catalog
catalog copied to clipboard
Published
20 hours ago •
tektoncd
tektoncd
add fossa task
Changes
Add fossa scanner task
Submitter Checklist
These are the criteria that every PR should meet, please check them off as you review them:
- [x] Follows the authoring recommendations
- [x] Includes docs (if user facing)
- [x] Includes tests (for new tasks or changed functionality)
- See the end-to-end testing documentation for guidance and CI details.
- [x] Meets the Tekton contributor standards (including functionality, content, code)
- [x] Commit messages follow commit message best practices
- [x] Has a kind label. You can add one by adding a comment on this PR that
contains
/kind <type>. Valid types are bug, cleanup, design, documentation, feature, flake, misc, question, tep - [x] Complies with Catalog Organization TEP, see example. Note An issue has been filed to automate this validation
-
[x] File path follows
<kind>/<name>/<version>/name.yaml -
[x] Has
README.mdat<kind>/<name>/<version>/README.md -
[x] Has mandatory
metadata.labels-app.kubernetes.io/versionthe same as the<version>of the resource -
[x] Has mandatory
metadata.annotationstekton.dev/pipelines.minVersion -
[x] mandatory
spec.descriptionfollows the convention``` spec: description: >- one line summary of the resource Paragraph(s) to describe the resource. ```
-
See the contribution guide for more details.
Hi @nistal97. Thanks for your PR.
I'm waiting for a tektoncd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.
Once the patch is verified, the new status will be reflected by the ok-to-test label.
I understand the commands that are listed here.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
Catlin Output
FILE: task/fossa-scanner/0.1/fossa-scanner.yaml
WARN : Step "fossa-scan" uses image "$(params.FOSSACLI_IMAGE)" that contains variables; skipping validation
/assign @vinamra28 refine of https://github.com/tektoncd/catalog/pull/1084
Catlin Output
FILE: task/fossa-scanner/0.1/fossa-scanner.yaml
WARN : Step "fossa-scan" uses image "$(params.FOSSACLI_IMAGE)" that contains variables; skipping validation
Catlin script lint Output
ERROR: /usr/bin/shellcheck, [-s sh] failed:
In fossa-scanner-fossa-scan line 6:
echo ${FOSSA_API_KEY}
^--------------^ SC2086: Double quote to prevent globbing and word splitting.
Did you mean:
echo "${FOSSA_API_KEY}"
In fossa-scanner-fossa-scan line 7:
echo ${FOSSA_TELEMETRY_SCOPE}
^----------------------^ SC2086: Double quote to prevent globbing and word splitting.
Did you mean:
echo "${FOSSA_TELEMETRY_SCOPE}"
For more information:
https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...
The committers listed above are authorized under a signed CLA.
- :white_check_mark: login: nistal97 (8a02e4520a873592e3a2bbb93d572e583ac862f8)
![linux-foundation-easycla[bot] avatar](https://avatars.githubusercontent.com/in/17893?v=4 "Published by a pub.dev verified publisher"){kind=small}
Catlin Output
FILE: task/buildah/0.5/buildah.yaml
HINT : Task: tekton.dev/v1beta1 - name: "buildah" is missing a readable display name annotation("tekton.dev/displayName")
WARN : Step "build" uses image "$(params.BUILDER_IMAGE)" that contains variables; skipping validation
FILE: task/fossa-scanner/0.1/fossa-scanner.yaml
WARN : Step "fossa-scan" uses image "$(params.FOSSACLI_IMAGE)" that contains variables; skipping validation
FILE: task/kaniko/0.6/kaniko.yaml
WARN : Step "build-and-push" uses image "$(params.BUILDER_IMAGE)" that contains variables; skipping validation
Catlin script lint Output
ERROR: /usr/bin/shellcheck, [-s sh] failed:
In buildah-build line 2:
[[ "$(workspaces.sslcertdir.bound)" == "true" ]] && CERT_DIR_FLAG="--cert-dir $(workspaces.sslcertdir.path)"
^-- SC3010: In POSIX sh, [[ ]] is undefined.
In buildah-build line 3:
[[ "$(workspaces.dockerconfig.bound)" == "true" ]] && export DOCKER_CONFIG="$(workspaces.dockerconfig.path)"
^-- SC3010: In POSIX sh, [[ ]] is undefined.
