wrapper-client-sa
+  name: osh
  namespace: psse-scanchain-prod
 imagePullSecrets:
 - name: pct-security-osh-wrapper-client-pull-secret
--- a/k8s/prod/app/tekton-rbac.yaml
+++ b/k8s/prod/app/tekton-rbac.yaml
@ -21,11 +21,11 @@ kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: osh-wrapper-tekton-rolebinding
-  namespace: pct-security-tooling
+  namespace: psse-scanchain-prod
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: osh-wrapper-tekton
 subjects:
 - kind: ServiceAccount
-  name: osh-wrapper-client-sa
+  name: osh
--- a/k8s/prod/osh-client-tekton/pipeline/osh-client-from-source-pipeline.yaml
+++ b/k8s/prod/osh-client-tekton/pipeline/osh-client-from-source-pipeline.yaml
@ -15,6 +15,10 @@ spec:
    description: The revision or tag
    type: string

+  - name: mock-build-params
+    description: The parameters to pass to covscan mock-build
+    type: string
+
  - name: archive-name
    description: The name of the git archive file
    type: string
@ -77,6 +81,8 @@ spec:
      params:
        - name: targz-file
          value: $(params.archive-name)
+        - name: mock-build-params
+          value: $(params.mock-build-params)
      runAfter:
        - archive
      taskRef:
--- a/k8s/prod/osh-client-tekton/task/osh-client-from-source.yaml
+++ b/k8s/prod/osh-client-tekton/task/osh-client-from-source.yaml
@ -13,15 +13,10 @@ spec:
    default: "source.tar.gz"
    description: The filename of the tar.gz we'll be uploading to covscan

-  - name: scan-profile
+  - name: mock-build-params
    type: string
-    description: The scan profile we will use
-    default: "snyk-only-unstable"
-
-  - name: tarball-build-script
-    type: string
-    description: Parameters to be passed to tarball-build-script
-    default: ":"
+    description: Parameters pushed to mock build
+    default: "-p snyk-only-unstable --tarball-build-script=:"

  volumes:
    - name: osh-client-kerb-vol
@ -72,7 +67,6 @@ spec:

      script: |
        #!/bin/bash
-        echo $(params.scan-profile)
-        echo $(params.tarball-build-script)
+        echo $(params.mock-build-params)
        echo $(params.targz-file)
-        covscan mock-build -p $(params.scan-profile) --tarball-build-script=$(params.tarball-build-script) /workspace/source-tars/$(params.targz-file)
+        covscan mock-build $(params.mock-build-params) /workspace/source-tars/$(params.targz-file)
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@ -78,7 +78,7 @@ quarkus.arc.remove-unused-beans=false
 #Always provide swagger ui

 # Probably we need to check these 2 settings
-%prod.quarkus.openshift.service-account=osh-wrapper-client-sa
+%prod.quarkus.openshift.service-account=osh
 %prod.quarkus.openshift.namespace=pct-security-tooling

 %prod.quarkus.openshift.name=osh