generated TA and remote tasks

task/buildah-oci-ta/0.1/README.md

@@ -8,6 +8,7 @@ When prefetch-dependencies task was activated it is using its artifacts to run b
 ## Parameters
 |name|description|default value|required|
 |---|---|---|---|
+|ACTIVATION_KEY|Name of secret which contains subscription activation key|activation-key|false|
 |ADDITIONAL_SECRET|Name of a secret which will be made available to the build with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET|does-not-exist|false|
 |ADD_CAPABILITIES|Comma separated list of extra capabilities to add when running 'buildah build'|""|false|
 |BUILD_ARGS|Array of --build-arg values ("arg=value" strings)|[]|false|

task/buildah-oci-ta/0.1/buildah-oci-ta.yaml

@@ -16,6 +16,10 @@ spec:
     When [Java dependency rebuild](https://redhat-appstudio.github.io/docs.stonesoup.io/Documentation/main/cli/proc_enabled_java_dependencies.html) is enabled it triggers rebuilds of Java artifacts.
     When prefetch-dependencies task was activated it is using its artifacts to run build in hermetic environment.
   params:
+    - name: ACTIVATION_KEY
+      description: Name of secret which contains subscription activation key
+      type: string
+      default: activation-key
     - name: ADDITIONAL_SECRET
       description: Name of a secret which will be made available to the build
         with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET
@@ -140,6 +144,10 @@ spec:
       description: The counting of Java components by publisher in JSON format
       type: string
   volumes:
+    - name: activation-key
+      secret:
+        optional: true
+        secretName: $(params.ACTIVATION_KEY)
     - name: additional-secret
       secret:
         optional: true
@@ -148,7 +156,6 @@ spec:
       secret:
         optional: true
         secretName: $(params.ENTITLEMENT_SECRET)
-
     - name: shared
       emptyDir: {}
     - name: trusted-ca
@@ -164,6 +171,8 @@ spec:
       emptyDir: {}
   stepTemplate:
     env:
+      - name: ACTIVATION_KEY
+        value: $(params.ACTIVATION_KEY)
       - name: ADDITIONAL_SECRET
         value: $(params.ADDITIONAL_SECRET)
       - name: ADD_CAPABILITIES
@@ -222,6 +231,8 @@ spec:
           name: varlibcontainers
         - mountPath: /entitlement
           name: etc-pki-entitlement
+        - mountPath: /activation-key
+          name: activation-key
         - mountPath: /additional-secret
           name: additional-secret
         - mountPath: /mnt/trusted-ca
@@ -354,6 +365,13 @@ spec:
           echo "Adding the entitlement to the build"
         fi
 
+        ACTIVATION_KEY_PATH="/activation-key"
+           if [ -d "$ACTIVATION_KEY_PATH" ]; then
+            cp -r --preserve=mode "$ACTIVATION_KEY_PATH" /tmp/activation-key
+            VOLUME_MOUNTS="${VOLUME_MOUNTS} --volume /tmp/activation-key:/activation-key"
+            echo "Adding activation key to the build"
+        fi
+
         ADDITIONAL_SECRET_PATH="/additional-secret"
         ADDITIONAL_SECRET_TMP="/tmp/additional-secret"
         if [ -d "$ADDITIONAL_SECRET_PATH" ]; then

