Commit af071d99 authored by HUA YUEN HUI's avatar HUA YUEN HUI Committed by GitHub Enterprise
Browse files

chore: expand cra parameters (#27)

parent 5ade1aa1
......@@ -68,6 +68,93 @@ spec:
default: ""
- name: commons-hosted-region
default: "https://raw.githubusercontent.com/open-toolchain/commons/master"
#Cra specific params
- name: ibmcloud-region
description: (Optional) ibmcloud region to use
default: ""
# Common command related params
- name: env-props
description: (Optional) A custom configuration of environment properties to source before execution, ex. 'export ABC=123 export DEF=456'
default: ""
- name: fileignore
description: (Optional) Filepath to .fileignore
default: ""
- name: ibmcloud-trace
description: (Optional) Enables IBMCLOUD_TRACE for ibmcloud cli logging
default: "false"
- name: output
description: (Optional) Prints command result to console
default: "false"
- name: path
description: Repository path to scan
default: "/artifacts"
- name: strict
description: (Optional) Enables strict mode for scanning
default: "false"
- name: toolchainid
description: (Optional) The target toolchain id to be used. Defaults to the current toolchain id
default: ""
- name: verbose
description: (Optional) Enable verbose log messages
default: "false"
# BOM related params
- name: asset-type
description: Security checks to run (apps, image, os, all)
default: "all"
- name: bom-report
description: Filepath to store generated Bill of Materials
default: "bom.json"
- name: docker-build-flags
description: (Optional) Customize docker build command for build stage scanning
default: ""
- name: docker-build-context
description: (Optional) If specified, CRA will use the directory in the path parameter as docker build context
- name: dockerfile-pattern
description: (Optional) Pattern to identify Dockerfile in the repository
- name: docker-registry-secret
description: Secret to authenticate for docker-registry-url
- name: docker-registry-url
description: Registry url to use for docker login
default: ""
- name: docker-registry-username
description: Username to authenticate for docker-registry-url
default: ""
- name: gradle-exclude-configs
description: (Optional) Exclude gradle configurations, ex. 'runtimeClasspath,testCompileClasspath'
default: ""
- name: maven-exclude-scopes
description: (Optional) Exclude maven scopes, ex. 'test,compile'
default: ""
- name: nodejs-create-package-lock
description: (Optional) Enable the task to build the package-lock.json for node.js projects
default: "false"
- name: prev-report
description: Filepath to previous BoM report to skip Dockerfile or application manifest scans
default: ""
# Deploy Analytic related params
- name: deploy-report
description: Filepath to store generated Deploy Analytic report
default: "deploy.json"
# Vulnerability related params
- name: cveignore
description: (Optional) Filepath to cveignore
default: ""
- name: exclude-dev
description: (Optional) Exclude dev dependencies during vulnerability scan
default: "false"
- name: vulnerability-report
description: Filepath to store Vulnerability report, not stored if empty
default: "vulnerability.json"
# User control params
- name: cra-scan-image
description: Image to use for `scan` task
default: "icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3.9"
resourcetemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
......@@ -80,6 +167,14 @@ spec:
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
- apiVersion: v1
kind: Secret
metadata:
name: cd-secret
type: Opaque
stringData:
API_KEY: $(params.apikey)
DOCKER_SECRET: $(params.docker-registry-secret)
- apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
......@@ -144,6 +239,57 @@ spec:
value: $(params.project-id)
- name: commons-hosted-region
value: $(params.commons-hosted-region)
#cra specific
- name: ibmcloud-region
value: $(params.ibmcloud-region)
- name: env-props
value: $(params.env-props)
- name: fileignore
value: $(params.fileignore)
- name: ibmcloud-trace
value: $(params.ibmcloud-trace)
- name: output
value: $(params.output)
- name: path
value: $(params.path)
- name: strict
value: $(params.strict)
- name: toolchainid
value: $(params.toolchainid)
- name: verbose
value: $(params.verbose)
- name: asset-type
value: $(params.asset-type)
- name: bom-report
value: $(params.bom-report)
- name: docker-build-flags
value: $(params.docker-build-flags)
- name: docker-build-context
value: $(params.docker-build-context)
- name: dockerfile-pattern
value: $(params.dockerfile-pattern)
- name: docker-registry-url
value: $(params.docker-registry-url)
- name: docker-registry-username
value: $(params.docker-registry-username)
- name: gradle-exclude-configs
value: $(params.gradle-exclude-configs)
- name: maven-exclude-scopes
value: $(params.maven-exclude-scopes)
- name: nodejs-create-package-lock
value: $(params.nodejs-create-package-lock)
- name: prev-report
value: $(params.prev-report)
- name: deploy-report
value: $(params.deploy-report)
- name: cveignore
value: $(params.cveignore)
- name: exclude-dev
value: $(params.exclude-dev)
- name: vulnerability-report
value: $(params.vulnerability-report)
- name: cra-scan-image
value: $(params.cra-scan-image)
workspaces:
- name: pipeline-ws
persistentVolumeClaim:
......
......@@ -67,6 +67,90 @@ spec:
default: "true"
- name: commons-hosted-region
default: "https://raw.githubusercontent.com/open-toolchain/commons/master"
#Cra specific params
- name: ibmcloud-region
description: (Optional) ibmcloud region to use
default: ""
# Common command related params
- name: env-props
description: (Optional) A custom configuration of environment properties to source before execution, ex. 'export ABC=123 export DEF=456'
default: ""
- name: fileignore
description: (Optional) Filepath to .fileignore
default: ""
- name: ibmcloud-trace
description: (Optional) Enables IBMCLOUD_TRACE for ibmcloud cli logging
default: "false"
- name: output
description: (Optional) Prints command result to console
default: "false"
- name: path
description: Repository path to scan
default: "/artifacts"
- name: strict
description: (Optional) Enables strict mode for scanning
default: "false"
- name: toolchainid
description: (Optional) The target toolchain id to be used. Defaults to the current toolchain id
default: ""
- name: verbose
description: (Optional) Enable verbose log messages
default: "false"
# BOM related params
- name: asset-type
description: Security checks to run (apps, image, os, all)
default: "all"
- name: bom-report
description: Filepath to store generated Bill of Materials
default: "bom.json"
- name: docker-build-flags
description: (Optional) Customize docker build command for build stage scanning
default: ""
- name: docker-build-context
description: (Optional) If specified, CRA will use the directory in the path parameter as docker build context
- name: dockerfile-pattern
description: (Optional) Pattern to identify Dockerfile in the repository
- name: docker-registry-url
description: Registry url to use for docker login
default: ""
- name: docker-registry-username
description: Username to authenticate for docker-registry-url
default: ""
- name: gradle-exclude-configs
description: (Optional) Exclude gradle configurations, ex. 'runtimeClasspath,testCompileClasspath'
default: ""
- name: maven-exclude-scopes
description: (Optional) Exclude maven scopes, ex. 'test,compile'
default: ""
- name: nodejs-create-package-lock
description: (Optional) Enable the task to build the package-lock.json for node.js projects
default: "false"
- name: prev-report
description: Filepath to previous BoM report to skip Dockerfile or application manifest scans
default: ""
# Deploy Analytic related params
- name: deploy-report
description: Filepath to store generated Deploy Analytic report
default: "deploy.json"
# Vulnerability related params
- name: cveignore
description: (Optional) Filepath to cveignore
default: ""
- name: exclude-dev
description: (Optional) Exclude dev dependencies during vulnerability scan
default: "false"
- name: vulnerability-report
description: Filepath to store Vulnerability report, not stored if empty
default: "vulnerability.json"
# User control params
- name: cra-scan-image
description: Image to use for `scan` task
workspaces:
- name: pipeline-ws
tasks:
......@@ -142,6 +226,57 @@ spec:
value: $(params.pipeline-debug)
- name: ibmcloud-api
value: $(params.ibmcloud-api)
- name: ibmcloud-region
value: $(params.ibmcloud-region)
- name: env-props
value: $(params.env-props)
- name: fileignore
value: $(params.fileignore)
- name: ibmcloud-trace
value: $(params.ibmcloud-trace)
- name: output
value: $(params.output)
- name: path
value: $(params.path)
- name: strict
value: $(params.strict)
- name: toolchainid
value: $(params.toolchainid)
- name: verbose
value: $(params.verbose)
- name: asset-type
value: $(params.asset-type)
- name: bom-report
value: $(params.bom-report)
- name: docker-build-flags
value: $(params.docker-build-flags)
- name: docker-build-context
value: $(params.docker-build-context)
- name: dockerfile-pattern
value: $(params.dockerfile-pattern)
- name: docker-registry-url
value: $(params.docker-registry-url)
- name: docker-registry-username
value: $(params.docker-registry-username)
- name: gradle-exclude-configs
value: $(params.gradle-exclude-configs)
- name: maven-exclude-scopes
value: $(params.maven-exclude-scopes)
- name: nodejs-create-package-lock
value: $(params.nodejs-create-package-lock)
- name: prev-report
value: $(params.prev-report)
- name: deploy-report
value: $(params.deploy-report)
- name: cveignore
value: $(params.cveignore)
- name: exclude-dev
value: $(params.exclude-dev)
- name: vulnerability-report
value: $(params.vulnerability-report)
- name: cra-scan-image
value: $(params.cra-scan-image)
workspaces:
- name: artifacts
workspace: pipeline-ws
......
......@@ -84,7 +84,7 @@ spec:
# User control params
- name: cra-scan-image
description: Image to use for `scan` task. Default to `icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3.2`
description: Image to use for `scan` task. Default to `icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3.9`
workspaces:
- name: artifacts
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment