mirror of
https://github.com/tektoncd/catalog.git
synced 2024-11-22 06:02:51 +00:00
110 lines
3.7 KiB
YAML
110 lines
3.7 KiB
YAML
apiVersion: tekton.dev/v1beta1
|
|
kind: Task
|
|
metadata:
|
|
name: datree
|
|
labels:
|
|
app.kubernetes.io/version: "0.1"
|
|
annotations:
|
|
tekton.dev/pipelines.minVersion: "0.21.0"
|
|
tekton.dev/categories: Code Quality
|
|
tekton.dev/tags: "Kubernetes, Misconfiguration"
|
|
tekton.dev/displayName: Datree
|
|
tekton.dev/platforms: "linux/amd64"
|
|
spec:
|
|
description: >-
|
|
The Datree task is used to scan Kubernetes manifests for misconfigurations using the open source tool Datree(datree.io).
|
|
workspaces:
|
|
- name: source
|
|
params:
|
|
- name: yamlSrc
|
|
description: Complete path for the yaml files relative to the workspace path. Should include the yaml file name with extension.
|
|
type: string
|
|
default: "./*.yaml"
|
|
- name: output
|
|
description: Output the policy check results in the requested format (simple, json, yaml, xml)
|
|
type: string
|
|
default: ""
|
|
- name: schemaVersion
|
|
description: Set Kubernetes version to validate against. Defaults to 1.18.0 in Datree
|
|
type: string
|
|
default: ""
|
|
- name: ignoreMissingSchemas
|
|
description: Skip files with missing schemas instead of failing the schema validation check
|
|
type: string
|
|
default: "false"
|
|
- name: policy
|
|
description: Specify which policy to execute (by policy name). Example-staging
|
|
type: string
|
|
default: ""
|
|
- name: onlyK8sFiles
|
|
description: Skip all non-K8s files.Especially useful when scanning a dir with K8s and other config files.
|
|
type: string
|
|
default: "false"
|
|
- name: DATREE_TOKEN_SECRET
|
|
description: Name of the secret holding the datree token
|
|
type: string
|
|
default: "datree-token"
|
|
- name: DATREE_TOKEN_SECRET_KEY
|
|
description: Name of the secret key holding the datree token
|
|
type: string
|
|
default: "DATREE_TOKEN"
|
|
- name: datreeImage
|
|
description: Datree image to run datree. Ensure the image has the datree binary in /
|
|
type: string
|
|
default: docker.io/datree/datree:0.15.22@sha256:85cf78f16e67e08ea9df18ab6d3d823a576bfbcc5937f30629eb4859fdeb3fd1
|
|
steps:
|
|
- name: datree-test
|
|
image: $(params.datreeImage)
|
|
securityContext:
|
|
runAsUser: 0
|
|
privileged: true
|
|
workingDir: $(workspaces.source.path)
|
|
env:
|
|
- name: DATREE_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: $(params.DATREE_TOKEN_SECRET)
|
|
key: $(params.DATREE_TOKEN_SECRET_KEY)
|
|
- name: WORKSPACE_PATH
|
|
value: $(workspaces.source.path)
|
|
- name: PARAM_YAMLSRC
|
|
value: $(params.yamlSrc)
|
|
- name: PARAM_OUTPUT
|
|
value: $(params.output)
|
|
- name: PARAM_SCHEMA_VERSION
|
|
value: $(params.schemaVersion)
|
|
- name: PARAM_IGNORE_MISSING_SCHEMAS
|
|
value: $(params.ignoreMissingSchemas)
|
|
- name: PARAM_POLICY
|
|
value: $(params.policy)
|
|
- name: PARAM_K8S_FILES
|
|
value: $(params.onlyK8sFiles)
|
|
script: |
|
|
#!/usr/bin/env sh
|
|
OUTPUT_FLAG=""
|
|
SCHEMA_VERSION_FLAG=""
|
|
IGNORE_MISSING_SCHEMAS_FLAG=""
|
|
POLICY_FLAG=""
|
|
K8S_FLAG=""
|
|
if [ "${PARAM_OUTPUT}" != "" ] ; then
|
|
OUTPUT_FLAG="--output $PARAM_OUTPUT"
|
|
fi
|
|
|
|
if [ "${PARAM_SCHEMA_VERSION}" != "" ] ; then
|
|
SCHEMA_VERSION_FLAG="--schema-version $PARAM_SCHEMA_VERSION"
|
|
fi
|
|
|
|
if [ "${PARAM_IGNORE_MISSING_SCHEMAS}" = "true" ] ; then
|
|
IGNORE_MISSING_SCHEMAS_FLAG="--ignore-missing-schemas"
|
|
fi
|
|
|
|
if [ "${PARAM_POLICY}" != "" ] ; then
|
|
POLICY_FLAG="--policy $PARAM_POLICY"
|
|
fi
|
|
|
|
if [ "${PARAM_K8S_FILES}" = "true" ] ; then
|
|
K8S_FLAG="--only-k8s-files"
|
|
fi
|
|
|
|
/datree test $WORKSPACE_PATH/$PARAM_YAMLSRC $OUTPUT_FLAG $SCHEMA_VERSION_FLAG $IGNORE_MISSING_SCHEMAS_FLAG $POLICY_FLAG $K8S_FLAG
|