added 0.2 of conftest

task/conftest/0.2/README.md

@@ -0,0 +1,65 @@
+# Conftest
+
+These tasks make it possible to use [Conftest](https://github.com/instrumenta/conftest) within
+your Tekton pipelines. Conftest is a tool for testing configuration files using [Open Policy Agent](https://openpolicyagent.org).
+
+## Installation
+
+In order to use Conftest with Tekton you need to first install the task.
+
+```console
+kubectl apply -f https://api.hub.tekton.dev/v1/resource/tekton/task/conftest/0.2/raw
+```
+
+## Platforms
+
+The Task can be run on `linux/amd64` platform.
+
+## Usage
+
+Once installed, the task can be used as follows:
+
+```yaml
+apiVersion: tekton.dev/v1
+kind: TaskRun
+metadata:
+  name: conftest-example
+spec:
+  taskRef:
+    name: conftest
+  workspaces:
+  - name: source
+    persistentVolumeClaim:
+      claimName: my-source
+  params:
+  - name: files
+    value: examples/kubernetes/deployment.yaml
+  - name: policy
+    value: examples/kubernetes/policy
+```
+
+Note that the above repository contains both a configuration file we want to test (`examples/kubernetes/deployment.yaml`) and a directory (`examples/kubernetes/policy`) containing OPA policy files. When using the task you would provide the details of the repository you want to test.
+
+If you apply the above `TaskRun` you can see the output in the `taskrun` logs. For example:
+
+```console
+$ tkn taskrun logs conftest-example -f
+[git-source-source-6pt9g] {"level":"warn","ts":1566067534.0510817,"logger":"fallback-logger","caller":"logging/config.go:69","msg":"Fetch GitHub commit ID from kodata failed: \"ref: refs/heads/master\" is not a valid GitHub commit ID"}
+[git-source-source-6pt9g] {"level":"info","ts":1566067534.989535,"logger":"fallback-logger","caller":"git/git.go:102","msg":"Successfully cloned https://github.com/instrumenta/conftest.git @ master in path /workspace/source"}
+[conftest] FAIL - examples/kubernetes/deployment.yaml - Containers must not run as root in Deployment hello-kubernetes
+[conftest] FAIL - examples/kubernetes/deployment.yaml - Deployment hello-kubernetes must provide app/release labels for pod selectors
+[conftest] FAIL - examples/kubernetes/deployment.yaml - hello-kubernetes must include Kubernetes recommended labels: https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/#labels
+
+container step-conftest has failed  : Error
+```
+
+## Parameters
+
+* **files**: The files to test against the specified policies
+* **policy**: Where to find the policies (_default:_ `policy`)
+* **output**: Which output format to use (_default:_ `stdout`)
+* **args**: An array of additional arguments to pass to Conftest (_default `[]`_)
+
+## Workspaces
+
+* **source**: A [Workspace](https://github.com/tektoncd/pipeline/blob/main/docs/workspaces.md) containing the source to build.

task/conftest/0.2/conftest.yaml

@@ -0,0 +1,44 @@
+apiVersion: tekton.dev/v1
+kind: Task
+metadata:
+  name: conftest
+  labels:
+    app.kubernetes.io/version: "0.2"
+  annotations:
+    tekton.dev/pipelines.minVersion: "0.56.1"
+    tekton.dev/displayName: "conftest"
+    tekton.dev/categories: Developer Tools
+    tekton.dev/tags: jq
+    tekton.dev/platforms: "linux/amd64"
+spec:
+  description: >-
+    These tasks make it possible to use Conftest within your Tekton pipelines
+
+    Conftest is a tool for testing configuration files using Open Policy Agent.
+
+  workspaces:
+    - name: source
+  params:
+    - name: files
+      type: string
+    - name: policy
+      default: "policy"
+    - name: output
+      default: "stdout"
+    - name: args
+      type: array
+      default: []
+
+  steps:
+  - name: conftest
+    workingDir: $(workspaces.source.path)
+    image: docker.io/openpolicyagent/conftest:v0.54.0@sha256:094e3bc9af439d16d15379bff9fc3aec0d558936aa1ac1e0574c0dcfa1c43e86 #tag: v0.54.0
+    command:
+      - conftest
+      - test
+      - $(params.files)
+      - -p
+      - $(params.policy)
+      - -o
+      - $(params.output)
+      - $(params.args)