Skip to content

Commit

Permalink
Get changed task files for git resolvers (#915)
Browse files Browse the repository at this point in the history
After a merge, collect any changed task files
then add them to a data bundle for policy
evaluation
  • Loading branch information
joejstuart authored Apr 3, 2024
1 parent 2e36124 commit bd75227
Show file tree
Hide file tree
Showing 2 changed files with 63 additions and 23 deletions.
31 changes: 8 additions & 23 deletions .tekton/push.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -132,40 +132,25 @@ spec:
steps:
- name: build-bundles
image: quay.io/redhat-appstudio/appstudio-utils:{{ revision }}
workingDir: $(workspaces.artifacts.path)/source
env:
- name: REVISION
value: "$(params.revision)"
- name: GIT_URL
value: "$(params.git-url)"
# per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting
# the cluster will set imagePullPolicy to IfNotPresent
# also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released.
script: |-
#!/usr/bin/env bash
set -euo pipefail
BUNDLES=(
export BUNDLES=(
$(workspaces.artifacts.path)/source/task-bundle-list
$(workspaces.artifacts.path)/source/pipeline-bundle-list
)
touch ${BUNDLES[@]}
echo "Bundles to be added:"
cat ${BUNDLES[@]}
BUNDLES_PARAM=($(cat ${BUNDLES[@]} | awk '{ print "--bundle=" $0 }'))
# The OPA data bundle is tagged with the current timestamp. This has two main
# advantages. First, it prevents the image from accidentally not having any tags,
# and getting garbage collected. Second, it helps us create a timeline of the
# changes done to the data over time.
TAG="$(date '+%s')"
DATA_BUNDLE_REPO='quay.io/redhat-appstudio-tekton-catalog/data-acceptable-bundles'
# Update the OPA data bundle.
ec track bundle --debug \
--input "oci:${DATA_BUNDLE_REPO}:latest" \
--output "oci:${DATA_BUNDLE_REPO}:${TAG}" \
--timeout "15m0s" \
--freshen \
--prune \
${BUNDLES_PARAM[@]}
.tekton/scripts/build-acceptable-bundles.sh
# To facilitate usage in some contexts, tag the image with the floating "latest" tag.
skopeo copy "docker://${DATA_BUNDLE_REPO}:${TAG}" "docker://${DATA_BUNDLE_REPO}:latest"
volumeMounts:
- mountPath: /root/.docker/config.json
subPath: .dockerconfigjson
Expand Down
55 changes: 55 additions & 0 deletions .tekton/scripts/build-acceptable-bundles.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
#!/usr/bin/env bash
set -euo pipefail

# helps with debugging
DATA_BUNDLE_REPO="${DATA_BUNDLE_REPO:-quay.io/redhat-appstudio-tekton-catalog/data-acceptable-bundles}"
BUNDLES=${BUNDLES:-()}

# store a list of changed task files
task_records=()
# loop over all changed files
for path in $(git diff-tree -c --name-only --no-commit-id -r ${REVISION}); do
# check that the file modified is the task file
if [[ "${path}" == task/*/*/*.yaml ]]; then
IFS='/' read -r -a path_array <<< "${path}"
dir_name_after_task="${path_array[1]}"
file_name=$(basename "${path_array[-1]}" ".yaml")

if [[ "${dir_name_after_task}" == "${file_name}" ]]; then
# GIT_URL is the repo_url from PAC (https://hostname/org/repo)
task_records+=("git+${GIT_URL}.git//${path}@${REVISION}")
fi
fi
done

echo "${task_records[@]}"

touch ${BUNDLES[@]}
echo "Bundles to be added:"
cat ${BUNDLES[@]}

# The OPA data bundle is tagged with the current timestamp. This has two main
# advantages. First, it prevents the image from accidentally not having any tags,
# and getting garbage collected. Second, it helps us create a timeline of the
# changes done to the data over time.
TAG="$(date '+%s')"

# task_records can be empty if a task wasn't changed
TASK_PARAM=()
if [ "${#task_records[@]}" -gt 0 ]; then
TASK_PARAM=($(printf "%s\n" "${task_records[@]}" | awk '{ print "--git=" $0 }'))
fi

BUNDLES_PARAM=($(cat ${BUNDLES[@]} | awk '{ print "--bundle=" $0 }'))

PARAMS=("${TASK_PARAM[@]}" "${BUNDLES_PARAM[@]}")
ec track bundle --debug \
--input "oci:${DATA_BUNDLE_REPO}:latest" \
--output "oci:${DATA_BUNDLE_REPO}:${TAG}" \
--timeout "15m0s" \
--freshen \
--prune \
${PARAMS[@]}

# To facilitate usage in some contexts, tag the image with the floating "latest" tag.
skopeo copy "docker://${DATA_BUNDLE_REPO}:${TAG}" "docker://${DATA_BUNDLE_REPO}:latest"

0 comments on commit bd75227

Please sign in to comment.