task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml

@@ -16,6 +16,10 @@ spec:
     When [Java dependency rebuild](https://redhat-appstudio.github.io/docs.stonesoup.io/Documentation/main/cli/proc_enabled_java_dependencies.html) is enabled it triggers rebuilds of Java artifacts.
     When prefetch-dependencies task was activated it is using its artifacts to run build in hermetic environment.
   params:
+  - default: activation-key
+    description: Name of secret which contains subscription activation key
+    name: ACTIVATION_KEY
+    type: string
   - default: does-not-exist
     description: Name of a secret which will be made available to the build with 'buildah
       build --secret' at /run/secrets/$ADDITIONAL_SECRET
@@ -59,10 +63,6 @@ spec:
     description: Name of secret which contains the entitlement certificates
     name: ENTITLEMENT_SECRET
     type: string
-  - default: activation-key
-    description: Name of secret which contains subscription activation key
-    name: ACTIVATION_KEY
-    type: string
   - default: "false"
     description: Determines if build will be executed without network access.
     name: HERMETIC
@@ -147,6 +147,8 @@ spec:
   stepTemplate:
     computeResources: {}
     env:
+    - name: ACTIVATION_KEY
+      value: $(params.ACTIVATION_KEY)
     - name: ADDITIONAL_SECRET
       value: $(params.ADDITIONAL_SECRET)
     - name: ADD_CAPABILITIES
@@ -161,8 +163,6 @@ spec:
       value: $(params.DOCKERFILE)
     - name: ENTITLEMENT_SECRET
       value: $(params.ENTITLEMENT_SECRET)
-    - name: ACTIVATION_KEY
-      value: $(params.ACTIVATION_KEY)
     - name: HERMETIC
       value: $(params.HERMETIC)
     - name: IMAGE
@@ -378,10 +378,10 @@ spec:
       fi
 
       ACTIVATION_KEY_PATH="/activation-key"
-       if [ -d "$ACTIVATION_KEY_PATH" ]; then
-        cp -r --preserve=mode "$ACTIVATION_KEY_PATH" /tmp/activation-key
-        VOLUME_MOUNTS="${VOLUME_MOUNTS} --volume /tmp/activation-key:/activation-key"
-        echo "Adding activation key to the build"
+         if [ -d "$ACTIVATION_KEY_PATH" ]; then
+          cp -r --preserve=mode "$ACTIVATION_KEY_PATH" /tmp/activation-key
+          VOLUME_MOUNTS="${VOLUME_MOUNTS} --volume /tmp/activation-key:/activation-key"
+          echo "Adding activation key to the build"
       fi
 
       ADDITIONAL_SECRET_PATH="/additional-secret"
@@ -428,14 +428,14 @@ spec:
       rsync -ra scripts "$SSH_HOST:$BUILD_DIR"
       ssh $SSH_ARGS "$SSH_HOST" $PORT_FORWARD podman  run $PODMAN_PORT_FORWARD \
        --tmpfs /run/secrets \
+       -e ACTIVATION_KEY="$ACTIVATION_KEY" \
        -e ADDITIONAL_SECRET="$ADDITIONAL_SECRET" \
        -e ADD_CAPABILITIES="$ADD_CAPABILITIES" \
        -e BUILDAH_FORMAT="$BUILDAH_FORMAT" \
        -e BUILD_ARGS_FILE="$BUILD_ARGS_FILE" \
        -e CONTEXT="$CONTEXT" \
        -e DOCKERFILE="$DOCKERFILE" \
        -e ENTITLEMENT_SECRET="$ENTITLEMENT_SECRET" \
-       -e ACTIVATION_KEY="$ACTIVATION_KEY" \
        -e HERMETIC="$HERMETIC" \
        -e IMAGE="$IMAGE" \
        -e IMAGE_EXPIRES_AFTER="$IMAGE_EXPIRES_AFTER" \
@@ -655,6 +655,10 @@ spec:
     name: upload-sbom
     workingDir: /var/workdir
   volumes:
+  - name: activation-key
+    secret:
+      optional: true
+      secretName: $(params.ACTIVATION_KEY)
   - name: additional-secret
     secret:
       optional: true
@@ -663,10 +667,6 @@ spec:
     secret:
       optional: true
       secretName: $(params.ENTITLEMENT_SECRET)
-  - name: activation-key
-    secret:
-      optional: false
-      secretName: $(params.ACTIVATION_KEY)
   - emptyDir: {}
     name: shared
   - configMap:

