Fix resources isues 11
This commit is contained in:
@@ -16,16 +16,10 @@ spec:
|
||||
interceptors:
|
||||
- ref:
|
||||
name: "cel"
|
||||
kind: ClusterInterceptor
|
||||
params:
|
||||
- name: "filter"
|
||||
value: "has(body.repository) && body.ref.contains('main')"
|
||||
- ref:
|
||||
name: "bitbucket"
|
||||
params:
|
||||
- name: "secretRef"
|
||||
value:
|
||||
secretName: gitea-webhook-secret
|
||||
secretKey: secretToken
|
||||
bindings:
|
||||
- ref: bakery-ia-trigger-binding
|
||||
template:
|
||||
|
||||
@@ -19,7 +19,6 @@ spec:
|
||||
description: Docker registry credentials
|
||||
- name: git-credentials
|
||||
description: Git credentials for pushing GitOps updates
|
||||
optional: true
|
||||
params:
|
||||
- name: git-url
|
||||
type: string
|
||||
|
||||
@@ -18,7 +18,16 @@ spec:
|
||||
description: Comma-separated list of changed services
|
||||
steps:
|
||||
- name: detect-changes
|
||||
image: alpine/git
|
||||
image: alpine/git:2.43.0
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 65532
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
script: |
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
@@ -33,6 +33,15 @@ spec:
|
||||
steps:
|
||||
- name: clone
|
||||
image: alpine/git:2.43.0
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 65532
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
script: |
|
||||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
@@ -40,6 +40,15 @@ spec:
|
||||
steps:
|
||||
- name: build-and-push
|
||||
image: gcr.io/kaniko-project/executor:v1.15.0
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 65532
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
env:
|
||||
- name: DOCKER_CONFIG
|
||||
value: /tekton/home/.docker
|
||||
|
||||
@@ -19,7 +19,16 @@ spec:
|
||||
description: Git revision being processed
|
||||
steps:
|
||||
- name: generate-summary
|
||||
image: alpine
|
||||
image: alpine:3.19
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 65532
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
script: |
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
@@ -24,6 +24,15 @@ spec:
|
||||
steps:
|
||||
- name: run-unit-tests
|
||||
image: registry.bakewise.ai/bakery-admin/python:3.11-slim
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 65532
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
workingDir: $(workspaces.source.path)
|
||||
script: |
|
||||
#!/bin/bash
|
||||
@@ -58,6 +67,15 @@ spec:
|
||||
memory: 512Mi
|
||||
- name: run-integration-tests
|
||||
image: registry.bakewise.ai/bakery-admin/python:3.11-slim
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 65532
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
workingDir: $(workspaces.source.path)
|
||||
script: |
|
||||
#!/bin/bash
|
||||
|
||||
@@ -35,6 +35,15 @@ spec:
|
||||
steps:
|
||||
- name: update-manifests
|
||||
image: alpine/git:2.43.0
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 65532
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
workingDir: $(workspaces.source.path)
|
||||
env:
|
||||
- name: GIT_USERNAME
|
||||
|
||||
Reference in New Issue
Block a user