jonny
/
covscanrest
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
113 Commits
18 Branches
0 Tags
786 KiB
 
 
 
 
 
Tree: 9d18e6d9cb
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9d18e6d9cb'
${ noResults }
covscanrest/k8s/prod/osh-client-tekton/task/osh-client-from-source.yaml

78 lines
2.0 KiB
Raw Blame History

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: osh-scan-task-from-source
spec:
stepTemplate:
env:
- name: "HOME"
value: "/tekton/home"
params:
- name: targz-file
type: string
default: "source.tar.gz"
description: The filename of the tar.gz we'll be uploading to covscan
- name: scan-profile
type: string
description: The scan profile we will use
default: "snyk-only-unstable"
- name: tarball-build-script
type: string
description: Parameters to be passed to tarball-build-script
default: ":"
volumes:
- name: osh-client-kerb-vol
secret:
defaultMode: 292
optional: false
secretName: kerberos-keytab-osh
- name: osh-client-kerb-config-vol
configMap:
name: kerberos-config-osh-client
items:
- key: linux-krb5.conf
path: linux-krb5.conf
defaultMode: 292
optional: false
- name: osh-client-config-vol
configMap:
name: osh-client-config
items:
- key: client.conf
path: client.conf
optional: false
workspaces:
- name: source-tars
description: source tar gzips are kept here
steps:
- name: perform-buildid-scan
image: quay.io/pct-security/osh-wrapper-client:latest
workingDir: /home/covscan
volumeMounts:
- name: osh-client-kerb-vol
mountPath: /kerberos
readOnly: true
- name: osh-client-config-vol
mountPath: /etc/osh/client.conf
readOnly: true
subPath: client.conf
- name: osh-client-kerb-config-vol
mountPath: /etc/krb5.conf
readOnly: true
subPath: linux-krb5.conf
script: |
#!/bin/bash
echo $(params.scan-profile)
echo $(params.tarball-build-script)
echo $(params.targz-file)
covscan mock-build -p $(params.scan-profile) --tarball-build-script=$(params.tarball-build-script) /workspace/source-tars/$(params.targz-file)