Run all the example pipelines #1761

Workflow file for this run

.github/workflows/install-frsca.yaml at c8d618f

	---
	name: CI
	on:
	pull_request:
	types:
	- opened
	- synchronize
	- reopened
	push:
	branches:
	- main
	workflow_dispatch: {}

	permissions:
	contents: read

	jobs:
	lint:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	- uses: mfinelli/setup-shfmt@031e887e39d899d773a7e9b6dd6472c2c23ff50d # v3.0.1
	- name: Lint all
	run: make lint

	setup:
	runs-on: ubuntu-latest
	needs:
	lint
	name: Test FRSCA Installation
	steps:
	- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	- name: Setup go
	uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
	with:
	go-version: "~1.19.0"
	- name: Vendor Dependencies
	run: \|
	./platform/vendor/vendor.sh
	./platform/vendor/vendor-helm-all.sh
	- name: Check commit is clean
	run: test -z "$(git status --porcelain)" \|\| (git status; git diff; false)
	- name: Start minikube
	run: \|
	make setup-minikube
	- name: Try the cluster !
	run: kubectl get pods -A
	- name: Initialize FRSCA
	run: \|
	make setup-frsca
	- name: Run buildpacks pipeline
	run: \|
	./platform/wait-for-pipelinerun.sh -m example-buildpacks -n example-buildpacks-
	# tail PipelineRun logs
	tkn pr logs --last -f
	if [ "$(tkn pr describe --last -o jsonpath='{.status.conditions[?(@.type == "Succeeded")].status}')" != "True" ]; then
	tkn pr describe --last
	exit 1
	fi
	sleep 60
	TASK_RUNS=($(tkn pr describe --last -o jsonpath='{.status.childReferences}' \| jq -r '.[] \| select(.kind \| match("TaskRun")) \| .name'))
	echo "TASK_RUNS=${TASK_RUNS[@]}"
	TASK_RUN="none"; IMAGE_URL="none"
	for tr in "${TASK_RUNS[@]}"; do
	image=$(tkn tr describe "${tr}" -o jsonpath='{.status.results}' \| jq -r '.[] \| select(.name \| match("IMAGE_URL$")) \| .value')
	if [ -n "${image}" ]; then
	TASK_RUN="${tr}"
	IMAGE_URL="${image}"
	break
	fi
	done
	if [ "${REGISTRY}" = "registry.registry" ]; then
	IMAGE_URL="$(echo "${IMAGE_URL}" \| sed 's#'${REGISTRY}'#127.0.0.1:5000#')"
	fi
	echo "TASK_RUN=${TASK_RUN}"
	echo "IMAGE_URL=${IMAGE_URL}"
	crane ls "$(echo -n ${IMAGE_URL} \| sed 's\|:[^/]*$\|\|')"
	tkn tr describe --last -o json \| jq -r '.metadata.annotations["chains.tekton.dev/signed"]'
	cosign verify --insecure-ignore-tlog --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
	cosign verify-attestation --insecure-ignore-tlog --type slsaprovenance --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
	- name: Run sample pipeline to test kyverno
	run: \|
	./platform/wait-for-pipelinerun.sh -m example-sample-pipeline -n example-sample-pipeline-
	# tail PipelineRun logs
	tkn pr logs --last -f
	if [ "$(tkn pr describe --last -o jsonpath='{.status.conditions[?(@.type == "Succeeded")].status}')" != "True" ]; then
	tkn pr describe --last
	exit 1
	fi
	sleep 60
	TASK_RUNS=($(tkn pr describe --last -o jsonpath='{.status.childReferences}' \| jq -r '.[] \| select(.kind \| match("TaskRun")) \| .name'))
	echo "TASK_RUNS=${TASK_RUNS[@]}"
	TASK_RUN="none"; IMAGE_URL="none"
	for tr in "${TASK_RUNS[@]}"; do
	image=$(tkn tr describe "${tr}" -o jsonpath='{.status.results}' \| jq -r '.[] \| select(.name == "IMAGE_URL") \| .value')
	if [ -n "${image}" ]; then
	TASK_RUN="${tr}"
	IMAGE_URL="${image}"
	break
	fi
	done
	if [ "${REGISTRY}" = "registry.registry" ]; then
	IMAGE_URL="$(echo "${IMAGE_URL}" \| sed 's#'${REGISTRY}'#127.0.0.1:5000#')"
	fi
	echo "TASK_RUN=${TASK_RUN}"
	echo "IMAGE_URL=${IMAGE_URL}"
	crane ls "$(echo -n ${IMAGE_URL} \| sed 's\|:[^/]*$\|\|')"

	cosign verify --insecure-ignore-tlog --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
	cosign verify-attestation --insecure-ignore-tlog --type slsaprovenance --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"

