refactor(RELEASE-1319): move tasks based on type

This commit moves all the tasks in this directory. Most of the tasks are
now in tasks/managed. This is for all tasks used directly in a managed
pipeline. There is also tasks/internal for tasks used in
internal-request or internal-pipelinerun pipelines and tasks/collectors
for collector pipeline tasks.

The commit also updates the CI for the tekton unit tests for the new
task locations.

A sym link was created for the internal tasks that were in `tasks` to
their previous locations. This is because the `simple-signing-pipeline`
which calls them is not always called via git resolver, so it is
temporary backwards compatibility.

Finally, the commit modifies the definition of each pipeline as the
pathInRepo value of each task git resolver has to be updated for the new
location. This comes with a version bump.

Signed-off-by: Johnny Bieren <[email protected]>

.github/scripts/test_tekton_tasks.sh

@@ -59,12 +59,8 @@ done
 for ITEM in $TEST_ITEMS
 do
   echo Task item: $ITEM
-  TASK_NAME=$(echo $ITEM | cut -d '/' -f 2)
-  TASK_DIR=$(echo $ITEM | cut -d '/' -f -2)
-  if [ "$(echo $ITEM | cut -d '/' -f 1)" == "internal" ] ; then
-    TASK_NAME=$(echo $ITEM | cut -d '/' -f 3)
-    TASK_DIR=$(echo $ITEM | cut -d '/' -f -3)
-  fi
+  TASK_NAME=$(echo $ITEM | cut -d '/' -f 3)
+  TASK_DIR=$(echo $ITEM | cut -d '/' -f -3)
   echo "  Task name: $TASK_NAME"
 
   TASK_PATH=${TASK_DIR}/${TASK_NAME}.yaml

.github/workflows/tekton_task_tests.yaml

@@ -18,37 +18,25 @@ jobs:
         uses: tj-actions/changed-files@v41
         with:
           files: |
-            tasks/**
-          dir_names: "true"
-          dir_names_max_depth: "2"
-      - name: Get internal changed dirs
-        id: changed-internal-dirs
-        uses: tj-actions/changed-files@v41
-        with:
-          files: |
-            internal/tasks/**
+            tasks/*/**
           dir_names: "true"
           dir_names_max_depth: "3"
       - name: Show changed dirs
         run: |
-          echo ${{ steps.changed-dirs.outputs.all_changed_files }} \
-            ${{ steps.changed-internal-dirs.outputs.all_changed_files }}
+          echo ${{ steps.changed-dirs.outputs.all_changed_files }}
       - name: Create k8s Kind Cluster
         uses: helm/[email protected]
         if: |
-          steps.changed-dirs.outputs.any_changed == 'true' ||
-          steps.changed-internal-dirs.outputs.any_changed == 'true'
+          steps.changed-dirs.outputs.any_changed == 'true'
       - name: Check cluster info
         if: |
-          steps.changed-dirs.outputs.any_changed == 'true' ||
-          steps.changed-internal-dirs.outputs.any_changed == 'true'
+          steps.changed-dirs.outputs.any_changed == 'true'
         run: |
           kubectl cluster-info
       - name: Install Tekton
         timeout-minutes: 10
         if: |
-          steps.changed-dirs.outputs.any_changed == 'true' ||
-          steps.changed-internal-dirs.outputs.any_changed == 'true'
+          steps.changed-dirs.outputs.any_changed == 'true'
         run: |
           kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
 
