From 7903800db709a56e1e13392c0eda15eb7f18019c Mon Sep 17 00:00:00 2001 From: Stuart Douglas Date: Thu, 6 Jun 2024 16:21:14 +1000 Subject: [PATCH] Add task to build RHEL AI --- .../0.1/build-image-manifest.yaml | 2 +- task/build-vm-image/0.1/build-vm-image.yaml | 209 ++++++++++++++++++ 2 files changed, 210 insertions(+), 1 deletion(-) create mode 100644 task/build-vm-image/0.1/build-vm-image.yaml diff --git a/task/build-image-manifest/0.1/build-image-manifest.yaml b/task/build-image-manifest/0.1/build-image-manifest.yaml index 2967c78248..616660adca 100644 --- a/task/build-image-manifest/0.1/build-image-manifest.yaml +++ b/task/build-image-manifest/0.1/build-image-manifest.yaml @@ -79,7 +79,7 @@ spec: TOADD="$(echo $i | cut -d: -f1)@sha256:$(echo $i | cut -d: -f3)" fi echo "Adding $TOADD" - buildah manifest add $IMAGE "docker://$TOADD" + buildah manifest add $IMAGE "docker://$TOADD" --all done status=-1 diff --git a/task/build-vm-image/0.1/build-vm-image.yaml b/task/build-vm-image/0.1/build-vm-image.yaml new file mode 100644 index 0000000000..c2b7bed350 --- /dev/null +++ b/task/build-vm-image/0.1/build-vm-image.yaml @@ -0,0 +1,209 @@ +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: build-vm-image +spec: + params: + - description: The platform to build on + name: PLATFORM + type: string + - name: OUTPUT_IMAGE + type: string + description: The output manifest list that points to the OCI artifact of the zipped ZM image + - name: SOURCE_ARTIFACT + type: string + - name: IMAGE_TYPE + type: string + description: The type of VM image to build, valid values are iso, qcow2 and raw + - name: BIB_CONFIG_FILE + default: bib.yaml + type: string + description: The config file specifying what to build and the builder to build it with + results: + - description: Digest of the manifest list just built + name: IMAGE_DIGEST + - description: Image repository where the built manifest list was pushed + name: IMAGE_URL + stepTemplate: + env: + - name: OUTPUT_IMAGE + value: $(params.OUTPUT_IMAGE) + - name: BIB_CONFIG_FILE + value: $(params.BIB_CONFIG_FILE) + - name: IMAGE_TYPE + value: $(params.IMAGE_TYPE) + volumeMounts: + - mountPath: "/var/workdir" + name: workdir + steps: + - name: use-trusted-artifact + image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:4e39fb97f4444c2946944482df47b39c5bbc195c54c6560b0647635f553ab23d + args: + - use + - $(params.SOURCE_ARTIFACT)=/var/workdir/source + - name: validate-bib-config + image: quay.io/redhat-user-workloads/rhtap-integration-tenant/yq-container/yq:99301602bc9ea9c909df5903d848e5fb582598de + script: |- + #!/bin/bash + set -o verbose + set -e + + # expects a config file like the following as BIB_CONFIG_FILE + # + echo -e "BIB_CONFIG_FILE: $BIB_CONFIG_FILE" + # # BIB: Bootc Image Builder config + # bootc-builder-image: "quay.io/centos-bootc/bootc-image-builder:latest" + # source-image: "quay.io/centos-bootc/centos-bootc:stream9" + + # trim any leading slash. + BIB_CONFIG_FILE=${BIB_CONFIG_FILE#/} + + BIB_IMAGE=$(yq -r .bootc-builder-image /var/workdir/source/$BIB_CONFIG_FILE) + SOURCE_IMAGE=$(yq -r .source-image /var/workdir/source/$BIB_CONFIG_FILE) + + # write values to a file in the workspace + echo "declare BOOTC_BUILDER_IMAGE=${BIB_IMAGE}" > /var/workdir/vars + echo "declare SOURCE_IMAGE=${SOURCE_IMAGE}" >> /var/workdir/vars + + # here we should validate that both keys exist and are valid pullspecs. + # todo + + - name: build + image: quay.io/redhat-user-workloads/rhtap-build-tenant/multi-arch-controller/hacktask-image-multi-platform-controller@sha256:eda615c7127ca024dea0c71b4d639664cad3f51ccaa5ea2f275221db38482698 + computeResources: + limits: + memory: 512Mi + requests: + cpu: 250m + memory: 128Mi + script: |- + #!/bin/bash + set -o verbose + set -eu + + + # get values stored from previous task + echo "vars file" + cat /var/workdir/vars + source /var/workdir/vars + echo "Vars:" + echo BOOTC_BUILDER_IMAGE $BOOTC_BUILDER_IMAGE + echo SOURCE_IMAGE $SOURCE_IMAGE + + mkdir -p ~/.ssh + if [ -e "/ssh/error" ]; then + #no server could be provisioned + cat /ssh/error + exit 1 + elif [ -e "/ssh/otp" ]; then + curl --cacert /ssh/otp-ca -XPOST -d @/ssh/otp $(cat /ssh/otp-server) >~/.ssh/id_rsa + echo "" >> ~/.ssh/id_rsa + else + cp /ssh/id_rsa ~/.ssh + fi + chmod 0400 ~/.ssh/id_rsa + export SSH_HOST=$(cat /ssh/host) + export BUILD_DIR=$(cat /ssh/user-dir) + export SSH_ARGS="-o StrictHostKeyChecking=no" + mkdir -p scripts + echo "$BUILD_DIR" + ssh $SSH_ARGS "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/tmp" "$BUILD_DIR/tekton-results" + + rsync -ra "$HOME/.docker/" "$SSH_HOST:$BUILD_DIR/.docker/" + + # form the --type arguments + IMAGE_TYPES=" --type $IMAGE_TYPE " + + # this heredoc allows expansions for the image name + cat >scripts/script-build.sh <>scripts/script-build.sh <<'REMOTESSHEOF' + echo >config.toml <scripts/script-push.sh <