-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpipeline.yml
85 lines (83 loc) · 2.29 KB
/
pipeline.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
---
resource_types:
- name: build-metadata-resource
type: registry-image
source:
repository: harbor-repo.vmware.com/dockerhub-proxy-cache/pcfopsmanager/build-metadata-resource
tag: latest
resources:
- name: bpm-release
type: git
icon: github
source:
uri: [email protected]:dtimm/bpm-release.git
branch: master
private_key: ((signing_test.dtimm_bpm_private_key))
- name: bosh-secure-supply-chain
type: git
icon: github
source:
uri: [email protected]:dtimm/bosh-secure-supply-chain.git
branch: main
private_key: ((signing_test.private_key))
- name: build-metadata
type: build-metadata-resource
jobs:
- name: generate-sbom-provenance
serial: true
plan:
- in_parallel:
- get: bpm-release
- get: bosh-secure-supply-chain
- put: build-metadata
- task: generate-gomod-sbom
file: bosh-secure-supply-chain/concourse/gomod_vendor_sbom/task.yml
input_mapping:
bosh-release: bpm-release
params:
COSIGN_KEY: ((signing_test.cosign_key))
COSIGN_PASSWORD: ((signing_test.cosign_key_password))
- task: copy-attestations-to-repo
config:
image_resource:
type: registry-image
source:
repository: harbor-repo.vmware.com/tas_ppe/cosign
tag: 0.0.5-beta
platform: linux
inputs:
- name: bpm-release
- name: attestations
outputs:
- name: bpm-release
run:
path: bash
args:
- -c
- |
set -eux
cp attestations/* bpm-release/src
pushd bpm-release
git config --global user.email "[email protected]"
git config --global user.name "David Timm"
git add src
git commit -m "Add attestations"
popd
- put: bpm-release
params: { repository: bpm-release }
- name: build-bosh-release
serial: true
plan:
- in_parallel:
- get: bpm-release
passed: [generate-sbom-provenance]
- get: bosh-secure-supply-chain
- put: build-metadata
- task: build-bpm-release-1.2.5
file: bosh-secure-supply-chain/concourse/bosh_create_release/task.yml
input_mapping:
bosh-release: bpm-release
params:
COSIGN_KEY: ((signing_test.cosign_key))
COSIGN_PASSWORD: ((signing_test.cosign_key_password))
BOSH_RELEASE_FILE: releases/bpm/bpm-1.2.5.yml