From b7d5076e05ec1795c6b3811dd1c15aadfe84c7a4 Mon Sep 17 00:00:00 2001 From: Sushanta Das Date: Mon, 2 Sep 2024 17:25:40 +0530 Subject: [PATCH] Add migration.md and fix ref --- task/buildah-min/0.1/patch.yaml | 24 +++++++-------- task/buildah-min/0.2/MIGRATION.md | 49 +++++++++++++++++++++++++++++++ task/buildah-min/0.2/patch.yaml | 24 +++++++-------- 3 files changed, 73 insertions(+), 24 deletions(-) create mode 100644 task/buildah-min/0.2/MIGRATION.md diff --git a/task/buildah-min/0.1/patch.yaml b/task/buildah-min/0.1/patch.yaml index e7c0d5ba16..f1582a3f74 100644 --- a/task/buildah-min/0.1/patch.yaml +++ b/task/buildah-min/0.1/patch.yaml @@ -42,40 +42,40 @@ value: 10m # prepare-sboms step - op: replace - path: /spec/steps/2/computeResources/limits/memory + path: /spec/steps/3/computeResources/limits/memory value: 256Mi - op: replace - path: /spec/steps/2/computeResources/requests/memory + path: /spec/steps/3/computeResources/requests/memory value: 128Mi - op: replace - path: /spec/steps/2/computeResources/limits/cpu + path: /spec/steps/3/computeResources/limits/cpu value: 100m - op: replace - path: /spec/steps/2/computeResources/requests/cpu + path: /spec/steps/3/computeResources/requests/cpu value: 10m # inject-sbom-and-push step - op: replace - path: /spec/steps/2/computeResources/limits/memory + path: /spec/steps/4/computeResources/limits/memory value: 2Gi - op: replace - path: /spec/steps/2/computeResources/requests/memory + path: /spec/steps/4/computeResources/requests/memory value: 512Mi - op: replace - path: /spec/steps/2/computeResources/limits/cpu + path: /spec/steps/4/computeResources/limits/cpu value: 2 - op: replace - path: /spec/steps/2/computeResources/requests/cpu + path: /spec/steps/4/computeResources/requests/cpu value: 100m # upload-sbom step - op: replace - path: /spec/steps/2/computeResources/limits/memory + path: /spec/steps/5/computeResources/limits/memory value: 256Mi - op: replace - path: /spec/steps/2/computeResources/requests/memory + path: /spec/steps/5/computeResources/requests/memory value: 128Mi - op: replace - path: /spec/steps/2/computeResources/limits/cpu + path: /spec/steps/5/computeResources/limits/cpu value: 100m - op: replace - path: /spec/steps/2/computeResources/requests/cpu + path: /spec/steps/5/computeResources/requests/cpu value: 10m diff --git a/task/buildah-min/0.2/MIGRATION.md b/task/buildah-min/0.2/MIGRATION.md new file mode 100644 index 0000000000..e1f48756aa --- /dev/null +++ b/task/buildah-min/0.2/MIGRATION.md @@ -0,0 +1,49 @@ +# Migration from 0.1 to 0.2 + +Version 0.2: + +* Removes the `BASE_IMAGES_DIGESTS` result. Please remove all the references to this + result from your pipeline. + * Base images and their digests can be found in the SBOM for the output image. +* No longer writes the `base_images_from_dockerfile` file into the `source` workspace. +* Removes the `BUILDER_IMAGE` and `DOCKER_AUTH` params. Neither one did anything + in the later releases of version 0.1. Please stop passing these params to the + buildah task if you used to do so with version 0.1. + +## Konflux-specific + +In a typical Konflux pipeline, the two tasks that used to depend on the `BASE_IMAGES_DIGESTS` +result are `build-source-image` and `deprecated-base-image-check`. + +1. Make sure your version of `deprecated-base-image-check` is at least `0.4`. +2. Make sure your version of `build-source-image` supports reading base images from + the SBOM. Version `0.1` supports it since 2024-07-15. In the logs of your build + pipeline, you should see that the build-source-image task now has a GET-BASE-IMAGES + step. Once you stop passing the `BASE_IMAGES_DIGESTS` param, this step will emit + logs about handling the SBOM. +3. Remove the parameters that reference the `BASE_IMAGES_DIGESTS` result: + +```diff +@@ -255,10 +255,8 @@ spec: + - name: build-source-image + params: + - name: BINARY_IMAGE + value: $(params.output-image) +- - name: BASE_IMAGES +- value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) + runAfter: + - build-container + taskRef: + params: +@@ -282,10 +280,8 @@ spec: + - name: workspace + workspace: workspace + - name: deprecated-base-image-check + params: +- - name: BASE_IMAGES_DIGESTS +- value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS) + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) +``` diff --git a/task/buildah-min/0.2/patch.yaml b/task/buildah-min/0.2/patch.yaml index e7c0d5ba16..f1582a3f74 100644 --- a/task/buildah-min/0.2/patch.yaml +++ b/task/buildah-min/0.2/patch.yaml @@ -42,40 +42,40 @@ value: 10m # prepare-sboms step - op: replace - path: /spec/steps/2/computeResources/limits/memory + path: /spec/steps/3/computeResources/limits/memory value: 256Mi - op: replace - path: /spec/steps/2/computeResources/requests/memory + path: /spec/steps/3/computeResources/requests/memory value: 128Mi - op: replace - path: /spec/steps/2/computeResources/limits/cpu + path: /spec/steps/3/computeResources/limits/cpu value: 100m - op: replace - path: /spec/steps/2/computeResources/requests/cpu + path: /spec/steps/3/computeResources/requests/cpu value: 10m # inject-sbom-and-push step - op: replace - path: /spec/steps/2/computeResources/limits/memory + path: /spec/steps/4/computeResources/limits/memory value: 2Gi - op: replace - path: /spec/steps/2/computeResources/requests/memory + path: /spec/steps/4/computeResources/requests/memory value: 512Mi - op: replace - path: /spec/steps/2/computeResources/limits/cpu + path: /spec/steps/4/computeResources/limits/cpu value: 2 - op: replace - path: /spec/steps/2/computeResources/requests/cpu + path: /spec/steps/4/computeResources/requests/cpu value: 100m # upload-sbom step - op: replace - path: /spec/steps/2/computeResources/limits/memory + path: /spec/steps/5/computeResources/limits/memory value: 256Mi - op: replace - path: /spec/steps/2/computeResources/requests/memory + path: /spec/steps/5/computeResources/requests/memory value: 128Mi - op: replace - path: /spec/steps/2/computeResources/limits/cpu + path: /spec/steps/5/computeResources/limits/cpu value: 100m - op: replace - path: /spec/steps/2/computeResources/requests/cpu + path: /spec/steps/5/computeResources/requests/cpu value: 10m