From c130e4d1de1328104cf0244202f79ff63758d280 Mon Sep 17 00:00:00 2001 From: Johnny Bieren Date: Fri, 20 Dec 2024 09:14:58 -0500 Subject: [PATCH] feat(RELEASE-1347): add resources to update manager yaml files This commit adds a tenant task to fetch the image ref containing a git sha tag from the Release artifacts as well as a tenant task to update a file in git with the value of the image ref. It also adds a tenant pipeline that calls these two tasks. The point of this pipeline is to use it as a final pipeline. It will enable us to have the internal-services manager files updated once the internal-services managed pipelineRun succeeds. Today, this is a manual step. Signed-off-by: Johnny Bieren --- .github/scripts/test_tekton_tasks.sh | 2 +- .github/workflows/tekton_task_tests.yaml | 4 +- .../README.md | 18 +++++ .../get-git-sha-image-ref-from-release.yaml | 52 +++++++++++++ .../tests/pre-apply-task-hook.sh | 7 ++ .../tests/test-get-git-sha-image-ref.yaml | 77 +++++++++++++++++++ 6 files changed, 157 insertions(+), 3 deletions(-) create mode 100644 tasks/tenant/get-git-sha-image-ref-from-release/README.md create mode 100644 tasks/tenant/get-git-sha-image-ref-from-release/get-git-sha-image-ref-from-release.yaml create mode 100755 tasks/tenant/get-git-sha-image-ref-from-release/tests/pre-apply-task-hook.sh create mode 100644 tasks/tenant/get-git-sha-image-ref-from-release/tests/test-get-git-sha-image-ref.yaml diff --git a/.github/scripts/test_tekton_tasks.sh b/.github/scripts/test_tekton_tasks.sh index a93ce352a..6eeb3469c 100755 --- a/.github/scripts/test_tekton_tasks.sh +++ b/.github/scripts/test_tekton_tasks.sh @@ -61,7 +61,7 @@ do echo Task item: $ITEM TASK_NAME=$(echo $ITEM | cut -d '/' -f 2) TASK_DIR=$(echo $ITEM | cut -d '/' -f -2) - if [ "$(echo $ITEM | cut -d '/' -f 1)" == "internal" ] ; then + if [ "$(echo $ITEM | cut -d '/' -f 1)" == "internal" ] || [ "$(echo $ITEM | cut -d '/' -f 2)" == "tenant" ]; then TASK_NAME=$(echo $ITEM | cut -d '/' -f 3) TASK_DIR=$(echo $ITEM | cut -d '/' -f -3) fi diff --git a/.github/workflows/tekton_task_tests.yaml b/.github/workflows/tekton_task_tests.yaml index 23ca9455c..39b232f03 100644 --- a/.github/workflows/tekton_task_tests.yaml +++ b/.github/workflows/tekton_task_tests.yaml @@ -18,9 +18,9 @@ jobs: uses: tj-actions/changed-files@v41 with: files: | - tasks/** + tasks/tenant/** dir_names: "true" - dir_names_max_depth: "2" + dir_names_max_depth: "3" - name: Get internal changed dirs id: changed-internal-dirs uses: tj-actions/changed-files@v41 diff --git a/tasks/tenant/get-git-sha-image-ref-from-release/README.md b/tasks/tenant/get-git-sha-image-ref-from-release/README.md new file mode 100644 index 000000000..38f0d559f --- /dev/null +++ b/tasks/tenant/get-git-sha-image-ref-from-release/README.md @@ -0,0 +1,18 @@ +# get-git-sha-image-ref-from-release + +Tekton task to get the image reference containing the git sha tag from the Release artifacts. + +It finds the git sha by checking for the `pac.test.appstudio.openshift.io/sha` label on the Release CR. +If it is not found, the task will fail with error. + +This task is only meant to work with Releases for one component. If the task finds there are more than one image +in its artifacts, it will fail with error. + +Once it has the git sha, the task simply returns the image url from the artifacts that ends with it. This is +done via the `imageRef` task result. + +## Parameters + +| Name | Description | Optional | Default value | +|----------------------|----------------------------------------------------|----------|---------------| +| release | Namespaced name of the Release | No | - | diff --git a/tasks/tenant/get-git-sha-image-ref-from-release/get-git-sha-image-ref-from-release.yaml b/tasks/tenant/get-git-sha-image-ref-from-release/get-git-sha-image-ref-from-release.yaml new file mode 100644 index 000000000..96433e711 --- /dev/null +++ b/tasks/tenant/get-git-sha-image-ref-from-release/get-git-sha-image-ref-from-release.yaml @@ -0,0 +1,52 @@ +--- +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: get-git-sha-image-ref-from-release + labels: + app.kubernetes.io/version: "0.1.0" + annotations: + tekton.dev/pipelines.minVersion: "0.12.1" + tekton.dev/tags: "release, tenant" +spec: + description: >- + Tekton task to output the imageRef stored in the Release artifacts that corresponds to the git sha tag. + params: + - name: release + type: string + description: The namespaced name of the Release + results: + - name: imageRef + type: string + description: The imageRef from the Release.Status.Artifacts that uses the git sha tag + steps: + - name: get-git-sha-image-ref-from-release + image: quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f + script: | + #!/usr/bin/env bash + set -exo pipefail + + IFS='/' read -r RELEASE_NAMESPACE RELEASE_NAME <<< "$(params.release)" + + GIT_SHA=$(kubectl get release "$RELEASE_NAME" -n "$RELEASE_NAMESPACE" \ + -o jsonpath='{.metadata.labels.pac\.test\.appstudio\.openshift\.io/sha}') + if [ -z "$GIT_SHA" ] ; then + echo "Error: git sha label from PaC not found in Release labels" + exit 1 + fi + + IMAGES=$(kubectl get release "$RELEASE_NAME" -n "$RELEASE_NAMESPACE" \ + -o jsonpath='{.status.artifacts.images}') + + if [ "$(jq 'length' <<< "$IMAGES")" -gt 1 ] ; then + echo "Error: this task only supports Release CRs with one image in its artifacts." + echo "Found images: $IMAGES" + exit 1 + fi + + REF=$(jq -jr --arg sha "$GIT_SHA" '.[0].urls[] | select(test(".*" + $sha))' <<< "$IMAGES") + if [ -z "$REF" ] ; then + echo "Error: imageRef with git sha tag not found in Release artifacts" + exit 1 + fi + echo -n "$REF" > "$(results.imageRef.path)" diff --git a/tasks/tenant/get-git-sha-image-ref-from-release/tests/pre-apply-task-hook.sh b/tasks/tenant/get-git-sha-image-ref-from-release/tests/pre-apply-task-hook.sh new file mode 100755 index 000000000..bbabd1c34 --- /dev/null +++ b/tasks/tenant/get-git-sha-image-ref-from-release/tests/pre-apply-task-hook.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +# Install the CRDs so we can create/get them +.github/scripts/install_crds.sh + +# Add RBAC so that the SA executing the tests can retrieve CRs +kubectl apply -f .github/resources/crd_rbac.yaml diff --git a/tasks/tenant/get-git-sha-image-ref-from-release/tests/test-get-git-sha-image-ref.yaml b/tasks/tenant/get-git-sha-image-ref-from-release/tests/test-get-git-sha-image-ref.yaml new file mode 100644 index 000000000..1ad99109e --- /dev/null +++ b/tasks/tenant/get-git-sha-image-ref-from-release/tests/test-get-git-sha-image-ref.yaml @@ -0,0 +1,77 @@ +--- +apiVersion: tekton.dev/v1 +kind: Pipeline +metadata: + name: test-get-git-sha-image-ref +spec: + description: | + Run the collect-data task and verify that all resources are stored in the workspace. + workspaces: + - name: tests-workspace + tasks: + - name: setup + taskSpec: + steps: + - name: create-cr + image: quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f + script: | + #!/usr/bin/env bash + set -eux + + cat > release << EOF + apiVersion: appstudio.redhat.com/v1alpha1 + kind: Release + metadata: + name: release-sample + namespace: default + labels: + pac.test.appstudio.openshift.io/sha: abcdefg12345 + spec: + snapshot: foo + releasePlan: foo + EOF + kubectl apply -f release + + # Status needs to be patched in, can't be added at apply time + kubectl --warnings-as-errors=true patch release -n default release-sample --type=merge \ + --subresource status --patch \ + "status: {'artifacts':{'images':[{'urls':['quay.io/konflux-ci/myimage:abcdefg12345', + 'quay.io/konflux-ci/myimage:abcde']}]}}" + - name: run-task + taskRef: + name: get-git-sha-image-ref-from-release + params: + - name: release + value: default/release-sample + runAfter: + - setup + - name: check-result + params: + - name: imageRef + value: $(tasks.run-task.results.imageRef) + runAfter: + - run-task + taskSpec: + params: + - name: imageRef + type: string + steps: + - name: check-result + image: quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f + script: | + #!/usr/bin/env bash + set -eux + + echo Test the imageRef result was properly set + test "$(params.imageRef)" == "quay.io/konflux-ci/myimage:abcdefg12345" + finally: + - name: cleanup + taskSpec: + steps: + - name: delete-crs + image: quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f + script: | + #!/usr/bin/env sh + set -eux + + kubectl delete release release-sample