chore: run hack/generate-buidlah-remote.sh and hack/generate-ta-tasks.sh

konflux-ci · Jul 2, 2024 · dfb2cfb · dfb2cfb
1 parent 64825c4
commit dfb2cfb
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 24 deletions.
diff --git a/task/buildah-oci-ta/0.1/README.md b/task/buildah-oci-ta/0.1/README.md
@@ -8,6 +8,7 @@ When prefetch-dependencies task was activated it is using its artifacts to run b
 ## Parameters
 |name|description|default value|required|
 |---|---|---|---|
+|ADDITIONAL_SECRET|Name of a secret which will be made available to the build with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET|does-not-exist|false|
 |ADD_CAPABILITIES|Comma separated list of extra capabilities to add when running 'buildah build'|""|false|
 |BUILD_ARGS|Array of --build-arg values ("arg=value" strings)|[]|false|
 |BUILD_ARGS_FILE|Path to a file with build arguments, see https://www.mankier.com/1/buildah-build#--build-arg-file|""|false|
@@ -20,7 +21,6 @@ When prefetch-dependencies task was activated it is using its artifacts to run b
 |HERMETIC|Determines if build will be executed without network access.|false|false|
 |IMAGE|Reference of the image buildah will produce.||true|
 |IMAGE_EXPIRES_AFTER|Delete image tag after specified time. Empty means to keep the image tag. Time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.|""|false|
-|ADDITIONAL_SECRET|Name of a secret which will be made available to the build with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET|does-not-exist|false|
 |PREFETCH_INPUT|In case it is not empty, the prefetched content should be made available to the build.|""|false|
 |SOURCE_ARTIFACT|The Trusted Artifact URI pointing to the artifact with the application source code.||true|
 |SQUASH|Squash new layers added as a part of this build, as per --squash|false|false|

diff --git a/task/buildah-oci-ta/0.1/buildah-oci-ta.yaml b/task/buildah-oci-ta/0.1/buildah-oci-ta.yaml
@@ -16,6 +16,11 @@ spec:
     When [Java dependency rebuild](https://redhat-appstudio.github.io/docs.stonesoup.io/Documentation/main/cli/proc_enabled_java_dependencies.html) is enabled it triggers rebuilds of Java artifacts.
     When prefetch-dependencies task was activated it is using its artifacts to run build in hermetic environment.
   params:
+    - name: ADDITIONAL_SECRET
+      description: Name of a secret which will be made available to the build
+        with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET
+      type: string
+      default: does-not-exist
     - name: ADD_CAPABILITIES
       description: Comma separated list of extra capabilities to add when
         running 'buildah build'
@@ -67,11 +72,6 @@ spec:
         hours, days, and weeks, respectively.
       type: string
       default: ""
-    - name: ADDITIONAL_SECRET
-      description: Name of a secret which will be made available to the build
-        with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET
-      type: string
-      default: does-not-exist
     - name: PREFETCH_INPUT
       description: In case it is not empty, the prefetched content should
         be made available to the build.
@@ -136,14 +136,14 @@ spec:
       description: The counting of Java components by publisher in JSON format
       type: string
   volumes:
-    - name: etc-pki-entitlement
-      secret:
-        optional: true
-        secretName: $(params.ENTITLEMENT_SECRET)
     - name: additional-secret
       secret:
         optional: true
         secretName: $(params.ADDITIONAL_SECRET)
+    - name: etc-pki-entitlement
+      secret:
+        optional: true
+        secretName: $(params.ENTITLEMENT_SECRET)
     - name: shared
       emptyDir: {}
     - name: trusted-ca
@@ -159,6 +159,8 @@ spec:
       emptyDir: {}
   stepTemplate:
     env:
+      - name: ADDITIONAL_SECRET
+        value: $(params.ADDITIONAL_SECRET)
       - name: ADD_CAPABILITIES
         value: $(params.ADD_CAPABILITIES)
       - name: BUILDAH_FORMAT
@@ -181,8 +183,6 @@ spec:
         value: $(params.SQUASH)
       - name: SQUASH_ALL
         value: $(params.SQUASH_ALL)
-      - name: ADDITIONAL_SECRET
-        value: $(params.ADDITIONAL_SECRET)
       - name: STORAGE_DRIVER
         value: vfs
       - name: TARGET_STAGE

diff --git a/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml b/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml
@@ -16,6 +16,11 @@ spec:
     When [Java dependency rebuild](https://redhat-appstudio.github.io/docs.stonesoup.io/Documentation/main/cli/proc_enabled_java_dependencies.html) is enabled it triggers rebuilds of Java artifacts.
     When prefetch-dependencies task was activated it is using its artifacts to run build in hermetic environment.
   params:
+  - default: does-not-exist
+    description: Name of a secret which will be made available to the build with 'buildah
+      build --secret' at /run/secrets/$ADDITIONAL_SECRET
+    name: ADDITIONAL_SECRET
+    type: string
   - default: ""
     description: Comma separated list of extra capabilities to add when running 'buildah
       build'
@@ -67,11 +72,6 @@ spec:
       respectively.
     name: IMAGE_EXPIRES_AFTER
     type: string
-  - default: does-not-exist
-    description: Name of a secret which will be made available to the build with 'buildah
-      build --secret' at /run/secrets/$ADDITIONAL_SECRET
-    name: ADDITIONAL_SECRET
-    type: string
   - default: ""
     description: In case it is not empty, the prefetched content should be made available
       to the build.
@@ -138,6 +138,8 @@ spec:
   stepTemplate:
     computeResources: {}
     env:
+    - name: ADDITIONAL_SECRET
+      value: $(params.ADDITIONAL_SECRET)
     - name: ADD_CAPABILITIES
       value: $(params.ADD_CAPABILITIES)
     - name: BUILDAH_FORMAT
@@ -160,8 +162,6 @@ spec:
       value: $(params.SQUASH)
     - name: SQUASH_ALL
       value: $(params.SQUASH_ALL)
-    - name: ADDITIONAL_SECRET
-      value: $(params.ADDITIONAL_SECRET)
     - name: STORAGE_DRIVER
       value: vfs
     - name: TARGET_STAGE
@@ -405,6 +405,7 @@ spec:
       chmod +x scripts/script-build.sh
       rsync -ra scripts "$SSH_HOST:$BUILD_DIR"
       ssh $SSH_ARGS "$SSH_HOST" $PORT_FORWARD podman  run $PODMAN_PORT_FORWARD \
+       -e ADDITIONAL_SECRET="$ADDITIONAL_SECRET" \
        -e ADD_CAPABILITIES="$ADD_CAPABILITIES" \
        -e BUILDAH_FORMAT="$BUILDAH_FORMAT" \
        -e BUILD_ARGS_FILE="$BUILD_ARGS_FILE" \
@@ -416,7 +417,6 @@ spec:
        -e IMAGE_EXPIRES_AFTER="$IMAGE_EXPIRES_AFTER" \
        -e SQUASH="$SQUASH" \
        -e SQUASH_ALL="$SQUASH_ALL" \
-       -e ADDITIONAL_SECRET="$ADDITIONAL_SECRET" \
        -e STORAGE_DRIVER="$STORAGE_DRIVER" \
        -e TARGET_STAGE="$TARGET_STAGE" \
        -e TLSVERIFY="$TLSVERIFY" \
@@ -622,14 +622,14 @@ spec:
     name: upload-sbom
     workingDir: /var/workdir
   volumes:
-  - name: etc-pki-entitlement
-    secret:
-      optional: true
-      secretName: $(params.ENTITLEMENT_SECRET)
   - name: additional-secret
     secret:
       optional: true
       secretName: $(params.ADDITIONAL_SECRET)
+  - name: etc-pki-entitlement
+    secret:
+      optional: true
+      secretName: $(params.ENTITLEMENT_SECRET)
   - emptyDir: {}
     name: shared
   - configMap: