Merge pull request konflux-ci#671 from tkdchen/migrate-to-tekton-api-v1

Migrate to tekton API v1
arewm · Nov 14, 2023 · 07ec767 · 07ec767
2 parents 9740036 + 5a81df6
commit 07ec767
Show file tree

Hide file tree

Showing 49 changed files with 114 additions and 112 deletions.
diff --git a/.github/workflows/shellspec.yaml b/.github/workflows/shellspec.yaml
@@ -21,6 +21,8 @@ jobs:
           fetch-depth: 0
 
       - uses: jerop/[email protected]
+        with:
+          version: v0.32.2
 
       - name: Shellspec
         run: hack/test-shellspec.sh
diff --git a/.tekton/pull-request.yaml b/.tekton/pull-request.yaml
@@ -1,5 +1,5 @@
 ---
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: PipelineRun
 metadata:
   name: build-definitions-pull-request

diff --git a/.tekton/push.yaml b/.tekton/push.yaml
@@ -1,5 +1,5 @@
 ---
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: PipelineRun
 metadata:
   name: build-definitions-bundle-push

diff --git a/.tekton/tasks/buildah.yaml b/.tekton/tasks/buildah.yaml
@@ -1,4 +1,4 @@
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Task
 metadata:
   annotations:
@@ -45,7 +45,7 @@ spec:
   steps:
   - image: $(params.BUILDER_IMAGE)
     name: build
-    resources:
+    computeResources:
       limits:
         memory: 2Gi
         cpu: 2
@@ -67,7 +67,7 @@ spec:
     workingDir: $(workspaces.source.path)/source
   - image: $(params.BUILDER_IMAGE)
     name: push
-    resources: {}
+    computeResources: {}
     script: |
       buildah --storage-driver=$(params.STORAGE_DRIVER) push \
         --tls-verify=$(params.TLSVERIFY) \
@@ -83,7 +83,7 @@ spec:
     workingDir: $(workspaces.source.path)/source
   - image: $(params.BUILDER_IMAGE)
     name: digest-to-results
-    resources: {}
+    computeResources: {}
     script: |
       cat "$(workspaces.source.path)"/source/image-digest | tee $(results.IMAGE_DIGEST.path)
       echo -n "$(params.IMAGE)" | tee $(results.IMAGE_URL.path)

diff --git a/.tekton/tasks/e2e-test.yaml b/.tekton/tasks/e2e-test.yaml
@@ -1,4 +1,4 @@
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Task
 metadata:
   name: e2e-test

diff --git a/.tekton/tasks/ec-checks.yaml b/.tekton/tasks/ec-checks.yaml
@@ -1,4 +1,4 @@
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Task
 metadata:
   name: ec-checks

diff --git a/.tekton/tasks/yaml-lint.yaml b/.tekton/tasks/yaml-lint.yaml
@@ -1,4 +1,4 @@
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Task
 metadata:
   name: yaml-lint

diff --git a/appstudio-utils/Dockerfile b/appstudio-utils/Dockerfile
@@ -4,15 +4,14 @@ RUN curl -L https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -
 RUN curl -L https://github.com/mikefarah/yq/releases/download/v4.25.1/yq_linux_amd64 -o /usr/bin/yq && chmod +x /usr/bin/yq
 RUN curl -L https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/latest-4.9/openshift-client-linux.tar.gz | tar -xz -C /usr/bin/
 RUN curl -L https://github.com/sigstore/cosign/releases/download/v2.1.1/cosign-linux-amd64 -o /usr/bin/cosign && chmod +x /usr/bin/cosign
-RUN curl -L https://mirror.openshift.com/pub/openshift-v4/clients/pipeline/0.21.0/tkn-linux-amd64-0.21.0.tar.gz | tar -xz --no-same-owner -C /usr/bin/
+RUN curl -L https://github.com/tektoncd/cli/releases/download/v0.32.2/tkn_0.32.2_Linux_x86_64.tar.gz | tar -xz --no-same-owner -C /usr/bin/ tkn
 RUN curl -L https://github.com/sigstore/rekor/releases/download/v0.5.0/rekor-cli-linux-amd64 -o /usr/bin/rekor-cli && chmod +x /usr/bin/rekor-cli
 RUN curl -L https://github.com/open-policy-agent/conftest/releases/download/v0.32.0/conftest_0.32.0_Linux_x86_64.tar.gz | tar -xz --no-same-owner -C /usr/bin
 RUN curl -L https://github.com/enterprise-contract/ec-cli/releases/download/snapshot/ec_linux_amd64 -o /usr/bin/ec && chmod +x /usr/bin/ec && ec version
 
 RUN dnf -y --setopt=tsflags=nodocs install \
     git \
     skopeo \
-    https://github.com/tektoncd/cli/releases/download/v0.22.0/tektoncd-cli-0.22.0_Linux-64bit.rpm \
     && dnf clean all
 
 COPY util-scripts /appstudio-utils/util-scripts
diff --git a/hack/generate-buildah-remote.sh b/hack/generate-buildah-remote.sh
@@ -1,4 +1,8 @@
 #!/bin/bash
 
 SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
-podman run -v "$SCRIPTDIR"/..:/data quay.io/redhat-user-workloads/rhtap-build-tenant/multi-arch-controller/multi-arch-controller:taskgen-d1a5fd1572512ee26d0546b287a491f24a84aba9  --buildah-task=/data/task/buildah/0.1/buildah.yaml --remote-task=/data/task/buildah-remote/0.1/buildah-remote.yaml
+IMG=quay.io/redhat-user-workloads/rhtap-build-tenant/multi-arch-controller/multi-arch-controller:taskgen-57750ec21414607fa20acdef7984f32bbb7730af
+
+podman run -v "$SCRIPTDIR"/..:/data:Z $IMG \
+       --buildah-task=/data/task/buildah/0.1/buildah.yaml \
+       --remote-task=/data/task/buildah-remote/0.1/buildah-remote.yaml
diff --git a/partners/example-hello-world/0.1/example-hello-world.yaml b/partners/example-hello-world/0.1/example-hello-world.yaml
@@ -1,4 +1,4 @@
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Task
 metadata:
   name: example-hello-world

diff --git a/pipelines/enterprise-contract-everything.yaml b/pipelines/enterprise-contract-everything.yaml
@@ -1,7 +1,7 @@
 # This is a copy of enterprise-contract.yaml with a different default value for the
 # POLICY_CONFIGURATION parameter. This is a workaround until the UI can provide sufficient
 # controls to allow users to provide parameters. https://issues.redhat.com/browse/HACBS-2294
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Pipeline
 metadata:
   name: enterprise-contract-everything

diff --git a/pipelines/enterprise-contract-redhat-no-hermetic.yaml b/pipelines/enterprise-contract-redhat-no-hermetic.yaml
@@ -1,7 +1,7 @@
 # This is a copy of enterprise-contract.yaml with a different default value for the
 # POLICY_CONFIGURATION parameter. This is a workaround until the UI can provide sufficient
 # controls to allow users to provide parameters. https://issues.redhat.com/browse/HACBS-2294
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Pipeline
 metadata:
   name: enterprise-contract-redhat-no-hermetic

diff --git a/pipelines/enterprise-contract-redhat.yaml b/pipelines/enterprise-contract-redhat.yaml
@@ -1,7 +1,7 @@
 # This is a copy of enterprise-contract.yaml with a different default value for the
 # POLICY_CONFIGURATION parameter. This is a workaround until the UI can provide sufficient
 # controls to allow users to provide parameters. https://issues.redhat.com/browse/HACBS-2294
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Pipeline
 metadata:
   name: enterprise-contract-redhat

diff --git a/pipelines/enterprise-contract-slsa3.yaml b/pipelines/enterprise-contract-slsa3.yaml
@@ -1,7 +1,7 @@
 # This is a copy of enterprise-contract.yaml with a different default value for the
 # POLICY_CONFIGURATION parameter. This is a workaround until the UI can provide sufficient
 # controls to allow users to provide parameters. https://issues.redhat.com/browse/HACBS-2294
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Pipeline
 metadata:
   name: enterprise-contract-slsa3

diff --git a/pipelines/enterprise-contract.yaml b/pipelines/enterprise-contract.yaml
@@ -2,7 +2,7 @@
 # images that are built but not automatically released in order to provide early feedback to users.
 # When auto release is enabled, the task is executed by the release pipeline immediately after the
 # container images are built, thus it is not necessary to execute the task via this pipeline.
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Pipeline
 metadata:
   name: enterprise-contract

diff --git a/pipelines/prototypes/noop.yaml b/pipelines/prototypes/noop.yaml
@@ -1,4 +1,4 @@
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Pipeline
 metadata:
   name: noop

diff --git a/pipelines/prototypes/prototype-build-compliance.yaml b/pipelines/prototypes/prototype-build-compliance.yaml
@@ -1,4 +1,4 @@
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Pipeline
 metadata:
   name: prototype-compliance

diff --git a/pipelines/template-build/template-build.yaml b/pipelines/template-build/template-build.yaml
@@ -1,4 +1,4 @@
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Pipeline
 metadata:
   name: template-build

diff --git a/task/build-image-manifest/0.1/build-image-manifest.yaml b/task/build-image-manifest/0.1/build-image-manifest.yaml
@@ -1,4 +1,4 @@
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Task
 metadata:
   labels:
@@ -48,7 +48,7 @@ spec:
   steps:
   - image: quay.io/redhat-appstudio/buildah:v1.31.0@sha256:34f12c7b72ec2c28f1ded0c494b428df4791c909f1f174dd21b8ed6a57cf5ddb
     name: build
-    resources:
+    computeResources:
       limits:
         memory: 4Gi
         cpu: 2

diff --git a/task/buildah-10gb/0.1/patch.yaml b/task/buildah-10gb/0.1/patch.yaml
@@ -2,8 +2,8 @@
   path: /metadata/name
   value: buildah-10gb
 - op: replace
-  path: /spec/steps/0/resources/limits/memory
+  path: /spec/steps/0/computeResources/limits/memory
   value: 10Gi
 - op: replace
-  path: /spec/steps/0/resources/requests/memory
+  path: /spec/steps/0/computeResources/requests/memory
   value: 8Gi
diff --git a/task/buildah-6gb/0.1/patch.yaml b/task/buildah-6gb/0.1/patch.yaml
@@ -2,8 +2,8 @@
   path: /metadata/name
   value: buildah-6gb
 - op: replace
-  path: /spec/steps/0/resources/limits/memory
+  path: /spec/steps/0/computeResources/limits/memory
   value: 6Gi
 - op: replace
-  path: /spec/steps/0/resources/requests/memory
+  path: /spec/steps/0/computeResources/requests/memory
   value: 4Gi
diff --git a/task/buildah-8gb/0.1/patch.yaml b/task/buildah-8gb/0.1/patch.yaml
@@ -2,8 +2,8 @@
   path: /metadata/name
   value: buildah-8gb
 - op: replace
-  path: /spec/steps/0/resources/limits/memory
+  path: /spec/steps/0/computeResources/limits/memory
   value: 8Gi
 - op: replace
-  path: /spec/steps/0/resources/requests/memory
+  path: /spec/steps/0/computeResources/requests/memory
   value: 6Gi
diff --git a/task/buildah-remote/0.1/buildah-remote.yaml b/task/buildah-remote/0.1/buildah-remote.yaml
@@ -1,4 +1,4 @@
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Task
 metadata:
   annotations:
@@ -8,7 +8,6 @@ metadata:
   labels:
     app.kubernetes.io/version: "0.1"
     build.appstudio.redhat.com/build_type: docker
-    build.appstudio.redhat.com/multi-platform-required: "true"
   name: buildah-remote
 spec:
   description: |-
@@ -77,6 +76,7 @@ spec:
       central.
     name: JAVA_COMMUNITY_DEPENDENCIES
   stepTemplate:
+    computeResources: {}
     env:
     - name: BUILDAH_FORMAT
       value: oci
@@ -98,22 +98,20 @@ spec:
       value: $(params.IMAGE_EXPIRES_AFTER)
     - name: BUILDER_IMAGE
       value: $(params.BUILDER_IMAGE)
-    name: ""
-    resources: {}
   steps:
-  - env:
-    - name: COMMIT_SHA
-      value: $(params.COMMIT_SHA)
-    image: quay.io/redhat-appstudio/multi-platform-runner:01c7670e81d5120347cf0ad13372742489985e5f@sha256:246adeaaba600e207131d63a7f706cffdcdc37d8f600c56187123ec62823ff44
-    imagePullPolicy: Always
-    name: build
-    resources:
+  - computeResources:
       limits:
         cpu: "2"
         memory: 4Gi
       requests:
         cpu: 250m
         memory: 512Mi
+    env:
+    - name: COMMIT_SHA
+      value: $(params.COMMIT_SHA)
+    image: quay.io/redhat-appstudio/multi-platform-runner:01c7670e81d5120347cf0ad13372742489985e5f@sha256:246adeaaba600e207131d63a7f706cffdcdc37d8f600c56187123ec62823ff44
+    imagePullPolicy: Always
+    name: build
     script: |-
       set -o verbose
       mkdir -p ~/.ssh
@@ -247,19 +245,19 @@ spec:
       name: ssh
       readOnly: true
     workingDir: $(workspaces.source.path)
-  - image: quay.io/redhat-appstudio/syft:v0.96.0
+  - computeResources: {}
+    image: quay.io/redhat-appstudio/syft:v0.96.0
     name: sbom-syft-generate
-    resources: {}
     script: |
       syft dir:$(workspaces.source.path)/source --output cyclonedx-json=$(workspaces.source.path)/sbom-source.json
       find $(cat /workspace/container_path) -xtype l -delete
       syft dir:$(cat /workspace/container_path) --output cyclonedx-json=$(workspaces.source.path)/sbom-image.json
     volumeMounts:
     - mountPath: /var/lib/containers
       name: varlibcontainers
-  - image: quay.io/redhat-appstudio/hacbs-jvm-build-request-processor:1d417e6f1f3e68c6c537333b5759796eddae0afc
+  - computeResources: {}
+    image: quay.io/redhat-appstudio/hacbs-jvm-build-request-processor:1d417e6f1f3e68c6c537333b5759796eddae0afc
     name: analyse-dependencies-java-sbom
-    resources: {}
     script: |
       if [ -f /var/lib/containers/java ]; then
         /opt/jboss/container/java/run/run-java.sh analyse-dependencies path $(cat /workspace/container_path) -s $(workspaces.source.path)/sbom-image.json --task-run-name $(context.taskRun.name) --publishers $(results.SBOM_JAVA_COMPONENTS_COUNT.path)
@@ -272,9 +270,9 @@ spec:
     volumeMounts:
     - mountPath: /var/lib/containers
       name: varlibcontainers
-  - image: registry.access.redhat.com/ubi9/python-39:1-143.1696863474
+  - computeResources: {}
+    image: registry.access.redhat.com/ubi9/python-39:1-143.1696863474
     name: merge-syft-sboms
-    resources: {}
     script: |
       #!/bin/python3
       import json
@@ -307,9 +305,9 @@ spec:
     securityContext:
       runAsUser: 0
     workingDir: $(workspaces.source.path)
-  - image: quay.io/redhat-appstudio/cachi2:0.3.0@sha256:46097f22b57e4d48a3fce96d931e08ccfe3a3e6421362d5f9353961279078eef
+  - computeResources: {}
+    image: quay.io/redhat-appstudio/cachi2:0.3.0@sha256:46097f22b57e4d48a3fce96d931e08ccfe3a3e6421362d5f9353961279078eef
     name: merge-cachi2-sbom
-    resources: {}
     script: |
       if [ -n "${PREFETCH_INPUT}" ]; then
         echo "Merging contents of sbom-cachi2.json into sbom-cyclonedx.json"
@@ -321,9 +319,9 @@ spec:
     securityContext:
       runAsUser: 0
     workingDir: $(workspaces.source.path)
-  - image: registry.access.redhat.com/ubi9/python-39:1-143.1696863474
+  - computeResources: {}
+    image: registry.access.redhat.com/ubi9/python-39:1-143.1696863474
     name: create-purl-sbom
-    resources: {}
     script: |
       #!/bin/python3
       import json
@@ -339,9 +337,9 @@ spec:
     securityContext:
       runAsUser: 0
     workingDir: $(workspaces.source.path)
-  - image: $(params.BUILDER_IMAGE)
+  - computeResources: {}
+    image: $(params.BUILDER_IMAGE)
     name: inject-sbom-and-push
-    resources: {}
     script: |
       # Expose base image digests
       buildah images --format '{{ .Name }}:{{ .Tag }}@{{ .Digest }}' | grep -v $IMAGE > $(results.BASE_IMAGES_DIGESTS.path)
@@ -389,9 +387,9 @@ spec:
     - --type
     - cyclonedx
     - $(params.IMAGE)
+    computeResources: {}
     image: quay.io/redhat-appstudio/cosign:v2.1.1
     name: upload-sbom
-    resources: {}
     workingDir: $(workspaces.source.path)
   volumes:
   - emptyDir: {}

diff --git a/task/buildah/0.1/buildah.yaml b/task/buildah/0.1/buildah.yaml
@@ -1,4 +1,4 @@
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Task
 metadata:
   labels:
@@ -89,7 +89,7 @@ spec:
   steps:
   - image: $(params.BUILDER_IMAGE)
     name: build
-    resources:
+    computeResources:
       limits:
         memory: 4Gi
         cpu: 2
@@ -279,7 +279,7 @@ spec:
 
   - name: inject-sbom-and-push
     image: $(params.BUILDER_IMAGE)
-    resources: {}
+    computeResources: {}
     script: |
       # Expose base image digests
       buildah images --format '{{ .Name }}:{{ .Tag }}@{{ .Digest }}' | grep -v $IMAGE > $(results.BASE_IMAGES_DIGESTS.path)

diff --git a/task/clair-scan/0.1/clair-scan.yaml b/task/clair-scan/0.1/clair-scan.yaml
@@ -1,5 +1,5 @@
 ---
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Task
 metadata:
   labels:

diff --git a/task/clamav-scan/0.1/clamav-scan.yaml b/task/clamav-scan/0.1/clamav-scan.yaml
@@ -1,4 +1,4 @@
-apiVersion: tekton.dev/v1beta1
+apiVersion: tekton.dev/v1
 kind: Task
 metadata:
   labels:
@@ -37,7 +37,7 @@ spec:
           value: $(params.image-url)
         - name: IMAGE_DIGEST
           value: $(params.image-digest)
-      resources:
+      computeResources:
         limits:
           memory: 4Gi
           cpu: 2