Skip to content

Commit

Permalink
Merge branch 'main' into switch-buildah-source
Browse files Browse the repository at this point in the history
  • Loading branch information
arewm authored Jul 5, 2024
2 parents 495c101 + 12f31d3 commit b1cd271
Show file tree
Hide file tree
Showing 13 changed files with 124 additions and 147 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@
.idea/
pipeline-bundle-list
task-bundle-list
bundle_values.env
193 changes: 57 additions & 136 deletions .tekton/push.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -42,20 +42,6 @@ spec:
- name: output
workspace: workspace

- name: clone-repository-to-redhat-appstudio-workspace
params:
- name: url
value: $(params.git-url)
- name: revision
value: "$(params.revision)"
- name: depth
value: "0"
taskRef:
name: git-clone
workspaces:
- name: output
workspace: workspace-redhat-appstudio

- name: ec-task-checks
runAfter:
- clone-repository
Expand All @@ -78,126 +64,61 @@ spec:
- name: source
workspace: workspace

- name: build-bundles-redhat-appstudio
- name: build-bundles
params:
- name: revision
value: "$(params.revision)"
runAfter:
- build-container
- clone-repository-to-redhat-appstudio-workspace
- ec-task-checks
workspaces:
- name: source
workspace: workspace-redhat-appstudio
workspace: workspace
taskSpec:
params:
- name: revision
type: string
steps:
- name: build-bundles
- name: build-bundles-konflux-ci
image: quay.io/konflux-ci/appstudio-utils:{{ revision }}
workingDir: $(workspaces.source.path)/source
command: ["./hack/build-and-push.sh"]
env:
- name: QUAY_NAMESPACE
value: redhat-appstudio-tekton-catalog
value: konflux-ci/tekton-catalog
- name: BUILD_TAG
value: "$(params.revision)"
- name: SKIP_BUILD
value: "1"
- name: SKIP_INSTALL
value: "1"
- name: OUTPUT_TASK_BUNDLE_LIST
value: $(workspaces.source.path)/task-bundle-list
value: $(workspaces.source.path)/task-bundle-list-konflux-ci
- name: OUTPUT_PIPELINE_BUNDLE_LIST
value: $(workspaces.source.path)/pipeline-bundle-list
volumeMounts:
- mountPath: /root/.docker/config.json
subPath: .dockerconfigjson
name: quay-secret
volumes:
- name: quay-secret
secret:
secretName: redhat-appstudio-tekton-catalog-build-definitions-pull-secret
workspaces:
- name: source

- name: build-bundles-konflux-ci
params:
- name: revision
value: "$(params.revision)"
runAfter:
- build-container
workspaces:
- name: source
workspace: workspace
taskSpec:
params:
- name: revision
type: string
steps:
- name: build-bundles
value: $(workspaces.source.path)/pipeline-bundle-list-konflux-ci
- name: build-bundles-redhat-appstudio
image: quay.io/konflux-ci/appstudio-utils:{{ revision }}
workingDir: $(workspaces.source.path)/source
command: ["./hack/build-and-push.sh"]
env:
- name: QUAY_NAMESPACE
value: konflux-ci/tekton-catalog
value: redhat-appstudio-tekton-catalog
- name: BUILD_TAG
value: "$(params.revision)"
- name: SKIP_BUILD
value: "1"
- name: SKIP_INSTALL
value: "1"
- name: OUTPUT_TASK_BUNDLE_LIST
value: $(workspaces.source.path)/task-bundle-list
value: $(workspaces.source.path)/task-bundle-list-appstudio
- name: OUTPUT_PIPELINE_BUNDLE_LIST
value: $(workspaces.source.path)/pipeline-bundle-list
workspaces:
- name: source

- name: update-infra-repo
runAfter:
- build-bundles-redhat-appstudio
- build-bundles-konflux-ci
params:
- name: ORIGIN_REPO
value: $(params.git-url)
- name: REVISION
value: $(params.revision)
- name: SCRIPT
value: |
sed -i -E 's/[0-9a-f]{40}/$(params.revision)/g' components/build-service/base/build-pipeline-config/build-pipeline-config.yaml
taskRef:
name: update-infra-deployments

# Note: pushes to redhat-appstudio-tekton-catalog, but contains the bundles
# from both redhat-appstudio-tekton-catalog and konflux-ci/tekton-catalog
- name: build-acceptable-bundles-redhat-appstudio
runAfter:
- build-bundles-redhat-appstudio
- build-bundles-konflux-ci
workspaces:
- name: artifacts
workspace: workspace
- name: artifacts-redhat-appstudio
workspace: workspace-redhat-appstudio
taskSpec:
workspaces:
- name: artifacts
description: Workspace containing arbitrary artifacts used during the task run.
- name: artifacts-redhat-appstudio
description: Same as 'artifacts', but for tasks that push to the old redhat-appstudio location.
volumes:
- name: quay-secret
secret:
secretName: redhat-appstudio-tekton-catalog-build-definitions-pull-secret
results:
- name: DATA_BUNDLE_REPO
- name: DATA_BUNDLE_TAG
steps:
- name: build-bundles
value: $(workspaces.source.path)/pipeline-bundle-list-appstudio
volumeMounts:
- mountPath: /root/.docker/config.json
subPath: .dockerconfigjson
name: quay-secret
- name: update-acceptable-bundles
image: quay.io/konflux-ci/appstudio-utils:{{ revision }}
workingDir: $(workspaces.artifacts.path)/source
workingDir: $(workspaces.source.path)/source
env:
- name: REVISION
value: "$(params.revision)"
Expand All @@ -207,56 +128,64 @@ spec:
#!/bin/bash
set -euo pipefail
DATA_BUNDLE_REPO=quay.io/redhat-appstudio-tekton-catalog/data-acceptable-bundles
DATA_BUNDLE_REPO=quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles
DATA_BUNDLE_TAG=$(date '+%s')
export DATA_BUNDLE_REPO DATA_BUNDLE_TAG
.tekton/scripts/build-acceptable-bundles.sh "$@"
echo -n "$DATA_BUNDLE_REPO" > "$(results.DATA_BUNDLE_REPO.path)"
echo -n "$DATA_BUNDLE_TAG" > "$(results.DATA_BUNDLE_TAG.path)"
echo -n "${DATA_BUNDLE_TAG}" > acceptable_bundle_tag
args:
- $(workspaces.artifacts.path)/task-bundle-list
- $(workspaces.artifacts.path)/pipeline-bundle-list
- $(workspaces.artifacts-redhat-appstudio.path)/task-bundle-list
- $(workspaces.artifacts-redhat-appstudio.path)/pipeline-bundle-list
volumeMounts:
- mountPath: /root/.docker/config.json
subPath: .dockerconfigjson
name: quay-secret

# Note: copies the redhat-appstudio-tekton-catalog data-acceptable-bundles image
- name: build-acceptable-bundles-konflux-ci
runAfter:
- build-acceptable-bundles-redhat-appstudio
taskSpec:
steps:
- name: copy-bundles
- $(workspaces.source.path)/task-bundle-list-konflux-ci
- $(workspaces.source.path)/pipeline-bundle-list-konflux-ci
- $(workspaces.source.path)/task-bundle-list-appstudio
- $(workspaces.source.path)/pipeline-bundle-list-appstudio
- name: copy-acceptable-bundle-to-appstudio
image: quay.io/konflux-ci/appstudio-utils:{{ revision }}
env:
- name: DATA_BUNDLE_RH_APPSTUDIO
value: $(tasks.build-acceptable-bundles-redhat-appstudio.results.DATA_BUNDLE_REPO)
- name: DATA_BUNDLE_TAG
value: $(tasks.build-acceptable-bundles-redhat-appstudio.results.DATA_BUNDLE_TAG)
workingDir: $(workspaces.source.path)/source
script: |
#!/bin/bash
set -euo pipefail
set -x
DATA_BUNDLE_KONFLUX_CI=quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles
DATA_BUNDLE_REPO=quay.io/konflux-ci/tekton-catalog/data-acceptable-bundles
DATA_BUNDLE_TAG=$(<acceptable_bundle_tag)
DATA_BUNDLE_RH_APPSTUDIO=quay.io/redhat-appstudio-tekton-catalog/data-acceptable-bundles
skopeo copy \
"docker://$DATA_BUNDLE_RH_APPSTUDIO:$DATA_BUNDLE_TAG" \
"docker://$DATA_BUNDLE_KONFLUX_CI:$DATA_BUNDLE_TAG"
"docker://$DATA_BUNDLE_REPO:$DATA_BUNDLE_TAG" \
"docker://$DATA_BUNDLE_RH_APPSTUDIO:$DATA_BUNDLE_TAG"
skopeo copy \
"docker://$DATA_BUNDLE_KONFLUX_CI:$DATA_BUNDLE_TAG" \
"docker://$DATA_BUNDLE_KONFLUX_CI:latest"
"docker://$DATA_BUNDLE_REPO:$DATA_BUNDLE_TAG" \
"docker://$DATA_BUNDLE_RH_APPSTUDIO:latest"
volumeMounts:
- mountPath: /root/.docker/config.json
subPath: .dockerconfigjson
name: quay-secret
volumes:
- name: quay-secret
secret:
secretName: redhat-appstudio-tekton-catalog-build-definitions-pull-secret
workspaces:
- name: source

- name: update-infra-repo
runAfter:
- build-bundles
params:
- name: ORIGIN_REPO
value: $(params.git-url)
- name: REVISION
value: $(params.revision)
- name: SCRIPT
value: |
sed -i -E 's/[0-9a-f]{40}/$(params.revision)/g' components/build-service/base/build-pipeline-config/build-pipeline-config.yaml
taskRef:
name: update-infra-deployments

workspaces:
- name: workspace
description: Workspace containing arbitrary artifacts used during the pipeline run.
- name: workspace-redhat-appstudio
description: Same as 'workspace', but for tasks that push to the old redhat-appstudio location.
finally:
- name: slack-webhook-notification
taskRef:
Expand All @@ -282,11 +211,3 @@ spec:
resources:
requests:
storage: 1Gi
- name: workspace-redhat-appstudio
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
2 changes: 1 addition & 1 deletion .tekton/tasks/e2e-test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ spec:
type: string
steps:
- name: e2e-test
image: quay.io/konflux-ci/e2e-tests:a1fd47cbb639276f08f9c51769a15a106a9e68ff
image: quay.io/redhat-user-workloads/rhtap-qe-shared-tenant/konflux-e2e/konflux-e2e-tests:7dab163f24f482021262680e7a602d6af84ca84b
# a la infra-deployment updates, when PRs merge in e2e-tests, PRs will be opened
# against build-definitions to update this tag
args: [
Expand Down
4 changes: 2 additions & 2 deletions .tekton/tasks/ec-checks.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ spec:
$(all_tasks_dir all_tasks-ec)
- name: validate-all-tasks
workingDir: "$(workspaces.source.path)/source"
image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:dc7d404596385e7d3c624ec0492524a1d57efe2b0c10cf0ec2158d49c0290a83
image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:868c24978b21099988c09a7e35136db5219755e13a62c65247642ce13be6ec6b
script: |
set -euo pipefail
Expand All @@ -37,7 +37,7 @@ spec:
ec validate input --policy "${policy}" --output yaml --strict=true ${args[*]}
- name: validate-build-tasks
workingDir: "$(workspaces.source.path)/source"
image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:dc7d404596385e7d3c624ec0492524a1d57efe2b0c10cf0ec2158d49c0290a83
image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:868c24978b21099988c09a7e35136db5219755e13a62c65247642ce13be6ec6b
script: |
set -euo pipefail
Expand Down
2 changes: 1 addition & 1 deletion pipelines/enterprise-contract.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ spec:
resolver: bundles
params:
- name: bundle
value: quay.io/enterprise-contract/ec-task-bundle:snapshot@sha256:186ed09cdebd169a501ac8a379e7bc1a4f4d50ab5a5ec410a09058991c7f3699
value: quay.io/enterprise-contract/ec-task-bundle:snapshot@sha256:41a5947107beba8cab3c3af1e4d9b9556c93b955d1f5c7224fc8ae68b050f1a2
- name: name
value: verify-enterprise-contract
- name: kind
Expand Down
1 change: 1 addition & 0 deletions renovate.json
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
"quay.io/konflux-ci/pull-request-builds",
"quay.io/redhat-appstudio/github-app-token",
"quay.io/konflux-ci/appstudio-utils",
"quay.io/konflux-ci/source-container-build",
"quay.io/redhat-appstudio/e2e-tests",
"quay.io/redhat-appstudio/buildah",
"quay.io/redhat-appstudio/syft",
Expand Down
2 changes: 1 addition & 1 deletion task/build-image-manifest/0.1/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# build-image-manifest task

This task generates an image manifest from a collection of existing single platform images to create a multi-platform image.
This task generates an image index from a collection of existing single platform images to create a multi-platform image.

## Parameters
| name | description |default value|required|
Expand Down
1 change: 1 addition & 0 deletions task/oci-copy-oci-ta/0.1/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ Given a file in the user's source directory, copy content from arbitrary urls in
## Parameters
|name|description|default value|required|
|---|---|---|---|
|BEARER_TOKEN_SECRET_NAME|Name of a secret which will be made available to the build as an Authorization header. Note, the token will be sent to all servers found in the oci-copy.yaml file. If you do not wish to send the token to all servers, different taskruns and therefore different oci artifacts must be used.|""|false|
|IMAGE|Reference of the image we will push||true|
|OCI_COPY_FILE|Path to the oci copy file.|./oci-copy.yaml|false|
|SOURCE_ARTIFACT|The Trusted Artifact URI pointing to the artifact with the application source code.||true|
Expand Down
29 changes: 27 additions & 2 deletions task/oci-copy-oci-ta/0.1/oci-copy-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,14 @@ spec:
description: Given a file in the user's source directory, copy content from
arbitrary urls into the OCI registry.
params:
- name: BEARER_TOKEN_SECRET_NAME
description: Name of a secret which will be made available to the build
as an Authorization header. Note, the token will be sent to all servers
found in the oci-copy.yaml file. If you do not wish to send the token
to all servers, different taskruns and therefore different oci artifacts
must be used.
type: string
default: ""
- name: IMAGE
description: Reference of the image we will push
type: string
Expand Down Expand Up @@ -85,16 +93,33 @@ spec:
volumeMounts:
- mountPath: /var/lib/containers
name: varlibcontainers
env:
- name: BEARER_TOKEN
valueFrom:
secretKeyRef:
key: token
name: $(params.BEARER_TOKEN_SECRET_NAME)
optional: true
script: |
set -eu
set -e
set -o pipefail
CURL_ARGS=()
if [ -n "${BEARER_TOKEN}" ]; then
echo "Found bearer token. Using it for authentication."
CURL_ARGS+=(-H "Authorization: Bearer ${BEARER_TOKEN}")
else
echo "Proceeding with anonymous requests"
fi
set -u
for varfile in /var/workdir/vars/*; do
echo "Reading $varfile"
source $varfile
echo "Downloading $OCI_SOURCE to $OCI_FILENAME"
curl --silent --show-error --location $OCI_SOURCE -o $OCI_FILENAME
curl "${CURL_ARGS[@]}" --fail --silent --show-error --location $OCI_SOURCE -o $OCI_FILENAME
echo "Confirming that digest of $OCI_FILENAME matches expected $OCI_ARTIFACT_DIGEST"
echo "$OCI_ARTIFACT_DIGEST $OCI_FILENAME" | sha256sum --check
Expand Down
Loading

0 comments on commit b1cd271

Please sign in to comment.