-
Notifications
You must be signed in to change notification settings - Fork 52
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
refactor(RELEASE-1041): move and rename iib pipeline
this PR moves the IIB internal pipeline and tasks to the release-service-catalog and renames it to update-fbc-catalog. Signed-off-by: Leandro Mendes <[email protected]>
- Loading branch information
1 parent
1b1616f
commit 75dc081
Showing
8 changed files
with
571 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
# update-fbc-catalog pipeline | ||
|
||
Tekton pipeline add/update FBC fragments to the FBC catalog by interacting with IIB service for File Based Catalogs | ||
|
||
## Parameters | ||
|
||
| Name | Description | Optional | Default value | | ||
|-------------------------|-----------------------------------------------------------------------------|----------|---------------------| | ||
| iibServiceAccountSecret | Secret containing the credentials for IIB service | yes | iib-service-account | | ||
| fbcFragment | FBC fragment built by HACBS | no | - | | ||
| fromIndex | Index image (catalog of catalogs) the FBC fragment will be added to | no | - | | ||
| buildTags | List of additional tags the internal index image copy should be tagged with | yes | '[]' | | ||
| addArches | List of arches the index image should be built for | yes | '[]' | | ||
| hotfix | Whether this build is a hotfix build | yes | false | | ||
| stagedIndex | Whether this build is a staged index build | yes | false | | ||
| buildTimeoutSeconds | IIB Build Service timeout seconds | no | - | |
80 changes: 80 additions & 0 deletions
80
internal/pipelines/update-fbc-catalog/update-fbc-catalog.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
--- | ||
apiVersion: tekton.dev/v1 | ||
kind: Pipeline | ||
metadata: | ||
name: update-fbc-catalog | ||
labels: | ||
app.kubernetes.io/version: "1.0.0" | ||
annotations: | ||
tekton.dev/pipelines.minVersion: "0.12.1" | ||
tekton.dev/tags: fbc | ||
spec: | ||
description: >- | ||
Tekton pipeline add/update FBC fragments to the FBC catalog by interacting with IIB service for File Based Catalogs | ||
params: | ||
- name: iibServiceAccountSecret | ||
type: string | ||
description: Secret containing the credentials for IIB service | ||
default: iib-service-account | ||
- name: fbcFragment | ||
type: string | ||
description: FBC fragment built by HACBS | ||
- name: fromIndex | ||
type: string | ||
description: >- | ||
Index image (catalog of catalogs) the FBC fragment will be added to | ||
- name: buildTags | ||
type: string | ||
default: '[]' | ||
description: >- | ||
List of additional tags the internal index image copy should be | ||
tagged with | ||
- name: addArches | ||
type: string | ||
default: '[]' | ||
description: List of arches the index image should be built for | ||
- name: hotfix | ||
type: string | ||
default: "false" | ||
description: Whether this build is a hotfix build | ||
- name: stagedIndex | ||
type: string | ||
default: "false" | ||
description: Whether this build is a staged index build | ||
- name: buildTimeoutSeconds | ||
type: string | ||
description: IIB Build Service timeout seconds | ||
tasks: | ||
- name: update-fbc-catalog-task | ||
taskRef: | ||
name: update-fbc-catalog-task | ||
params: | ||
- name: iibServiceAccountSecret | ||
value: $(params.iibServiceAccountSecret) | ||
- name: fbcFragment | ||
value: $(params.fbcFragment) | ||
- name: fromIndex | ||
value: $(params.fromIndex) | ||
- name: buildTags | ||
value: $(params.buildTags) | ||
- name: addArches | ||
value: $(params.addArches) | ||
- name: hotfix | ||
value: $(params.hotfix) | ||
- name: stagedIndex | ||
value: $(params.stagedIndex) | ||
- name: buildTimeoutSeconds | ||
value: $(params.buildTimeoutSeconds) | ||
results: | ||
- name: jsonBuildInfo | ||
value: $(tasks.update-fbc-catalog-task.results.jsonBuildInfo) | ||
- name: buildState | ||
value: $(tasks.update-fbc-catalog-task.results.buildState) | ||
- name: genericResult | ||
value: $(tasks.update-fbc-catalog-task.results.genericResult) | ||
- name: indexImageDigests | ||
value: $(tasks.update-fbc-catalog-task.results.indexImageDigests) | ||
- name: iibLog | ||
value: $(tasks.update-fbc-catalog-task.results.iibLog) | ||
- name: exitCode | ||
value: $(tasks.update-fbc-catalog-task.results.exitCode) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# update-fbc-catalog task | ||
|
||
Tekton task to submit a IIB build request to add/update a fbc-fragment to an index image | ||
|
||
| Name | Description | Optional | Default value | | ||
| ----------------------- | ---------------------------------------------------------------------------- | -------- | ------------- | | ||
| fbcFragment | FBC fragment built by HACBS | No | - | | ||
| fromIndex | Index image (catalog of catalogs) the FBC fragment will be added to | No | - | | ||
| buildTags | List of additional tags the internal index image copy should be tagged with. | No | - | | ||
| addArches | List of arches the index image should be built for. | No | - | | ||
| buildTimeoutSeconds | Timeout seconds to receive the build state | Yes | "300" | | ||
| iibServiceAccountSecret | Secret with IIB credentials to be used | No | - | | ||
| hotfix | Whether this build is a hotfix build | Yes | "false" | | ||
| stagedIndex | Whether this build is for a staged index build | Yes | "false" | |
14 changes: 14 additions & 0 deletions
14
internal/tasks/update-fbc-catalog-task/tests/build-seed.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
--- | ||
id: 1 | ||
distribution_scope: "stage" | ||
fbc_fragment: "registry.io/image0@sha256:0000" | ||
internal_index_image_copy: "registry-proxy-stage.engineering.redhat.com/rh-osbs-stage/iib:1" | ||
logs: | ||
url: "https://iib.stage.engineering.redhat.com/api/v1/builds/101459/logs" | ||
request_type: "fbc-operations" | ||
state: "complete" | ||
state_reason: "" | ||
state_history: | ||
- state: "in_progress" | ||
state_reason: "The request was initiated" | ||
user: "[email protected]" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
#!/bin/bash | ||
set -xe | ||
|
||
# seed for the build status | ||
yq -o json <<< ' | ||
items: | ||
- id: 1 | ||
distribution_scope: "stage" | ||
fbc_fragment: "registry.io/image0@sha256:0000" | ||
internal_index_image_copy: "registry-proxy-stage.engineering.redhat.com/rh-osbs-stage/iib:1" | ||
logs: | ||
url: "https://fakeiib.host/api/v1/builds/1/logs" | ||
request_type: "fbc-operations" | ||
state: "in_progress" | ||
state_reason: "The request was initiated" | ||
state_history: | ||
- state: "in_progress" | ||
state_reason: "The request was initiated" | ||
user: "iib@kerberos"' > /tmp/build-seed | ||
|
||
buildSeed=$(cat /tmp/build-seed) | ||
build=$(jq -cr '.items[0]' <<< "${buildSeed}") | ||
|
||
export buildSeed build calls | ||
|
||
function mock_build_progress() { | ||
|
||
state_reason[1]="Resolving the fbc fragment" | ||
state_reason[2]="Resolving the container images" | ||
state_reason[3]="Building the index image for the following arches: amd64, arm64, ppc64le, s390x" | ||
state_reason[4]="Extracting operator package from fbc_fragment" | ||
state_reason[5]="Adding fbc_fragment to from_index" | ||
state_reason[6]="Creating the manifest list" | ||
state_reason[7]="The FBC fragment was successfully added in the index image" | ||
|
||
encoded_script="$2" | ||
calls="$1" | ||
|
||
build="$(base64 -d <<< "$encoded_script")" | ||
if [ "$calls" -gt "${#state_reason[@]}" ]; then | ||
jq -cr . <<< "${build}" | ||
elif [ "$calls" -eq "${#state_reason[@]}" ]; then | ||
build=$(jq -rc '.state |= "complete"' <<< "$build") | ||
build=$(jq -rc '.state_reason |= "The FBC fragment was successfully added in the index image"' <<< "${build}") | ||
jq -rc --argjson progress "{ \"state\": \"complete\", \"state_reason\": \"${state_reason[$calls]}\" }" '.state_history |= [$progress] + .' <<< "${build}" | ||
exit | ||
else | ||
jq -rc --argjson progress "{ \"state\": \"in_progress\", \"state_reason\": \"${state_reason[$calls]}\" }" '.state_history |= [$progress] + .' <<< "${build}" | ||
fi | ||
} | ||
|
||
function curl() { | ||
shift | ||
case $1 in | ||
"https://fakeiib.host/builds?user=iib@kerberos&from_index=quay.io/scoheb/fbc-index-testing:latest") | ||
echo -en "${buildSeed}" | ||
;; | ||
"-u:") | ||
tempfile="$4" | ||
echo -e '{}' > "$tempfile" | ||
;; | ||
"https://fakeiib.host/builds/1") | ||
echo "$@" >> mock_build_progress_calls | ||
mock_build_progress "$(awk 'END{ print NR }' mock_build_progress_calls)" "$(base64 <<< "${build}")" | tee build_json | ||
export -n build | ||
set -x | ||
build=$(cat build_json) | ||
export build | ||
;; | ||
*) | ||
echo "" | ||
;; | ||
esac | ||
} | ||
|
||
function opm() { | ||
echo '{ "schema": "olm.bundle", "image": "quay.io/repo/image@sha256:abcd1234"}' | ||
} | ||
|
||
function base64() { | ||
echo "decrypted-keytab" | ||
} | ||
|
||
function kinit() { | ||
echo "Ok" | ||
} | ||
|
||
# the watch_build_state can't reach some mocks by default, so exporting them fixes it. | ||
export -f curl | ||
export -f mock_build_progress |
24 changes: 24 additions & 0 deletions
24
internal/tasks/update-fbc-catalog-task/tests/pre-apply-task-hook.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
#!/usr/bin/env bash | ||
# | ||
# Install the CRDs so we can create/get them | ||
.github/scripts/install_crds.sh | ||
|
||
# Add RBAC so that the SA executing the tests can retrieve CRs | ||
kubectl apply -f .github/resources/crd_rbac.yaml | ||
|
||
# create required secrets | ||
kubectl create secret generic iib-service-account-secret \ | ||
--from-literal=principal="iib@kerberos" \ | ||
--from-literal=keytab="something" | ||
kubectl create secret generic iib-services-config \ | ||
--from-literal=krb5.conf="" \ | ||
--from-literal=url="https://fakeiib.host" | ||
|
||
kubectl create secret generic iib-overwrite-fromimage-credentials \ | ||
--from-literal=username="bot+user" \ | ||
--from-literal=token="token" | ||
# Add mocks to the beginning of task step script | ||
TASK_PATH="$1" | ||
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) | ||
yq -i '.spec.steps[0].script = load_str("'$SCRIPT_DIR'/mocks.sh") + .spec.steps[0].script' "$TASK_PATH" | ||
yq -i '.spec.steps[1].script = load_str("'$SCRIPT_DIR'/mocks.sh") + .spec.steps[1].script' "$TASK_PATH" |
32 changes: 32 additions & 0 deletions
32
internal/tasks/update-fbc-catalog-task/tests/test-update-fbc-catalog-default.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
--- | ||
apiVersion: tekton.dev/v1 | ||
kind: Pipeline | ||
metadata: | ||
name: test-update-fbc-catalog-default | ||
spec: | ||
description: Test | ||
tasks: | ||
- name: run-task | ||
taskRef: | ||
name: update-fbc-catalog-task | ||
params: | ||
- name: fbcFragment | ||
value: "registry.io/image0@sha256:0000" | ||
- name: fromIndex | ||
value: "quay.io/scoheb/fbc-index-testing:latest" | ||
- name: buildTags | ||
value: "[]" | ||
- name: addArches | ||
value: "[]" | ||
- name: iibServiceAccountSecret | ||
value: "iib-service-account-secret" | ||
- name: check-result | ||
taskSpec: | ||
steps: | ||
- name: check-result | ||
image: quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f | ||
script: | | ||
#!/bin/bash | ||
echo "ok" | ||
runAfter: | ||
- run-task |
Oops, something went wrong.