apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: osh-scan-task
spec:
  stepTemplate:
    env:
      - name: "HOME"
        value: "/tekton/home"
  params:
  - name: buildId
    type: string
  - name: scanProfile
    type: string

  volumes:
    - name: osh-client-kerb-vol
      secret:
        defaultMode: 384
        optional: false
        secretName: kerberos-keytab-osh

    - name: osh-client-kerb-config-vol
      configMap:
        name: kerberos-config-osh-client
        items:
          - key: linux-krb5.conf
            path: linux-krb5.conf
        defaultMode: 384
        optional: false

    - name: osh-client-config-vol
      configMap:
        name: osh-client-config
        items:
          - key: client.conf
            path: client.conf
        optional: false

  steps:
    - name: perform-buildid-scan
      image: quay.io/pct-security/osh-wrapper-client:latest
      workingDir: /home/covscan
      volumeMounts:
        - name: osh-client-kerb-vol
          mountPath: /kerberos
          readOnly: true

        - name: osh-client-config-vol
          mountPath: /etc/osh/client.conf
          readOnly: true
          subPath: client.conf

        - name: osh-client-kerb-config-vol
          mountPath: /etc/krb5.conf
          readOnly: true
          subPath: linux-krb5.conf

      script: |
        #!/bin/bash
        echo $(params.buildId)
        echo $(params.scanProfile)
        covscan mock-build -p $(params.scanProfile) --brew-build $(params.buildId)