task-cad-checks.yaml

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: cad-checks
spec:
  params:
    - name: payload
      type: string
      description: Json string of the event data
    - name: pipeline-name
      type: string
      description: The pipelinerun name
  steps:
    - name: check-infrastructure
      # this sha is broken, should fix when we onboard
      image: quay.io/app-sre/cadctl@sha256:22d2a957d935e883f45addd35acc87450ce71ea2f94c33f2df70ff36b015486a
      command:
        - /bin/bash
        - -c
      args:
        - |-
          # save the payload to a file
          folder=$(mktemp -d)
          file=${folder}/payload.json
          cat << EOF > $file
          $(params.payload)
          EOF
          # run the cadctl command
          PIPELINE_NAME=$(params.pipeline-name) cadctl investigate --payload-path $file
      env:
        - name: CAD_PROMETHEUS_PUSHGATEWAY
          value: aggregation-pushgateway:9091
      # envFrom should pull all the secret information as envvars, so key names should be uppercase
      envFrom:
        - secretRef:
            name: cad-aws-credentials
        - secretRef:
            name: cad-ocm-client-secret
        - secretRef:
            name: cad-pd-token
        - secretRef:
            name: cad-backplane-secret
      resources:
        requests:
          cpu: 10m
          memory: 64Mi
        limits:
          cpu: 100m
          memory: 256Mi