Skip to content

Commit

Permalink
refactor(RELEASE-1041): move and rename iib pipeline
Browse files Browse the repository at this point in the history
this PR moves the IIB internal pipeline and tasks
to the release-service-catalog and renames it to
update-fbc-catalog.

Signed-off-by: Leandro Mendes <[email protected]>
  • Loading branch information
theflockers committed Dec 19, 2024
1 parent 1b1616f commit 75dc081
Show file tree
Hide file tree
Showing 8 changed files with 571 additions and 0 deletions.
16 changes: 16 additions & 0 deletions internal/pipelines/update-fbc-catalog/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# update-fbc-catalog pipeline

Tekton pipeline add/update FBC fragments to the FBC catalog by interacting with IIB service for File Based Catalogs

## Parameters

| Name | Description | Optional | Default value |
|-------------------------|-----------------------------------------------------------------------------|----------|---------------------|
| iibServiceAccountSecret | Secret containing the credentials for IIB service | yes | iib-service-account |
| fbcFragment | FBC fragment built by HACBS | no | - |
| fromIndex | Index image (catalog of catalogs) the FBC fragment will be added to | no | - |
| buildTags | List of additional tags the internal index image copy should be tagged with | yes | '[]' |
| addArches | List of arches the index image should be built for | yes | '[]' |
| hotfix | Whether this build is a hotfix build | yes | false |
| stagedIndex | Whether this build is a staged index build | yes | false |
| buildTimeoutSeconds | IIB Build Service timeout seconds | no | - |
80 changes: 80 additions & 0 deletions internal/pipelines/update-fbc-catalog/update-fbc-catalog.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
---
apiVersion: tekton.dev/v1
kind: Pipeline
metadata:
name: update-fbc-catalog
labels:
app.kubernetes.io/version: "1.0.0"
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/tags: fbc
spec:
description: >-
Tekton pipeline add/update FBC fragments to the FBC catalog by interacting with IIB service for File Based Catalogs
params:
- name: iibServiceAccountSecret
type: string
description: Secret containing the credentials for IIB service
default: iib-service-account
- name: fbcFragment
type: string
description: FBC fragment built by HACBS
- name: fromIndex
type: string
description: >-
Index image (catalog of catalogs) the FBC fragment will be added to
- name: buildTags
type: string
default: '[]'
description: >-
List of additional tags the internal index image copy should be
tagged with
- name: addArches
type: string
default: '[]'
description: List of arches the index image should be built for
- name: hotfix
type: string
default: "false"
description: Whether this build is a hotfix build
- name: stagedIndex
type: string
default: "false"
description: Whether this build is a staged index build
- name: buildTimeoutSeconds
type: string
description: IIB Build Service timeout seconds
tasks:
- name: update-fbc-catalog-task
taskRef:
name: update-fbc-catalog-task
params:
- name: iibServiceAccountSecret
value: $(params.iibServiceAccountSecret)
- name: fbcFragment
value: $(params.fbcFragment)
- name: fromIndex
value: $(params.fromIndex)
- name: buildTags
value: $(params.buildTags)
- name: addArches
value: $(params.addArches)
- name: hotfix
value: $(params.hotfix)
- name: stagedIndex
value: $(params.stagedIndex)
- name: buildTimeoutSeconds
value: $(params.buildTimeoutSeconds)
results:
- name: jsonBuildInfo
value: $(tasks.update-fbc-catalog-task.results.jsonBuildInfo)
- name: buildState
value: $(tasks.update-fbc-catalog-task.results.buildState)
- name: genericResult
value: $(tasks.update-fbc-catalog-task.results.genericResult)
- name: indexImageDigests
value: $(tasks.update-fbc-catalog-task.results.indexImageDigests)
- name: iibLog
value: $(tasks.update-fbc-catalog-task.results.iibLog)
- name: exitCode
value: $(tasks.update-fbc-catalog-task.results.exitCode)
14 changes: 14 additions & 0 deletions internal/tasks/update-fbc-catalog-task/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# update-fbc-catalog task

Tekton task to submit a IIB build request to add/update a fbc-fragment to an index image

| Name | Description | Optional | Default value |
| ----------------------- | ---------------------------------------------------------------------------- | -------- | ------------- |
| fbcFragment | FBC fragment built by HACBS | No | - |
| fromIndex | Index image (catalog of catalogs) the FBC fragment will be added to | No | - |
| buildTags | List of additional tags the internal index image copy should be tagged with. | No | - |
| addArches | List of arches the index image should be built for. | No | - |
| buildTimeoutSeconds | Timeout seconds to receive the build state | Yes | "300" |
| iibServiceAccountSecret | Secret with IIB credentials to be used | No | - |
| hotfix | Whether this build is a hotfix build | Yes | "false" |
| stagedIndex | Whether this build is for a staged index build | Yes | "false" |
14 changes: 14 additions & 0 deletions internal/tasks/update-fbc-catalog-task/tests/build-seed.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
---
id: 1
distribution_scope: "stage"
fbc_fragment: "registry.io/image0@sha256:0000"
internal_index_image_copy: "registry-proxy-stage.engineering.redhat.com/rh-osbs-stage/iib:1"
logs:
url: "https://iib.stage.engineering.redhat.com/api/v1/builds/101459/logs"
request_type: "fbc-operations"
state: "complete"
state_reason: ""
state_history:
- state: "in_progress"
state_reason: "The request was initiated"
user: "[email protected]"
90 changes: 90 additions & 0 deletions internal/tasks/update-fbc-catalog-task/tests/mocks.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
#!/bin/bash
set -xe

# seed for the build status
yq -o json <<< '
items:
- id: 1
distribution_scope: "stage"
fbc_fragment: "registry.io/image0@sha256:0000"
internal_index_image_copy: "registry-proxy-stage.engineering.redhat.com/rh-osbs-stage/iib:1"
logs:
url: "https://fakeiib.host/api/v1/builds/1/logs"
request_type: "fbc-operations"
state: "in_progress"
state_reason: "The request was initiated"
state_history:
- state: "in_progress"
state_reason: "The request was initiated"
user: "iib@kerberos"' > /tmp/build-seed

buildSeed=$(cat /tmp/build-seed)
build=$(jq -cr '.items[0]' <<< "${buildSeed}")

export buildSeed build calls

function mock_build_progress() {

state_reason[1]="Resolving the fbc fragment"
state_reason[2]="Resolving the container images"
state_reason[3]="Building the index image for the following arches: amd64, arm64, ppc64le, s390x"
state_reason[4]="Extracting operator package from fbc_fragment"
state_reason[5]="Adding fbc_fragment to from_index"
state_reason[6]="Creating the manifest list"
state_reason[7]="The FBC fragment was successfully added in the index image"

encoded_script="$2"
calls="$1"

build="$(base64 -d <<< "$encoded_script")"
if [ "$calls" -gt "${#state_reason[@]}" ]; then
jq -cr . <<< "${build}"
elif [ "$calls" -eq "${#state_reason[@]}" ]; then
build=$(jq -rc '.state |= "complete"' <<< "$build")
build=$(jq -rc '.state_reason |= "The FBC fragment was successfully added in the index image"' <<< "${build}")
jq -rc --argjson progress "{ \"state\": \"complete\", \"state_reason\": \"${state_reason[$calls]}\" }" '.state_history |= [$progress] + .' <<< "${build}"
exit
else
jq -rc --argjson progress "{ \"state\": \"in_progress\", \"state_reason\": \"${state_reason[$calls]}\" }" '.state_history |= [$progress] + .' <<< "${build}"
fi
}

function curl() {
shift
case $1 in
"https://fakeiib.host/builds?user=iib@kerberos&from_index=quay.io/scoheb/fbc-index-testing:latest")
echo -en "${buildSeed}"
;;
"-u:")
tempfile="$4"
echo -e '{}' > "$tempfile"
;;
"https://fakeiib.host/builds/1")
echo "$@" >> mock_build_progress_calls
mock_build_progress "$(awk 'END{ print NR }' mock_build_progress_calls)" "$(base64 <<< "${build}")" | tee build_json
export -n build
set -x
build=$(cat build_json)
export build
;;
*)
echo ""
;;
esac
}

function opm() {
echo '{ "schema": "olm.bundle", "image": "quay.io/repo/image@sha256:abcd1234"}'
}

function base64() {
echo "decrypted-keytab"
}

function kinit() {
echo "Ok"
}

# the watch_build_state can't reach some mocks by default, so exporting them fixes it.
export -f curl
export -f mock_build_progress
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
#!/usr/bin/env bash
#
# Install the CRDs so we can create/get them
.github/scripts/install_crds.sh

# Add RBAC so that the SA executing the tests can retrieve CRs
kubectl apply -f .github/resources/crd_rbac.yaml

# create required secrets
kubectl create secret generic iib-service-account-secret \
--from-literal=principal="iib@kerberos" \
--from-literal=keytab="something"
kubectl create secret generic iib-services-config \
--from-literal=krb5.conf="" \
--from-literal=url="https://fakeiib.host"

kubectl create secret generic iib-overwrite-fromimage-credentials \
--from-literal=username="bot+user" \
--from-literal=token="token"
# Add mocks to the beginning of task step script
TASK_PATH="$1"
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
yq -i '.spec.steps[0].script = load_str("'$SCRIPT_DIR'/mocks.sh") + .spec.steps[0].script' "$TASK_PATH"
yq -i '.spec.steps[1].script = load_str("'$SCRIPT_DIR'/mocks.sh") + .spec.steps[1].script' "$TASK_PATH"
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
---
apiVersion: tekton.dev/v1
kind: Pipeline
metadata:
name: test-update-fbc-catalog-default
spec:
description: Test
tasks:
- name: run-task
taskRef:
name: update-fbc-catalog-task
params:
- name: fbcFragment
value: "registry.io/image0@sha256:0000"
- name: fromIndex
value: "quay.io/scoheb/fbc-index-testing:latest"
- name: buildTags
value: "[]"
- name: addArches
value: "[]"
- name: iibServiceAccountSecret
value: "iib-service-account-secret"
- name: check-result
taskSpec:
steps:
- name: check-result
image: quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f
script: |
#!/bin/bash
echo "ok"
runAfter:
- run-task
Loading

0 comments on commit 75dc081

Please sign in to comment.