Skip to content

Commit

Permalink
Run all the example pipelines
Browse files Browse the repository at this point in the history
Signed-off-by: Brad Beck <[email protected]>
  • Loading branch information
bradbeck committed May 6, 2024
1 parent e8f11df commit a9ec527
Showing 1 changed file with 119 additions and 12 deletions.
131 changes: 119 additions & 12 deletions .github/workflows/install-frsca.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,15 +46,10 @@ jobs:
- name: Try the cluster !
run: kubectl get pods -A
- name: Initialize FRSCA
env:
REGISTRY: "registry.registry"
run: |
make setup-frsca
- name: Run buildpacks pipeline
env:
REGISTRY: "registry.registry"
run: |
make registry-proxy >/dev/null &
./platform/wait-for-pipelinerun.sh -m example-buildpacks -n example-buildpacks-
# tail PipelineRun logs
tkn pr logs --last -f
Expand Down Expand Up @@ -83,12 +78,9 @@ jobs:
tkn tr describe --last -o json | jq -r '.metadata.annotations["chains.tekton.dev/signed"]'
cosign verify --insecure-ignore-tlog --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
cosign verify-attestation --insecure-ignore-tlog --type slsaprovenance --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
kill %?registry-proxy
kubectl delete pr --all -A
- name: Run sample pipeline to test kyverno
env:
REGISTRY: "registry.registry"
run: |
make registry-proxy >/dev/null &
./platform/wait-for-pipelinerun.sh -m example-sample-pipeline -n example-sample-pipeline-
# tail PipelineRun logs
tkn pr logs --last -f
Expand All @@ -114,9 +106,124 @@ jobs:
echo "TASK_RUN=${TASK_RUN}"
echo "IMAGE_URL=${IMAGE_URL}"
crane ls "$(echo -n ${IMAGE_URL} | sed 's|:[^/]*$||')"
cosign verify --insecure-ignore-tlog --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
cosign verify-attestation --insecure-ignore-tlog --type slsaprovenance --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
kubectl wait --timeout=5m --for=condition=ready pods -l app=picalc -n prod
kill %?registry-proxy
kubectl delete pr --all -A
- name: Run go pipeline
run: |
./platform/wait-for-pipelinerun.sh -m example-golang-pipeline -n example-golang-
tkn pr logs --last -f
if [ "$(tkn pr describe --last -o jsonpath='{.status.conditions[?(@.type == "Succeeded")].status}')" != "True" ]; then
tkn pr describe --last
exit 1
fi
sleep 60
TASK_RUNS=($(tkn pr describe --last -o jsonpath='{.status.childReferences}' | jq -r '.[] | select(.kind | match("TaskRun")) | .name'))
echo "TASK_RUNS=${TASK_RUNS[@]}"
TASK_RUN="none"; IMAGE_URL="none"
for tr in "${TASK_RUNS[@]}"; do
image=$(tkn tr describe "${tr}" -o jsonpath='{.status.results}' | jq -r '.[] | select(.name == "IMAGE_URL") | .value')
if [ -n "${image}" ]; then
TASK_RUN="${tr}"
IMAGE_URL="${image}"
break
fi
done
if [ "${REGISTRY}" = "registry.registry" ]; then
IMAGE_URL="$(echo "${IMAGE_URL}" | sed 's#'${REGISTRY}'#127.0.0.1:5000#')"
fi
crane ls "$(echo -n ${IMAGE_URL} | sed 's|:[^/]*$||')"
cosign verify --insecure-ignore-tlog --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
cosign verify-attestation --insecure-ignore-tlog --type slsaprovenance --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
kubectl delete pr --all -A
- name: Run IBM tutorial pipeline
run: |
./platform/wait-for-pipelinerun.sh -m example-ibm-tutorial -n example-ibm-tutorial-
tkn pr logs --last -f
if [ "$(tkn pr describe --last -o jsonpath='{.status.conditions[?(@.type == "Succeeded")].status}')" != "True" ]; then
tkn pr describe --last
exit 1
fi
sleep 60
