From ca4addd7ea156060685016f2709729c8189727ec Mon Sep 17 00:00:00 2001 From: Erik Skultety Date: Wed, 17 Jul 2024 11:06:27 +0200 Subject: [PATCH] prefetch-dependencies: support for cachi2 config file Some behaviour configuring options are (rightfully) not exposed via CLI options, e.g. setting a timeout on HTTP requests which may be useful for users to set on slower connections and large artifact downloads where the default backend timeouts are simply not long enough. Allow consumers to pass a configuration YAML file to cachi2 to tweak supported behavioural traits. Signed-off-by: Erik Skultety --- .../0.1/README.md | 1 + .../0.1/prefetch-dependencies-oci-ta.yaml | 28 ++++++++++++++- task/prefetch-dependencies/0.1/README.md | 1 + .../0.1/prefetch-dependencies.yaml | 34 ++++++++++++++++++- 4 files changed, 62 insertions(+), 2 deletions(-) diff --git a/task/prefetch-dependencies-oci-ta/0.1/README.md b/task/prefetch-dependencies-oci-ta/0.1/README.md index 56daab0487..312b998e5b 100644 --- a/task/prefetch-dependencies-oci-ta/0.1/README.md +++ b/task/prefetch-dependencies-oci-ta/0.1/README.md @@ -11,6 +11,7 @@ https://github.com/containerbuildsystem/cachi2#basic-usage. |SOURCE_ARTIFACT|The Trusted Artifact URI pointing to the artifact with the application source code.||true| |caTrustConfigMapKey|The name of the key in the ConfigMap that contains the CA bundle data.|ca-bundle.crt|false| |caTrustConfigMapName|The name of the ConfigMap to read CA bundle data from.|trusted-ca|false| +|config-file-content|Pass configuration to cachi2. Note this needs to be passed as a YAML-formatted config dump, not as a file path! ||true| |dev-package-managers|Enable in-development package managers. WARNING: the behavior may change at any time without notice. Use at your own risk. |false|false| |input|Configures project packages that will have their dependencies prefetched.||true| |log-level|Set cachi2 log level (debug, info, warning, error)|info|false| diff --git a/task/prefetch-dependencies-oci-ta/0.1/prefetch-dependencies-oci-ta.yaml b/task/prefetch-dependencies-oci-ta/0.1/prefetch-dependencies-oci-ta.yaml index a24511dac7..e8eaabacd9 100644 --- a/task/prefetch-dependencies-oci-ta/0.1/prefetch-dependencies-oci-ta.yaml +++ b/task/prefetch-dependencies-oci-ta/0.1/prefetch-dependencies-oci-ta.yaml @@ -28,6 +28,10 @@ spec: description: The name of the ConfigMap to read CA bundle data from. type: string default: trusted-ca + - name: config-file-content + description: | + Pass configuration to cachi2. + Note this needs to be passed as a YAML-formatted config dump, not as a file path! - name: dev-package-managers description: | Enable in-development package managers. WARNING: the behavior may change at any time without notice. Use at your own risk. @@ -56,6 +60,8 @@ spec: the application source code. type: string volumes: + - name: config + emptyDir: {} - name: trusted-ca configMap: items: @@ -79,7 +85,12 @@ spec: performing http(s) requests. optional: true stepTemplate: + env: + - name: CONFIG_FILE + value: $(params.config-file-content) volumeMounts: + - mountPath: /mnt/config + name: config - mountPath: /var/workdir name: workdir steps: @@ -104,6 +115,15 @@ spec: args: - use - $(params.SOURCE_ARTIFACT)=/var/workdir/source + - name: sanitize-cachi2-config-file-with-yq + image: quay.io/konflux-ci/yq@sha256:974dea6375ee9df561ffd3baf994db2b61777a71f3bcf0050c5dca91ac9b3430 + script: | + if [ -n "${CONFIG_FILE}" ]; then + # we need to drop 'goproxy_url' for safety reasons until cachi2 decides what the SBOM + # impact of this configuration option will be: + # https://github.com/containerbuildsystem/cachi2/issues/577 + yq 'del(.goproxy_url)' <<<"${CONFIG_FILE}" >/mnt/config/config.yaml + fi - name: prefetch-dependencies image: quay.io/redhat-appstudio/cachi2:0.8.0@sha256:5cf15d6f3fb151a3e12c8a17024062b7cc62b0c3e1b165e4a9fa5bf7a77bdc30 