You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
72 lines
1.8 KiB
72 lines
1.8 KiB
apiVersion: tekton.dev/v1beta1 |
|
kind: Task |
|
metadata: |
|
name: osh-scan-task-from-source |
|
spec: |
|
stepTemplate: |
|
env: |
|
- name: "HOME" |
|
value: "/tekton/home" |
|
params: |
|
- name: targz-file |
|
type: string |
|
default: "source.tar.gz" |
|
description: The filename of the tar.gz we'll be uploading to covscan |
|
|
|
- name: mock-build-params |
|
type: string |
|
description: Parameters pushed to mock build |
|
default: "-p snyk-only-unstable --tarball-build-script=:" |
|
|
|
volumes: |
|
- name: osh-client-kerb-vol |
|
secret: |
|
defaultMode: 292 |
|
optional: false |
|
secretName: kerberos-keytab-osh |
|
|
|
- name: osh-client-kerb-config-vol |
|
configMap: |
|
name: kerberos-config-osh-client |
|
items: |
|
- key: linux-krb5.conf |
|
path: linux-krb5.conf |
|
defaultMode: 292 |
|
optional: false |
|
|
|
- name: osh-client-config-vol |
|
configMap: |
|
name: osh-client-config |
|
items: |
|
- key: client.conf |
|
path: client.conf |
|
optional: false |
|
|
|
workspaces: |
|
- name: source-tars |
|
description: source tar gzips are kept here |
|
|
|
steps: |
|
- name: perform-buildid-scan |
|
image: quay.io/pct-security/osh-wrapper-client:latest |
|
workingDir: /home/covscan |
|
volumeMounts: |
|
- name: osh-client-kerb-vol |
|
mountPath: /kerberos |
|
readOnly: true |
|
|
|
- name: osh-client-config-vol |
|
mountPath: /etc/osh/client.conf |
|
readOnly: true |
|
subPath: client.conf |
|
|
|
- name: osh-client-kerb-config-vol |
|
mountPath: /etc/krb5.conf |
|
readOnly: true |
|
subPath: linux-krb5.conf |
|
|
|
script: | |
|
#!/bin/bash |
|
echo $(params.mock-build-params) |
|
echo $(params.targz-file) |
|
covscan mock-build $(params.mock-build-params) /workspace/source-tars/$(params.targz-file)
|
|
|