@@ -69,15 +57,12 @@ jobs:
           kubectl get pods --namespace tekton-pipelines
       - name: Install tkn
         if: |
-          steps.changed-dirs.outputs.any_changed == 'true' ||
-          steps.changed-internal-dirs.outputs.any_changed == 'true'
+          steps.changed-dirs.outputs.any_changed == 'true'
         uses: ./.github/actions/install-tkn
       - name: Test Tekton tasks
         if: |
-          steps.changed-dirs.outputs.any_changed == 'true' ||
-          steps.changed-internal-dirs.outputs.any_changed == 'true'
+          steps.changed-dirs.outputs.any_changed == 'true'
         run: .github/scripts/test_tekton_tasks.sh
         env:
           TEST_ITEMS: >-
             ${{ steps.changed-dirs.outputs.all_changed_files }}
-            ${{ steps.changed-internal-dirs.outputs.all_changed_files }}

internal/resources/check-embargoed-cves-task.yaml

@@ -1 +1 @@
-../tasks/check-embargoed-cves-task/check-embargoed-cves-task.yaml
+../../tasks/internal/check-embargoed-cves-task/check-embargoed-cves-task.yaml

internal/resources/collect-simple-signing-params.yaml

@@ -1 +1 @@
-../../tasks/collect-simple-signing-params/collect-simple-signing-params.yaml
+../../tasks/internal/collect-simple-signing-params/collect-simple-signing-params.yaml

internal/resources/create-advisory-task.yaml

@@ -1 +1 @@
-../tasks/create-advisory-task/create-advisory-task.yaml
+../../tasks/internal/create-advisory-task/create-advisory-task.yaml

internal/resources/process-file-updates-task.yaml

@@ -1 +1 @@
-../tasks/process-file-updates-task/process-file-updates-task.yaml
+../../tasks/internal/process-file-updates-task/process-file-updates-task.yaml

internal/resources/publish-index-image-task.yaml

@@ -1 +1 @@
-../tasks/publish-index-image-task/publish-index-image-task.yaml
+../../tasks/internal/publish-index-image-task/publish-index-image-task.yaml

internal/resources/pulp-push-disk-images.yaml

@@ -1 +1 @@
-../tasks/pulp-push-disk-images/pulp-push-disk-images.yaml
+../../tasks/internal/pulp-push-disk-images/pulp-push-disk-images.yaml

pipelines/internal/simple-signing-pipeline/README.md

@@ -14,6 +14,9 @@ Tekton pipeline for simple signing. It is meant to be used by the rh-sign-image
 | taskGitUrl      | The url to the git repo where the release-service-catalog tasks to be used are stored                  | Yes      | https://github.com/konflux-ci/release-service-catalog.git |
 | taskGitRevision | The revision in the taskGitUrl repo to be used                                                         | No       | -                                                         |
 
+## Changes in 0.3.0
+* Update all task pathInRepo values as they are now in `tasks/internal`
+
 ## Changes in 0.2.0
 * Changed the results used as parameters to `request-and-upload-signature`
   * Instead of using the same results for both the Pyxis and UMB SSL authentication, the two were split into

pipelines/internal/simple-signing-pipeline/simple-signing-pipeline.yaml

@@ -4,7 +4,7 @@ kind: Pipeline
 metadata:
   name: simple-signing-pipeline
   labels:
-    app.kubernetes.io/version: "0.2.0"
+    app.kubernetes.io/version: "0.3.0"
   annotations:
     tekton.dev/pipelines.minVersion: "0.12.1"
     tekton.dev/tags: release
@@ -49,7 +49,7 @@ spec:
           - name: revision
             value: $(params.taskGitRevision)
           - name: pathInRepo
-            value: tasks/collect-simple-signing-params/collect-simple-signing-params.yaml
+            value: tasks/internal/collect-simple-signing-params/collect-simple-signing-params.yaml
       params:
         - name: config_map_name
           value: $(params.config_map_name)
@@ -63,7 +63,7 @@ spec:
           - name: revision
             value: $(params.taskGitRevision)
           - name: pathInRepo
-            value: tasks/request-and-upload-signature/request-and-upload-signature.yaml
+            value: tasks/internal/request-and-upload-signature/request-and-upload-signature.yaml
       params:
         - name: config_map_name
           value: $(params.config_map_name)

pipelines/managed/e2e/README.md

@@ -20,6 +20,9 @@ affected by RHTAP services or which results could affect the RHTAP workflow.
 | taskGitUrl                      | The url to the git repo where the release-service-catalog tasks to be used are stored                  | Yes      | https://github.com/konflux-ci/release-service-catalog.git |
 | taskGitRevision                 | The revision in the taskGitUrl repo to be used                                                         | No       | -             |
 
