Skip to content

Commit

Permalink
Run all the example pipelines
Browse files Browse the repository at this point in the history
Signed-off-by: Brad Beck <[email protected]>
  • Loading branch information
bradbeck committed Feb 3, 2024
1 parent ef7acc3 commit 115a1b8
Showing 1 changed file with 77 additions and 10 deletions.
87 changes: 77 additions & 10 deletions .github/workflows/install-frsca.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,15 +46,10 @@ jobs:
- name: Try the cluster !
run: kubectl get pods -A
- name: Initialize FRSCA
env:
REGISTRY: "registry.registry"
run: |
make setup-frsca
- name: Run buildpacks pipeline
env:
REGISTRY: "registry.registry"
run: |
make registry-proxy >/dev/null &
./platform/wait-for-pipelinerun.sh -m example-buildpacks -n example-buildpacks-
# tail PipelineRun logs
tkn pr logs --last -f
Expand Down Expand Up @@ -83,12 +78,8 @@ jobs:
tkn tr describe --last -o json | jq -r '.metadata.annotations["chains.tekton.dev/signed"]'
cosign verify --insecure-ignore-tlog --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
cosign verify-attestation --insecure-ignore-tlog --type slsaprovenance --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
kill %?registry-proxy
- name: Run sample pipeline to test kyverno
env:
REGISTRY: "registry.registry"
run: |
make registry-proxy >/dev/null &
./platform/wait-for-pipelinerun.sh -m example-sample-pipeline -n example-sample-pipeline-
# tail PipelineRun logs
tkn pr logs --last -f
Expand Down Expand Up @@ -119,4 +110,80 @@ jobs:
cosign verify-attestation --insecure-ignore-tlog --type slsaprovenance --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
kubectl wait --timeout=5m --for=condition=ready pods -l app=picalc -n prod
kill %?registry-proxy
- name: Run go pipeline
run: |
./platform/wait-for-pipelinerun.sh -m example-golang-pipeline -n example-golang-
tkn pr logs --last -f
if [ "$(tkn pr describe --last -o jsonpath='{.status.conditions[?(@.type == "Succeeded")].status}')" != "True" ]; then
tkn pr describe --last
exit 1
fi
sleep 60
export IMAGE_URL=$(tkn pr describe --last -o jsonpath='{..taskResults}' | jq -r '.[] | select(.name | match("IMAGE_URL$")) | .value')
if [ "${REGISTRY}" = "registry.registry" ]; then
IMAGE_URL="$(echo "${IMAGE_URL}" | sed 's#'${REGISTRY}'#127.0.0.1:5000#')"
fi
crane ls "$(echo -n ${IMAGE_URL} | sed 's|:[^/]*$||')"
cosign verify --insecure-ignore-tlog --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
cosign verify-attestation --insecure-ignore-tlog --type slsaprovenance --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
- name: Run IBM tutorial pipeline
run: |
./platform/wait-for-pipelinerun.sh -m example-ibm-tutorial -n example-ibm-tutorial-
tkn pr logs --last -f
if [ "$(tkn pr describe --last -o jsonpath='{.status.conditions[?(@.type == "Succeeded")].status}')" != "True" ]; then
tkn pr describe --last
exit 1
fi
sleep 60
export IMAGE_URL=$(tkn pr describe --last -o jsonpath='{..taskResults}' | jq -r '.[] | select(.name | match("IMAGE_URL$")) | .value')
if [ "${REGISTRY}" = "registry.registry" ]; then
IMAGE_URL="$(echo "${IMAGE_URL}" | sed 's#'${REGISTRY}'#127.0.0.1:5000#')"
fi
crane ls "$(echo -n ${IMAGE_URL} | sed 's|:[^/]*$||')"
cosign verify --insecure-ignore-tlog --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
cosign verify-attestation --insecure-ignore-tlog --type slsaprovenance --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
- name: Run gradle pipeline
run: |
./platform/wait-for-pipelinerun.sh -m example-gradle-pipeline -n example-gradle-
tkn pr logs --last -f
if [ "$(tkn pr describe --last -o jsonpath='{.status.conditions[?(@.type == "Succeeded")].status}')" != "True" ]; then
tkn pr describe --last
exit 1
fi
sleep 60
export IMAGE_URL=$(tkn pr describe --last -o jsonpath='{..taskResults}' | jq -r '.[] | select(.name | match("IMAGE_URL$")) | .value')
if [ "${REGISTRY}" = "registry.registry" ]; then
IMAGE_URL="$(echo "${IMAGE_URL}" | sed 's#'${REGISTRY}'#127.0.0.1:5000#')"
fi
crane ls "$(echo -n ${IMAGE_URL} | sed 's|:[^/]*$||')"
cosign verify --insecure-ignore-tlog --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
cosign verify-attestation --insecure-ignore-tlog --type slsaprovenance --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
- name: Run maven pipeline
run: |
./platform/wait-for-pipelinerun.sh -m example-maven -n example-maven-
tkn pr logs --last -f
if [ "$(tkn pr describe --last -o jsonpath='{.status.conditions[?(@.type == "Succeeded")].status}')" != "True" ]; then
tkn pr describe --last
exit 1
fi
- name: Run cosign pipeline
run: |
./platform/wait-for-pipelinerun.sh -m example-cosign -n ko-pipelinerun-
tkn pr logs --last -f
if [ "$(tkn pr describe --last -o jsonpath='{.status.conditions[?(@.type == "Succeeded")].status}')" != "True" ]; then
tkn pr describe --last
exit 1
fi
sleep 60
export IMAGE_URL=$(tkn pr describe --last -o jsonpath='{..taskResults}' | jq -r '.[] | select(.name | match("IMAGE_URL$")) | .value')
if [ "${REGISTRY}" = "registry.registry" ]; then
IMAGE_URL="$(echo "${IMAGE_URL}" | sed 's#'${REGISTRY}'#127.0.0.1:5000#')"
fi
export TASK_RUN=$(tkn pr describe --last -o json | jq -r '.status.taskRuns | keys[] as $k | {"k": $k, "v": .[$k]} | select(.v.status.taskResults[]?.name | match("IMAGE_URL$")) | .k')
tkn tr describe "${TASK_RUN}" -o jsonpath='{.metadata.annotations.chains\.tekton\.dev/signed}'
crane ls "$(echo -n ${IMAGE_URL} | sed 's|:[^/]*$||')"
cosign verify --insecure-ignore-tlog --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
cosign verify-attestation --insecure-ignore-tlog --type slsaprovenance --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"

0 comments on commit 115a1b8

Please sign in to comment.