Skip to content

Commit bc69d21

Browse files
tommyd450tommyd450
authored
Merge pull request #96 from securesign/konflux-sa-migration-tuf-tool
Konflux build pipeline service account migration
2 parents ec3f5f7 + 1959625 commit bc69d21

File tree

2 files changed

+32
-22
lines changed

2 files changed

+32
-22
lines changed

.tekton/tuf-tool-pull-request.yaml

Lines changed: 16 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,12 @@ metadata:
77
build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}'
88
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
99
pipelinesascode.tekton.dev/max-keep-runs: "3"
10-
pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "develop" &&
11-
( "Dockerfile.rh".pathChanged() || ".tekton/tuf-tool-pull-request.yaml".pathChanged() || "deny.toml".pathChanged() || "Cargo.toml".pathChanged() || "Cargo.lock".pathChanged() || "tough/***".pathChanged() || "tuftool/***".pathChanged() || "Makefile".pathChanged() || "trigger-konflux-builds.txt".pathChanged() || "rpms.lock.yaml".pathChanged() )
10+
pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
11+
== "develop" && ( "Dockerfile.rh".pathChanged() || ".tekton/tuf-tool-pull-request.yaml".pathChanged()
12+
|| "deny.toml".pathChanged() || "Cargo.toml".pathChanged() || "Cargo.lock".pathChanged()
13+
|| "tough/***".pathChanged() || "tuftool/***".pathChanged() || "Makefile".pathChanged()
14+
|| "trigger-konflux-builds.txt".pathChanged() || "rpms.lock.yaml".pathChanged()
15+
)
1216
creationTimestamp: null
1317
labels:
1418
appstudio.openshift.io/application: tough
@@ -34,18 +38,19 @@ spec:
3438
value: '[{"type": "cargo", "path": "."}, {"type": "rpm", "path": "."}]'
3539
- name: hermetic
3640
value: "true"
37-
- name: dev-package-managers
41+
- name: dev-package-managers
3842
value: "true"
3943
pipelineRef:
40-
resolver: git
4144
params:
42-
- name: url
43-
value: 'https://github.com/securesign/pipelines.git'
44-
- name: revision
45-
value: 'main'
46-
- name: pathInRepo
47-
value: 'pipelines/docker-build-oci-ta.yaml'
48-
taskRunTemplate: {}
45+
- name: url
46+
value: https://github.com/securesign/pipelines.git
47+
- name: revision
48+
value: main
49+
- name: pathInRepo
50+
value: pipelines/docker-build-oci-ta.yaml
51+
resolver: git
52+
taskRunTemplate:
53+
serviceAccountName: build-pipeline-tuf-tool
4954
workspaces:
5055
- name: git-auth
5156
secret:

.tekton/tuf-tool-push.yaml

Lines changed: 16 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,12 @@ metadata:
66
build.appstudio.redhat.com/commit_sha: '{{revision}}'
77
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
88
pipelinesascode.tekton.dev/max-keep-runs: "3"
9-
pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "develop" &&
10-
( "Dockerfile.rh".pathChanged() || ".tekton/tuf-tool-push.yaml".pathChanged() || "deny.toml".pathChanged() || "Cargo.toml".pathChanged() || "Cargo.lock".pathChanged() || "tough/***".pathChanged() || "tuftool/***".pathChanged() || "Makefile".pathChanged() || "trigger-konflux-builds.txt".pathChanged() || "rpms.lock.yaml".pathChanged() )
9+
pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
10+
== "develop" && ( "Dockerfile.rh".pathChanged() || ".tekton/tuf-tool-push.yaml".pathChanged()
11+
|| "deny.toml".pathChanged() || "Cargo.toml".pathChanged() || "Cargo.lock".pathChanged()
12+
|| "tough/***".pathChanged() || "tuftool/***".pathChanged() || "Makefile".pathChanged()
13+
|| "trigger-konflux-builds.txt".pathChanged() || "rpms.lock.yaml".pathChanged()
14+
)
1115
creationTimestamp: null
1216
labels:
1317
appstudio.openshift.io/application: tough
@@ -31,18 +35,19 @@ spec:
3135
value: '[{"type": "cargo", "path": "."}, {"type": "rpm", "path": "."}]'
3236
- name: hermetic
3337
value: "true"
34-
- name: dev-package-managers
38+
- name: dev-package-managers
3539
value: "true"
3640
pipelineRef:
37-
resolver: git
3841
params:
39-
- name: url
40-
value: 'https://github.com/securesign/pipelines.git'
41-
- name: revision
42-
value: 'main'
43-
- name: pathInRepo
44-
value: 'pipelines/docker-build-oci-ta.yaml'
45-
taskRunTemplate: {}
42+
- name: url
43+
value: https://github.com/securesign/pipelines.git
44+
- name: revision
45+
value: main
46+
- name: pathInRepo
47+
value: pipelines/docker-build-oci-ta.yaml
48+
resolver: git
49+
taskRunTemplate:
50+
serviceAccountName: build-pipeline-tuf-tool
4651
workspaces:
4752
- name: git-auth
4853
secret:

0 commit comments

Comments
 (0)