Skip to content

Commit

Permalink
Merge branch 'main' into enable-config-toml-customization
Browse files Browse the repository at this point in the history
  • Loading branch information
arewm authored Jul 19, 2024
2 parents ee536f4 + 92db533 commit 0c0f272
Show file tree
Hide file tree
Showing 38 changed files with 3,225 additions and 16 deletions.
2 changes: 1 addition & 1 deletion .tekton/tasks/e2e-test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ spec:
type: string
steps:
- name: e2e-test
image: quay.io/redhat-user-workloads/rhtap-qe-shared-tenant/konflux-e2e/konflux-e2e-tests:3fdbf3e389e0cde01b878f34f6d5facaac3b377c
image: quay.io/redhat-user-workloads/rhtap-qe-shared-tenant/konflux-e2e/konflux-e2e-tests:91ce627177c27570aebf1bb59b9fd7614f229152
# a la infra-deployment updates, when PRs merge in e2e-tests, PRs will be opened
# against build-definitions to update this tag
args: [
Expand Down
14 changes: 8 additions & 6 deletions hack/generate-buildah-remote.sh
Original file line number Diff line number Diff line change
@@ -1,12 +1,14 @@
#!/bin/bash
set -euo pipefail

SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"

cd $SCRIPTDIR/../task-generator
cd "${SCRIPTDIR}/../task-generator"
go build -o /tmp/remote-generator ./remote/main.go


/tmp/remote-generator --buildah-task=$SCRIPTDIR/../task/buildah/0.1/buildah.yaml \
--remote-task=$SCRIPTDIR/../task/buildah-remote/0.1/buildah-remote.yaml
/tmp/remote-generator --buildah-task=$SCRIPTDIR/../task/buildah-oci-ta/0.1/buildah-oci-ta.yaml \
--remote-task=$SCRIPTDIR/../task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml
for version in 0.1 0.2; do
/tmp/remote-generator --buildah-task="${SCRIPTDIR}/../task/buildah/${version}/buildah.yaml" \
--remote-task="${SCRIPTDIR}/../task/buildah-remote/${version}/buildah-remote.yaml"
/tmp/remote-generator --buildah-task="${SCRIPTDIR}/../task/buildah-oci-ta/${version}/buildah-oci-ta.yaml" \
--remote-task="${SCRIPTDIR}/../task/buildah-remote-oci-ta/${version}/buildah-remote-oci-ta.yaml"
done
2 changes: 1 addition & 1 deletion pipelines/docker-build/patch.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
path: /spec/tasks/3/taskRef
value:
name: buildah
version: "0.1"
version: "0.2"
- op: add
path: /spec/params/-
value:
Expand Down
8 changes: 4 additions & 4 deletions pipelines/template-build/template-build.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
# This build pipeline template is intended to be processed by scripts
# under hack/ directory rather than by kustomize directly.

apiVersion: tekton.dev/v1
kind: Pipeline
metadata:
Expand Down Expand Up @@ -64,6 +67,7 @@ spec:
value: "$(params.skip-checks)"
taskRef:
name: init
# A pointer for referencing the correct version of task in the built pipeline bundles.
version: "0.2"
- name: clone-repository
when:
Expand Down Expand Up @@ -133,8 +137,6 @@ spec:
params:
- name: BINARY_IMAGE
value: "$(params.output-image)"
- name: BASE_IMAGES
value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)"
workspaces:
- name: workspace
workspace: workspace
Expand All @@ -147,8 +149,6 @@ spec:
name: deprecated-image-check
version: "0.4"
params:
- name: BASE_IMAGES_DIGESTS
value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS)
- name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL)
- name: IMAGE_DIGEST
Expand Down
17 changes: 13 additions & 4 deletions task-generator/remote/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,17 +16,18 @@ package main
import (
"bytes"
"flag"
"os"
"path/filepath"
"strings"

tektonapi "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1"
v1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/serializer"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/cli-runtime/pkg/printers"
klog "k8s.io/klog/v2"
"os"
"path/filepath"
"sigs.k8s.io/controller-runtime/pkg/log/zap"
"strings"
)

func main() {
Expand Down Expand Up @@ -56,7 +57,11 @@ func main() {
y := printers.YAMLPrinter{}
b := bytes.Buffer{}
_ = y.PrintObj(&task, &b)
err := os.WriteFile(buildahRemoteTask, b.Bytes(), 0660) //#nosec
err := os.MkdirAll(filepath.Dir(buildahRemoteTask), 0755) //#nosec G301 -- all the dirs in the repo are 755
if err != nil {
panic(err)
}
err = os.WriteFile(buildahRemoteTask, b.Bytes(), 0660) //#nosec
if err != nil {
panic(err)
}
Expand Down Expand Up @@ -127,6 +132,10 @@ fi
`

env := "$PODMAN_PORT_FORWARD \\\n"

// disable podman subscription-manager integration
env += " --tmpfs /run/secrets \\\n"

// Before the build we sync the contents of the workspace to the remote host
for _, workspace := range task.Spec.Workspaces {
ret += "\nrsync -ra $(workspaces." + workspace.Name + ".path)/ \"$SSH_HOST:$BUILD_DIR/workspaces/" + workspace.Name + "/\""
Expand Down
46 changes: 46 additions & 0 deletions task/buildah-10gb/0.2/MIGRATION.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
# Migration from 0.1 to 0.2

Version 0.2:

* Removes the `BASE_IMAGES_DIGESTS` result. Please remove all the references to this
result from your pipeline.
* Base images and their digests can be found in the SBOM for the output image.
* No longer writes the `base_images_from_dockerfile` file into the `source` workspace.

## Konflux-specific

In a typical Konflux pipeline, the two tasks that used to depend on the `BASE_IMAGES_DIGESTS`
result are `build-source-image` and `deprecated-base-image-check`.

1. Make sure your version of `deprecated-base-image-check` is at least `0.4`.
2. Make sure your version of `build-source-image` supports reading base images from
the SBOM. Version `0.1` supports it since 2024-07-15. In the logs of your build
pipeline, you should see that the build-source-image task now has a GET-BASE-IMAGES
step. Once you stop passing the `BASE_IMAGES_DIGESTS` param, this step will emit
logs about handling the SBOM.
3. Remove the parameters that reference the `BASE_IMAGES_DIGESTS` result:

```diff
@@ -255,10 +255,8 @@ spec:
- name: build-source-image
params:
- name: BINARY_IMAGE
value: $(params.output-image)
- - name: BASE_IMAGES
- value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS)
runAfter:
- build-container
taskRef:
params:
@@ -282,10 +280,8 @@ spec:
- name: workspace
workspace: workspace
- name: deprecated-base-image-check
params:
- - name: BASE_IMAGES_DIGESTS
- value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS)
- name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL)
- name: IMAGE_DIGEST
value: $(tasks.build-container.results.IMAGE_DIGEST)
```
10 changes: 10 additions & 0 deletions task/buildah-10gb/0.2/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- ../../buildah/0.2

patches:
- path: patch.yaml
target:
kind: Task
9 changes: 9 additions & 0 deletions task/buildah-10gb/0.2/patch.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
- op: replace
path: /metadata/name
value: buildah-10gb
- op: replace
path: /spec/steps/0/computeResources/limits/memory
value: 10Gi
- op: replace
path: /spec/steps/0/computeResources/requests/memory
value: 8Gi
46 changes: 46 additions & 0 deletions task/buildah-20gb/0.2/MIGRATION.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
# Migration from 0.1 to 0.2

Version 0.2:

* Removes the `BASE_IMAGES_DIGESTS` result. Please remove all the references to this
result from your pipeline.
* Base images and their digests can be found in the SBOM for the output image.
* No longer writes the `base_images_from_dockerfile` file into the `source` workspace.

## Konflux-specific

In a typical Konflux pipeline, the two tasks that used to depend on the `BASE_IMAGES_DIGESTS`
result are `build-source-image` and `deprecated-base-image-check`.

1. Make sure your version of `deprecated-base-image-check` is at least `0.4`.
2. Make sure your version of `build-source-image` supports reading base images from
the SBOM. Version `0.1` supports it since 2024-07-15. In the logs of your build
pipeline, you should see that the build-source-image task now has a GET-BASE-IMAGES
step. Once you stop passing the `BASE_IMAGES_DIGESTS` param, this step will emit
logs about handling the SBOM.
3. Remove the parameters that reference the `BASE_IMAGES_DIGESTS` result:

```diff
@@ -255,10 +255,8 @@ spec:
- name: build-source-image
params:
- name: BINARY_IMAGE
value: $(params.output-image)
- - name: BASE_IMAGES
- value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS)
runAfter:
- build-container
taskRef:
params:
@@ -282,10 +280,8 @@ spec:
- name: workspace
workspace: workspace
- name: deprecated-base-image-check
params:
- - name: BASE_IMAGES_DIGESTS
- value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS)
- name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL)
- name: IMAGE_DIGEST
value: $(tasks.build-container.results.IMAGE_DIGEST)
```
10 changes: 10 additions & 0 deletions task/buildah-20gb/0.2/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- ../../buildah/0.2

patches:
- path: patch.yaml
target:
kind: Task
9 changes: 9 additions & 0 deletions task/buildah-20gb/0.2/patch.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
- op: replace
path: /metadata/name
value: buildah-20gb
- op: replace
path: /spec/steps/0/computeResources/limits/memory
value: 20Gi
- op: replace
path: /spec/steps/0/computeResources/requests/memory
value: 16Gi
46 changes: 46 additions & 0 deletions task/buildah-24gb/0.2/MIGRATION.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
# Migration from 0.1 to 0.2

Version 0.2:

* Removes the `BASE_IMAGES_DIGESTS` result. Please remove all the references to this
result from your pipeline.
* Base images and their digests can be found in the SBOM for the output image.
* No longer writes the `base_images_from_dockerfile` file into the `source` workspace.

## Konflux-specific

In a typical Konflux pipeline, the two tasks that used to depend on the `BASE_IMAGES_DIGESTS`
result are `build-source-image` and `deprecated-base-image-check`.

1. Make sure your version of `deprecated-base-image-check` is at least `0.4`.
2. Make sure your version of `build-source-image` supports reading base images from
the SBOM. Version `0.1` supports it since 2024-07-15. In the logs of your build
pipeline, you should see that the build-source-image task now has a GET-BASE-IMAGES
step. Once you stop passing the `BASE_IMAGES_DIGESTS` param, this step will emit
logs about handling the SBOM.
3. Remove the parameters that reference the `BASE_IMAGES_DIGESTS` result:

```diff
@@ -255,10 +255,8 @@ spec:
- name: build-source-image
params:
- name: BINARY_IMAGE
value: $(params.output-image)
- - name: BASE_IMAGES
- value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS)
runAfter:
- build-container
taskRef:
params:
@@ -282,10 +280,8 @@ spec:
- name: workspace
workspace: workspace
- name: deprecated-base-image-check
params:
- - name: BASE_IMAGES_DIGESTS
- value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS)
- name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL)
- name: IMAGE_DIGEST
value: $(tasks.build-container.results.IMAGE_DIGEST)
```
10 changes: 10 additions & 0 deletions task/buildah-24gb/0.2/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- ../../buildah/0.2

patches:
- path: patch.yaml
target:
kind: Task
15 changes: 15 additions & 0 deletions task/buildah-24gb/0.2/patch.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
- op: replace
path: /metadata/name
value: buildah-24gb
- op: replace
path: /spec/steps/0/computeResources/limits/memory
value: 24Gi
- op: replace
path: /spec/steps/0/computeResources/requests/memory
value: 20Gi
- op: replace
path: /spec/steps/0/computeResources/limits/cpu
value: "20"
- op: replace
path: /spec/steps/0/computeResources/requests/cpu
value: "10"
46 changes: 46 additions & 0 deletions task/buildah-6gb/0.2/MIGRATION.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
# Migration from 0.1 to 0.2

Version 0.2:

* Removes the `BASE_IMAGES_DIGESTS` result. Please remove all the references to this
result from your pipeline.
* Base images and their digests can be found in the SBOM for the output image.
* No longer writes the `base_images_from_dockerfile` file into the `source` workspace.

## Konflux-specific

In a typical Konflux pipeline, the two tasks that used to depend on the `BASE_IMAGES_DIGESTS`
result are `build-source-image` and `deprecated-base-image-check`.

1. Make sure your version of `deprecated-base-image-check` is at least `0.4`.
2. Make sure your version of `build-source-image` supports reading base images from
the SBOM. Version `0.1` supports it since 2024-07-15. In the logs of your build
pipeline, you should see that the build-source-image task now has a GET-BASE-IMAGES
step. Once you stop passing the `BASE_IMAGES_DIGESTS` param, this step will emit
logs about handling the SBOM.
3. Remove the parameters that reference the `BASE_IMAGES_DIGESTS` result:

```diff
@@ -255,10 +255,8 @@ spec:
- name: build-source-image
params:
- name: BINARY_IMAGE
value: $(params.output-image)
- - name: BASE_IMAGES
- value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS)
runAfter:
- build-container
taskRef:
params:
@@ -282,10 +280,8 @@ spec:
- name: workspace
workspace: workspace
- name: deprecated-base-image-check
params:
- - name: BASE_IMAGES_DIGESTS
- value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS)
- name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL)
- name: IMAGE_DIGEST
value: $(tasks.build-container.results.IMAGE_DIGEST)
```
10 changes: 10 additions & 0 deletions task/buildah-6gb/0.2/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- ../../buildah/0.2

patches:
- path: patch.yaml
target:
kind: Task
9 changes: 9 additions & 0 deletions task/buildah-6gb/0.2/patch.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
- op: replace
path: /metadata/name
value: buildah-6gb
- op: replace
path: /spec/steps/0/computeResources/limits/memory
value: 6Gi
- op: replace
path: /spec/steps/0/computeResources/requests/memory
value: 4Gi
Loading

0 comments on commit 0c0f272

Please sign in to comment.