From 18629abd891b7507283b4d16f247b316afce4068 Mon Sep 17 00:00:00 2001 From: Luiz Carvalho Date: Fri, 17 May 2024 10:56:09 -0400 Subject: [PATCH] Allow usage of the *-oci-ta Task variants As part of EC-20, we are adding Task variants that support Trusted Artifacts with OCI storage. These have the suffix of `-oci-ta`. These Tasks function similarly to their counter-parts. The main difference is that they share data between them via resources in an OCI registry instead of file in a shared PVC on-cluster. This commit allows the `-oci-ta` Tasks to fullfill the required-tasks check. Additionally, the `summary` Task is no longer marked as required. This was the outcome after some investigation on its actual value. More context is available on the comments of EC-643. Finally, older entries that are no longer relevant have been removed from the list. Ref: EC-644 Signed-off-by: Luiz Carvalho --- data/required_tasks.yml | 88 ++++++++++++++++++++++------------------- 1 file changed, 47 insertions(+), 41 deletions(-) diff --git a/data/required_tasks.yml b/data/required_tasks.yml index 3c82155..0647062 100644 --- a/data/required_tasks.yml +++ b/data/required_tasks.yml @@ -2,6 +2,16 @@ # https://enterprisecontract.dev/docs/ec-policies/release_policy.html#tasks_package pipeline-required-tasks: fbc: + - effective_on: "2024-06-17T00:00:00Z" + tasks: + - [buildah, buildah-10gb, buildah-6gb, buildah-8gb, buildah-remote, buildah-oci-ta] + - deprecated-image-check + - fbc-related-image-check + - fbc-validation + - [git-clone, git-clone-oci-ta] + - init + - inspect-image + - show-sbom - effective_on: "2023-08-31T00:00:00Z" tasks: - [buildah, buildah-10gb, buildah-6gb, buildah-8gb, buildah-remote] @@ -14,20 +24,19 @@ pipeline-required-tasks: - show-sbom - summary docker: - - effective_on: "2023-12-31T00:00:00Z" + - effective_on: "2024-06-17T00:00:00Z" tasks: - - [buildah, buildah-10gb, buildah-6gb, buildah-8gb, buildah-remote] + - [buildah, buildah-10gb, buildah-6gb, buildah-8gb, buildah-remote, buildah-oci-ta] - clair-scan - clamav-scan - deprecated-image-check - - git-clone + - [git-clone, git-clone-oci-ta] - init - - prefetch-dependencies - - sast-snyk-check + - [prefetch-dependencies, prefetch-dependencies-oci-ta] + - [sast-snyk-check, sast-snyk-check-oci-ta] - show-sbom - - source-build - - summary - - effective_on: "2023-11-11T00:00:00Z" + - [source-build, source-build-oci-ta] + - effective_on: "2023-12-31T00:00:00Z" tasks: - [buildah, buildah-10gb, buildah-6gb, buildah-8gb, buildah-remote] - clair-scan @@ -37,24 +46,23 @@ pipeline-required-tasks: - init - prefetch-dependencies - sast-snyk-check - - sbom-json-check - show-sbom + - source-build - summary generic: - - effective_on: "2023-12-31T00:00:00Z" + - effective_on: "2024-06-17T00:00:00Z" tasks: - - [buildah, buildah-10gb, buildah-6gb, buildah-8gb, buildah-remote] + - [buildah, buildah-10gb, buildah-6gb, buildah-8gb, buildah-remote, buildah-oci-ta] - clair-scan - clamav-scan - deprecated-image-check - - git-clone + - [git-clone, git-clone-oci-ta] - init - - prefetch-dependencies - - sast-snyk-check + - [prefetch-dependencies, prefetch-dependencies-oci-ta] + - [sast-snyk-check, sast-snyk-check-oci-ta] - show-sbom - - source-build - - summary - - effective_on: "2023-08-31T00:00:00Z" + - [source-build, source-build-oci-ta] + - effective_on: "2023-12-31T00:00:00Z" tasks: - [buildah, buildah-10gb, buildah-6gb, buildah-8gb, buildah-remote] - clair-scan @@ -64,24 +72,23 @@ pipeline-required-tasks: - init - prefetch-dependencies - sast-snyk-check - - sbom-json-check - show-sbom + - source-build - summary java: - - effective_on: "2023-12-31T00:00:00Z" + - effective_on: "2024-06-17T00:00:00Z" tasks: - clair-scan - clamav-scan - deprecated-image-check - - git-clone + - [git-clone, git-clone-oci-ta] - init - - prefetch-dependencies + - [prefetch-dependencies, prefetch-dependencies-oci-ta] - s2i-java - - sast-snyk-check + - [sast-snyk-check, sast-snyk-check-oci-ta] - show-sbom - - source-build - - summary - - effective_on: "2023-08-31T00:00:00Z" + - [source-build, source-build-oci-ta] + - effective_on: "2023-12-31T00:00:00Z" tasks: - clair-scan - clamav-scan @@ -91,24 +98,23 @@ pipeline-required-tasks: - prefetch-dependencies - s2i-java - sast-snyk-check - - sbom-json-check - show-sbom + - source-build - summary nodejs: - - effective_on: "2023-12-31T00:00:00Z" + - effective_on: "2024-06-17T00:00:00Z" tasks: - clair-scan - clamav-scan - deprecated-image-check - - git-clone + - [git-clone, git-clone-oci-ta] - init - - prefetch-dependencies + - [prefetch-dependencies, prefetch-dependencies-oci-ta] - s2i-nodejs - - sast-snyk-check + - [sast-snyk-check, sast-snyk-check-oci-ta] - show-sbom - - source-build - - summary - - effective_on: "2023-08-31T00:00:00Z" + - [source-build, source-build-oci-ta] + - effective_on: "2023-12-31T00:00:00Z" tasks: - clair-scan - clamav-scan @@ -118,23 +124,22 @@ pipeline-required-tasks: - prefetch-dependencies - s2i-nodejs - sast-snyk-check - - sbom-json-check - show-sbom + - source-build - summary # https://enterprisecontract.dev/docs/ec-policies/release_policy.html#tasks_package required-tasks: - - effective_on: "2023-12-31T00:00:00Z" + - effective_on: "2024-06-17T00:00:00Z" tasks: - clair-scan - clamav-scan - - git-clone + - [git-clone, git-clone-oci-ta] - init - - prefetch-dependencies - - sast-snyk-check - - source-build - - summary - - effective_on: "2023-08-31T00:00:00Z" + - [prefetch-dependencies, prefetch-dependencies-oci-ta] + - [sast-snyk-check, sast-snyk-check-oci-ta] + - [source-build, source-build-oci-ta] + - effective_on: "2023-12-31T00:00:00Z" tasks: - clair-scan - clamav-scan @@ -142,4 +147,5 @@ required-tasks: - init - prefetch-dependencies - sast-snyk-check + - source-build - summary