Skip to content

Commit

Permalink
Merge branch 'main' into remove-create-purl-sbom-script
Browse files Browse the repository at this point in the history
  • Loading branch information
@cmoulliard
cmoulliard authored Jan 14, 2025
2 parents ba3b1b4 + 9f209df commit de1a37c
Showing 1 changed file with 31 additions and 31 deletions.
62 changes: 31 additions & 31 deletions task/buildah-remote-oci-ta/0.2/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,37 +6,37 @@ When [Java dependency rebuild](https://redhat-appstudio.github.io/docs.stonesoup
When prefetch-dependencies task was activated it is using its artifacts to run build in hermetic environment.

## Parameters
| name | description | default value | required |
|-----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------|----------|
| ACTIVATION_KEY | Name of secret which contains subscription activation key | activation-key | false |
| ADDITIONAL_SECRET | Name of a secret which will be made available to the build with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET | does-not-exist | false |
| ADD_CAPABILITIES | Comma separated list of extra capabilities to add when running 'buildah build' | "" | false |
| BUILD_ARGS | Array of --build-arg values ("arg=value" strings) | [] | false |
| BUILD_ARGS_FILE | Path to a file with build arguments, see https://www.mankier.com/1/buildah-build#--build-arg-file | "" | false |
| CACHI2_ARTIFACT | The Trusted Artifact URI pointing to the artifact with the prefetched dependencies. | "" | false |
| COMMIT_SHA | The image is built from this commit. | "" | false |
| CONTEXT | Path to the directory to use as context. | . | false |
| DOCKERFILE | Path or URL of the ubi base stack Dockerfile. | ./Dockerfile | false |
| ENTITLEMENT_SECRET | Name of secret which contains the entitlement certificates | etc-pki-entitlement | false |
| HERMETIC | Determines if build will be executed without network access. | false | false |
| IMAGE | Reference of the image buildah will produce. | | true |
| IMAGE_EXPIRES_AFTER | Delete image tag after specified time. Empty means to keep the image tag. Time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. | "" | false |
| LABELS | Additional key=value labels that should be applied to the image | [] | false |
| PREFETCH_INPUT | In case it is not empty, the prefetched content should be made available to the build. | "" | false |
| SKIP_SBOM_GENERATION | Skip SBOM-related operations. This will likely cause EC policies to fail if enabled | false | false |
| SKIP_UNUSED_STAGES | Whether to skip stages in Containerfile that seem unused by subsequent stages | true | false |
| SOURCE_ARTIFACT | The Trusted Artifact URI pointing to the artifact with the application source code. | | true |
| SQUASH | Squash all new and previous layers added as a part of this build, as per --squash | false | false |
| STORAGE_DRIVER | Storage driver to configure for buildah | vfs | false |
| TARGET_STAGE | Target stage in Dockerfile to build. If not specified, the Dockerfile is processed entirely to (and including) its last stage. | "" | false |
| TLSVERIFY | Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) | true | false |
| YUM_REPOS_D_FETCHED | Path in source workspace where dynamically-fetched repos are present | fetched.repos.d | false |
| YUM_REPOS_D_SRC | Path in the git repository in which yum repository files are stored | repos.d | false |
| YUM_REPOS_D_TARGET | Target path on the container in which yum repository files should be made available | /etc/yum.repos.d | false |
| caTrustConfigMapKey | The name of the key in the ConfigMap that contains the CA bundle data. | ca-bundle.crt | false |
| caTrustConfigMapName | The name of the ConfigMap to read CA bundle data from. | trusted-ca | false |
| PLATFORM | The platform to build on | | true |
| IMAGE_APPEND_PLATFORM | Whether to append a sanitized platform architecture on the IMAGE tag | false | false |
|name|description|default value|required|
|---|---|---|---|
|ACTIVATION_KEY|Name of secret which contains subscription activation key|activation-key|false|
|ADDITIONAL_SECRET|Name of a secret which will be made available to the build with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET|does-not-exist|false|
|ADD_CAPABILITIES|Comma separated list of extra capabilities to add when running 'buildah build'|""|false|
|BUILD_ARGS|Array of --build-arg values ("arg=value" strings)|[]|false|
|BUILD_ARGS_FILE|Path to a file with build arguments, see https://www.mankier.com/1/buildah-build#--build-arg-file|""|false|
|CACHI2_ARTIFACT|The Trusted Artifact URI pointing to the artifact with the prefetched dependencies.|""|false|
|COMMIT_SHA|The image is built from this commit.|""|false|
|CONTEXT|Path to the directory to use as context.|.|false|
|DOCKERFILE|Path to the Dockerfile to build.|./Dockerfile|false|
|ENTITLEMENT_SECRET|Name of secret which contains the entitlement certificates|etc-pki-entitlement|false|
|HERMETIC|Determines if build will be executed without network access.|false|false|
|IMAGE|Reference of the image buildah will produce.||true|
|IMAGE_EXPIRES_AFTER|Delete image tag after specified time. Empty means to keep the image tag. Time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.|""|false|
|LABELS|Additional key=value labels that should be applied to the image|[]|false|
|PREFETCH_INPUT|In case it is not empty, the prefetched content should be made available to the build.|""|false|
|SKIP_SBOM_GENERATION|Skip SBOM-related operations. This will likely cause EC policies to fail if enabled|false|false|
|SKIP_UNUSED_STAGES|Whether to skip stages in Containerfile that seem unused by subsequent stages|true|false|
|SOURCE_ARTIFACT|The Trusted Artifact URI pointing to the artifact with the application source code.||true|
|SQUASH|Squash all new and previous layers added as a part of this build, as per --squash|false|false|
|STORAGE_DRIVER|Storage driver to configure for buildah|vfs|false|
|TARGET_STAGE|Target stage in Dockerfile to build. If not specified, the Dockerfile is processed entirely to (and including) its last stage.|""|false|
|TLSVERIFY|Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)|true|false|
|YUM_REPOS_D_FETCHED|Path in source workspace where dynamically-fetched repos are present|fetched.repos.d|false|
|YUM_REPOS_D_SRC|Path in the git repository in which yum repository files are stored|repos.d|false|
|YUM_REPOS_D_TARGET|Target path on the container in which yum repository files should be made available|/etc/yum.repos.d|false|
|caTrustConfigMapKey|The name of the key in the ConfigMap that contains the CA bundle data.|ca-bundle.crt|false|
|caTrustConfigMapName|The name of the ConfigMap to read CA bundle data from.|trusted-ca|false|
|PLATFORM|The platform to build on||true|
|IMAGE_APPEND_PLATFORM|Whether to append a sanitized platform architecture on the IMAGE tag|false|false|

## Results
|name|description|
Expand Down

0 comments on commit de1a37c

Please sign in to comment.