diff --git a/.tekton/basic-component-pipeline.yaml b/.tekton/basic-component-pipeline.yaml index a345596906188..2e9359ed5de5a 100644 --- a/.tekton/basic-component-pipeline.yaml +++ b/.tekton/basic-component-pipeline.yaml @@ -185,12 +185,14 @@ spec: value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - name: MAKEFILE_DIRECTORY value: $(params.image-tag-makefile-directory) + - name: SOURCE_BRANCH + value: '{{source_branch}}' taskRef: params: - name: name - value: determine-image-tag-stackrox + value: determine-image-tag - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:098fb3f43bd32d61874e67adc830cae0845f59fbc06cb52ddcc820f5c2c8be2d + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:7b7c2f3c1a73190d50f3d2ce68077f44981596f491a52b5d7450a2f717050a11 - name: kind value: task resolver: bundles diff --git a/.tekton/central-db-build.yaml b/.tekton/central-db-build.yaml index 1b03f7b2b96c1..6d8e62a6ad655 100644 --- a/.tekton/central-db-build.yaml +++ b/.tekton/central-db-build.yaml @@ -9,13 +9,12 @@ metadata: build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "500" # TODO(ROX-21073): re-enable for all PR branches - pipelinesascode.tekton.dev/on-cel-expression: ( - event == "push" && ( - source_branch == "master" || - target_branch.startsWith("refs/tags/") - ) + pipelinesascode.tekton.dev/on-cel-expression: | + ( + event == "push" && target_branch.matches("^(master|release-.*|refs/tags/.*)$") ) || ( event == "pull_request" && ( + target_branch.startsWith("release-") || source_branch.matches("(konflux|renovate|appstudio|rhtap)") || body.pull_request.labels.exists(l, l.name == "konflux-build") ) diff --git a/.tekton/main-build.yaml b/.tekton/main-build.yaml index 78f4c31a8bec7..b7c9ee1efedca 100644 --- a/.tekton/main-build.yaml +++ b/.tekton/main-build.yaml @@ -9,13 +9,12 @@ metadata: build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "500" # TODO(ROX-21073): re-enable for all PR branches - pipelinesascode.tekton.dev/on-cel-expression: ( - event == "push" && ( - source_branch == "master" || - target_branch.startsWith("refs/tags/") - ) + pipelinesascode.tekton.dev/on-cel-expression: | + ( + event == "push" && target_branch.matches("^(master|release-.*|refs/tags/.*)$") ) || ( event == "pull_request" && ( + target_branch.startsWith("release-") || source_branch.matches("(konflux|renovate|appstudio|rhtap)") || body.pull_request.labels.exists(l, l.name == "konflux-build") ) diff --git a/.tekton/main-pipeline.yaml b/.tekton/main-pipeline.yaml index 031f4a4f3d4b2..c61653e9ceac5 100644 --- a/.tekton/main-pipeline.yaml +++ b/.tekton/main-pipeline.yaml @@ -179,12 +179,14 @@ spec: value: $(params.output-tag-suffix) - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: SOURCE_BRANCH + value: '{{source_branch}}' taskRef: params: - name: name - value: determine-image-tag-stackrox + value: determine-image-tag - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:098fb3f43bd32d61874e67adc830cae0845f59fbc06cb52ddcc820f5c2c8be2d + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:7b7c2f3c1a73190d50f3d2ce68077f44981596f491a52b5d7450a2f717050a11 - name: kind value: task resolver: bundles @@ -204,7 +206,7 @@ spec: - name: name value: fetch-external-networks - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:098fb3f43bd32d61874e67adc830cae0845f59fbc06cb52ddcc820f5c2c8be2d + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:7b7c2f3c1a73190d50f3d2ce68077f44981596f491a52b5d7450a2f717050a11 - name: kind value: task resolver: bundles diff --git a/.tekton/operator-build.yaml b/.tekton/operator-build.yaml index adbe7cd579bda..91bb4ca472c63 100644 --- a/.tekton/operator-build.yaml +++ b/.tekton/operator-build.yaml @@ -9,13 +9,12 @@ metadata: build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "500" # TODO(ROX-21073): re-enable for all PR branches - pipelinesascode.tekton.dev/on-cel-expression: ( - event == "push" && ( - source_branch == "master" || - target_branch.startsWith("refs/tags/") - ) + pipelinesascode.tekton.dev/on-cel-expression: | + ( + event == "push" && target_branch.matches("^(master|release-.