Skip to content

Commit

Permalink
Merge pull request #65 from konflux-ci/appstudio-gatekeeper-fbc-v413
Browse files Browse the repository at this point in the history
Convert FBC builds to multi-arch
  • Loading branch information
arewm authored Aug 27, 2024
2 parents 583eff1 + 08f3797 commit 06fdcf0
Show file tree
Hide file tree
Showing 3 changed files with 158 additions and 196 deletions.
174 changes: 76 additions & 98 deletions .tekton/gatekeeper-fbc-v413-pull-request.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ metadata:
pipelinesascode.tekton.dev/max-keep-runs: "3"
pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
== "main" && ( "v4.13/***".pathChanged() || ".tekton/gatekeeper-fbc-v413-pull-request.yaml".pathChanged()
)
|| "Containerfile.catalog".pathChanged() )
creationTimestamp: null
labels:
appstudio.openshift.io/application: gatekeeper-fbc-v413
Expand All @@ -31,43 +31,25 @@ spec:
value: Containerfile.catalog
- name: path-context
value: v4.13
- name: build-platforms
value:
- linux/x86_64
- linux/arm64
pipelineSpec:
finally:
- name: show-sbom
params:
- name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL)
value: $(tasks.build-image-index.results.IMAGE_URL)
taskRef:
params:
- name: name
value: show-sbom
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:7f8b5499a21de9aca718d0cf2e170949af6b30cacf882d64983471a2c673b1da
value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:9bfc6b99ef038800fe131d7b45ff3cd4da3a415dd536f7c657b3527b01c4a13b
- name: kind
value: task
resolver: bundles
- name: show-summary
params:
- name: pipelinerun-name
value: $(context.pipelineRun.name)
- name: git-url
value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit)
- name: image-url
value: $(params.output-image)
- name: build-task-status
value: $(tasks.build-container.status)
taskRef:
params:
- name: name
value: summary
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:d97c04ab42f277b1103eb6f3a053b247849f4f5b3237ea302a8ecada3b24e15b
- name: kind
value: task
resolver: bundles
workspaces:
- name: workspace
workspace: workspace
params:
- description: Source Repository URL
name: git-url
Expand Down Expand Up @@ -97,18 +79,14 @@ spec:
description: Skip checks against built image
name: skip-checks
type: string
- default: "false"
- default: "true"
description: Execute the build with network isolation
name: hermetic
type: string
- default: ""
description: Build dependencies to be prefetched by Cachi2
name: prefetch-input
type: string
- default: "false"
description: Java build
name: java
type: string
- default: ""
description: Image tag expiration time, time values could be something like
1h, 2d, 3w for hours, days, and weeks, respectively.
Expand All @@ -117,13 +95,24 @@ spec:
description: Build a source image.
name: build-source-image
type: string
- default: "true"
description: Add built image into an OCI image index
name: build-image-index
type: string
- default:
- linux/x86_64
- linux/arm64
description: List of platforms to build the container images on. The available
set of values is determined by the configuration of the multi-platform-controller.
name: build-platforms
type: array
results:
- description: ""
name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL)
value: $(tasks.build-image-index.results.IMAGE_URL)
- description: ""
name: IMAGE_DIGEST
value: $(tasks.build-container.results.IMAGE_DIGEST)
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
- description: ""
name: CHAINS-GIT_URL
value: $(tasks.clone-repository.results.url)
Expand All @@ -144,7 +133,7 @@ spec:
- name: name
value: init
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:99c98d3e5195e9920482f2187590d6f9150c4b8a2001b1ce5dcd5077abda9481
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:092c113b614f6551113f17605ae9cb7e822aa704d07f0e37ed209da23ce392cc
- name: kind
value: task
resolver: bundles
Expand All @@ -154,14 +143,18 @@ spec:
value: $(params.git-url)
- name: revision
value: $(params.revision)
- name: ociStorage
value: $(params.output-image).git
- name: ociArtifactExpiresAfter
value: $(params.image-expires-after)
runAfter:
- init
taskRef:
params:
- name: name
value: git-clone
value: git-clone-oci-ta
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:de0ca8872c791944c479231e21d68379b54877aaf42e5f766ef4a8728970f8b3
value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:0f4360ce144d46171ebd2e8f4d4575539a0600e02208ba5fc9beeb2c27ddfd4c
- name: kind
value: task
resolver: bundles
Expand All @@ -171,11 +164,14 @@ spec:
values:
- "true"
workspaces:
- name: output
workspace: workspace
- name: basic-auth
workspace: git-auth
- name: build-container
- matrix:
params:
- name: PLATFORM
value:
- $(params.build-platforms)
name: build-images
params:
- name: IMAGE
value: $(params.output-image)
Expand All @@ -184,19 +180,23 @@ spec:
- name: CONTEXT
value: $(params.path-context)
- name: HERMETIC
value: "true"
value: $(params.hermetic)
- name: IMAGE_EXPIRES_AFTER
value: $(params.image-expires-after)
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit)
- name: SOURCE_ARTIFACT
value: $(tasks.clone-repository.results.SOURCE_ARTIFACT)
- name: IMAGE_APPEND_PLATFORM
value: "true"
runAfter:
- clone-repository
taskRef:
params:
- name: name
value: buildah
value: buildah-remote-oci-ta
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.1@sha256:72e4ddd9b543e2766830e3a513da5c2fec26ea7a72a50e8c85be642912caa603
value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.2@sha256:ef246ea31c4ff9b98295830cb39892f39d1b5d1b21ca1ccb0ad9e7b9bd83608f
- name: kind
value: task
resolver: bundles
Expand All @@ -205,47 +205,49 @@ spec:
operator: in
values:
- "true"
workspaces:
- name: source
workspace: workspace
- name: deprecated-base-image-check
- name: build-image-index
params:
- name: BASE_IMAGES_DIGESTS
value: $(tasks.build-container.results.BASE_IMAGES_DIGESTS)
- name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL)
- name: IMAGE_DIGEST
value: $(tasks.build-container.results.IMAGE_DIGEST)
- name: IMAGE
value: $(params.output-image)
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit)
- name: IMAGE_EXPIRES_AFTER
value: $(params.image-expires-after)
- name: ALWAYS_BUILD_INDEX
value: $(params.build-image-index)
- name: IMAGES
value:
- $(tasks.build-images.results.IMAGE_REF[*])
runAfter:
- build-container
- build-images
taskRef:
params:
- name: name
value: deprecated-image-check
value: build-image-index
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:ea275aeb7d204ef203a67e6a45a4902479afc1d906d2120f0d8c77d9541ea850
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:dd87c1a2c598ebf2286d4cf7f1ff2c07d0ee3665c16041576012dd3f1a36b080
- name: kind
value: task
resolver: bundles
when:
- input: $(params.skip-checks)
- input: $(tasks.init.results.build)
operator: in
values:
- "false"
- name: sbom-json-check
- "true"
- name: deprecated-base-image-check
params:
- name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL)
value: $(tasks.build-image-index.results.IMAGE_URL)
- name: IMAGE_DIGEST
value: $(tasks.build-container.results.IMAGE_DIGEST)
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
runAfter:
- build-container
- build-image-index
taskRef:
params:
- name: name
value: sbom-json-check
value: deprecated-image-check
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1@sha256:acc9cb8a714f33c0e48d6ca219b6bd0191f09cdd767af4ef3a35d0a5cac53b5d
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:d98fa9daf5ee12dfbf00880b83d092d01ce9994d79836548d2f82748bb0c64a2
- name: kind
value: task
resolver: bundles
Expand All @@ -257,56 +259,32 @@ spec:
- name: apply-tags
params:
- name: IMAGE
value: $(tasks.build-container.results.IMAGE_URL)
value: $(tasks.build-image-index.results.IMAGE_URL)
runAfter:
- build-container
- build-image-index
taskRef:
params:
- name: name
value: apply-tags
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:516875845f2988848ebde5f3e9c717d6077af7bf9b3cb2b34a3c3f86b2609a14
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:e6beb161ed59d7be26317da03e172137b31b26648d3e139558e9a457bc56caff
- name: kind
value: task
resolver: bundles
- name: push-dockerfile
params:
- name: IMAGE
value: $(tasks.build-container.results.IMAGE_URL)
- name: IMAGE_DIGEST
value: $(tasks.build-container.results.IMAGE_DIGEST)
- name: DOCKERFILE
value: $(params.dockerfile)
- name: CONTEXT
value: $(params.path-context)
runAfter:
- build-container
taskRef:
params:
- name: name
value: push-dockerfile
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:e2c8fa67da036cef81e407e28c14b6a2034c6564009e084c368005a4640c554c
- name: kind
value: task
resolver: bundles
workspaces:
- name: workspace
workspace: workspace
- name: inspect-image
params:
- name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL)
value: $(tasks.build-image-index.results.IMAGE_URL)
- name: IMAGE_DIGEST
value: $(tasks.build-container.results.IMAGE_DIGEST)
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
runAfter:
- build-container
- build-image-index
taskRef:
params:
- name: name
value: inspect-image
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-inspect-image:0.1@sha256:081686425a7e37356da5806eb348bceee47964f2a588f760a14e454aba1fd56f
value: quay.io/konflux-ci/tekton-catalog/task-inspect-image:0.1@sha256:c8d7616fba1533637547eccd598314721a106ec0d108dcb5162e234d5d90c755
- name: kind
value: task
resolver: bundles
Expand All @@ -321,9 +299,9 @@ spec:
- name: fbc-validate
params:
- name: IMAGE_URL
value: $(tasks.build-container.results.IMAGE_URL)
value: $(tasks.build-image-index.results.IMAGE_URL)
- name: IMAGE_DIGEST
value: $(tasks.build-container.results.IMAGE_DIGEST)
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
- name: BASE_IMAGE
value: $(tasks.inspect-image.results.BASE_IMAGE)
runAfter:
Expand All @@ -333,7 +311,7 @@ spec:
- name: name
value: fbc-validation
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-fbc-validation:0.1@sha256:37af0ac519e093860b1ba5f88f0beea87d768d402a71e41c214705f33ffd535e
value: quay.io/konflux-ci/tekton-catalog/task-fbc-validation:0.1@sha256:1f14e99269499446cfaee5bed9876f1238095292c8742c88bffa94422e62451e
- name: kind
value: task
resolver: bundles
Expand All @@ -353,7 +331,7 @@ spec:
- name: name
value: fbc-related-image-check
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-fbc-related-image-check:0.1@sha256:02e8efbb04783d19e0f1f48a4261770625b20e2fdfe0515336570aab9bdf7ecc
value: quay.io/konflux-ci/tekton-catalog/task-fbc-related-image-check:0.1@sha256:0fae84cc832d21c250334ab1d285db92e7e22e916ea342d044e46136c502d2f8
- name: kind
value: task
resolver: bundles
Expand Down Expand Up @@ -387,4 +365,4 @@ spec:
- name: git-auth
secret:
secretName: '{{ git_auth_secret }}'
status: {}
status: {}
Loading

0 comments on commit 06fdcf0

Please sign in to comment.