+## Changes in 3.1.0
+* Update all task pathInRepo values as they are now in `tasks/managed`
+
 ## Changes in 3.0.0
 * Drop the `enterpriseContractPublicKey` param. The verify task will take the value from the policy.
 

pipelines/managed/e2e/e2e.yaml

@@ -4,7 +4,7 @@ kind: Pipeline
 metadata:
   name: e2e
   labels:
-    app.kubernetes.io/version: "3.0.0"
+    app.kubernetes.io/version: "3.1.0"
   annotations:
     tekton.dev/pipelines.minVersion: "0.12.1"
     tekton.dev/tags: release
@@ -68,7 +68,7 @@ spec:
           - name: revision
             value: $(params.taskGitRevision)
           - name: pathInRepo
-            value: tasks/collect-data/collect-data.yaml
+            value: tasks/managed/collect-data/collect-data.yaml
       params:
         - name: release
           value: $(params.release)
@@ -125,7 +125,7 @@ spec:
           - name: revision
             value: $(params.taskGitRevision)
           - name: pathInRepo
-            value: tasks/cleanup-workspace/cleanup-workspace.yaml
+            value: tasks/managed/cleanup-workspace/cleanup-workspace.yaml
       when:
         - input: $(params.postCleanUp)
           operator: in

pipelines/managed/fbc-release/README.md

@@ -19,6 +19,9 @@ Tekton release pipeline to interact with FBC Pipeline
 | taskGitUrl                      | The url to the git repo where the release-service-catalog tasks to be used are stored                    | Yes       | https://github.com/konflux-ci/release-service-catalog.git |
 | taskGitRevision                 | The revision in the taskGitUrl repo to be used                                                           | No        | -                                                               |
 
+## Changes in 4.2.0
+* Update all task pathInRepo values as they are now in `tasks/managed`
+
 ## Changes in 4.1.0
 * Add the `check-data-keys` task to validate the `data.json` file using the JSON schema.
 

pipelines/managed/fbc-release/fbc-release.yaml

@@ -4,7 +4,7 @@ kind: Pipeline
 metadata:
   name: fbc-release
   labels:
-    app.kubernetes.io/version: "4.1.0"
+    app.kubernetes.io/version: "4.2.0"
   annotations:
     tekton.dev/pipelines.minVersion: "0.12.1"
     tekton.dev/tags: release
@@ -80,7 +80,7 @@ spec:
           - name: revision
             value: $(params.taskGitRevision)
           - name: pathInRepo
-            value: tasks/verify-access-to-resources/verify-access-to-resources.yaml
+            value: tasks/managed/verify-access-to-resources/verify-access-to-resources.yaml
       params:
         - name: release
           value: $(params.release)
@@ -103,7 +103,7 @@ spec:
           - name: revision
             value: $(params.taskGitRevision)
           - name: pathInRepo
-            value: tasks/collect-data/collect-data.yaml
+            value: tasks/managed/collect-data/collect-data.yaml
       params:
         - name: release
           value: $(params.release)
@@ -139,7 +139,7 @@ spec:
           - name: revision
             value: $(params.taskGitRevision)
           - name: pathInRepo
-            value: tasks/check-data-keys/check-data-keys.yaml
+            value: tasks/managed/check-data-keys/check-data-keys.yaml
         resolver: git
       workspaces:
         - name: data
@@ -155,7 +155,7 @@ spec:
           - name: revision
             value: $(params.taskGitRevision)
           - name: pathInRepo
-            value: tasks/validate-single-component/validate-single-component.yaml
+            value: tasks/managed/validate-single-component/validate-single-component.yaml
       params:
         - name: snapshotPath
           value: "$(tasks.collect-data.results.snapshotSpec)"
@@ -203,7 +203,7 @@ spec:
           - name: revision
             value: $(params.taskGitRevision)
           - name: pathInRepo
-            value: tasks/get-ocp-version/get-ocp-version.yaml
+            value: tasks/managed/get-ocp-version/get-ocp-version.yaml
       params:
         - name: fbcFragment
           value: "$(tasks.collect-data.results.fbcFragment)"
@@ -221,7 +221,7 @@ spec:
           - name: revision
             value: $(params.taskGitRevision)
           - name: pathInRepo
-            value: tasks/update-ocp-tag/update-ocp-tag.yaml
+            value: tasks/managed/update-ocp-tag/update-ocp-tag.yaml
       params:
         - name: dataPath
           value: "$(tasks.collect-data.results.data)"
@@ -242,7 +242,7 @@ spec:
           - name: revision
             value: $(params.taskGitRevision)
           - name: pathInRepo
-            value: tasks/check-fbc-packages/check-fbc-packages.yaml
+            value: tasks/managed/check-fbc-packages/check-fbc-packages.yaml
       params:
         - name: dataPath
           value: "$(tasks.collect-data.results.data)"
@@ -262,7 +262,7 @@ spec:
           - name: revision
             value: $(params.taskGitRevision)
           - name: pathInRepo
-            value: tasks/add-fbc-contribution/add-fbc-contribution.yaml
+            value: tasks/managed/add-fbc-contribution/add-fbc-contribution.yaml
       params:
         - name: dataPath
           value: "$(tasks.collect-data.results.data)"
@@ -320,7 +320,7 @@ spec:
           - name: revision
             value: $(params.taskGitRevision)
           - name: pathInRepo
-            value: tasks/sign-index-image/sign-index-image.yaml
+            value: tasks/managed/sign-index-image/sign-index-image.yaml
       params:
         - name: dataPath
           value: "$(tasks.collect-data.results.data)"
@@ -357,7 +357,7 @@ spec:
           - name: revision
             value: $(params.taskGitRevision)
           - name: pathInRepo
-            value: tasks/extract-index-image/extract-index-image.yaml
+            value: tasks/managed/extract-index-image/extract-index-image.yaml
       params:
         - name: inputDataFile
           value: $(tasks.add-fbc-contribution-to-index-image.results.requestResultsFile)
@@ -375,7 +375,7 @@ spec:
           - name: revision
             value: $(params.taskGitRevision)
           - name: pathInRepo
-            value: tasks/publish-index-image/publish-index-image.yaml
+            value: tasks/managed/publish-index-image/publish-index-image.yaml
       params:
         - name: dataPath
           value: "$(tasks.collect-data.results.data)"
@@ -409,7 +409,7 @@ spec:
           - name: revision
             value: $(params.taskGitRevision)
           - name: pathInRepo
-            value: tasks/update-cr-status/update-cr-status.yaml
+            value: tasks/managed/update-cr-status/update-cr-status.yaml
       workspaces:
         - name: data
           workspace: release-workspace
@@ -425,7 +425,7 @@ spec:
           - name: revision
             value: $(params.taskGitRevision)
           - name: pathInRepo
-            value: tasks/cleanup-workspace/cleanup-workspace.yaml
+            value: tasks/managed/cleanup-workspace/cleanup-workspace.yaml
       when:
         - input: $(params.postCleanUp)
           operator: in

pipelines/managed/push-binaries-to-dev-portal/README.md

@@ -19,6 +19,9 @@ Tekton pipeline to sign and release Red Hat binaries to the Red Hat Developer Po
 | taskGitUrl                      | The url to the git repo where the release-service-catalog tasks to be used are stored                  | Yes      | https://github.com/konflux-ci/release-service-catalog.git |
 | taskGitRevision                 | The revision in the taskGitUrl repo to be used                                                         | No       | -             |
 
+## Changes in 1.6.0
+* Update all task pathInRepo values as they are now in `tasks/managed`
+
 ## Changes in 1.5.0
 * Add the `check-data-keys` task to validate the `data.json` file using the JSON schema.