^-----------^ SC2155: Declare and assign separately to avoid masking return values.
In buildah-build line 4:
buildah ${CERT_DIR_FLAG} --storage-driver=$(params.STORAGE_DRIVER) bud \
^--------------^ SC2086: Double quote to prevent globbing and word splitting.
^----------------------^ SC2046: Quote this to prevent word splitting.
Did you mean:
buildah "${CERT_DIR_FLAG}" --storage-driver=$(params.STORAGE_DRIVER) bud \
In buildah-build line 5:
$(params.BUILD_EXTRA_ARGS) --format=$(params.FORMAT) \
^------------------------^ SC2046: Quote this to prevent word splitting.
^--------------^ SC2046: Quote this to prevent word splitting.
In buildah-build line 6:
--tls-verify=$(params.TLSVERIFY) --no-cache \
^-----------------^ SC2046: Quote this to prevent word splitting.
In buildah-build line 7:
-f $(params.DOCKERFILE) -t $(params.IMAGE) $(params.CONTEXT)
^------------------^ SC2046: Quote this to prevent word splitting.
^-------------^ SC2046: Quote this to prevent word splitting.
^---------------^ SC2046: Quote this to prevent word splitting.
In buildah-build line 8:
[[ "$(params.SKIP_PUSH)" == "true" ]] && echo "Push skipped" && exit 0
^-- SC3010: In POSIX sh, [[ ]] is undefined.
In buildah-build line 9:
buildah ${CERT_DIR_FLAG} --storage-driver=$(params.STORAGE_DRIVER) push \
^--------------^ SC2086: Double quote to prevent globbing and word splitting.
^----------------------^ SC2046: Quote this to prevent word splitting.
Did you mean:
buildah "${CERT_DIR_FLAG}" --storage-driver=$(params.STORAGE_DRIVER) push \
In buildah-build line 10:
$(params.PUSH_EXTRA_ARGS) --tls-verify=$(params.TLSVERIFY) \
^-----------------------^ SC2046: Quote this to prevent word splitting.
^-----------------^ SC2046: Quote this to prevent word splitting.
In buildah-build line 11:
--digestfile /tmp/image-digest $(params.IMAGE) \
^-------------^ SC2046: Quote this to prevent word splitting.
In buildah-build line 12:
docker://$(params.IMAGE)
^-------------^ SC2046: Quote this to prevent word splitting.
In buildah-build line 13:
cat /tmp/image-digest | tee $(results.IMAGE_DIGEST.path)
^---------------^ SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.
^--------------------------^ SC2046: Quote this to prevent word splitting.
In buildah-build line 14:
echo "$(params.IMAGE)" | tee $(results.IMAGE_URL.path)
^---------------^ SC2005: Useless echo? Instead of 'echo $(cmd)', just use 'cmd'.
^-----------------------^ SC2046: Quote this to prevent word splitting.
For more information:
https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
https://www.shellcheck.net/wiki/SC2155 -- Declare and assign separately to ...
https://www.shellcheck.net/wiki/SC3010 -- In POSIX sh, [[ ]] is undefined.
ERROR: /usr/bin/shellcheck, [-s sh] failed:
In fossa-scanner-fossa-scan line 6:
echo ${FOSSA_API_KEY}
^--------------^ SC2086: Double quote to prevent globbing and word splitting.
Did you mean:
echo "${FOSSA_API_KEY}"
In fossa-scanner-fossa-scan line 7:
echo ${FOSSA_TELEMETRY_SCOPE}
^----------------------^ SC2086: Double quote to prevent globbing and word splitting.
Did you mean:
echo "${FOSSA_TELEMETRY_SCOPE}"
For more information:
https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...
ERROR: /usr/bin/shellcheck, [-s sh] failed:
In kaniko-write-url line 4:
echo -n "${image}" | tee "$(results.IMAGE_URL.path)"
^-- SC3037: In POSIX sh, echo flags are undefined.
For more information:
https://www.shellcheck.net/wiki/SC3037 -- In POSIX sh, echo flags are undef...
