From e500efc56bd8fd72ba920825f68b031067edd8c8 Mon Sep 17 00:00:00 2001 From: konflux Date: Wed, 30 Apr 2025 05:11:24 +0000 Subject: [PATCH] Konflux build pipeline service account migration for image-builder-frontend Signed-off-by: konflux --- .../image-builder-frontend-pull-request.yaml | 67 ++++++++++--------- .tekton/image-builder-frontend-push.yaml | 67 ++++++++++--------- 2 files changed, 68 insertions(+), 66 deletions(-) diff --git a/.tekton/image-builder-frontend-pull-request.yaml b/.tekton/image-builder-frontend-pull-request.yaml index 6b37d060..17710406 100644 --- a/.tekton/image-builder-frontend-pull-request.yaml +++ b/.tekton/image-builder-frontend-pull-request.yaml @@ -312,52 +312,52 @@ spec: workspace: workspace - name: sast-shell-check params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) runAfter: - - build-image-index + - build-image-index taskRef: params: - - name: name - value: sast-shell-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:188a4f6a582ac43d4de46c3998ded3c2a8ee237fb0604d90559a3b6e0aa62b0f - - name: kind - value: task + - name: name + value: sast-shell-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:188a4f6a582ac43d4de46c3998ded3c2a8ee237fb0604d90559a3b6e0aa62b0f + - name: kind + value: task resolver: bundles when: - - input: $(params.skip-checks) - operator: in - values: - - "false" + - input: $(params.skip-checks) + operator: in + values: + - "false" workspaces: - - name: workspace - workspace: workspace + - name: workspace + workspace: workspace - name: sast-unicode-check params: - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) runAfter: - - build-image-index + - build-image-index taskRef: params: - - name: name - value: sast-unicode-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.2@sha256:e4a5215b45b1886a185a9db8ab392f8440c2b0848f76d719885637cf8d2628ed - - name: kind - value: task + - name: name + value: sast-unicode-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.2@sha256:e4a5215b45b1886a185a9db8ab392f8440c2b0848f76d719885637cf8d2628ed + - name: kind + value: task resolver: bundles when: - - input: $(params.skip-checks) - operator: in - values: - - "false" + - input: $(params.skip-checks) + operator: in + values: + - "false" workspaces: - - name: workspace - workspace: workspace + - name: workspace + workspace: workspace - name: deprecated-base-image-check params: - name: IMAGE_URL @@ -536,7 +536,8 @@ spec: optional: true - name: netrc optional: true - taskRunTemplate: {} + taskRunTemplate: + serviceAccountName: build-pipeline-image-builder-frontend workspaces: - name: workspace volumeClaimTemplate: diff --git a/.tekton/image-builder-frontend-push.yaml b/.tekton/image-builder-frontend-push.yaml index 202be8d9..2a8e097b 100644 --- a/.tekton/image-builder-frontend-push.yaml +++ b/.tekton/image-builder-frontend-push.yaml @@ -309,52 +309,52 @@ spec: workspace: workspace - name: sast-shell-check params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) runAfter: - - build-image-index + - build-image-index taskRef: params: - - name: name - value: sast-shell-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:188a4f6a582ac43d4de46c3998ded3c2a8ee237fb0604d90559a3b6e0aa62b0f - - name: kind - value: task + - name: name + value: sast-shell-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:188a4f6a582ac43d4de46c3998ded3c2a8ee237fb0604d90559a3b6e0aa62b0f + - name: kind + value: task resolver: bundles when: - - input: $(params.skip-checks) - operator: in - values: - - "false" + - input: $(params.skip-checks) + operator: in + values: + - "false" workspaces: - - name: workspace - workspace: workspace + - name: workspace + workspace: workspace - name: sast-unicode-check params: - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) runAfter: - - build-image-index + - build-image-index taskRef: params: - - name: name - value: sast-unicode-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.2@sha256:e4a5215b45b1886a185a9db8ab392f8440c2b0848f76d719885637cf8d2628ed - - name: kind - value: task + - name: name + value: sast-unicode-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.2@sha256:e4a5215b45b1886a185a9db8ab392f8440c2b0848f76d719885637cf8d2628ed + - name: kind + value: task resolver: bundles when: - - input: $(params.skip-checks) - operator: in - values: - - "false" + - input: $(params.skip-checks) + operator: in + values: + - "false" workspaces: - - name: workspace - workspace: workspace + - name: workspace + workspace: workspace - name: deprecated-base-image-check params: - name: IMAGE_URL @@ -533,7 +533,8 @@ spec: optional: true - name: netrc optional: true - taskRunTemplate: {} + taskRunTemplate: + serviceAccountName: build-pipeline-image-builder-frontend workspaces: - name: workspace volumeClaimTemplate: