Skip to content

Commit

Permalink
Add task to build RHEL AI
Browse files Browse the repository at this point in the history
  • Loading branch information
stuartwdouglas committed Jun 6, 2024
1 parent 33b11cb commit 7903800
Show file tree
Hide file tree
Showing 2 changed files with 210 additions and 1 deletion.
2 changes: 1 addition & 1 deletion task/build-image-manifest/0.1/build-image-manifest.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ spec:
TOADD="$(echo $i | cut -d: -f1)@sha256:$(echo $i | cut -d: -f3)"
fi
echo "Adding $TOADD"
buildah manifest add $IMAGE "docker://$TOADD"
buildah manifest add $IMAGE "docker://$TOADD" --all
done
status=-1
Expand Down
209 changes: 209 additions & 0 deletions task/build-vm-image/0.1/build-vm-image.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,209 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: build-vm-image
spec:
params:
- description: The platform to build on
name: PLATFORM
type: string
- name: OUTPUT_IMAGE
type: string
description: The output manifest list that points to the OCI artifact of the zipped ZM image
- name: SOURCE_ARTIFACT
type: string
- name: IMAGE_TYPE
type: string
description: The type of VM image to build, valid values are iso, qcow2 and raw
- name: BIB_CONFIG_FILE
default: bib.yaml
type: string
description: The config file specifying what to build and the builder to build it with
results:
- description: Digest of the manifest list just built
name: IMAGE_DIGEST
- description: Image repository where the built manifest list was pushed
name: IMAGE_URL
stepTemplate:
env:
- name: OUTPUT_IMAGE
value: $(params.OUTPUT_IMAGE)
- name: BIB_CONFIG_FILE
value: $(params.BIB_CONFIG_FILE)
- name: IMAGE_TYPE
value: $(params.IMAGE_TYPE)
volumeMounts:
- mountPath: "/var/workdir"
name: workdir
steps:
- name: use-trusted-artifact
image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:4e39fb97f4444c2946944482df47b39c5bbc195c54c6560b0647635f553ab23d
args:
- use
- $(params.SOURCE_ARTIFACT)=/var/workdir/source
- name: validate-bib-config
image: quay.io/redhat-user-workloads/rhtap-integration-tenant/yq-container/yq:99301602bc9ea9c909df5903d848e5fb582598de
script: |-
#!/bin/bash
set -o verbose
set -e
# expects a config file like the following as BIB_CONFIG_FILE
#
echo -e "BIB_CONFIG_FILE: $BIB_CONFIG_FILE"
# # BIB: Bootc Image Builder config
# bootc-builder-image: "quay.io/centos-bootc/bootc-image-builder:latest"
# source-image: "quay.io/centos-bootc/centos-bootc:stream9"
# trim any leading slash.
BIB_CONFIG_FILE=${BIB_CONFIG_FILE#/}
BIB_IMAGE=$(yq -r .bootc-builder-image /var/workdir/source/$BIB_CONFIG_FILE)
SOURCE_IMAGE=$(yq -r .source-image /var/workdir/source/$BIB_CONFIG_FILE)
# write values to a file in the workspace
echo "declare BOOTC_BUILDER_IMAGE=${BIB_IMAGE}" > /var/workdir/vars
echo "declare SOURCE_IMAGE=${SOURCE_IMAGE}" >> /var/workdir/vars
# here we should validate that both keys exist and are valid pullspecs.
# todo
- name: build
image: quay.io/redhat-user-workloads/rhtap-build-tenant/multi-arch-controller/hacktask-image-multi-platform-controller@sha256:eda615c7127ca024dea0c71b4d639664cad3f51ccaa5ea2f275221db38482698
computeResources:
limits:
memory: 512Mi
requests:
cpu: 250m
memory: 128Mi
script: |-
#!/bin/bash
set -o verbose
set -eu
# get values stored from previous task
echo "vars file"
cat /var/workdir/vars
source /var/workdir/vars
echo "Vars:"
echo BOOTC_BUILDER_IMAGE $BOOTC_BUILDER_IMAGE
echo SOURCE_IMAGE $SOURCE_IMAGE
mkdir -p ~/.ssh
if [ -e "/ssh/error" ]; then
#no server could be provisioned
cat /ssh/error
exit 1
elif [ -e "/ssh/otp" ]; then
curl --cacert /ssh/otp-ca -XPOST -d @/ssh/otp $(cat /ssh/otp-server) >~/.ssh/id_rsa
echo "" >> ~/.ssh/id_rsa
else
cp /ssh/id_rsa ~/.ssh
fi
chmod 0400 ~/.ssh/id_rsa
export SSH_HOST=$(cat /ssh/host)
export BUILD_DIR=$(cat /ssh/user-dir)
export SSH_ARGS="-o StrictHostKeyChecking=no"
mkdir -p scripts
echo "$BUILD_DIR"
ssh $SSH_ARGS "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/tmp" "$BUILD_DIR/tekton-results"
rsync -ra "$HOME/.docker/" "$SSH_HOST:$BUILD_DIR/.docker/"
# form the --type arguments
IMAGE_TYPES=" --type $IMAGE_TYPE "
# this heredoc allows expansions for the image name
cat >scripts/script-build.sh <<REMOTESSHEOF
#!/bin/sh
set -e
export BUILD_DIR="$BUILD_DIR"
export OUTPUT_IMAGE="$OUTPUT_IMAGE"
export BOOTC_BUILDER_IMAGE="$BOOTC_BUILDER_IMAGE"
export SOURCE_IMAGE="$SOURCE_IMAGE"
export IMAGE_TYPES="$IMAGE_TYPES"
REMOTESSHEOF
# no expansions in this one, the env vars are evaluated on the remote vm
cat >>scripts/script-build.sh <<'REMOTESSHEOF'
echo >config.toml <<EOF
[[blueprint.customizations.user]]
name = "user"
password = "pass"
groups = ["wheel"]
EOF
mkdir output
echo "PULLING BUILDER IMAGE"
time sudo podman pull --authfile=$BUILD_DIR/.docker/config.json $BOOTC_BUILDER_IMAGE
echo "PULLING IMAGE"
time sudo podman pull --authfile=$BUILD_DIR/.docker/config.json $SOURCE_IMAGE
echo "RUNNING BUILD"
echo -e "IMAGE_TYPES = $IMAGE_TYPES"
time sudo podman run --authfile=$BUILD_DIR/.docker/config.json --rm -it --privileged --pull=newer --security-opt label=type:unconfined_t -v $(pwd)/config.toml:/config.toml -v $(pwd)/output:/output -v /var/lib/containers/storage:/var/lib/containers/storage $BOOTC_BUILDER_IMAGE $IMAGE_TYPES --local $SOURCE_IMAGE
# This script is currently using fedora image because buildah in UBI9 does not have the OCI support (no --artifact* switches)
time sudo podman run --authfile=$BUILD_DIR/.docker/config.json --rm -it --privileged --pull=newer --security-opt label=type:unconfined_t -v $BUILD_DIR/.docker:/.docker -v $(pwd)/output:/output -v $BUILD_DIR/scripts/script-push.sh:/script-push.sh -v $BUILD_DIR/tekton-results:/tekton-results registry.fedoraproject.org/fedora /script-push.sh
REMOTESSHEOF
# script-push.sh script is intended run _inside_ podman on the ssh host and requires sudo
cat >scripts/script-push.sh <<REMOTESSHEOF
#!/bin/bash
set -e
dnf -y install buildah
buildah manifest create "$OUTPUT_IMAGE"
# show contents of /output
ls -alR /output
if [ -f "/output/qcow2/disk.qcow2" ]; then
echo -e "Found qcow2 image."
gzip /output/qcow2/disk.qcow2
buildah manifest add --arch $(arch) --os linux --artifact --artifact-type application/vnd.diskimage.qcow2.gzip $OUTPUT_IMAGE /output/qcow2/disk.qcow2.gz
elif [ -f "/output/image/disk.raw" ]; then
echo -e "Found raw image."
gzip /output/image/disk.raw
buildah manifest add --arch $(arch) --os linux --artifact --artifact-type application/vnd.diskimage.raw.gzip $OUTPUT_IMAGE /output/image/disk.raw.gz
elif [ -f "/output/bootiso/install.iso" ]; then
echo -e "Found iso image."
gzip /output/bootiso/install.iso
buildah manifest add --arch $(arch) --os linux --artifact --artifact-type application/vnd.diskimage.iso.gzip $OUTPUT_IMAGE /output/bootiso/install.iso.gz
fi
buildah manifest push --digestfile image-digest --authfile /.docker/config.json --all $OUTPUT_IMAGE
echo -n "$OUTPUT_IMAGE" | tee /tekton-results/IMAGE_URL
cat image-digest | tee /tekton-results/IMAGE_DIGEST
REMOTESSHEOF
# make scripts executable and sync them to the cloud VM.
chmod +x scripts/script-build.sh
chmod +x scripts/script-push.sh
rsync -ra scripts "$SSH_HOST:$BUILD_DIR"
rsync -ra /var/workdir/source/ "$SSH_HOST:$BUILD_DIR/workspaces/source/"
ssh $SSH_ARGS "$SSH_HOST" $BUILD_DIR/scripts/script-build.sh
rsync -ra "$SSH_HOST:$BUILD_DIR/tekton-results/" "/tekton/results/"
volumeMounts:
- mountPath: /ssh
name: ssh
readOnly: true

volumes:
- emptyDir: {}
name: workdir
- name: ssh
secret:
optional: false
secretName: multi-platform-ssh-$(context.taskRun.name)

0 comments on commit 7903800

Please sign in to comment.