Catlin Output
FILE: task/fossa-scanner/0.1/fossa-scanner.yaml
WARN : Step "fossa-scan" uses image "$(params.FOSSACLI_IMAGE)" that contains variables; skipping validation
Catlin Output
FILE: task/fossa-scanner/0.1/fossa-scanner.yaml
WARN : Step "fossa-scan" uses image "$(params.FOSSACLI_IMAGE)" that contains variables; skipping validation
Catlin script lint Output
ERROR: /usr/bin/shellcheck, [-s sh] failed:
In fossa-scanner-fossa-scan line 6:
echo ${FOSSA_API_KEY}
^--------------^ SC2086: Double quote to prevent globbing and word splitting.
Did you mean:
echo "${FOSSA_API_KEY}"
In fossa-scanner-fossa-scan line 7:
echo ${FOSSA_TELEMETRY_SCOPE}
^----------------------^ SC2086: Double quote to prevent globbing and word splitting.
Did you mean:
echo "${FOSSA_TELEMETRY_SCOPE}"
For more information:
https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...
Catlin Output
FILE: task/fossa-scanner/0.1/fossa-scanner.yaml
WARN : Step "fossa-scan" uses image "$(params.FOSSACLI_IMAGE)" that contains variables; skipping validation
Catlin Output
FILE: task/fossa-scanner/0.1/fossa-scanner.yaml
WARN : Step "fossa-scan" uses image "$(params.FOSSACLI_IMAGE)" that contains variables; skipping validation
Catlin Output
FILE: task/fossa-scanner/0.1/fossa-scanner.yaml
WARN : Step "fossa-scan" uses image "$(params.FOSSACLI_IMAGE)" that contains variables; skipping validation
Catlin Output
FILE: task/fossa-scanner/0.1/fossa-scanner.yaml
WARN : Step "fossa-scan" uses image "$(params.FOSSACLI_IMAGE)" that contains variables; skipping validation
Catlin Output
FILE: task/fossa-scanner/0.1/fossa-scanner.yaml
WARN : Step "fossa-scan" uses image "$(params.FOSSACLI_IMAGE)" that contains variables; skipping validation
Catlin Output
FILE: task/fossa-scanner/0.1/fossa-scanner.yaml
WARN : Step "fossa-scan" uses image "$(params.FOSSACLI_IMAGE)" that contains variables; skipping validation
Catlin Output
FILE: task/fossa-scanner/0.1/fossa-scanner.yaml
WARN : Step "fossa-scan" uses image "$(params.FOSSACLI_IMAGE)" that contains variables; skipping validation
Catlin Output
FILE: task/fossa-scanner/0.1/fossa-scanner.yaml
WARN : Step "fossa-scan" uses image "$(params.FOSSACLI_IMAGE)" that contains variables; skipping validation
Catlin script lint Output
WARN : step: fossa-scanner is not using #!/usr/bin/env
ERROR: /usr/bin/shellcheck, [-s bash] failed:
In fossa-scanner-fossa-scan line 4:
if [[ "$(params.FOSSA_OUTPUT)" -eq "true" ]]; then
^----^ SC2154: true is referenced but not assigned.
For more information:
https://www.shellcheck.net/wiki/SC2154 -- true is referenced but not assign...
Catlin Output
FILE: task/fossa-scanner/0.1/fossa-scanner.yaml
WARN : Step "fossa-scan" uses image "$(params.FOSSACLI_IMAGE)" that contains variables; skipping validation
Catlin script lint Output
WARN : step: fossa-scanner is not using #!/usr/bin/env
ERROR: /usr/bin/shellcheck, [-s bash] failed:
In fossa-scanner-fossa-scan line 4:
if [[ "$(params.FOSSA_OUTPUT)" -eq "true" ]]; then
^----^ SC2154: true is referenced but not assigned.
For more information:
https://www.shellcheck.net/wiki/SC2154 -- true is referenced but not assign...
