INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 1 resource
[INFO]
[INFO] --- quarkus-maven-plugin:3.22.2:generate-code (default) @ my-quarkus-hello ---
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 47.216 s
[INFO] Finished at: 2025-05-12T08:42:37Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal io.quarkus.platform:quarkus-maven-plugin:3.22.2:generate-code (default) on project my-quarkus-hello: Execution default of goal io.quarkus.platform:quarkus-maven-plugin:3.22.2:generate-code failed: Unable to load the mojo 'generate-code' (or one of its required components) from the plugin 'io.quarkus.platform:quarkus-maven-plugin:3.22.2': java.util.NoSuchElementException
[ERROR] role: org.apache.maven.plugin.Mojo
[ERROR] roleHint: io.quarkus.platform:quarkus-maven-plugin:3.22.2:generate-code
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
...
[ERROR] Command execution failed. java.io.IOException: Cannot run program "echo" (in directory "/workspace/source"): error=0, Failed to exec spawn helper: pid: 139, exit value: 1 at
---
apiVersion: v1
kind: ConfigMap
metadata:
name: my-quarkus-hello-maven-settings
data:
settings.xml: |
<?xml version="1.0" encoding="UTF-8"?>
<settings>
<mirrors>
<mirror>
<id>maven.org</id>
<name>Default mirror</name>
<url>https://repo1.maven.org/maven2</url>
<mirrorOf>central</mirrorOf>
</mirror>
</mirrors>
</settings>
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: my-quarkus-hello-project-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
volumeMode: Filesystem
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: my-quarkus-hello-maven-repo-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
volumeMode: Filesystem
---
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: ls
spec:
params:
- description: The args to pass to ls
name: args
type: string
steps:
- image: quay.io/redhat-cop/ubi8-git:v1.0
name: ls
args:
- ls $(params.args)
command:
- sh
- -c
workingDir: $(workspaces.project-dir.path)
workspaces:
- description: A workspace for the task
name: project-dir
optional: true
---
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: maven
labels:
app.kubernetes.io/version: "0.4"
annotations:
tekton.dev/pipelines.minVersion: "0.50.0"
tekton.dev/categories: Build Tools
tekton.dev/tags: build-tool
tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le"
spec:
description: >-
This Task can be used to run a Maven build. It uses a workspace to store m2 local repo.
workspaces:
- name: source
description: The workspace consisting of maven project.
- name: maven-settings
description: >-
The workspace consisting of the custom maven settings
provided by the user.
- name: maven-local-repo
description: Local repo (m2) workspace
optional: true
params:
- name: MAVEN_IMAGE
type: string
description: Maven base image
default: gcr.io/cloud-builders/mvn@sha256:57523fc43394d6d9d2414ee8d1c85ed7a13460cbb268c3cd16d28cfb3859e641 # WORKS => ghcr.io/carlossg/maven:3.9.9-eclipse-temurin-21
- name: GOALS
description: maven goals to run
type: array
default:
- "package"
- name: MAVEN_MIRROR_URL
description: The Maven repository mirror url
type: string
default: ""
- name: SERVER_USER
description: The username for the server
type: string
default: ""
- name: SERVER_PASSWORD
description: The password for the server
type: string
default: ""
- name: PROXY_USER
description: The username for the proxy server
type: string
default: ""
- name: PROXY_PASSWORD
description: The password for the proxy server
type: string
default: ""
- name: PROXY_PORT
description: Port number for the proxy server
type: string
default: ""
- name: PROXY_HOST
description: Proxy server Host
type: string
default: ""
- name: PROXY_NON_PROXY_HOSTS
description: Non proxy server host
type: string
default: ""
- name: PROXY_PROTOCOL
description: Protocol for the proxy ie http or https
type: string
default: "http"
- name: CONTEXT_DIR
type: string
description: >-
The context directory within the repository for sources on
which we want to execute maven goals.
default: "."
results:
- description: Maven project group id
name: group-id
type: string
- description: Maven project artifact id
name: artifact-id
type: string
- description: version
name: version
type: string
steps:
- name: mvn-settings
image: registry.access.redhat.com/ubi8/ubi-minimal:8.2
script: |
#!/usr/bin/env bash
[[ -f $(workspaces.maven-settings.path)/settings.xml ]] && \
echo "using existing $(workspaces.maven-settings.path)/settings.xml" && exit 0
cat > "$(workspaces.maven-settings.path)/settings.xml" <<EOF
<settings>
<servers>
<!-- The servers added here are generated from environment variables. Don't change. -->
<!-- ### SERVER's USER INFO from ENV ### -->
</servers>
<mirrors>
<!-- The mirrors added here are generated from environment variables. Don't change. -->
<!-- ### mirrors from ENV ### -->
</mirrors>
<proxies>
<!-- The proxies added here are generated from environment variables. Don't change. -->
<!-- ### HTTP proxy from ENV ### -->
</proxies>
</settings>
EOF
xml=""
if [ -n "$(params.PROXY_HOST)" ] && [ -n "$(params.PROXY_PORT)" ]; then
xml="<proxy>\
<id>genproxy</id>\
<active>true</active>\
<protocol>$(params.PROXY_PROTOCOL)</protocol>\
<host>$(params.PROXY_HOST)</host>\
<port>$(params.PROXY_PORT)</port>"
if [ -n "$(params.PROXY_USER)" ] && [ -n "$(params.PROXY_PASSWORD)" ]; then
xml="$xml\
<username>$(params.PROXY_USER)</username>\
<password>$(params.PROXY_PASSWORD)</password>"
fi
if [ -n "$(params.PROXY_NON_PROXY_HOSTS)" ]; then
xml="$xml\
<nonProxyHosts>$(params.PROXY_NON_PROXY_HOSTS)</nonProxyHosts>"
fi
xml="$xml\
</proxy>"
sed -i "s|<!-- ### HTTP proxy from ENV ### -->|$xml|" "$(workspaces.maven-settings.path)/settings.xml"
fi
if [ -n "$(params.SERVER_USER)" ] && [ -n "$(params.SERVER_PASSWORD)" ]; then
xml="<server>\
<id>serverid</id>"
xml="$xml\
<username>$(params.SERVER_USER)</username>\
<password>$(params.SERVER_PASSWORD)</password>"
xml="$xml\
</server>"
sed -i "s|<!-- ### SERVER's USER INFO from ENV ### -->|$xml|" "$(workspaces.maven-settings.path)/settings.xml"
fi
if [ -n "$(params.MAVEN_MIRROR_URL)" ]; then
xml=" <mirror>\
<id>mirror.default</id>\
<url>$(params.MAVEN_MIRROR_URL)</url>\
<mirrorOf>central</mirrorOf>\
</mirror>"
sed -i "s|<!-- ### mirrors from ENV ### -->|$xml|" "$(workspaces.maven-settings.path)/settings.xml"
fi
- name: mvn-goals
image: $(params.MAVEN_IMAGE)
workingDir: $(workspaces.source.path)/$(params.CONTEXT_DIR)
args: ["$(params.GOALS[*])"]
script: |
#!/usr/bin/env bash
/usr/bin/mvn -s $(workspaces.maven-settings.path)/settings.xml "$@" '-Dmaven.repo.local=$(workspaces.maven-local-repo.path)/.m2'
GROUPID=$(/usr/bin/mvn -s $(workspaces.maven-settings.path)/settings.xml '-Dmaven.repo.local=$(workspaces.maven-local-repo.path)/.m2' -q -Dexec.executable=echo -Dexec.args='${project.groupId}' --non-recursive exec:exec)
echo -n $GROUPID | tee $(results.group-id.path)
ARTIFACTID=$(/usr/bin/mvn -s $(workspaces.maven-settings.path)/settings.xml '-Dmaven.repo.local=$(workspaces.maven-local-repo.path)/.m2' -q -Dexec.executable=echo -Dexec.args='${project.artifactId}' --non-recursive exec:exec)
echo -n $ARTIFACTID | tee $(results.artifact-id.path)
VERSION=$(/usr/bin/mvn -s $(workspaces.maven-settings.path)/settings.xml '-Dmaven.repo.local=$(workspaces.maven-local-repo.path)/.m2' -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
echo -n $VERSION | tee $(results.version.path)
---
apiVersion: tekton.dev/v1
kind: Task
metadata:
annotations:
tekton.dev/pipelines.minVersion: 0.12.1
tekton.dev/tags: "image-build, appstudio, hacbs"
argocd.argoproj.io/sync-wave: "0"
labels:
app.kubernetes.io/version: "0.1"
build.appstudio.redhat.com/build_type: docker
name: buildah
spec:
description: |-
Buildah task builds source code into a container image and pushes the image into container registry using buildah tool.
In addition it generates a SBOM file, injects the SBOM file into final container image and pushes the SBOM file as separate image using cosign tool.
When [Java dependency rebuild](https://redhat-appstudio.github.io/docs.stonesoup.io/Documentation/main/cli/proc_enabled_java_dependencies.html) is enabled it triggers rebuilds of Java artifacts.
When prefetch-dependencies task was activated it is using its artifacts to run build in hermetic environment.
params:
- description: Reference of the image buildah will produce.
name: IMAGE
type: string
- default: quay.io/redhat-appstudio/buildah:v1.31.0@sha256:34f12c7b72ec2c28f1ded0c494b428df4791c909f1f174dd21b8ed6a57cf5ddb
description: The location of the buildah builder image.
name: BUILDER_IMAGE
type: string
- default: src/main/docker/Dockerfile.jvm
description: Path to the Dockerfile to build.
name: DOCKERFILE
type: string
- default: "."
description: Path to the directory to use as context.
name: CONTEXT
type: string
- default: "true"
description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)
name: TLSVERIFY
type: string
- default: ""
description: default path of the registry authentication file
name: REGISTRY_AUTH_PATH
type: string
- default: "false"
description: Determines if build will be executed without network access.
name: HERMETIC
type: string
- default: ""
description: "In case it is not empty, the prefetched content should be made available to the build."
name: PREFETCH_INPUT
type: string
- default: ""
description: "Delete image tag after specified time. Empty means to keep the image tag. Time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively."
name: IMAGE_EXPIRES_AFTER
type: string
- default: ""
description: The image is built from this commit.
name: COMMIT_SHA
type: string
results:
- description: Digest of the image just built
name: IMAGE_DIGEST
- description: Image repository where the built image was pushed
name: IMAGE_URL
- description: Digests of the base images used for build
name: BASE_IMAGES_DIGESTS
- description: The counting of Java components by publisher in JSON format
name: SBOM_JAVA_COMPONENTS_COUNT
type: string
- description: The Java dependencies that came from community sources such as Maven central.
name: JAVA_COMMUNITY_DEPENDENCIES
stepTemplate:
env:
- name: BUILDAH_FORMAT
value: oci
- name: STORAGE_DRIVER
value: vfs
- name: HERMETIC
value: $(params.HERMETIC)
- name: PREFETCH_INPUT
value: $(params.PREFETCH_INPUT)
- name: CONTEXT
value: $(params.CONTEXT)
- name: DOCKERFILE
value: $(params.DOCKERFILE)
- name: REGISTRY_AUTH_FILE
value: $(params.REGISTRY_AUTH_PATH)/config.json
- name: DOCKER_CONFIG
value: $(params.REGISTRY_AUTH_PATH)
- name: IMAGE
value: $(params.IMAGE)
- name: TLSVERIFY
value: $(params.TLSVERIFY)
- name: IMAGE_EXPIRES_AFTER
value: $(params.IMAGE_EXPIRES_AFTER)
steps:
- computeResources:
limits:
memory: 4Gi
requests:
memory: 512Mi
cpu: 250m
env:
- name: COMMIT_SHA
value: $(params.COMMIT_SHA)
image: $(params.BUILDER_IMAGE)
name: build
script: |
# We don't mount the code source (= project git cloned) under ./source but ./ !
SOURCE_CODE_DIR=.
if [ -e "$SOURCE_CODE_DIR/$CONTEXT/$DOCKERFILE" ]; then
dockerfile_path="$SOURCE_CODE_DIR/$CONTEXT/$DOCKERFILE"
elif [ -e "$SOURCE_CODE_DIR/$DOCKERFILE" ]; then
dockerfile_path="$SOURCE_CODE_DIR/$DOCKERFILE"
elif echo "$DOCKERFILE" | grep -q "^https\?://"; then
echo "Fetch Dockerfile from $DOCKERFILE"
dockerfile_path=$(mktemp --suffix=-Dockerfile)
http_code=$(curl -s -L -w "%{http_code}" --output "$dockerfile_path" "$DOCKERFILE")
if [ $http_code != 200 ]; then
echo "No Dockerfile is fetched. Server responds $http_code"
exit 1
fi
http_code=$(curl -s -L -w "%{http_code}" --output "$dockerfile_path.dockerignore.tmp" "$DOCKERFILE.dockerignore")
if [ $http_code = 200 ]; then
echo "Fetched .dockerignore from $DOCKERFILE.dockerignore"
mv "$dockerfile_path.dockerignore.tmp" $SOURCE_CODE_DIR/$CONTEXT/.dockerignore
fi
else
echo "Cannot find Dockerfile $DOCKERFILE"
exit 1
fi
if [ -n "$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR" ] && grep -q '^\s*RUN \(./\)\?mvn' "$dockerfile_path"; then
sed -i -e "s|^\s*RUN \(\(./\)\?mvn\)\(.*\)|RUN echo \"<settings><mirrors><mirror><id>mirror.default</id><url>http://$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR/v1/cache/default/0/</url><mirrorOf>*</mirrorOf></mirror></mirrors></settings>\" > /tmp/settings.yaml; \1 -s /tmp/settings.yaml \3|g" "$dockerfile_path"
touch /var/lib/containers/java
fi
# Fixing group permission on /var/lib/containers
chown root:root /var/lib/containers
sed -i 's/^\s*short-name-mode\s*=\s*.*/short-name-mode = "disabled"/' /etc/containers/registries.conf
# Setting new namespace to run buildah - 2^32-2
echo 'root:1:4294967294' | tee -a /etc/subuid >> /etc/subgid
if [ "${HERMETIC}" == "true" ]; then
BUILDAH_ARGS="--pull=never"
UNSHARE_ARGS="--net"
for image in $(grep -i '^\s*FROM' "$dockerfile_path" | sed 's/--platform=\S*//' | awk '{print $2}'); do
if [ "${image}" != "scratch" ]; then
unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull $image
fi
done
echo "Build will be executed with network isolation"
fi
if [ -n "${PREFETCH_INPUT}" ]; then
cp -r cachi2 /tmp/
chmod -R go+rwX /tmp/cachi2
VOLUME_MOUNTS="--volume /tmp/cachi2:/cachi2"
sed -i 's|^\s*run |RUN . /cachi2/cachi2.env \&\& \\\n |i' "$dockerfile_path"
echo "Prefetched content will be made available"
fi
LABELS=(
"--label" "build-date=$(date -u +'%Y-%m-%dT%H:%M:%S')"
"--label" "architecture=$(uname -m)"
"--label" "vcs-type=git"
)
[ -n "$COMMIT_SHA" ] && LABELS+=("--label" "vcs-ref=$COMMIT_SHA")
[ -n "$IMAGE_EXPIRES_AFTER" ] && LABELS+=("--label" "quay.expires-after=$IMAGE_EXPIRES_AFTER")
unshare -Uf $UNSHARE_ARGS --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah build \
$VOLUME_MOUNTS \
$BUILDAH_ARGS \
${LABELS[@]} \
--tls-verify=$TLSVERIFY --no-cache \
--ulimit nofile=4096:4096 \
-f "$dockerfile_path" -t $IMAGE $SOURCE_CODE_DIR/$CONTEXT
container=$(buildah from --pull-never $IMAGE)
buildah mount $container | tee /workspace/container_path
echo $container > /workspace/container_name
# Save the SBOM produced by Cachi2 so it can be merged into the final SBOM later
if [ -n "${PREFETCH_INPUT}" ]; then
cp /tmp/cachi2/output/bom.json ./sbom-cachi2.json
fi
# Expose base image digests
buildah images --format '{{ .Name }}:{{ .Tag }}@{{ .Digest }}' | grep -v $IMAGE > $(results.BASE_IMAGES_DIGESTS.path)
securityContext:
capabilities:
add:
- SETFCAP
privileged: true
volumeMounts:
- mountPath: /var/lib/containers
name: varlibcontainers
workingDir: $(workspaces.project-dir.path)
- image: quay.io/redhat-appstudio/syft:v0.98.0@sha256:4d3856e6a2622700b9a9d5d74d9aaf5d8a55671653f80bf6c636677658680ede
name: sbom-syft-generate
script: |
syft dir:$(workspaces.project-dir.path)/$SOURCE_CODE_DIR --output cyclonedx-json=$(workspaces.project-dir.path)/sbom-source.json
find $(cat /workspace/container_path) -xtype l -delete
syft dir:$(cat /workspace/container_path) --output cyclonedx-json=$(workspaces.project-dir.path)/sbom-image.json
volumeMounts:
- mountPath: /var/lib/containers
name: varlibcontainers
- image: quay.io/redhat-appstudio/hacbs-jvm-build-request-processor:127ee0c223a2b56a9bd20a6f2eaeed3bd6015f77
name: analyse-dependencies-java-sbom
script: |
if [ -f /var/lib/containers/java ]; then
/opt/jboss/container/java/run/run-java.sh analyse-dependencies path $(cat /workspace/container_path) -s $(workspaces.project-dir.path)/sbom-image.json --task-run-name $(context.taskRun.name) --publishers $(results.SBOM_JAVA_COMPONENTS_COUNT.path)
sed -i 's/^/ /' $(results.SBOM_JAVA_COMPONENTS_COUNT.path) # Workaround for SRVKP-2875
else
touch $(results.JAVA_COMMUNITY_DEPENDENCIES.path)
fi
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /var/lib/containers
name: varlibcontainers
- image: registry.access.redhat.com/ubi9/python-39:1-158@sha256:967000729b17efdea309e297f4b1961c38b902a1ef18f6d886b8086c2a12f01f
name: merge-syft-sboms
script: |
#!/bin/python3
import json
# load SBOMs
with open("./sbom-image.json") as f:
image_sbom = json.load(f)
with open("./sbom-source.json") as f:
source_sbom = json.load(f)
# fetch unique components from available SBOMs
def get_identifier(component):
return component["name"] + '@' + component.get("version", "")
image_sbom_components = image_sbom.get("components", [])
existing_components = [get_identifier(component) for component in image_sbom_components]
source_sbom_components = source_sbom.get("components", [])
for component in source_sbom_components:
if get_identifier(component) not in existing_components:
image_sbom_components.append(component)
existing_components.append(get_identifier(component))
image_sbom_components.sort(key=lambda c: get_identifier(c))
# write the CycloneDX unified SBOM
with open("./sbom-cyclonedx.json", "w") as f:
json.dump(image_sbom, f, indent=4)
securityContext:
runAsUser: 0
workingDir: $(workspaces.project-dir.path)
- image: quay.io/redhat-appstudio/cachi2:0.3.0@sha256:46097f22b57e4d48a3fce96d931e08ccfe3a3e6421362d5f9353961279078eef
name: merge-cachi2-sbom
script: |
if [ -n "${PREFETCH_INPUT}" ]; then
echo "Merging contents of sbom-cachi2.json into sbom-cyclonedx.json"
/src/utils/merge_syft_sbom.py sbom-cachi2.json sbom-cyclonedx.json > sbom-temp.json
mv sbom-temp.json sbom-cyclonedx.json
else
echo "Skipping step since no Cachi2 SBOM was produced"
fi
securityContext:
runAsUser: 0
workingDir: $(workspaces.project-dir.path)
- image: registry.access.redhat.com/ubi9/python-39:1-158@sha256:967000729b17efdea309e297f4b1961c38b902a1ef18f6d886b8086c2a12f01f
name: create-purl-sbom
script: |
#!/bin/python3
import json
with open("./sbom-cyclonedx.json") as f:
cyclonedx_sbom = json.load(f)
purls = [{"purl": component["purl"]} for component in cyclonedx_sbom.get("components", []) if "purl" in component]
purl_content = {"image_contents": {"dependencies": purls}}
with open("sbom-purl.json", "w") as output_file:
json.dump(purl_content, output_file, indent=4)
securityContext:
runAsUser: 0
workingDir: $(workspaces.project-dir.path)
- computeResources: {}
image: $(params.BUILDER_IMAGE)
name: inject-sbom-and-push
script: |
base_image_name=$(buildah inspect --format '{{ .Name }}:{{ .Tag }}' $IMAGE | cut -f1 -d'@')
base_image_digest=$(buildah images --format '{{ .Name }}:{{ .Tag }}@{{ .Digest }}' --filter reference="$image")
container=$(buildah from --pull-never $IMAGE)
buildah copy $container sbom-cyclonedx.json sbom-purl.json /root/buildinfo/content_manifests/
buildah config -a org.opencontainers.image.base.name=${base_image_name} -a org.opencontainers.image.base.digest=${base_image_digest} $container
buildah commit $container $IMAGE
status=-1
max_run=5
sleep_sec=10
for run in $(seq 1 $max_run); do
status=0
[ "$run" -gt 1 ] && sleep $sleep_sec
echo "Pushing sbom image to registry"
buildah push \
--tls-verify=$TLSVERIFY \
--digestfile $(workspaces.project-dir.path)/image-digest $IMAGE \
docker://$IMAGE && break || status=$?
done
if [ "$status" -ne 0 ]; then
echo "Failed to push sbom image to registry after ${max_run} tries"
exit 1
fi
cat "$(workspaces.project-dir.path)"/image-digest | tee $(results.IMAGE_DIGEST.path)
echo -n "$IMAGE" | tee $(results.IMAGE_URL.path)
securityContext:
capabilities:
add:
- SETFCAP
runAsUser: 0
volumeMounts:
- mountPath: /var/lib/containers
name: varlibcontainers
workingDir: $(workspaces.project-dir.path)
- args:
- attach
- sbom
- --sbom
- sbom-cyclonedx.json
- --allow-insecure-registry=true
- --type
- cyclonedx
- $(params.IMAGE)
image: quay.io/redhat-appstudio/cosign:v2.1.1@sha256:c883d6f8d39148f2cea71bff4622d196d89df3e510f36c140c097b932f0dd5d5
name: upload-sbom
workingDir: $(workspaces.project-dir.path)
volumes:
- emptyDir: {}
name: varlibcontainers
workspaces:
- description: Workspace containing the source code to build.
name: project-dir
- description: Workspace containing the registry credentials
name: dockerconfig-secret
---
apiVersion: tekton.dev/v1
kind: Pipeline
metadata:
name: build-test-push
spec:
params:
- description: url of the git repository to clone
name: url
type: string
- default: src/main/docker/Dockerfile.jvm
description: Path to the dockerfile within the project cloned
name: dockerfile
type: string
- description: Fully Qualified Output Image
name: output-image
type: string
- default: "false"
description: A boolean indicating whether we would like to perform a quarkus native build
name: native
type: string
- default: "false"
description: A boolean indicating whether we would like to execute a task
name: debug
type: string
- default: "true"
description: boolean which allows to deploy the application on the cluster with the generated resources
name: deploy
type: string
- description: Maven goals
name: mavenGoals
type: array
- default: "true"
description: "boolean allowing to verify the TLS certificate during task execution like git clone, image push to a registry, etc"
name: sslVerify
type: string
tasks:
- name: git-clone
params:
- name: url
value: $(params.url)
- name: sslVerify
value: $(params.sslVerify)
taskRef:
resolver: git
params:
- name: url
value: https://github.com/tektoncd/catalog.git
- name: revision
value: main
- name: pathInRepo
value: task/git-clone/0.6/git-clone.yaml
workspaces:
- name: output # PREVIOUSLY => project-dir
workspace: project-dir
- name: ls
runAfter:
- git-clone
taskRef:
name: ls
params:
- name: args
value: "-la"
workspaces:
- name: project-dir
workspace: project-dir
- name: maven-package
params:
- name: DOCKER_CONFIG
value: $(workspaces.dockerconfig.path)/config.json
- name: GOALS
value:
- "$(params.mavenGoals[*])"
runAfter:
- ls
taskRef:
name: maven
#resolver: git
#params:
# - name: url
# value: https://github.com/tektoncd/catalog.git
# - name: revision
# value: main
# - name: pathInRepo
# value: task/maven/0.4/maven.yaml
workspaces:
- name: maven-settings
workspace: maven-settings
- name: source # previously => project-dir
workspace: project-dir
- name: maven-local-repo
workspace: maven-repo-dir
- name: buildah-image
params:
- name: IMAGE
value: $(params.output-image)
- name: DOCKERFILE
value: $(params.dockerfile)
- name: TLSVERIFY
value: $(params.sslVerify)
- name: REGISTRY_AUTH_PATH
value: $(workspaces.dockerconfig-secret.path)
runAfter:
- maven-package
taskRef:
name: buildah
workspaces:
- name: project-dir
workspace: project-dir
- name: dockerconfig-secret
workspace: dockerconfig-secret
workspaces:
- name: project-dir
- name: maven-repo-dir
- name: maven-settings
- name: dockerconfig-secret
---
apiVersion: tekton.dev/v1
kind: PipelineRun
metadata:
name: my-quarkus-hello-run
spec:
pipelineRef:
name: build-test-push
# MANDATORY PARAMS ADDED
params:
- name: url
value: https://gitea.cnoe.localtest.me:8443/quarkus/my-quarkus-hello.git
- name: output-image
value: gitea.cnoe.localtest.me:8443/giteaadmin/my-quarkus-hello
- name: sslVerify
value: false
- name: mavenGoals
value:
- -Dquarkus.container-image.image=gitea.cnoe.localtest.me:8443/quarkus/my-quarkus-app
- package
workspaces:
- # CHANGED empty to persistentVolumeClaim and bind it to the corresponding claim name
persistentVolumeClaim:
claimName: my-quarkus-hello-project-pvc
name: project-dir
- # CHANGED empty to persistentVolumeClaim and bind it to the corresponding claim name
persistentVolumeClaim:
claimName: my-quarkus-hello-maven-repo-pvc
name: maven-repo-dir
- # CHANGED empty to persistentVolumeClaim and bind it to the corresponding configMap name
configMap:
name: my-quarkus-hello-maven-settings
name: maven-settings
- # CHANGED empty to persistentVolumeClaim and bind it to the corresponding secret name
secret:
secretName: dockerconfig-secret
name: dockerconfig-secret
The error is not longer there using as image: ghcr.io/carlossg/maven:3.9.9-eclipse-temurin-21
Expected Behavior
A maven build of a quarkus application should not raise an error when performing
Actual Behavior
During the execution of the maven task 0.4, we got such an error:
Cannot run program "echo" (in directory "/workspace/source")Steps to Reproduce the Problem
Deploy the following yaml on Tekton >= 0.60
Additional Info
The error is not longer there using as image: ghcr.io/carlossg/maven:3.9.9-eclipse-temurin-21