You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
63 lines
1.5 KiB
63 lines
1.5 KiB
apiVersion: tekton.dev/v1beta1 |
|
kind: Task |
|
metadata: |
|
name: osh-scan-task |
|
spec: |
|
stepTemplate: |
|
env: |
|
- name: "HOME" |
|
value: "/tekton/home" |
|
params: |
|
- name: buildId |
|
type: string |
|
- name: scanProfile |
|
type: string |
|
|
|
volumes: |
|
- name: osh-client-kerb-vol |
|
secret: |
|
defaultMode: 384 |
|
optional: false |
|
secretName: kerberos-keytab-osh |
|
|
|
- name: osh-client-kerb-config-vol |
|
configMap: |
|
name: kerberos-config-osh-client |
|
items: |
|
- key: linux-krb5.conf |
|
path: linux-krb5.conf |
|
defaultMode: 384 |
|
optional: false |
|
|
|
- name: osh-client-config-vol |
|
configMap: |
|
name: osh-client-config |
|
items: |
|
- key: client.conf |
|
path: client.conf |
|
optional: false |
|
|
|
steps: |
|
- name: perform-buildid-scan |
|
image: quay.io/pct-security/osh-wrapper-client:latest |
|
workingDir: /home/covscan |
|
volumeMounts: |
|
- name: osh-client-kerb-vol |
|
mountPath: /kerberos |
|
readOnly: true |
|
|
|
- name: osh-client-config-vol |
|
mountPath: /etc/osh/client.conf |
|
readOnly: true |
|
subPath: client.conf |
|
|
|
- name: osh-client-kerb-config-vol |
|
mountPath: /etc/krb5.conf |
|
readOnly: true |
|
subPath: linux-krb5.conf |
|
|
|
script: | |
|
#!/bin/bash |
|
echo $(params.buildId) |
|
echo $(params.scanProfile) |
|
covscan mock-build -p $(params.scanProfile) --brew-build $(params.buildId)
|
|
|