sync ec-cli task definitions

enterprise-contract · Sep 19, 2024 · e031fd1 · e031fd1
1 parent 183f96f
commit e031fd1
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 12 deletions.
diff --git a/tasks/verify-definition/0.1/verify-definition.yaml b/tasks/verify-definition/0.1/verify-definition.yaml
@@ -60,13 +60,13 @@ spec:
         value: "$(params.HOMEDIR)"
   steps:
     - name: version
-      image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:78b7b6abf1fce6f8a523e3d78c1550ddced78722cc5ccae1aba9fe178e2dae3d
+      image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:913c7dac3d41877b01835d2e55bcd970c6cdbf4944f8176e9e3de9548642a2b4
       command: [ec]
       args:
         - version
     - name: validate
       workingDir: "$(workspaces.output.path)"
-      image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:78b7b6abf1fce6f8a523e3d78c1550ddced78722cc5ccae1aba9fe178e2dae3d
+      image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:913c7dac3d41877b01835d2e55bcd970c6cdbf4944f8176e9e3de9548642a2b4
       command: [ec]
       args:
         - validate

diff --git a/tasks/verify-enterprise-contract/0.1/verify-enterprise-contract.yaml b/tasks/verify-enterprise-contract/0.1/verify-enterprise-contract.yaml
@@ -135,6 +135,25 @@ spec:
       description: Number of parallel workers to use for policy evaluation.
       default: "1"
 
+    - name: SINGLE_COMPONENT
+      description: Reduce the Snapshot to only the component whose build caused the Snapshot to be created
+      type: string
+      default: "false"
+
+    - name: SINGLE_COMPONENT_CUSTOM_RESOURCE
+      description: >
+        Name, including kind, of the Kubernetes resource to query for labels when single
+        component mode is enabled, e.g. pr/somepipeline.
+      type: string
+      default: "unknown"
+
+    - name: SINGLE_COMPONENT_CUSTOM_RESOURCE_NS
+      description: >
+        Kubernetes namespace where the SINGLE_COMPONENT_NAME is found. Only used
+        when single component mode is enabled.
+      type: string
+      default: ""
+
   workspaces:
     - name: data
       description: The workspace where the snapshot spec json file resides
@@ -152,7 +171,7 @@ spec:
   steps:
 
     - name: initialize-tuf
-      image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:78b7b6abf1fce6f8a523e3d78c1550ddced78722cc5ccae1aba9fe178e2dae3d
+      image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:913c7dac3d41877b01835d2e55bcd970c6cdbf4944f8176e9e3de9548642a2b4
       script: |-
         set -euo pipefail
 
@@ -168,16 +187,31 @@ spec:
         - name: TUF_MIRROR
           value: "$(params.TUF_MIRROR)"
 
+    - name: reduce
+      env:
+        - name: SNAPSHOT
+          value: $(params.IMAGES)
+        - name: SINGLE_COMPONENT
+          value: $(params.SINGLE_COMPONENT)
+        - name: CUSTOM_RESOURCE
+          value: $(params.SINGLE_COMPONENT_CUSTOM_RESOURCE)
+        - name: CUSTOM_RESOURCE_NAMESPACE
+          value: $(params.SINGLE_COMPONENT_CUSTOM_RESOURCE_NS)
+        - name: SNAPSHOT_PATH
+          value: $(params.HOMEDIR)/snapshot.json
+      image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:913c7dac3d41877b01835d2e55bcd970c6cdbf4944f8176e9e3de9548642a2b4
+      onError: continue # progress even if the step fails so we can see the debug logs
+      command: [reduce-snapshot.sh]
     - name: validate
-      image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:78b7b6abf1fce6f8a523e3d78c1550ddced78722cc5ccae1aba9fe178e2dae3d
+      image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:913c7dac3d41877b01835d2e55bcd970c6cdbf4944f8176e9e3de9548642a2b4
       onError: continue # progress even if the step fails so we can see the debug logs
       command: [ec]
       args:
         - validate
         - image
         - "--verbose"
         - "--images"
-        - "$(params.IMAGES)"
+        - "/tekton/home/snapshot.json"
         - "--policy"
         - "$(params.POLICY_CONFIGURATION)"
         - "--public-key"
@@ -231,47 +265,47 @@ spec:
           readOnly: true
 
     - name: report
-      image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:78b7b6abf1fce6f8a523e3d78c1550ddced78722cc5ccae1aba9fe178e2dae3d
+      image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:913c7dac3d41877b01835d2e55bcd970c6cdbf4944f8176e9e3de9548642a2b4
       onError: continue  # progress even if the step fails so we can see the debug logs
       command: [cat]
       args:
         - "$(params.HOMEDIR)/report.yaml"
 
     - name: report-json
-      image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:78b7b6abf1fce6f8a523e3d78c1550ddced78722cc5ccae1aba9fe178e2dae3d
+      image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:913c7dac3d41877b01835d2e55bcd970c6cdbf4944f8176e9e3de9548642a2b4
       onError: continue  # progress even if the step fails so we can see the debug logs
       command: [cat]
       args:
         - "$(params.HOMEDIR)/report-json.json"
 
     - name: summary
-      image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:78b7b6abf1fce6f8a523e3d78c1550ddced78722cc5ccae1aba9fe178e2dae3d
+      image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:913c7dac3d41877b01835d2e55bcd970c6cdbf4944f8176e9e3de9548642a2b4
       onError: continue  # progress even if the step fails so we can see the debug logs
       command: [jq]
       args:
         - "."
         - "$(results.TEST_OUTPUT.path)"
 
     - name: info
-      image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:78b7b6abf1fce6f8a523e3d78c1550ddced78722cc5ccae1aba9fe178e2dae3d
+      image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:913c7dac3d41877b01835d2e55bcd970c6cdbf4944f8176e9e3de9548642a2b4
       command: [printf]
       args:
         - "----- DEBUG OUTPUT -----\n"
 
     - name: version
-      image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:78b7b6abf1fce6f8a523e3d78c1550ddced78722cc5ccae1aba9fe178e2dae3d
+      image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:913c7dac3d41877b01835d2e55bcd970c6cdbf4944f8176e9e3de9548642a2b4
       command: [ec]
       args:
         - version
 
     - name: debug-log
-      image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:78b7b6abf1fce6f8a523e3d78c1550ddced78722cc5ccae1aba9fe178e2dae3d
+      image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:913c7dac3d41877b01835d2e55bcd970c6cdbf4944f8176e9e3de9548642a2b4
       command: [cat]
       args:
         - "$(params.HOMEDIR)/debug.log"
 
     - name: assert
-      image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:78b7b6abf1fce6f8a523e3d78c1550ddced78722cc5ccae1aba9fe178e2dae3d
+      image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:913c7dac3d41877b01835d2e55bcd970c6cdbf4944f8176e9e3de9548642a2b4
       command: [jq]
       args:
         - "--argjson"