104 lines
2.9 KiB
Django/Jinja
104 lines
2.9 KiB
Django/Jinja
# yaml-language-server: $schema=https://clew-resources.sbb-cloud.net/tekton-schema.json
|
|
productName: {{ name }}
|
|
python:
|
|
{{-"\n targetRepo: "~ pypi_repository if pypi_repository else ' {}'}}
|
|
builder:
|
|
python: "{{ python_version }}"
|
|
{%- if docker_repository %}
|
|
docker:
|
|
artifactoryDockerRepo: {{ docker_repository }}
|
|
caching: true
|
|
{%- endif %}
|
|
{%- if helm_repository %}
|
|
helm:
|
|
chartRepository: {{ helm_repository }}
|
|
linting: true
|
|
{%- endif %}
|
|
pipelines:
|
|
|
|
# This is the continuous build pipeline which runs on every commit on a feature branch or if triggered in the tekton-ui.
|
|
# It builds and tests artifacts but does not push them to artifactory.
|
|
- name: continuous
|
|
triggerType:
|
|
- GITEVENT
|
|
- USER
|
|
branchNamePrefixes:
|
|
- feature
|
|
- renovate
|
|
build:
|
|
{%- if docker_repository %}
|
|
buildDockerImage: true
|
|
deployDockerImage: false
|
|
{%- endif %}
|
|
sonarScan:
|
|
enabled: true
|
|
owaspDependencyCheck:
|
|
enabled: true
|
|
additionalParams: "--suppression dependency-check-suppressions.xml --disablePyDist
|
|
--disablePyPkg --failOnCVSS 9"
|
|
failOnQualityGateFailure: true
|
|
{%- if use_ggshield %}
|
|
gitguardian:
|
|
enabled: true
|
|
reportmode: "FAILED"
|
|
{%- endif %}
|
|
|
|
# This is the snapshot build pipeline which is triggered when pushing commits to master, if triggered in the tekton ui or through a cron job at 05:00 ervery morning.
|
|
# It builds a snapshot-version of the product and pushes it to artifactory.
|
|
- name: snapshot
|
|
triggerType:
|
|
- USER
|
|
- GITEVENT
|
|
- CRON
|
|
branchNamePrefixes:
|
|
- master
|
|
cron: 30 3 * * * # Nightly Build triggers at 03:30 every day
|
|
build:
|
|
sonarScan:
|
|
enabled: true
|
|
owaspDependencyCheck:
|
|
enabled: true
|
|
additionalParams: "--suppression dependency-check-suppressions.xml --disablePyDist
|
|
--disablePyPkg --failOnCVSS 9"
|
|
failOnQualityGateFailure: true
|
|
{%- if docker_repository %}
|
|
buildDockerImage: true
|
|
deployDockerImage: true
|
|
deployArtifacts: false
|
|
{%- endif %}
|
|
{%- if use_ggshield %}
|
|
gitguardian:
|
|
enabled: true
|
|
reportmode: "FAILED"
|
|
{%- endif %}
|
|
# This is the release build pipeline which is triggered by adding a valid version tag to a commit.
|
|
# This can either be done using git or the esta-tekton ui.
|
|
# This builds and deploys the artifacts using the git tag as version.
|
|
- name: release
|
|
triggerType:
|
|
- GITEVENT
|
|
versionTagEventPatterns:
|
|
- "^(\\d+\\.)(\\d+\\.)(\\d+)$"
|
|
build:
|
|
{%- if docker_repository %}
|
|
buildDockerImage: true
|
|
deployArtifacts: true
|
|
additionalDockerImageTags:
|
|
- latest
|
|
{%- endif %}
|
|
{%- if helm_repository %}
|
|
packageAndDeployHelmChart: true
|
|
{%- endif %}
|
|
sonarScan:
|
|
enabled: true
|
|
owaspDependencyCheck:
|
|
enabled: true
|
|
additionalParams: "--suppression dependency-check-suppressions.xml --disablePyDist
|
|
--disablePyPkg --failOnCVSS 9"
|
|
failOnQualityGateFailure: true
|
|
{%- if use_ggshield %}
|
|
gitguardian:
|
|
enabled: true
|
|
reportmode: "FAILED"
|
|
{%- endif %}
|