Skip to content

Commit

Permalink
Merge branch 'main' into renovate/integration
Browse files Browse the repository at this point in the history
  • Loading branch information
@dirgim
dirgim authored Jun 11, 2024
2 parents ccaae47 + 04c146b commit afc0d85
Show file tree
Hide file tree
Showing 89 changed files with 2,482 additions and 300 deletions.
36 changes: 5 additions & 31 deletions .tekton/pull-request.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ spec:
- yaml-lint-check
params:
- name: IMAGE
value: quay.io/redhat-appstudio/pull-request-builds:build-definitions-utils-{{revision}}
value: quay.io/konflux-ci/pull-request-builds:appstudio-utils-{{revision}}
- name: CONTEXT
value: appstudio-utils
taskRef:
Expand All @@ -78,10 +78,7 @@ spec:
taskSpec:
steps:
- name: check-task-structure
image: quay.io/redhat-appstudio/pull-request-builds:build-definitions-utils-{{revision}}
# per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting
# the cluster will set imagePullPolicy to IfNotPresent
# also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released.
image: quay.io/konflux-ci/pull-request-builds:appstudio-utils-{{revision}}
workingDir: $(workspaces.source.path)/source
script: |
#!/usr/bin/env bash
Expand All @@ -90,9 +87,6 @@ spec:
cat partner-tasks.out
- name: create-comment
image: quay.io/redhat-appstudio/github-app-token@sha256:b4f2af12e9beea68055995ccdbdb86cfe1be97688c618117e5da2243dc1da18e
# per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting
# the cluster will set imagePullPolicy to IfNotPresent
# also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released.
volumeMounts:
- name: infra-deployments-pr-creator
mountPath: /secrets/deploy-key
Expand Down Expand Up @@ -147,28 +141,17 @@ spec:
type: string
steps:
- name: build-bundles
image: quay.io/redhat-appstudio/pull-request-builds:build-definitions-utils-{{revision}}
# per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting
# the cluster will set imagePullPolicy to IfNotPresent
# also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released.
image: quay.io/konflux-ci/pull-request-builds:appstudio-utils-{{revision}}
workingDir: $(workspaces.source.path)/source
script: |
#!/usr/bin/env bash
MY_QUAY_USER=redhat-appstudio-tekton-catalog \
QUAY_NAMESPACE=konflux-ci \
TEST_REPO_NAME=pull-request-builds \
BUILD_TAG=$(params.revision) \
SKIP_BUILD=1 \
INSTALL_BUNDLE_NS=$(params.e2e_test_namespace) \
ENABLE_SOURCE_BUILD=1 \
hack/build-and-push.sh
volumeMounts:
- mountPath: /root/.docker/config.json
subPath: .dockerconfigjson
name: quay-secret
volumes:
- name: quay-secret
secret:
secretName: redhat-appstudio-tekton-catalog-build-definitions-pull-secret
workspaces:
- name: source
- name: e2e-tests
Expand All @@ -193,10 +176,7 @@ spec:
taskSpec:
steps:
- name: fail-when-repo-is-missed
image: registry.redhat.io/openshift4/ose-tools-rhel8:v4.12@sha256:2098dc35cf999984ffb2a0aebd4f8bb1b52f1e2c308efef90831a3660c75c358
# per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting
# the cluster will set imagePullPolicy to IfNotPresent
# also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released.
image: quay.io/konflux-ci/pull-request-builds:appstudio-utils-{{revision}}
workingDir: $(workspaces.source.path)/source
script: |
#!/usr/bin/env bash
Expand All @@ -221,9 +201,6 @@ spec:
steps:
- name: check-task-migration-md
image: registry.redhat.io/openshift4/ose-tools-rhel8:v4.12@sha256:9deda623e4768ecbaa6f1c6204077d9a151d55f9569bfe414e793fcb36cc391e
# per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting
# the cluster will set imagePullPolicy to IfNotPresent
# also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released.
workingDir: $(workspaces.source.path)/source
script: |
#!/usr/bin/env bash
Expand Down Expand Up @@ -256,9 +233,6 @@ spec:
steps:
- name: e2e-cleanup
image: registry.redhat.io/openshift4/ose-cli:v4.12@sha256:0d21299d2adfa3cb74562c4dffbedd3b107fffac3a2a537f14770088abd4671f
# per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting
# the cluster will set imagePullPolicy to IfNotPresent
# also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released.
script: |
#!/usr/bin/env bash
# Perform cleanup of resources created by gitops service
Expand Down
155 changes: 129 additions & 26 deletions .tekton/push.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,21 @@ spec:
workspaces:
- name: output
workspace: workspace

- name: clone-repository-to-redhat-appstudio-workspace
params:
- name: url
value: $(params.git-url)
- name: revision
value: "$(params.revision)"
- name: depth
value: "0"
taskRef:
name: git-clone
workspaces:
- name: output
workspace: workspace-redhat-appstudio

- name: ec-task-checks
runAfter:
- clone-repository
Expand All @@ -52,7 +67,7 @@ spec:
- name: build-container
params:
- name: IMAGE
value: quay.io/redhat-appstudio/appstudio-utils:{{ revision }}
value: quay.io/konflux-ci/appstudio-utils:{{ revision }}
- name: CONTEXT
value: appstudio-utils
runAfter:
Expand All @@ -62,29 +77,28 @@ spec:
workspaces:
- name: source
workspace: workspace
- name: build-bundles

- name: build-bundles-redhat-appstudio
params:
- name: revision
value: "$(params.revision)"
runAfter:
- build-container
- clone-repository-to-redhat-appstudio-workspace
workspaces:
- name: source
workspace: workspace
workspace: workspace-redhat-appstudio
taskSpec:
params:
- name: revision
type: string
steps:
- name: build-bundles
image: quay.io/redhat-appstudio/appstudio-utils:{{ revision }}
# per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting
# the cluster will set imagePullPolicy to IfNotPresent
# also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released.
image: quay.io/konflux-ci/appstudio-utils:{{ revision }}
workingDir: $(workspaces.source.path)/source
command: ["./hack/build-and-push.sh"]
env:
- name: MY_QUAY_USER
- name: QUAY_NAMESPACE
value: redhat-appstudio-tekton-catalog
- name: BUILD_TAG
value: "$(params.revision)"
Expand All @@ -106,62 +120,143 @@ spec:
secretName: redhat-appstudio-tekton-catalog-build-definitions-pull-secret
workspaces:
- name: source

- name: build-bundles-konflux-ci
params:
- name: revision
value: "$(params.revision)"
runAfter:
- build-container
workspaces:
- name: source
workspace: workspace
taskSpec:
params:
- name: revision
type: string
steps:
- name: build-bundles
image: quay.io/konflux-ci/appstudio-utils:{{ revision }}
workingDir: $(workspaces.source.path)/source
command: ["./hack/build-and-push.sh"]
env:
- name: QUAY_NAMESPACE
value: konflux-ci/tekton-catalog
- name: BUILD_TAG
value: "$(params.revision)"
- name: SKIP_BUILD
value: "1"
- name: SKIP_INSTALL
value: "1"
- name: OUTPUT_TASK_BUNDLE_LIST
value: $(workspaces.source.path)/task-bundle-list
- name: OUTPUT_PIPELINE_BUNDLE_LIST
value: $(workspaces.source.path)/pipeline-bundle-list
workspaces:
- name: source

- name: update-infra-repo
runAfter:
- build-bundles
- build-bundles-redhat-appstudio
- build-bundles-konflux-ci
params:
- name: ORIGIN_REPO
value: $(params.git-url)
- name: REVISION
value: $(params.revision)
- name: SCRIPT
value: |
sed -i -E 's/[0-9a-f]{40}/$(params.revision)/g' components/build-service/base/build-pipeline-selectors/build-pipeline-selector.yaml components/build-service/base/build-pipeline-config/build-pipeline-config.yaml
sed -i -E 's/[0-9a-f]{40}/$(params.revision)/g' components/build-service/base/build-pipeline-config/build-pipeline-config.yaml
taskRef:
name: update-infra-deployments
- name: build-acceptable-bundles

# Note: pushes to redhat-appstudio-tekton-catalog, but contains the bundles
# from both redhat-appstudio-tekton-catalog and konflux-ci/tekton-catalog
- name: build-acceptable-bundles-redhat-appstudio
runAfter:
- build-bundles
- build-bundles-redhat-appstudio
- build-bundles-konflux-ci
workspaces:
- name: artifacts
workspace: workspace
- name: artifacts-redhat-appstudio
workspace: workspace-redhat-appstudio
taskSpec:
workspaces:
- name: artifacts
description: Workspace containing arbitrary artifacts used during the task run.
- name: artifacts-redhat-appstudio
description: Same as 'artifacts', but for tasks that push to the old redhat-appstudio location.
volumes:
- name: quay-secret
secret:
secretName: redhat-appstudio-tekton-catalog-build-definitions-pull-secret
results:
- name: DATA_BUNDLE_REPO
- name: DATA_BUNDLE_TAG
steps:
- name: build-bundles
image: quay.io/redhat-appstudio/appstudio-utils:{{ revision }}
image: quay.io/konflux-ci/appstudio-utils:{{ revision }}
workingDir: $(workspaces.artifacts.path)/source
env:
- name: REVISION
value: "$(params.revision)"
- name: GIT_URL
value: "$(params.git-url)"
- name: TASK_BUNDLE_LIST
value: $(workspaces.artifacts.path)/task-bundle-list
- name: PIPELINE_BUNDLE_LIST
value: $(workspaces.artifacts.path)/pipeline-bundle-list
# per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting
# the cluster will set imagePullPolicy to IfNotPresent
# also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released.
script: |-
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
script: |
#!/bin/bash
set -euo pipefail
DATA_BUNDLE_REPO=quay.io/redhat-appstudio-tekton-catalog/data-acceptable-bundles
DATA_BUNDLE_TAG=$(date '+%s')
export DATA_BUNDLE_REPO DATA_BUNDLE_TAG
.tekton/scripts/build-acceptable-bundles.sh "${TASK_BUNDLE_LIST}" "${PIPELINE_BUNDLE_LIST}"
.tekton/scripts/build-acceptable-bundles.sh "$@"
echo -n "$DATA_BUNDLE_REPO" > "$(results.DATA_BUNDLE_REPO.path)"
echo -n "$DATA_BUNDLE_TAG" > "$(results.DATA_BUNDLE_TAG.path)"
args:
- $(workspaces.artifacts.path)/task-bundle-list
- $(workspaces.artifacts.path)/pipeline-bundle-list
- $(workspaces.artifacts-redhat-appstudio.path)/task-bundle-list
- $(workspaces.artifacts-redhat-appstudio.path)/pipeline-bundle-list
volumeMounts:
- mountPath: /root/.docker/config.json
subPath: .dockerconfigjson
name: quay-secret