*|refs/tags/.*)$") ) || ( event == "pull_request" && ( + target_branch.startsWith("release-") || source_branch.matches("(konflux|renovate|appstudio|rhtap)") || body.pull_request.labels.exists(l, l.name == "konflux-build") ) diff --git a/.tekton/operator-bundle-build.yaml b/.tekton/operator-bundle-build.yaml index a3bd15efc65ac..77ab11814f521 100644 --- a/.tekton/operator-bundle-build.yaml +++ b/.tekton/operator-bundle-build.yaml @@ -9,13 +9,12 @@ metadata: build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "500" # TODO(ROX-21073): re-enable for all PR branches - pipelinesascode.tekton.dev/on-cel-expression: ( - event == "push" && ( - source_branch == "master" || - target_branch.startsWith("refs/tags/") - ) + pipelinesascode.tekton.dev/on-cel-expression: | + ( + event == "push" && target_branch.matches("^(master|release-.*|refs/tags/.*)$") ) || ( event == "pull_request" && ( + target_branch.startsWith("release-") || source_branch.matches("(konflux|renovate|appstudio|rhtap)") || body.pull_request.labels.exists(l, l.name == "konflux-build") ) diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index a38966aece93b..db40727cf3e43 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -292,12 +292,14 @@ spec: value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - name: MAKEFILE_DIRECTORY value: ./operator + - name: SOURCE_BRANCH + value: '{{source_branch}}' taskRef: &determine-image-tag-ref params: - name: name - value: determine-image-tag-stackrox + value: determine-image-tag - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:098fb3f43bd32d61874e67adc830cae0845f59fbc06cb52ddcc820f5c2c8be2d + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:7b7c2f3c1a73190d50f3d2ce68077f44981596f491a52b5d7450a2f717050a11 - name: kind value: task resolver: bundles @@ -310,6 +312,8 @@ spec: value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - name: MAKEFILE_DIRECTORY value: "." + - name: SOURCE_BRANCH + value: '{{source_branch}}' taskRef: *determine-image-tag-ref - name: prefetch-dependencies @@ -344,7 +348,7 @@ spec: - name: name value: wait-for-image - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:098fb3f43bd32d61874e67adc830cae0845f59fbc06cb52ddcc820f5c2c8be2d + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:7b7c2f3c1a73190d50f3d2ce68077f44981596f491a52b5d7450a2f717050a11 - name: kind value: task resolver: bundles @@ -782,7 +786,7 @@ spec: - name: name value: create-snapshot - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:098fb3f43bd32d61874e67adc830cae0845f59fbc06cb52ddcc820f5c2c8be2d + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:7b7c2f3c1a73190d50f3d2ce68077f44981596f491a52b5d7450a2f717050a11 - name: kind value: task resolver: bundles diff --git a/.tekton/retag-collector-full.yaml b/.tekton/retag-collector-full.yaml index 33d2da536ece4..a42b9707dae11 100644 --- a/.tekton/retag-collector-full.yaml +++ b/.tekton/retag-collector-full.yaml @@ -10,8 +10,15 @@ metadata: pipelinesascode.tekton.dev/max-keep-runs: "500" # TODO(ROX-21073): re-enable for all PR branches pipelinesascode.tekton.dev/on-cel-expression: | - (event == "push" && target_branch.matches("^(master|release-.*)$")) || - (event == "pull_request" && (source_branch.matches("(konflux|renovate|appstudio|rhtap)") || body.pull_request.labels.exists(l, l.name == "konflux-build"))) + ( + event == "push" && target_branch.matches("^(master|release-.*|refs/tags/.*)$") + ) || ( + event == "pull_request" && ( + target_branch.startsWith("release-") || + source_branch.matches("(konflux|renovate|appstudio|rhtap)") || + body.pull_request.labels.exists(l, l.name == "konflux-build") + ) + ) labels: appstudio.openshift.io/application: acs name: retag-collector-full diff --git a/.tekton/retag-collector-slim.yaml b/.tekton/retag-collector-slim.yaml index ac65cc17c59d7..acda8aa8cce4c 100644 --- a/.tekton/retag-collector-slim.yaml +++ b/.tekton/retag-collector-slim.yaml @@ -10,8 +10,15 @@ metadata: pipelinesascode.tekton.dev/max-keep-runs: "500" # TODO(ROX-21073): re-enable for all PR branches pipelinesascode.tekton.dev/on-cel-expression: | - (event == "push" && target_branch.matches("^(master|release-.*)$")) || - (event == "pull_request" && (source_branch.matches("(konflux|renovate|appstudio|rhtap)") || body.pull_request.labels.exists(l, l.name == "konflux-build"))) + ( + event == "push" && target_branch.matches("^(master|release-.*|refs/tags/.*)$") + ) || ( + event == "pull_request" && ( + target_branch.startsWith("release-") || + source_branch.matches("(konflux|renovate|appstudio|rhtap)") || + body.pull_request.labels.exists(l, l.name == "konflux-build") + ) + ) labels: appstudio.openshift.io/application: acs name: retag-collector-slim diff --git a/.tekton/retag-pipeline.yaml b/.tekton/retag-pipeline.yaml index 571768e3929b4..eb87e1a9c7cee 100644 --- a/.tekton/retag-pipeline.yaml +++ b/.tekton/retag-pipeline.yaml @@ -110,18 +110,18 @@ spec: - name: determine-output-image-tag params: - - name: MAKEFILE_TARGET - value: "tag" - name: TAG_SUFFIX value: $(params.image-tag-suffix) - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - taskRef: &determine-image-tag-ref + - name: SOURCE_BRANCH + value: '{{source_branch}}' + taskRef: params: - name: name - value: determine-image-tag-stackrox + value: determine-image-tag - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:098fb3f43bd32d61874e67adc830cae0845f59fbc06cb52ddcc820f5c2c8be2d + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:7b7c2f3c1a73190d50f3d2ce68077f44981596f491a52b5d7450a2f717050a11 - name: kind value: task resolver: bundles @@ -134,7 +134,15 @@ spec: value: $(params.image-tag-suffix) - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - taskRef: *determine-image-tag-ref + taskRef: + params: + - name: name + value: determine-dependency-image-tag + - name: bundle + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:7b7c2f3c1a73190d50f3d2ce68077f44981596f491a52b5d7450a2f717050a11 + - name: kind + value: task + resolver: bundles - name: retag-image params: @@ -151,7 +159,7 @@ spec: - name: name value: retag-image - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:098fb3f43bd32d61874e67adc830cae0845f59fbc06cb52ddcc820f5c2c8be2d + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:7b7c2f3c1a73190d50f3d2ce68077f44981596f491a52b5d7450a2f717050a11 - name: kind value: task resolver: bundles diff --git a/.tekton/retag-scanner-db-slim.yaml b/.tekton/retag-scanner-db-slim.yaml index f829a4b1594ad..21d340ff75568 100644 --- a/.tekton/retag-scanner-db-slim.yaml +++ b/.tekton/retag-scanner-db-slim.yaml @@ -10,8 +10,15 @@ metadata: pipelinesascode.tekton.dev/max-keep-runs: "500" # TODO(ROX-21073): re-enable for all PR branches pipelinesascode.tekton.dev/on-cel-expression: | - (event == "push" && target_branch.matches("^(master|release-.