Fix resources isues 11
This commit is contained in:
@@ -16,16 +16,10 @@ spec:
|
|||||||
interceptors:
|
interceptors:
|
||||||
- ref:
|
- ref:
|
||||||
name: "cel"
|
name: "cel"
|
||||||
|
kind: ClusterInterceptor
|
||||||
params:
|
params:
|
||||||
- name: "filter"
|
- name: "filter"
|
||||||
value: "has(body.repository) && body.ref.contains('main')"
|
value: "has(body.repository) && body.ref.contains('main')"
|
||||||
- ref:
|
|
||||||
name: "bitbucket"
|
|
||||||
params:
|
|
||||||
- name: "secretRef"
|
|
||||||
value:
|
|
||||||
secretName: gitea-webhook-secret
|
|
||||||
secretKey: secretToken
|
|
||||||
bindings:
|
bindings:
|
||||||
- ref: bakery-ia-trigger-binding
|
- ref: bakery-ia-trigger-binding
|
||||||
template:
|
template:
|
||||||
|
|||||||
@@ -19,7 +19,6 @@ spec:
|
|||||||
description: Docker registry credentials
|
description: Docker registry credentials
|
||||||
- name: git-credentials
|
- name: git-credentials
|
||||||
description: Git credentials for pushing GitOps updates
|
description: Git credentials for pushing GitOps updates
|
||||||
optional: true
|
|
||||||
params:
|
params:
|
||||||
- name: git-url
|
- name: git-url
|
||||||
type: string
|
type: string
|
||||||
|
|||||||
@@ -18,7 +18,16 @@ spec:
|
|||||||
description: Comma-separated list of changed services
|
description: Comma-separated list of changed services
|
||||||
steps:
|
steps:
|
||||||
- name: detect-changes
|
- name: detect-changes
|
||||||
image: alpine/git
|
image: alpine/git:2.43.0
|
||||||
|
securityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 65532
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
script: |
|
script: |
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -e
|
set -e
|
||||||
|
|||||||
@@ -33,6 +33,15 @@ spec:
|
|||||||
steps:
|
steps:
|
||||||
- name: clone
|
- name: clone
|
||||||
image: alpine/git:2.43.0
|
image: alpine/git:2.43.0
|
||||||
|
securityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 65532
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
script: |
|
script: |
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
set -e
|
set -e
|
||||||
|
|||||||
@@ -40,6 +40,15 @@ spec:
|
|||||||
steps:
|
steps:
|
||||||
- name: build-and-push
|
- name: build-and-push
|
||||||
image: gcr.io/kaniko-project/executor:v1.15.0
|
image: gcr.io/kaniko-project/executor:v1.15.0
|
||||||
|
securityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 65532
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
env:
|
env:
|
||||||
- name: DOCKER_CONFIG
|
- name: DOCKER_CONFIG
|
||||||
value: /tekton/home/.docker
|
value: /tekton/home/.docker
|
||||||
|
|||||||
@@ -19,7 +19,16 @@ spec:
|
|||||||
description: Git revision being processed
|
description: Git revision being processed
|
||||||
steps:
|
steps:
|
||||||
- name: generate-summary
|
- name: generate-summary
|
||||||
image: alpine
|
image: alpine:3.19
|
||||||
|
securityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 65532
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
script: |
|
script: |
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -e
|
set -e
|
||||||
|
|||||||
@@ -24,6 +24,15 @@ spec:
|
|||||||
steps:
|
steps:
|
||||||
- name: run-unit-tests
|
- name: run-unit-tests
|
||||||
image: registry.bakewise.ai/bakery-admin/python:3.11-slim
|
image: registry.bakewise.ai/bakery-admin/python:3.11-slim
|
||||||
|
securityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 65532
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
workingDir: $(workspaces.source.path)
|
workingDir: $(workspaces.source.path)
|
||||||
script: |
|
script: |
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
@@ -58,6 +67,15 @@ spec:
|
|||||||
memory: 512Mi
|
memory: 512Mi
|
||||||
- name: run-integration-tests
|
- name: run-integration-tests
|
||||||
image: registry.bakewise.ai/bakery-admin/python:3.11-slim
|
image: registry.bakewise.ai/bakery-admin/python:3.11-slim
|
||||||
|
securityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 65532
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
workingDir: $(workspaces.source.path)
|
workingDir: $(workspaces.source.path)
|
||||||
script: |
|
script: |
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|||||||
@@ -35,6 +35,15 @@ spec:
|
|||||||
steps:
|
steps:
|
||||||
- name: update-manifests
|
- name: update-manifests
|
||||||
image: alpine/git:2.43.0
|
image: alpine/git:2.43.0
|
||||||
|
securityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 65532
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
workingDir: $(workspaces.source.path)
|
workingDir: $(workspaces.source.path)
|
||||||
env:
|
env:
|
||||||
- name: GIT_USERNAME
|
- name: GIT_USERNAME
|
||||||
|
|||||||
Reference in New Issue
Block a user