# Note: copies the redhat-appstudio-tekton-catalog data-acceptable-bundles image
- name: build-acceptable-bundles-konflux-ci
runAfter:
- build-acceptable-bundles-redhat-appstudio
taskSpec:
steps:
- name: copy-bundles
image: quay.io/konflux-ci/appstudio-utils:{{ revision }}
env:
- name: DATA_BUNDLE_RH_APPSTUDIO
value: $(tasks.build-acceptable-bundles-redhat-appstudio.results.DATA_BUNDLE_REPO)
- name: DATA_BUNDLE_TAG
value: $(tasks.build-acceptable-bundles-redhat-appstudio.results.DATA_BUNDLE_TAG)
script: |
#!/bin/bash
set -euo pipefail
set -x
DATA_BUNDLE_KONFLUX_CI=quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles
skopeo copy \
"docker://$DATA_BUNDLE_RH_APPSTUDIO:$DATA_BUNDLE_TAG" \
"docker://$DATA_BUNDLE_KONFLUX_CI:$DATA_BUNDLE_TAG"
skopeo copy \
"docker://$DATA_BUNDLE_KONFLUX_CI:$DATA_BUNDLE_TAG" \
"docker://$DATA_BUNDLE_KONFLUX_CI:latest"
workspaces:
- name: workspace
description: Workspace containing arbitrary artifacts used during the pipeline run.
- name: workspace-redhat-appstudio
description: Same as 'workspace', but for tasks that push to the old redhat-appstudio location.
finally:
- name: slack-webhook-notification
taskRef:
Expand All @@ -187,3 +282,11 @@ spec:
resources:
requests:
storage: 1Gi
- name: workspace-redhat-appstudio
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
8 changes: 4 additions & 4 deletions .tekton/scripts/build-acceptable-bundles.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ set -o nounset
set -o pipefail

# helps with debugging
DATA_BUNDLE_REPO="${DATA_BUNDLE_REPO:-quay.io/redhat-appstudio-tekton-catalog/data-acceptable-bundles}"
DATA_BUNDLE_REPO="${DATA_BUNDLE_REPO:-quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles}"
mapfile -t BUNDLES < <(cat "$@")

# store a list of changed task files
Expand Down Expand Up @@ -34,7 +34,7 @@ printf '%s\n' "${BUNDLES[@]}"
# advantages. First, it prevents the image from accidentally not having any tags,
# and getting garbage collected. Second, it helps us create a timeline of the
# changes done to the data over time.
TAG="$(date '+%s')"
DATA_BUNDLE_TAG=${DATA_BUNDLE_TAG:-$(date '+%s')}

# task_records can be empty if a task wasn't changed
TASK_PARAM=()
Expand All @@ -47,11 +47,11 @@ PARAMS=("${TASK_PARAM[@]}" "${BUNDLES_PARAM[@]}")

ec track bundle --debug \
--input "oci:${DATA_BUNDLE_REPO}:latest" \
--output "oci:${DATA_BUNDLE_REPO}:${TAG}" \
--output "oci:${DATA_BUNDLE_REPO}:${DATA_BUNDLE_TAG}" \
--timeout "15m0s" \
--freshen \
--prune \
"${PARAMS[@]}"

# To facilitate usage in some contexts, tag the image with the floating "latest" tag.
skopeo copy "docker://${DATA_BUNDLE_REPO}:${TAG}" "docker://${DATA_BUNDLE_REPO}:latest"
skopeo copy "docker://${DATA_BUNDLE_REPO}:${DATA_BUNDLE_TAG}" "docker://${DATA_BUNDLE_REPO}:latest"
Loading

0 comments on commit afc0d85

Please sign in to comment.