*)$")) || - (event == "pull_request" && (source_branch.matches("(konflux|renovate|appstudio|rhtap)") || body.pull_request.labels.exists(l, l.name == "konflux-build"))) + ( + event == "push" && target_branch.matches("^(master|release-.*|refs/tags/.*)$") + ) || ( + event == "pull_request" && ( + target_branch.startsWith("release-") || + source_branch.matches("(konflux|renovate|appstudio|rhtap)") || + body.pull_request.labels.exists(l, l.name == "konflux-build") + ) + ) labels: appstudio.openshift.io/application: acs name: retag-scanner-db-slim diff --git a/.tekton/retag-scanner-db.yaml b/.tekton/retag-scanner-db.yaml index bcb36bf9a0669..941d93df59196 100644 --- a/.tekton/retag-scanner-db.yaml +++ b/.tekton/retag-scanner-db.yaml @@ -10,8 +10,15 @@ metadata: pipelinesascode.tekton.dev/max-keep-runs: "500" # TODO(ROX-21073): re-enable for all PR branches pipelinesascode.tekton.dev/on-cel-expression: | - (event == "push" && target_branch.matches("^(master|release-.*)$")) || - (event == "pull_request" && (source_branch.matches("(konflux|renovate|appstudio|rhtap)") || body.pull_request.labels.exists(l, l.name == "konflux-build"))) + ( + event == "push" && target_branch.matches("^(master|release-.*|refs/tags/.*)$") + ) || ( + event == "pull_request" && ( + target_branch.startsWith("release-") || + source_branch.matches("(konflux|renovate|appstudio|rhtap)") || + body.pull_request.labels.exists(l, l.name == "konflux-build") + ) + ) labels: appstudio.openshift.io/application: acs name: retag-scanner-db diff --git a/.tekton/retag-scanner-slim.yaml b/.tekton/retag-scanner-slim.yaml index caf0db864a52e..0ed3077f2b340 100644 --- a/.tekton/retag-scanner-slim.yaml +++ b/.tekton/retag-scanner-slim.yaml @@ -10,8 +10,15 @@ metadata: pipelinesascode.tekton.dev/max-keep-runs: "500" # TODO(ROX-21073): re-enable for all PR branches pipelinesascode.tekton.dev/on-cel-expression: | - (event == "push" && target_branch.matches("^(master|release-.*)$")) || - (event == "pull_request" && (source_branch.matches("(konflux|renovate|appstudio|rhtap)") || body.pull_request.labels.exists(l, l.name == "konflux-build"))) + ( + event == "push" && target_branch.matches("^(master|release-.*|refs/tags/.*)$") + ) || ( + event == "pull_request" && ( + target_branch.startsWith("release-") || + source_branch.matches("(konflux|renovate|appstudio|rhtap)") || + body.pull_request.labels.exists(l, l.name == "konflux-build") + ) + ) labels: appstudio.openshift.io/application: acs name: retag-scanner-slim diff --git a/.tekton/retag-scanner.yaml b/.tekton/retag-scanner.yaml index 3de5bb3c9ede6..649e4077571c0 100644 --- a/.tekton/retag-scanner.yaml +++ b/.tekton/retag-scanner.yaml @@ -10,8 +10,15 @@ metadata: pipelinesascode.tekton.dev/max-keep-runs: "500" # TODO(ROX-21073): re-enable for all PR branches pipelinesascode.tekton.dev/on-cel-expression: | - (event == "push" && target_branch.matches("^(master|release-.*)$")) || - (event == "pull_request" && (source_branch.matches("(konflux|renovate|appstudio|rhtap)") || body.pull_request.labels.exists(l, l.name == "konflux-build"))) + ( + event == "push" && target_branch.matches("^(master|release-.*|refs/tags/.*)$") + ) || ( + event == "pull_request" && ( + target_branch.startsWith("release-") || + source_branch.matches("(konflux|renovate|appstudio|rhtap)") || + body.pull_request.labels.exists(l, l.name == "konflux-build") + ) + ) labels: appstudio.openshift.io/application: acs name: retag-scanner diff --git a/.tekton/roxctl-build.yaml b/.tekton/roxctl-build.yaml index 9ed390d22873a..f32e7cb60e2d0 100644 --- a/.tekton/roxctl-build.yaml +++ b/.tekton/roxctl-build.yaml @@ -9,13 +9,12 @@ metadata: build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "500" # TODO(ROX-21073): re-enable for all PR branches - pipelinesascode.tekton.dev/on-cel-expression: ( - event == "push" && ( - source_branch == "master" || - target_branch.startsWith("refs/tags/") - ) + pipelinesascode.tekton.dev/on-cel-expression: | + ( + event == "push" && target_branch.matches("^(master|release-.*|refs/tags/.*)$") ) || ( event == "pull_request" && ( + target_branch.startsWith("release-") || source_branch.matches("(konflux|renovate|appstudio|rhtap)") || body.pull_request.labels.exists(l, l.name == "konflux-build") ) diff --git a/.tekton/scanner-v4-build.yaml b/.tekton/scanner-v4-build.yaml index 9992079882393..8eec93075164d 100644 --- a/.tekton/scanner-v4-build.yaml +++ b/.tekton/scanner-v4-build.yaml @@ -9,13 +9,12 @@ metadata: build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "500" # TODO(ROX-21073): re-enable for all PR branches - pipelinesascode.tekton.dev/on-cel-expression: ( - event == "push" && ( - source_branch == "master" || - target_branch.startsWith("refs/tags/") - ) + pipelinesascode.tekton.dev/on-cel-expression: | + ( + event == "push" && target_branch.matches("^(master|release-.*|refs/tags/.*)$") ) || ( event == "pull_request" && ( + target_branch.startsWith("release-") || source_branch.matches("(konflux|renovate|appstudio|rhtap)") || body.pull_request.labels.exists(l, l.name == "konflux-build") ) diff --git a/.tekton/scanner-v4-db-build.yaml b/.tekton/scanner-v4-db-build.yaml index 32415eae61cda..fbed43d4cfc93 100644 --- a/.tekton/scanner-v4-db-build.yaml +++ b/.tekton/scanner-v4-db-build.yaml @@ -9,13 +9,12 @@ metadata: build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "500" # TODO(ROX-21073): re-enable for all PR branches - pipelinesascode.tekton.dev/on-cel-expression: ( - event == "push" && ( - source_branch == "master" || - target_branch.startsWith("refs/tags/") - ) + pipelinesascode.tekton.dev/on-cel-expression: | + ( + event == "push" && target_branch.matches("^(master|release-.*|refs/tags/.*)$") ) || ( event == "pull_request" && ( + target_branch.startsWith("release-") || source_branch.matches("(konflux|renovate|appstudio|rhtap)") || body.pull_request.labels.exists(l, l.name == "konflux-build") ) diff --git a/.tekton/scanner-v4-pipeline.yaml b/.tekton/scanner-v4-pipeline.yaml index 18088ed25fcdd..991e35f567c27 100644 --- a/.tekton/scanner-v4-pipeline.yaml +++ b/.tekton/scanner-v4-pipeline.yaml @@ -179,12 +179,14 @@ spec: value: $(params.output-tag-suffix) - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: SOURCE_BRANCH + value: '{{source_branch}}' taskRef: params: - name: name - value: determine-image-tag-stackrox + value: determine-image-tag - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:098fb3f43bd32d61874e67adc830cae0845f59fbc06cb52ddcc820f5c2c8be2d + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:7b7c2f3c1a73190d50f3d2ce68077f44981596f491a52b5d7450a2f717050a11 - name: kind value: task resolver: bundles @@ -204,7 +206,7 @@ spec: - name: name value: fetch-scanner-v4-vuln-mappings - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:098fb3f43bd32d61874e67adc830cae0845f59fbc06cb52ddcc820f5c2c8be2d + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:7b7c2f3c1a73190d50f3d2ce68077f44981596f491a52b5d7450a2f717050a11 - name: kind value: task resolver: bundles