Catlin Output
FILE: task/fossa-scanner/0.1/fossa-scanner.yaml
WARN : Step "fossa-scan" uses image "$(params.FOSSACLI_IMAGE)" that contains variables; skipping validation
FILE: task/goreleaser/0.2/goreleaser.yaml
WARN : Step "pull" uses image "$(params.image)" that contains variables; skipping validation
WARN : Step "release" uses image "$(params.image)" that contains variables; skipping validation
FILE: task/orka-deploy/0.2/orka-deploy.yaml
WARN : Step "copy-script" uses image "$(params.orka-tekton-runner-image)" that contains variables; skipping validation
WARN : Step "build" uses image "$(params.orka-tekton-runner-image)" that contains variables; skipping validation
FILE: task/orka-teardown/0.2/orka-teardown.yaml
WARN : Step "teardown" uses image "$(params.orka-tekton-runner-image)" that contains variables; skipping validation
FILE: task/sonarqube-scanner/0.3/sonarqube-scanner.yaml
WARN : Step "sonar-scan" uses image "$(params.SONAR_SCANNER_IMAGE)" that contains variables; skipping validation
FILE: task/yq/0.4/yq.yaml
WARN : Step "yq-script" uses image "$(params.image)" that contains variables; skipping validation
Catlin script lint Output
WARN : step: fossa-scanner is not using #!/usr/bin/env
ERROR: /usr/bin/shellcheck, [-s bash] failed:
In fossa-scanner-fossa-scan line 4:
if [[ "$(params.FOSSA_OUTPUT)" -eq "true" ]]; then
^----^ SC2154: true is referenced but not assigned.
For more information:
https://www.shellcheck.net/wiki/SC2154 -- true is referenced but not assign...
ERROR: /usr/bin/shellcheck, [-s sh] failed:
In goreleaser-release line 2:
goreleaser release $(params.flags)
^-------------^ SC2046: Quote this to prevent word splitting.
For more information:
https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
WARN : step: orka-deploy is not using #!/usr/bin/env
WARN : step: orka-deploy is not using #!/usr/bin/env
WARN : step: orka-teardown is not using #!/usr/bin/env
ERROR: /usr/bin/shellcheck, [-s bash] failed:
In sonarqube-scanner-sonar-properties-create line 10:
echo "" >>$filename
^-------^ SC2086: Double quote to prevent globbing and word splitting.
Did you mean:
echo "" >>"$filename"
In sonarqube-scanner-sonar-properties-create line 21:
cp -RL $(workspaces.sonar-settings.path)/sonar-project.properties $(workspaces.source.path)/sonar-project.properties
^-- SC2046: Quote this to prevent word splitting.
^-----------------------^ SC2046: Quote this to prevent word splitting.
In sonarqube-scanner-sonar-properties-create line 28:
replaceValues $(workspaces.source.path)/sonar-project.properties sonar.host.url "${SONAR_HOST_URL}"
^-----------------------^ SC2046: Quote this to prevent word splitting.
In sonarqube-scanner-sonar-properties-create line 32:
replaceValues $(workspaces.source.path)/sonar-project.properties sonar.projectKey "${SONAR_PROJECT_KEY}"
^-----------------------^ SC2046: Quote this to prevent word splitting.
In sonarqube-scanner-sonar-properties-create line 38:
[[ -n "${SONAR_PROJECT_KEY}" ]] && {
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In sonarqube-scanner-sonar-properties-create line 45:
[[ -n "${SONAR_HOST_URL}" ]] && {
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In sonarqube-scanner-sonar-properties-create line 52:
[[ -n "${PROJECT_VERSION}" ]] && {
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In sonarqube-scanner-sonar-properties-create line 59:
[[ -n "${SONAR_ORGANIZATION}" ]] && {
^-- SC2015: Note that A && B || C is not if-then-else. C may run when A is true.
In sonarqube-scanner-sonar-properties-create line 67:
cat $(workspaces.source.path)/sonar-project.properties
^-----------------------^ SC2046: Quote this to prevent word splitting.
For more information:
https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
https://www.shellcheck.net/wiki/SC2015 -- Note that A && B || C is not if-t...
https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...
ERROR: /usr/bin/shellcheck, [-s sh] failed:
In yq-yq-script line 14:
$(params.SCRIPT)
^--------------^ SC2091: Remove surrounding $() to avoid executing output (or use eval if intentional).
For more information:
https://www.shellcheck.net/wiki/SC2091 -- Remove surrounding $() to avoid e...
[APPROVALNOTIFIER] This PR is NOT APPROVED
This pull-request has been approved by:
The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment