add ctlog-monitor component

.tekton/ctlog-monitor-pull-request.yaml

@@ -0,0 +1,59 @@
+apiVersion: tekton.dev/v1
+kind: PipelineRun
+metadata:
+  annotations:
+    build.appstudio.openshift.io/repo: https://github.com/securesign/rekor-monitor?rev={{revision}}
+    build.appstudio.redhat.com/commit_sha: '{{revision}}'
+    build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}'
+    build.appstudio.redhat.com/target_branch: '{{target_branch}}'
+    pipelinesascode.tekton.dev/cancel-in-progress: "true"
+    pipelinesascode.tekton.dev/max-keep-runs: "3"
+    pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main"  &&
+      ( "Dockerfile.ctlog-monitor.rh".pathChanged() || ".tekton/ctlog-monitor-pull-request.yaml".pathChanged()|| "go.mod".pathChanged() || "go.sum".pathChanged() || "cmd/ct_monitor/***".pathChanged() || "pkg/***".pathChanged() || "Makefile".pathChanged()  || "trigger-konflux-builds.txt".pathChanged() )
+  creationTimestamp: null
+  labels:
+    appstudio.openshift.io/application: rekor-monitor
+    appstudio.openshift.io/component: ctlog-monitor
+    pipelines.appstudio.openshift.io/type: build
+  name: ctlog-monitor-on-pull-request
+  namespace: rhtas-tenant
+spec:
+  params:
+  - name: git-url
+    value: '{{source_url}}'
+  - name: revision
+    value: '{{revision}}'
+  - name: output-image
+    value: quay.io/securesign/ctlog-monitor:on-pr-{{revision}}
+  - name: image-expires-after
+    value: 5d
+  - name: dockerfile
+    value: Dockerfile.ctlog-monitor.rh
+  - name: path-context
+    value: .
+  - name: build-source-image
+    value: "true"
+  - name: hermetic
+    value: "true"
+  - name: prefetch-input
+    value: [{"path": ".", "type": "gomod"}]
+  - name: go_unit_test
+    value: true
+  - name: go_base_image
+    value: registry.redhat.io/ubi9/go-toolset:1.24@sha256:6fd64cd7f38a9b87440f963b6c04953d04de65c35b9672dbd7f1805b0ae20d09
+  pipelineRef:
+    resolver: git
+    params:
+      - name: url
+        value: 'https://github.com/securesign/pipelines.git'
+      - name: revision
+        value: 'main'
+      - name: pathInRepo
+        value: 'pipelines/docker-build-oci-ta.yaml'
+  taskRunTemplate:
+    serviceAccountName: build-pipeline-ctlog-monitor
+  workspaces:
+  - name: git-auth
+    secret:
+      secretName: '{{ git_auth_secret }}'
+status: {}

.tekton/ctlog-monitor-push.yaml

@@ -0,0 +1,55 @@
+apiVersion: tekton.dev/v1
+kind: PipelineRun
+metadata:
+  annotations:
+    build.appstudio.openshift.io/repo: https://github.com/securesign/rekor-monitor?rev={{revision}}
+    build.appstudio.redhat.com/commit_sha: '{{revision}}'
+    build.appstudio.redhat.com/target_branch: '{{target_branch}}'
+    pipelinesascode.tekton.dev/cancel-in-progress: "false"
+    pipelinesascode.tekton.dev/max-keep-runs: "3"
+    pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main"  &&
+      ( "Dockerfile.ctlog-monitor.rh".pathChanged() || ".tekton/ctlog-monitor-push.yaml".pathChanged()|| "go.mod".pathChanged() || "go.sum".pathChanged() || "cmd/ct_monitor/***".pathChanged() || "pkg/***".pathChanged() || "Makefile".pathChanged() || "trigger-konflux-builds.txt".pathChanged() )
+  creationTimestamp: null
+  labels:
+    appstudio.openshift.io/application: rekor-monitor
+    appstudio.openshift.io/component: ctlog-monitor
+    pipelines.appstudio.openshift.io/type: build
+  name: ctlog-monitor-on-push
+  namespace: rhtas-tenant
+spec:
+  params:
+  - name: git-url
+    value: '{{source_url}}'
+  - name: revision
+    value: '{{revision}}'
+  - name: output-image
+    value: quay.io/securesign/ctlog-monitor:{{revision}}
+  - name: dockerfile
+    value: Dockerfile.ctlog-monitor.rh
+  - name: path-context
+    value: .
+  - name: build-source-image
+    value: "true"
+  - name: hermetic
+    value: "true"
+  - name: prefetch-input
+    value: [{"path": ".", "type": "gomod"}]
+  - name: go_unit_test
+    value: true
+  - name: go_base_image
+    value: registry.redhat.io/ubi9/go-toolset:1.24@sha256:6fd64cd7f38a9b87440f963b6c04953d04de65c35b9672dbd7f1805b0ae20d09
+  pipelineRef:
+    resolver: git
+    params:
+      - name: url
+        value: 'https://github.com/securesign/pipelines.git'
+      - name: revision
+        value: 'main'
+      - name: pathInRepo
+        value: 'pipelines/docker-build-oci-ta.yaml'
+  taskRunTemplate: {}
+  workspaces:
+  - name: git-auth
+    secret:
+      secretName: '{{ git_auth_secret }}'
+status: {}

.tekton/rekor-monitor-pull-request.yaml

@@ -9,7 +9,7 @@ metadata:
     pipelinesascode.tekton.dev/cancel-in-progress: "true"
     pipelinesascode.tekton.dev/max-keep-runs: "3"
     pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main"  &&
-      ( "Dockerfile.rh".pathChanged() || ".tekton/rekor-monitor-pull-request.yaml".pathChanged()|| "go.mod".pathChanged() || "go.sum".pathChanged() || "cmd/rekor_monitor/***".pathChanged() || "cmd/ct_monitor/***".pathChanged() || "pkg/***".pathChanged() || "Makefile".pathChanged()  || "trigger-konflux-builds.txt".pathChanged() )
+      ( "Dockerfile.rekor-monitor.rh".pathChanged() || ".tekton/rekor-monitor-pull-request.yaml".pathChanged()|| "go.mod".pathChanged() || "go.sum".pathChanged() || "cmd/rekor_monitor/***".pathChanged() || "pkg/***".pathChanged() || "Makefile".pathChanged()  || "trigger-konflux-builds.txt".pathChanged() )
   creationTimestamp: null
   labels:
     appstudio.openshift.io/application: rekor-monitor
@@ -28,7 +28,7 @@ spec:
   - name: image-expires-after
     value: 5d
   - name: dockerfile
-    value: Dockerfile.rh
+    value: Dockerfile.rekor-monitor.rh
   - name: path-context
     value: .
   - name: build-source-image

.tekton/rekor-monitor-push.yaml

@@ -8,7 +8,7 @@ metadata:
     pipelinesascode.tekton.dev/cancel-in-progress: "false"
     pipelinesascode.tekton.dev/max-keep-runs: "3"
     pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main"  &&
-      ( "Dockerfile.rh".pathChanged() || ".tekton/rekor-monitor-push.yaml".pathChanged()|| "go.mod".pathChanged() || "go.sum".pathChanged() || "cmd/rekor_monitor/***".pathChanged() || "cmd/ct_monitor/***".pathChanged() || "pkg/***".pathChanged() || "Makefile".pathChanged() || "trigger-konflux-builds.txt".pathChanged() )
+      ( "Dockerfile.rekor-monitor.rh".pathChanged() || ".tekton/rekor-monitor-push.yaml".pathChanged()|| "go.mod".pathChanged() || "go.sum".pathChanged() || "cmd/rekor_monitor/***".pathChanged() || "pkg/***".pathChanged() || "Makefile".pathChanged() || "trigger-konflux-builds.txt".pathChanged() )
   creationTimestamp: null
   labels:
     appstudio.openshift.io/application: rekor-monitor
@@ -25,7 +25,7 @@ spec:
   - name: output-image
     value: quay.io/securesign/rekor-monitor:{{revision}}
   - name: dockerfile
-    value: Dockerfile.rh
+    value: Dockerfile.rekor-monitor.rh
   - name: path-context
     value: .
   - name: build-source-image

Dockerfile.ctlog-monitor.rh

@@ -0,0 +1,29 @@
+# Build stage
+FROM registry.redhat.io/ubi9/go-toolset:9.6@sha256:7b1828de52c3bac600a71b81996bf748776a456181a45e2b329b39702cf6486f AS builder
+
+WORKDIR /app
+
+COPY . .
+
+RUN go mod vendor
+RUN go build -buildvcs=false -o ctlog_monitor ./cmd/ct_monitor
+
+# Final stage
+FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:34880b64c07f28f64d95737f82f891516de9a3b43583f39970f7bf8e4cfa48b7
+
+COPY --from=builder /app/ctlog_monitor /ctlog_monitor
+
+LABEL description="ctlog_monitor is a monitoring tool for the certificate transparency log."
+LABEL io.k8s.description="ctlog_monitor is a monitoring tool for the certificate transparency log."
+LABEL io.k8s.display-name="ctlog-monitor container image for Red Hat Trusted Signer"
+LABEL io.openshift.tags="ctlog-monitor trusted-signer"
+LABEL summary="Provides the ctlog_monitor binary for continuously monitoring the transparency log state of a Ctlog server, performing consistency checks."
+LABEL com.redhat.component="ctlog-monitor"
+LABEL name="rhtas/ctlog-monitor-rhel9"
+
+COPY LICENSE /licenses/LICENSE
+
+USER 65532:65532
+
+#ENTRYPOINT
+ENTRYPOINT ["/ctlog_monitor"]