	kubectl wait --timeout=5m --for=condition=ready pods -l app=picalc -n prod
	- name: Run go pipeline
	run: \|
	./platform/wait-for-pipelinerun.sh -m example-golang-pipeline -n example-golang-
	tkn pr logs --last -f
	if [ "$(tkn pr describe --last -o jsonpath='{.status.conditions[?(@.type == "Succeeded")].status}')" != "True" ]; then
	tkn pr describe --last
	exit 1
	fi
	sleep 60
	export IMAGE_URL=$(tkn pr describe --last -o jsonpath='{..taskResults}' \| jq -r '.[] \| select(.name \| match("IMAGE_URL$")) \| .value')
	if [ "${REGISTRY}" = "registry.registry" ]; then
	IMAGE_URL="$(echo "${IMAGE_URL}" \| sed 's#'${REGISTRY}'#127.0.0.1:5000#')"
	fi
	crane ls "$(echo -n ${IMAGE_URL} \| sed 's\|:[^/]*$\|\|')"
	cosign verify --insecure-ignore-tlog --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
	cosign verify-attestation --insecure-ignore-tlog --type slsaprovenance --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
	- name: Run IBM tutorial pipeline
	run: \|
	./platform/wait-for-pipelinerun.sh -m example-ibm-tutorial -n example-ibm-tutorial-
	tkn pr logs --last -f
	if [ "$(tkn pr describe --last -o jsonpath='{.status.conditions[?(@.type == "Succeeded")].status}')" != "True" ]; then
	tkn pr describe --last
	exit 1
	fi
	sleep 60
	export IMAGE_URL=$(tkn pr describe --last -o jsonpath='{..taskResults}' \| jq -r '.[] \| select(.name \| match("IMAGE_URL$")) \| .value')
	if [ "${REGISTRY}" = "registry.registry" ]; then
	IMAGE_URL="$(echo "${IMAGE_URL}" \| sed 's#'${REGISTRY}'#127.0.0.1:5000#')"
	fi
	crane ls "$(echo -n ${IMAGE_URL} \| sed 's\|:[^/]*$\|\|')"
	cosign verify --insecure-ignore-tlog --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
	cosign verify-attestation --insecure-ignore-tlog --type slsaprovenance --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
	- name: Run gradle pipeline
	run: \|
	./platform/wait-for-pipelinerun.sh -m example-gradle-pipeline -n example-gradle-
	tkn pr logs --last -f
	if [ "$(tkn pr describe --last -o jsonpath='{.status.conditions[?(@.type == "Succeeded")].status}')" != "True" ]; then
	tkn pr describe --last
	exit 1
	fi
	sleep 60
	export IMAGE_URL=$(tkn pr describe --last -o jsonpath='{..taskResults}' \| jq -r '.[] \| select(.name \| match("IMAGE_URL$")) \| .value')
	if [ "${REGISTRY}" = "registry.registry" ]; then
	IMAGE_URL="$(echo "${IMAGE_URL}" \| sed 's#'${REGISTRY}'#127.0.0.1:5000#')"
	fi
	crane ls "$(echo -n ${IMAGE_URL} \| sed 's\|:[^/]*$\|\|')"
	cosign verify --insecure-ignore-tlog --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
	cosign verify-attestation --insecure-ignore-tlog --type slsaprovenance --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
	- name: Run maven pipeline
	run: \|
	./platform/wait-for-pipelinerun.sh -m example-maven -n example-maven-
	tkn pr logs --last -f
	if [ "$(tkn pr describe --last -o jsonpath='{.status.conditions[?(@.type == "Succeeded")].status}')" != "True" ]; then
	tkn pr describe --last
	exit 1
	fi
	- name: Run cosign pipeline
	run: \|
	./platform/wait-for-pipelinerun.sh -m example-cosign -n ko-pipelinerun-
	tkn pr logs --last -f
	if [ "$(tkn pr describe --last -o jsonpath='{.status.conditions[?(@.type == "Succeeded")].status}')" != "True" ]; then
	tkn pr describe --last
	exit 1
	fi
	sleep 60
	export IMAGE_URL=$(tkn pr describe --last -o jsonpath='{..taskResults}' \| jq -r '.[] \| select(.name \| match("IMAGE_URL$")) \| .value')
	if [ "${REGISTRY}" = "registry.registry" ]; then
	IMAGE_URL="$(echo "${IMAGE_URL}" \| sed 's#'${REGISTRY}'#127.0.0.1:5000#')"
	fi
	export TASK_RUN=$(tkn pr describe --last -o json \| jq -r '.status.taskRuns \| keys[] as $k \| {"k": $k, "v": .[$k]} \| select(.v.status.taskResults[]?.name \| match("IMAGE_URL$")) \| .k')

	tkn tr describe "${TASK_RUN}" -o jsonpath='{.metadata.annotations.chains\.tekton\.dev/signed}'

	crane ls "$(echo -n ${IMAGE_URL} \| sed 's\|:[^/]*$\|\|')"

	cosign verify --insecure-ignore-tlog --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"
	cosign verify-attestation --insecure-ignore-tlog --type slsaprovenance --key k8s://tekton-chains/signing-secrets "${IMAGE_URL}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Run all the example pipelines #1761

Workflow file

Run all the example pipelines #1761

Jobs

Run details

Workflow file for this run