apiVersion: tekton.dev/v1beta1 kind: Pipeline metadata: name: openliberty-pipeline spec: description: | This pipeline clones a git repo, builds a Docker image with Kaniko and pushes it to a registry params: - name: repo-url type: string - name: git-revision type: string - name: maven-mirror-url type: string - name: sonar-organization type: string - name: sonar-project-key type: string - name: sonar-token type: string - name: sonar-host-url type: string - name: source-to-scan type: string - name: registry type: string - name: project type: string - name: image-name type: string - name: cosign-image-url type: string - name: deptrack-projectName type: string - name: deptrack-projectVersion type: string - name: deptrack-apiKey type: string - name: deptrack-url type: string workspaces: - name: shared-data - name: registry-credentials - name: maven-settings - name: sonar-settings tasks: - name: fetch-source taskRef: name: git-clone workspaces: - name: output workspace: shared-data params: - name: url value: $(params.repo-url) - name: compile-java runAfter: ["fetch-source"] taskRef: name: maven workspaces: - name: source workspace: shared-data - name: maven-settings workspace: shared-data params: - name: MAVEN_IMAGE value: maven - name: CONTEXT_DIR value: "." - name: MAVEN_MIRROR_URL value: $(params.maven-mirror-url) - name: GOALS value: - clean - package - name: sonarqube runAfter: ["compile-java"] taskRef: kind: Task name: sonarqube-scanner workspaces: - name: source workspace: shared-data - name: sonar-settings workspace: sonar-settings params: - name: SONAR_ORGANIZATION value: $(params.sonar-organization) - name: SONAR_PROJECT_KEY value: $(params.sonar-project-key) - name: SONAR_TOKEN value: $(params.sonar-token) - name: SOURCE_TO_SCAN value: $(params.source-to-scan) - name: SONAR_HOST_URL value: $(params.sonar-host-url) - name: SONAR_SCANNER_IMAGE value: noenv/sonar-scanner:7.0.2 - name: build-push runAfter: ["compile-java"] taskRef: name: buildah workspaces: - name: source workspace: shared-data - name: dockerconfig workspace: registry-credentials params: - name: IMAGE value: $(params.registry)/$(params.project)/$(params.image-name):$(params.git-revision) - name: cosign-sign runAfter: ["build-push"] taskRef: name: cosign-sign params: - name: cosign-image-url value: $(params.registry)/$(params.project)/$(params.image-name):$(params.git-revision) - name: cosign-image-digest value: $(tasks.build-push.results.IMAGE_DIGEST) - name: syft runAfter: ["build-push"] taskRef: name: syft params: - name: ARGS value: - $(params.registry)/$(params.project)/$(params.image-name):$(params.git-revision) - --output - cyclonedx-json=./$(params.sonar-project-key).sbom.json workspaces: - name: source-dir workspace: shared-data - name: push-sbom runAfter: ["syft"] taskref: name: push-sbom params: - name: deptrack-url value: $(params.deptrack-url) - name: deptrack-apiKey value: $(params.deptrack-apiKey) - name: deptrack-projectName value: $(params.deptrack-projectName) - name: deptrack-projectVersion value: $(params.deptrack-projectVersion) - name: sbom value: $(params.deptrack-projectName).sbom.json workspaces: - name: source-dir workspace: shared-data - name: register-change runAfter: ["build-push"] taskref: name: register-change params: - name: project value: $(params.sonar-project-key) - name: git-revision value: $(params.git-revision) workspaces: - name: source-dir workspace: shared-data - name: deploy-with-argocd runAfter: ["build-push"] taskref: name: argocd-task-sync-and-wait params: - name: application-name value: $(params.sonar-project-key)