TASK_RUNS=($(tkn pr describe --last -o jsonpath='{.status.childReferences}' | jq -r '.[] | select(.kind | match("TaskRun")) | .name'))
echo "TASK_RUNS=${TASK_RUNS[@]}"
TASK_RUN="none"; IMAGE_URL="none"
for tr in "${TASK_RUNS[@]}"; do
image=$(tkn tr describe "${tr}" -o jsonpath='{.status.results}' | jq -r '.[] | select(.name == "IMAGE_URL") | .value')
if [ -n "${image}" ]; then
TASK_RUN="${tr}"
IMAGE_URL="${image}"
break
fi
done
if [ "${REGISTRY}" = "registry.registry" ]; then
IMAGE_URL="$(echo "${IMAGE_URL}" | sed 's#'${REGISTRY}'#127.0.0.1:5000#')"
fi
crane ls "$(echo -n ${IMAGE_URL} | sed 's|:[^/]*$||')"
cosign verify --insecure-ignore-tlog --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
cosign verify-attestation --insecure-ignore-tlog --type slsaprovenance --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
kubectl delete pr --all -A
- name: Run gradle pipeline
run: |
./platform/wait-for-pipelinerun.sh -m example-gradle-pipeline -n example-gradle-
tkn pr logs --last -f
if [ "$(tkn pr describe --last -o jsonpath='{.status.conditions[?(@.type == "Succeeded")].status}')" != "True" ]; then
tkn pr describe --last
exit 1
fi
sleep 60
TASK_RUNS=($(tkn pr describe --last -o jsonpath='{.status.childReferences}' | jq -r '.[] | select(.kind | match("TaskRun")) | .name'))
echo "TASK_RUNS=${TASK_RUNS[@]}"
TASK_RUN="none"; IMAGE_URL="none"
for tr in "${TASK_RUNS[@]}"; do
image=$(tkn tr describe "${tr}" -o jsonpath='{.status.results}' | jq -r '.[] | select(.name == "IMAGE_URL") | .value')
if [ -n "${image}" ]; then
TASK_RUN="${tr}"
IMAGE_URL="${image}"
break
fi
done
if [ "${REGISTRY}" = "registry.registry" ]; then
IMAGE_URL="$(echo "${IMAGE_URL}" | sed 's#'${REGISTRY}'#127.0.0.1:5000#')"
fi
crane ls "$(echo -n ${IMAGE_URL} | sed 's|:[^/]*$||')"
cosign verify --insecure-ignore-tlog --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
cosign verify-attestation --insecure-ignore-tlog --type slsaprovenance --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
kubectl delete pr --all -A
- name: Run maven pipeline
run: |
./platform/wait-for-pipelinerun.sh -m example-maven -n example-maven-
tkn pr logs --last -f
if [ "$(tkn pr describe --last -o jsonpath='{.status.conditions[?(@.type == "Succeeded")].status}')" != "True" ]; then
tkn pr describe --last
exit 1
fi
kubectl delete pr --all -A
- name: Run cosign pipeline
run: |
./platform/wait-for-pipelinerun.sh -m example-cosign -n ko-pipelinerun-
tkn pr logs --last -f
if [ "$(tkn pr describe --last -o jsonpath='{.status.conditions[?(@.type == "Succeeded")].status}')" != "True" ]; then
tkn pr describe --last
exit 1
fi
sleep 60
TASK_RUNS=($(tkn pr describe --last -o jsonpath='{.status.childReferences}' | jq -r '.[] | select(.kind | match("TaskRun")) | .name'))
echo "TASK_RUNS=${TASK_RUNS[@]}"
TASK_RUN="none"; IMAGE_URL="none"
for tr in "${TASK_RUNS[@]}"; do
image=$(tkn tr describe "${tr}" -o jsonpath='{.status.results}' | jq -r '.[] | select(.name == "IMAGE_URL") | .value')
if [ -n "${image}" ]; then
TASK_RUN="${tr}"
IMAGE_URL="${image}"
break
fi
done
if [ "${REGISTRY}" = "registry.registry" ]; then
IMAGE_URL="$(echo "${IMAGE_URL}" | sed 's#'${REGISTRY}'#127.0.0.1:5000#')"
fi
crane ls "$(echo -n ${IMAGE_URL} | sed 's|:[^/]*$||')"
cosign verify --insecure-ignore-tlog --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
cosign verify-attestation --insecure-ignore-tlog --type slsaprovenance --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
kubectl delete pr --all -A

0 comments on commit a9ec527

Please sign in to comment.