Skip to content

Commit

Permalink
Apply labels in the buildah task, if provided
Browse files Browse the repository at this point in the history
  • Loading branch information
ralphbean committed Sep 25, 2024
1 parent dc9d917 commit f61a156
Show file tree
Hide file tree
Showing 9 changed files with 48 additions and 0 deletions.
1 change: 1 addition & 0 deletions pipelines/docker-build-multi-platform-oci-ta/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/reposito
|name|description|default value|already set by|
|---|---|---|---|
|ACTIVATION_KEY| Name of secret which contains subscription activation key| activation-key| |
|ADDITIONAL_LABELS| Additional key=value labels that should be applied to the image| []| |
|ADDITIONAL_SECRET| Name of a secret which will be made available to the build with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET| does-not-exist| |
|ADD_CAPABILITIES| Comma separated list of extra capabilities to add when running 'buildah build'| | |
|BUILD_ARGS| Array of --build-arg values ("arg=value" strings)| []| '['$(params.build-args[*])']'|
Expand Down
1 change: 1 addition & 0 deletions pipelines/docker-build-oci-ta/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/reposito
|name|description|default value|already set by|
|---|---|---|---|
|ACTIVATION_KEY| Name of secret which contains subscription activation key| activation-key| |
|ADDITIONAL_LABELS| Additional key=value labels that should be applied to the image| []| |
|ADDITIONAL_SECRET| Name of a secret which will be made available to the build with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET| does-not-exist| |
|ADD_CAPABILITIES| Comma separated list of extra capabilities to add when running 'buildah build'| | |
|BUILD_ARGS| Array of --build-arg values ("arg=value" strings)| []| '['$(params.build-args[*])']'|
Expand Down
1 change: 1 addition & 0 deletions pipelines/docker-build/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/reposito
|name|description|default value|already set by|
|---|---|---|---|
|ACTIVATION_KEY| Name of secret which contains subscription activation key| activation-key| |
|ADDITIONAL_LABELS| Additional key=value labels that should be applied to the image| []| |
|ADDITIONAL_SECRET| Name of a secret which will be made available to the build with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET| does-not-exist| |
|ADD_CAPABILITIES| Comma separated list of extra capabilities to add when running 'buildah build'| | |
|BUILD_ARGS| Array of --build-arg values ("arg=value" strings)| []| '['$(params.build-args[*])']'|
Expand Down
1 change: 1 addition & 0 deletions pipelines/fbc-builder/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/reposito
|name|description|default value|already set by|
|---|---|---|---|
|ACTIVATION_KEY| Name of secret which contains subscription activation key| activation-key| |
|ADDITIONAL_LABELS| Additional key=value labels that should be applied to the image| []| |
|ADDITIONAL_SECRET| Name of a secret which will be made available to the build with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET| does-not-exist| |
|ADD_CAPABILITIES| Comma separated list of extra capabilities to add when running 'buildah build'| | |
|BUILD_ARGS| Array of --build-arg values ("arg=value" strings)| []| |
Expand Down
1 change: 1 addition & 0 deletions task/buildah-oci-ta/0.2/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ When prefetch-dependencies task was activated it is using its artifacts to run b
|name|description|default value|required|
|---|---|---|---|
|ACTIVATION_KEY|Name of secret which contains subscription activation key|activation-key|false|
|ADDITIONAL_LABELS|Additional key=value labels that should be applied to the image|[]|false|
|ADDITIONAL_SECRET|Name of a secret which will be made available to the build with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET|does-not-exist|false|
|ADD_CAPABILITIES|Comma separated list of extra capabilities to add when running 'buildah build'|""|false|
|BUILD_ARGS|Array of --build-arg values ("arg=value" strings)|[]|false|
Expand Down
11 changes: 11 additions & 0 deletions task/buildah-oci-ta/0.2/buildah-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,11 @@ spec:
description: Name of secret which contains subscription activation key
type: string
default: activation-key
- name: ADDITIONAL_LABELS
description: Additional key=value labels that should be applied to the
image
type: string
default: '[]'
- name: ADDITIONAL_SECRET
description: Name of a secret which will be made available to the build
with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET
Expand Down Expand Up @@ -173,6 +178,8 @@ spec:
env:
- name: ACTIVATION_KEY
value: $(params.ACTIVATION_KEY)
- name: ADDITIONAL_LABELS
value: $(params.ADDITIONAL_LABELS)
- name: ADDITIONAL_SECRET
value: $(params.ADDITIONAL_SECRET)
- name: ADD_CAPABILITIES
Expand Down Expand Up @@ -383,6 +390,10 @@ spec:
[ -n "$COMMIT_SHA" ] && LABELS+=("--label" "vcs-ref=$COMMIT_SHA")
[ -n "$IMAGE_EXPIRES_AFTER" ] && LABELS+=("--label" "quay.expires-after=$IMAGE_EXPIRES_AFTER")
for label in $(echo "${ADDITIONAL_LABELS}" | jq -r '.[]'); do
LABELS+=("--label" "$label")
done
ACTIVATION_KEY_PATH="/activation-key"
ENTITLEMENT_PATH="/entitlement"
Expand Down
11 changes: 11 additions & 0 deletions task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,10 @@ spec:
description: Name of secret which contains subscription activation key
name: ACTIVATION_KEY
type: string
- default: '[]'
description: Additional key=value labels that should be applied to the image
name: ADDITIONAL_LABELS
type: string
- default: does-not-exist
description: Name of a secret which will be made available to the build with 'buildah
build --secret' at /run/secrets/$ADDITIONAL_SECRET
Expand Down Expand Up @@ -154,6 +158,8 @@ spec:
env:
- name: ACTIVATION_KEY
value: $(params.ACTIVATION_KEY)
- name: ADDITIONAL_LABELS
value: $(params.ADDITIONAL_LABELS)
- name: ADDITIONAL_SECRET
value: $(params.ADDITIONAL_SECRET)
- name: ADD_CAPABILITIES
Expand Down Expand Up @@ -418,6 +424,10 @@ spec:
[ -n "$COMMIT_SHA" ] && LABELS+=("--label" "vcs-ref=$COMMIT_SHA")
[ -n "$IMAGE_EXPIRES_AFTER" ] && LABELS+=("--label" "quay.expires-after=$IMAGE_EXPIRES_AFTER")
for label in $(echo "${ADDITIONAL_LABELS}" | jq -r '.[]'); do
LABELS+=("--label" "$label")
done
ACTIVATION_KEY_PATH="/activation-key"
ENTITLEMENT_PATH="/entitlement"
Expand Down Expand Up @@ -483,6 +493,7 @@ spec:
ssh $SSH_ARGS "$SSH_HOST" $PORT_FORWARD podman run $PODMAN_PORT_FORWARD \
--tmpfs /run/secrets \
-e ACTIVATION_KEY="$ACTIVATION_KEY" \
-e ADDITIONAL_LABELS="$ADDITIONAL_LABELS" \
-e ADDITIONAL_SECRET="$ADDITIONAL_SECRET" \
-e ADD_CAPABILITIES="$ADD_CAPABILITIES" \
-e BUILDAH_FORMAT="$BUILDAH_FORMAT" \
Expand Down
11 changes: 11 additions & 0 deletions task/buildah-remote/0.2/buildah-remote.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,10 @@ spec:
stages
name: SKIP_UNUSED_STAGES
type: string
- default: '[]'
description: Additional key=value labels that should be applied to the image
name: ADDITIONAL_LABELS
type: string
- description: The platform to build on
name: PLATFORM
type: string
Expand Down Expand Up @@ -181,6 +185,8 @@ spec:
value: $(params.SQUASH)
- name: SKIP_UNUSED_STAGES
value: $(params.SKIP_UNUSED_STAGES)
- name: ADDITIONAL_LABELS
value: $(params.ADDITIONAL_LABELS)
- name: BUILDER_IMAGE
value: quay.io/konflux-ci/buildah-task:latest@sha256:860a239c5f25376a435a514ae6d53a5c75b1fa492461d17774e9b7cb32d1e275
- name: PLATFORM
Expand Down Expand Up @@ -400,6 +406,10 @@ spec:
[ -n "$COMMIT_SHA" ] && LABELS+=("--label" "vcs-ref=$COMMIT_SHA")
[ -n "$IMAGE_EXPIRES_AFTER" ] && LABELS+=("--label" "quay.expires-after=$IMAGE_EXPIRES_AFTER")
for label in $(echo "${ADDITIONAL_LABELS}" | jq -r '.[]'); do
LABELS+=("--label" "$label")
done
ACTIVATION_KEY_PATH="/activation-key"
ENTITLEMENT_PATH="/entitlement"
Expand Down Expand Up @@ -483,6 +493,7 @@ spec:
-e ADD_CAPABILITIES="$ADD_CAPABILITIES" \
-e SQUASH="$SQUASH" \
-e SKIP_UNUSED_STAGES="$SKIP_UNUSED_STAGES" \
-e ADDITIONAL_LABELS="$ADDITIONAL_LABELS" \
-e COMMIT_SHA="$COMMIT_SHA" \
-v "$BUILD_DIR/workspaces/source:$(workspaces.source.path):Z" \
-v "$BUILD_DIR/volumes/shared:/shared:Z" \
Expand Down
10 changes: 10 additions & 0 deletions task/buildah/0.2/buildah.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,10 @@ spec:
description: Whether to skip stages in Containerfile that seem unused by subsequent stages
type: string
default: "true"
- name: ADDITIONAL_LABELS
description: Additional key=value labels that should be applied to the image
type: string
default: "[]"

results:
- description: Digest of the image just built
Expand Down Expand Up @@ -162,6 +166,8 @@ spec:
value: $(params.SQUASH)
- name: SKIP_UNUSED_STAGES
value: $(params.SKIP_UNUSED_STAGES)
- name: ADDITIONAL_LABELS
value: $(params.ADDITIONAL_LABELS)

steps:
- image: quay.io/konflux-ci/buildah-task:latest@sha256:860a239c5f25376a435a514ae6d53a5c75b1fa492461d17774e9b7cb32d1e275
Expand Down Expand Up @@ -320,6 +326,10 @@ spec:
[ -n "$COMMIT_SHA" ] && LABELS+=("--label" "vcs-ref=$COMMIT_SHA")
[ -n "$IMAGE_EXPIRES_AFTER" ] && LABELS+=("--label" "quay.expires-after=$IMAGE_EXPIRES_AFTER")
for label in $(echo "${ADDITIONAL_LABELS}" | jq -r '.[]'); do
LABELS+=("--label" "$label")
done
ACTIVATION_KEY_PATH="/activation-key"
ENTITLEMENT_PATH="/entitlement"
Expand Down

0 comments on commit f61a156

Please sign in to comment.