diff --git a/pipelines/rh-advisories/rh-advisories.yaml b/pipelines/rh-advisories/rh-advisories.yaml index ee0de777d..9fffce7e5 100644 --- a/pipelines/rh-advisories/rh-advisories.yaml +++ b/pipelines/rh-advisories/rh-advisories.yaml @@ -543,6 +543,10 @@ spec: runAfter: - collect-data - name: create-product-sbom + when: + - input: "$(tasks.collect-atlas-params.results.secretName)" + operator: notin + values: [""] params: - name: dataJsonPath value: "$(tasks.collect-data.results.data)" @@ -561,6 +565,10 @@ spec: runAfter: - check-data-keys - name: upload-product-sbom + when: + - input: "$(tasks.collect-atlas-params.results.secretName)" + operator: notin + values: [""] params: - name: sbomDir value: "$(tasks.create-product-sbom.results.productSBOMPath)" diff --git a/pipelines/rh-push-to-registry-redhat-io/rh-push-to-registry-redhat-io.yaml b/pipelines/rh-push-to-registry-redhat-io/rh-push-to-registry-redhat-io.yaml index 73430fa04..3e173f45c 100644 --- a/pipelines/rh-push-to-registry-redhat-io/rh-push-to-registry-redhat-io.yaml +++ b/pipelines/rh-push-to-registry-redhat-io/rh-push-to-registry-redhat-io.yaml @@ -258,6 +258,10 @@ spec: runAfter: - collect-data - name: create-product-sbom + when: + - input: "$(tasks.collect-atlas-params.results.secretName)" + operator: notin + values: [""] params: - name: dataJsonPath value: "$(tasks.collect-data.results.data)" @@ -276,6 +280,10 @@ spec: runAfter: - check-data-keys - name: upload-product-sbom + when: + - input: "$(tasks.collect-atlas-params.results.secretName)" + operator: notin + values: [""] params: - name: sbomDir value: "$(tasks.create-product-sbom.results.productSBOMPath)" diff --git a/tasks/collect-atlas-params/collect-atlas-params.yaml b/tasks/collect-atlas-params/collect-atlas-params.yaml index 3109c6f43..113b59521 100644 --- a/tasks/collect-atlas-params/collect-atlas-params.yaml +++ b/tasks/collect-atlas-params/collect-atlas-params.yaml @@ -52,11 +52,11 @@ spec: atlasServer=$(jq -r '.atlas.server' "$DATA_FILE") if [ "$atlasServer" = "null" ]; then - echo "ERROR: The JSON file does not contain the 'atlasServer' field." - exit 1 - fi - - if [ "$atlasServer" = "stage" ]; then + # In this case, SBOM processing will be skipped. + bombasticApiUrl="" + ssoTokenUrl="" + secretName="" + elif [ "$atlasServer" = "stage" ]; then bombasticApiUrl="https://sbom.atlas.release.stage.devshift.net" ssoTokenUrl="https://auth.stage.redhat.com/auth/realms/EmployeeIDP/protocol/openid-connect/token" secretName="atlas-staging-sso-secret" @@ -65,7 +65,7 @@ spec: ssoTokenUrl="https://auth.redhat.com/auth/realms/EmployeeIDP/protocol/openid-connect/token" secretName="atlas-prod-sso-secret" else - echo "ERROR: Unknown Atlas server value '$atlasServer'. Expected 'stage' or 'production'." + echo "ERROR: Unknown .atlas.server value '$atlasServer'. Expected 'stage' or 'production'." exit 1 fi diff --git a/tasks/collect-atlas-params/tests/test-collect-atlas-params-nonexistent.yaml b/tasks/collect-atlas-params/tests/test-collect-atlas-params-nonexistent.yaml index e1f72b82d..33a8dd078 100644 --- a/tasks/collect-atlas-params/tests/test-collect-atlas-params-nonexistent.yaml +++ b/tasks/collect-atlas-params/tests/test-collect-atlas-params-nonexistent.yaml @@ -3,8 +3,6 @@ apiVersion: tekton.dev/v1 kind: Pipeline metadata: name: test-collect-atlas-params-nonexistent - annotations: - test/assert-task-failure: "run-task" spec: description: | Run the collect-atlas-params task with a missing atlasServer key. @@ -36,3 +34,38 @@ spec: workspace: tests-workspace runAfter: - setup + - name: check-result + params: + - name: secretName + value: $(tasks.run-task.results.secretName) + - name: ssoTokenUrl + value: $(tasks.run-task.results.ssoTokenUrl) + - name: bombasticApiUrl + value: $(tasks.run-task.results.bombasticApiUrl) + - name: updateComponentSBOM + value: $(tasks.run-task.results.updateComponentSBOM) + taskSpec: + params: + - name: secretName + - name: ssoTokenUrl + - name: bombasticApiUrl + - name: updateComponentSBOM + steps: + - name: check-result + image: quay.io/konflux-ci/release-service-utils:d320c36f3d707cd5bfe55fe783f70236c06cc2e5 + env: + - name: "SECRET_NAME" + value: '$(params.secretName)' + - name: "SSO_TOKEN_URL" + value: '$(params.ssoTokenUrl)' + - name: "BOMBASTIC_API_URL" + value: '$(params.bombasticApiUrl)' + - name: "UPDATE_COMPONENT_SBOM" + value: '$(params.updateComponentSBOM)' + script: | + #!/usr/bin/env sh + set -eux + + test "$SECRET_NAME" = "" + test "$SSO_TOKEN_URL" = "" + test "$BOMBASTIC_API_URL" = ""