forked from rcarrata/devsecops-demo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
task-rox-deployment-check.yaml.j2
58 lines (56 loc) · 2.07 KB
/
task-rox-deployment-check.yaml.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
apiVersion: tekton.dev/v1beta1
kind: ClusterTask
metadata:
name: rox-deployment-check
spec:
params:
- name: GIT_REPOSITORY
type: string
- name: rox_central_endpoint
type: string
description: Secret containing the address:port tuple for StackRox Central (example - rox.stackrox.io:443)
- name: rox_api_token
type: string
description: Secret containing the StackRox API token with CI permissions
- name: file
type: string
description: YAML file in the deployfiles workspace
- name: deployment_files_path
type: string
description: Path/Folder for the k8s deployment files to check
results:
- name: check_output
description: Output of `roxctl deployment check`
workspaces:
- description: The workspace consisting of maven project.
name: workspace
steps:
- name: git-clone
image: quay.io/rcarrata/git:v2.26.2
workingDir: $(workspaces.workspace.path)
script: |
rm -rf git-update-digest-workdir
git clone $(params.GIT_REPOSITORY) git-update-digest-workdir
cd git-update-digest-workdir/$(params.deployment_files_path)
- name: rox-deployment-check
image: registry.access.redhat.com/ubi8/ubi-minimal:latest
workingDir: $(workspaces.workspace.path)
env:
- name: ROX_API_TOKEN
valueFrom:
secretKeyRef:
name: $(params.rox_api_token)
key: rox_api_token
- name: ROX_CENTRAL_ENDPOINT
valueFrom:
secretKeyRef:
name: $(params.rox_central_endpoint)
key: rox_central_endpoint
script: |
#!/usr/bin/env bash
set +x
cd git-update-digest-workdir/$(params.deployment_files_path)
cat $(params.file)
curl -k -L -H "Authorization: Bearer $ROX_API_TOKEN" https://$ROX_CENTRAL_ENDPOINT/api/cli/download/roxctl-linux --output ./roxctl > /dev/null; echo "Getting roxctl"
chmod +x ./roxctl > /dev/null
./roxctl deployment check --insecure-skip-tls-verify -e $ROX_CENTRAL_ENDPOINT -f $(params.file)