kcl-lang · Peefy · Nov 13, 2023 · Nov 13, 2023
diff --git a/tekton-require-bundle/README.md b/tekton-require-bundle/README.md
@@ -0,0 +1,7 @@
+## Introduction
+
+`tekton-require-bundle` is a KCL validation module.
+
+## Resource
+
+The Code source and document are [here](https://github.com/kcl-lang/modules/tree/main/nginx-ingress/tekton-require-bundle)
diff --git a/tekton-require-bundle/kcl.mod b/tekton-require-bundle/kcl.mod
@@ -0,0 +1,5 @@
+[package]
+name = "tekton-require-bundle"
+edition = "*"
+version = "0.1.0"
+description = "`tekton-require-bundle` is a KCL validation module"
diff --git a/tekton-require-bundle/main.k b/tekton-require-bundle/main.k
@@ -0,0 +1,9 @@
+validate = lambda item {
+    if item.kind in ["PipelineRun"]:
+        assert item.spec?.pipelineRef?.bundle, "A bundle is required."
+    elif item.kind in ["TaskeRun"]:
+        assert item.spec?.taskRef?.bundle, "A bundle is required."
+    item
+}
+# Validate All resource
+items = [validate(i) for i in option("items") or []]
diff --git a/tekton-require-namespace-pipeline-run/README.md b/tekton-require-namespace-pipeline-run/README.md
@@ -0,0 +1,7 @@
+## Introduction
+
+`tekton-require-namespace-pipeline-run` is a KCL validation module.
+
+## Resource
+
+The Code source and document are [here](https://github.com/kcl-lang/modules/tree/main/nginx-ingress/tekton-require-namespace-pipeline-run)
diff --git a/tekton-require-namespace-pipeline-run/kcl.mod b/tekton-require-namespace-pipeline-run/kcl.mod
@@ -0,0 +1,5 @@
+[package]
+name = "tekton-require-namespace-pipeline-run"
+edition = "*"
+version = "0.1.0"
+description = "`tekton-require-namespace-pipeline-run` is a KCL validation module"
diff --git a/tekton-require-namespace-pipeline-run/main.k b/tekton-require-namespace-pipeline-run/main.k
@@ -0,0 +1,8 @@
+validate = lambda item {
+    if item.kind in ["PipelineRun"]:
+        ns = item.metadata.namespace or "default"
+        assert ns != "default", "A namespace is required and may not be set to default."
+    item
+}
+# Validate All resource
+items = [validate(i) for i in option("items") or []]
diff --git a/tekton-require-securitycontext/README.md b/tekton-require-securitycontext/README.md
@@ -0,0 +1,7 @@
+## Introduction
+
+`tekton-require-securitycontext` is a KCL validation module.
+
+## Resource
+
+The Code source and document are [here](https://github.com/kcl-lang/modules/tree/main/nginx-ingress/tekton-require-securitycontext)
diff --git a/tekton-require-securitycontext/kcl.mod b/tekton-require-securitycontext/kcl.mod
@@ -0,0 +1,5 @@
+[package]
+name = "tekton-require-securitycontext"
+edition = "*"
+version = "0.1.0"
+description = "`tekton-require-securitycontext` is a KCL validation module"
diff --git a/tekton-require-securitycontext/main.k b/tekton-require-securitycontext/main.k
@@ -0,0 +1,10 @@
+validate = lambda item {
+    if item.kind in ["TaskRun"]:
+        steps = [s for s in (item.status?.taskSpec?.steps or [] + item.spec?.steps or []) if s.name != digest-to-results]
+        assert all s in steps {
+            s.privileged == False and s.allowPrivilegeEscalation == False
+        }, "A securityContext is required with `privileged` and `allowPrivilegeEscalation` set to `false`."
+    item
+}
+# Validate All resource
+items = [validate(i) for i in option("items") or []]