volumeMounts: @@ -132,6 +152,12 @@ spec: exit 0 fi + if [ -f /mnt/config/config.yaml ]; then + config_flag=--config-file=/mnt/config/config.yaml + else + config_flag="" + fi + if [ "$DEV_PACKAGE_MANAGERS" = "true" ]; then dev_pacman_flag=--dev-package-managers else @@ -167,7 +193,7 @@ spec: update-ca-trust fi - cachi2 --log-level="$LOG_LEVEL" fetch-deps \ + cachi2 --log-level="$LOG_LEVEL" $config_flag fetch-deps \ $dev_pacman_flag \ --source=/var/workdir/source \ --output=/var/workdir/cachi2/output \ diff --git a/task/prefetch-dependencies/0.1/README.md b/task/prefetch-dependencies/0.1/README.md index 067bdc02c0..9de8db7843 100644 --- a/task/prefetch-dependencies/0.1/README.md +++ b/task/prefetch-dependencies/0.1/README.md @@ -9,6 +9,7 @@ See docs at https://github.com/containerbuildsystem/cachi2#basic-usage. |input|Configures project packages that will have their dependencies prefetched.||true| |dev-package-managers|Enable in-development package managers. WARNING: the behavior may change at any time without notice. Use at your own risk. |false|false| |log-level|Set cachi2 log level (debug, info, warning, error)|info|false| +|config-file-content|Pass configuration to cachi2. Note this needs to be passed as a YAML-formatted config dump, not as a file path! ||true| |caTrustConfigMapName|The name of the ConfigMap to read CA bundle data from.|trusted-ca|false| |caTrustConfigMapKey|The name of the key in the ConfigMap that contains the CA bundle data.|ca-bundle.crt|false| diff --git a/task/prefetch-dependencies/0.1/prefetch-dependencies.yaml b/task/prefetch-dependencies/0.1/prefetch-dependencies.yaml index b993d3e2f3..7149d4fc7a 100644 --- a/task/prefetch-dependencies/0.1/prefetch-dependencies.yaml +++ b/task/prefetch-dependencies/0.1/prefetch-dependencies.yaml @@ -22,6 +22,10 @@ spec: - description: Set cachi2 log level (debug, info, warning, error) name: log-level default: "info" + - description: | + Pass configuration to cachi2. + Note this needs to be passed as a YAML-formatted config dump, not as a file path! + name: config-file-content - name: caTrustConfigMapName type: string description: The name of the ConfigMap to read CA bundle data from. @@ -30,7 +34,27 @@ spec: type: string description: The name of the key in the ConfigMap that contains the CA bundle data. default: ca-bundle.crt + + stepTemplate: + env: + - name: CONFIG_FILE + value: $(params.config-file-content) + volumeMounts: + - name: config + mountPath: /mnt/config + steps: + - name: sanitize-cachi2-config-file-with-yq + image: quay.io/konflux-ci/yq@sha256:974dea6375ee9df561ffd3baf994db2b61777a71f3bcf0050c5dca91ac9b3430 + script: | + if [ -n "${CONFIG_FILE}" ] + then + # we need to drop 'goproxy_url' for safety reasons until cachi2 decides what the SBOM + # impact of this configuration option will be: + # https://github.com/containerbuildsystem/cachi2/issues/577 + yq 'del(.goproxy_url)' <<< "${CONFIG_FILE}" > /mnt/config/config.yaml + fi + - image: quay.io/redhat-appstudio/cachi2:0.8.0@sha256:5cf15d6f3fb151a3e12c8a17024062b7cc62b0c3e1b165e4a9fa5bf7a77bdc30 # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent @@ -62,6 +86,12 @@ spec: exit 0 fi + if [ -f /mnt/config/config.yaml ]; then + config_flag=--config-file=/mnt/config/config.yaml + else + config_flag="" + fi + if [ "$DEV_PACKAGE_MANAGERS" = "true" ]; then dev_pacman_flag=--dev-package-managers else @@ -97,7 +127,7 @@ spec: update-ca-trust fi - cachi2 --log-level="$LOG_LEVEL" fetch-deps \ + cachi2 --log-level="$LOG_LEVEL" $config_flag fetch-deps \ $dev_pacman_flag \ --source=$(workspaces.source.path)/source \ --output=$(workspaces.source.path)/cachi2/output \ @@ -133,3 +163,5 @@ spec: - key: $(params.caTrustConfigMapKey) path: ca-bundle.crt optional: true + - name: config + emptyDir: {}