task/buildah-remote/0.1/buildah-remote.yaml

@@ -78,6 +78,10 @@ spec:
     description: Name of secret which contains the entitlement certificates
     name: ENTITLEMENT_SECRET
     type: string
+  - default: activation-key
+    description: Name of secret which contains subscription activation key
+    name: ACTIVATION_KEY
+    type: string
   - default: does-not-exist
     description: Name of a secret which will be made available to the build with 'buildah
       build --secret' at /run/secrets/$ADDITIONAL_SECRET
@@ -166,6 +170,8 @@ spec:
       value: $(params.BUILDER_IMAGE)
     - name: ENTITLEMENT_SECRET
       value: $(params.ENTITLEMENT_SECRET)
+    - name: ACTIVATION_KEY
+      value: $(params.ACTIVATION_KEY)
     - name: ADDITIONAL_SECRET
       value: $(params.ADDITIONAL_SECRET)
     - name: BUILD_ARGS_FILE
@@ -226,6 +232,7 @@ spec:
       rsync -ra $(workspaces.source.path)/ "$SSH_HOST:$BUILD_DIR/workspaces/source/"
       rsync -ra /shared/ "$SSH_HOST:$BUILD_DIR/volumes/shared/"
       rsync -ra /entitlement/ "$SSH_HOST:$BUILD_DIR/volumes/etc-pki-entitlement/"
+      rsync -ra /activation-key/ "$SSH_HOST:$BUILD_DIR/volumes/activation-key/"
       rsync -ra /additional-secret/ "$SSH_HOST:$BUILD_DIR/volumes/additional-secret/"
       rsync -ra /mnt/trusted-ca/ "$SSH_HOST:$BUILD_DIR/volumes/trusted-ca/"
       rsync -ra "$HOME/.docker/" "$SSH_HOST:$BUILD_DIR/.docker/"
@@ -362,6 +369,13 @@ spec:
         echo "Adding the entitlement to the build"
       fi
 
+      ACTIVATION_KEY_PATH="/activation-key"
+         if [ -d "$ACTIVATION_KEY_PATH" ]; then
+          cp -r --preserve=mode "$ACTIVATION_KEY_PATH" /tmp/activation-key
+          VOLUME_MOUNTS="${VOLUME_MOUNTS} --volume /tmp/activation-key:/activation-key"
+          echo "Adding activation key to the build"
+        fi
+
       ADDITIONAL_SECRET_PATH="/additional-secret"
       ADDITIONAL_SECRET_TMP="/tmp/additional-secret"
       if [ -d "$ADDITIONAL_SECRET_PATH" ]; then
@@ -420,6 +434,7 @@ spec:
        -e TARGET_STAGE="$TARGET_STAGE" \
        -e PARAM_BUILDER_IMAGE="$PARAM_BUILDER_IMAGE" \
        -e ENTITLEMENT_SECRET="$ENTITLEMENT_SECRET" \
+       -e ACTIVATION_KEY="$ACTIVATION_KEY" \
        -e ADDITIONAL_SECRET="$ADDITIONAL_SECRET" \
        -e BUILD_ARGS_FILE="$BUILD_ARGS_FILE" \
        -e ADD_CAPABILITIES="$ADD_CAPABILITIES" \
@@ -429,6 +444,7 @@ spec:
        -v "$BUILD_DIR/workspaces/source:$(workspaces.source.path):Z" \
        -v "$BUILD_DIR/volumes/shared:/shared:Z" \
        -v "$BUILD_DIR/volumes/etc-pki-entitlement:/entitlement:Z" \
+       -v "$BUILD_DIR/volumes/activation-key:/activation-key:Z" \
        -v "$BUILD_DIR/volumes/additional-secret:/additional-secret:Z" \
        -v "$BUILD_DIR/volumes/trusted-ca:/mnt/trusted-ca:Z" \
        -v "$BUILD_DIR/.docker/:/root/.docker:Z" \
@@ -453,6 +469,8 @@ spec:
       name: varlibcontainers
     - mountPath: /entitlement
       name: etc-pki-entitlement
+    - mountPath: /activation-key
+      name: activation-key
     - mountPath: /additional-secret
       name: additional-secret
     - mountPath: /mnt/trusted-ca
@@ -642,6 +660,10 @@ spec:
     secret:
       optional: true
       secretName: $(params.ENTITLEMENT_SECRET)
+  - name: activation-key
+    secret:
+      optional: true
+      secretName: $(params.ACTIVATION_KEY)
   - name: additional-secret
     secret:
       optional: true