diff --git a/pipelines/push-disk-images-to-marketplaces/README.md b/pipelines/push-disk-images-to-marketplaces/README.md new file mode 100644 index 000000000..8931c926e --- /dev/null +++ b/pipelines/push-disk-images-to-marketplaces/README.md @@ -0,0 +1,20 @@ +# push-disk-images-to-marketplaces pipeline + +Tekton Pipeline to push disk images to various cloud marketplaces + +## Parameters + +| Name | Description | Optional | Default value | +|---------------------------------|--------------------------------------------------------------------------------------------------------|----------|-----------------------------------------------------------| +| release | The namespaced name (namespace/name) of the Release custom resource initiating this pipeline execution | No | - | +| releasePlan | The namespaced name (namespace/name) of the releasePlan | No | - | +| releasePlanAdmission | The namespaced name (namespace/name) of the releasePlanAdmission | No | - | +| releaseServiceConfig | The namespaced name (namespace/name) of the releaseServiceConfig | No | - | +| snapshot | The namespaced name (namespace/name) of the snapshot | No | - | +| enterpriseContractPolicy | JSON representation of the policy to be applied when validating the enterprise contract | No | - | +| enterpriseContractExtraRuleData | Extra rule data to be merged into the policy specified in params.enterpriseContractPolicy. Use syntax "key1=value1,key2=value2..." | Yes |pipeline_intention=release | +| enterpriseContractTimeout | Timeout setting for `ec validate` | Yes | 10m0s | +| postCleanUp | Cleans up workspace after finishing executing the pipeline | Yes | true | +| verify_ec_task_bundle | The location of the bundle containing the verify-enterprise-contract task | No | - | +| taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git | +| taskGitRevision | The revision in the taskGitUrl repo to be used | No | - | diff --git a/pipelines/push-disk-images-to-marketplaces/push-disk-images-to-marketplaces.yaml b/pipelines/push-disk-images-to-marketplaces/push-disk-images-to-marketplaces.yaml new file mode 100644 index 000000000..6df675cc4 --- /dev/null +++ b/pipelines/push-disk-images-to-marketplaces/push-disk-images-to-marketplaces.yaml @@ -0,0 +1,257 @@ +--- +apiVersion: tekton.dev/v1 +kind: Pipeline +metadata: + name: push-disk-images-to-marketplaces + labels: + app.kubernetes.io/version: "0.1.0" + annotations: + tekton.dev/pipelines.minVersion: "0.12.1" + tekton.dev/tags: release +spec: + description: >- + Tekton Pipeline to push disk images to various cloud marketplaces + params: + - name: release + type: string + description: + The namespaced name (namespace/name) of the Release custom resource initiating this pipeline execution + - name: releasePlan + type: string + description: The namespaced name (namespace/name) of the releasePlan + - name: releasePlanAdmission + type: string + description: The namespaced name (namespace/name) of the releasePlanAdmission + - name: releaseServiceConfig + type: string + description: The namespaced name (namespace/name) of the releaseServiceConfig + - name: snapshot + type: string + description: The namespaced name (namespace/name) of the snapshot + - name: enterpriseContractPolicy + type: string + description: JSON representation of the EnterpriseContractPolicy + - name: enterpriseContractExtraRuleData + type: string + description: | + Extra rule data to be merged into the policy specified in params.enterpriseContractPolicy. Use syntax + "key1=value1,key2=value2..." + default: "pipeline_intention=release" + - name: enterpriseContractTimeout + type: string + description: Timeout setting for `ec validate` + default: 10m0s + - name: verify_ec_task_bundle + type: string + description: The location of the bundle containing the verify-enterprise-contract task + - name: taskGitUrl + type: string + description: The url to the git repo where the release-service-catalog tasks to be used are stored + default: https://github.com/konflux-ci/release-service-catalog.git + - name: taskGitRevision + type: string + description: The revision in the taskGitUrl repo to be used + - name: postCleanUp + type: string + description: Cleans up workspace after finishing executing the pipeline + default: "true" + workspaces: + - name: release-workspace + tasks: + - name: verify-access-to-resources + taskRef: + resolver: "git" + params: + - name: url + value: $(params.taskGitUrl) + - name: revision + value: $(params.taskGitRevision) + - name: pathInRepo + value: tasks/verify-access-to-resources/verify-access-to-resources.yaml + params: + - name: release + value: $(params.release) + - name: releasePlan + value: $(params.releasePlan) + - name: releasePlanAdmission + value: $(params.releasePlanAdmission) + - name: releaseServiceConfig + value: $(params.releaseServiceConfig) + - name: snapshot + value: $(params.snapshot) + - name : requireInternalServices + value: "true" + - name: collect-data + taskRef: + resolver: "git" + params: + - name: url + value: $(params.taskGitUrl) + - name: revision + value: $(params.taskGitRevision) + - name: pathInRepo + value: tasks/collect-data/collect-data.yaml + params: + - name: release + value: $(params.release) + - name: releasePlan + value: $(params.releasePlan) + - name: releasePlanAdmission + value: $(params.releasePlanAdmission) + - name: releaseServiceConfig + value: $(params.releaseServiceConfig) + - name: snapshot + value: $(params.snapshot) + - name: subdirectory + value: $(context.pipelineRun.uid) + workspaces: + - name: data + workspace: release-workspace + runAfter: + - verify-access-to-resources + - name: reduce-snapshot + taskRef: + resolver: "git" + params: + - name: url + value: $(params.taskGitUrl) + - name: revision + value: $(params.taskGitRevision) + - name: pathInRepo + value: tasks/reduce-snapshot/reduce-snapshot.yaml + params: + - name: SNAPSHOT + value: $(workspaces.data.path)/$(tasks.collect-data.results.snapshotSpec) + - name: SINGLE_COMPONENT + value: $(tasks.collect-data.results.singleComponentMode) + - name: SINGLE_COMPONENT_CUSTOM_RESOURCE + value: snapshot/$(tasks.collect-data.results.snapshotName) + - name: SINGLE_COMPONENT_CUSTOM_RESOURCE_NS + value: $(tasks.collect-data.results.snapshotNamespace) + - name: SNAPSHOT_PATH + value: $(workspaces.data.path)/$(tasks.collect-data.results.snapshotSpec) + workspaces: + - name: data + workspace: release-workspace + runAfter: + - collect-data + - name: apply-mapping + taskRef: + resolver: "git" + params: + - name: url + value: $(params.taskGitUrl) + - name: revision + value: $(params.taskGitRevision) + - name: pathInRepo + value: tasks/apply-mapping/apply-mapping.yaml + params: + - name: failOnEmptyResult + value: "true" + - name: dataPath + value: "$(tasks.collect-data.results.data)" + - name: snapshotPath + value: "$(tasks.collect-data.results.snapshotSpec)" + workspaces: + - name: config + workspace: release-workspace + runAfter: + - reduce-snapshot + - name: verify-enterprise-contract + taskRef: + resolver: "bundles" + params: + - name: bundle + value: $(params.verify_ec_task_bundle) + - name: kind + value: task + - name: name + value: verify-enterprise-contract + params: + - name: IMAGES + value: "$(workspaces.data.path)/$(tasks.collect-data.results.snapshotSpec)" + - name: SSL_CERT_DIR + value: /var/run/secrets/kubernetes.io/serviceaccount + - name: POLICY_CONFIGURATION + value: $(params.enterpriseContractPolicy) + - name: STRICT + value: "1" + - name: IGNORE_REKOR + value: "true" + - name: EXTRA_RULE_DATA + value: $(params.enterpriseContractExtraRuleData) + - name: TIMEOUT + value: $(params.enterpriseContractTimeout) + workspaces: + - name: data + workspace: release-workspace + runAfter: + - apply-mapping + - name: collect-marketplacesvm-secret + taskRef: + resolver: "git" + params: + - name: url + value: $(params.taskGitUrl) + - name: revision + value: $(params.taskGitRevision) + - name: pathInRepo + value: tasks/collect-marketplacesvm-secret/collect-marketplacesvm-secret.yaml + params: + - name: dataPath + value: "$(tasks.collect-data.results.data)" + workspaces: + - name: data + workspace: release-workspace + runAfter: + - verify-enterprise-contract + - name: push-disk-images-marketplaces + timeout: "12h00m0s" + when: + - input: "$(tasks.apply-mapping.results.mapped)" + operator: in + values: ["true"] + taskRef: + resolver: "git" + params: + - name: url + value: $(params.taskGitUrl) + - name: revision + value: $(params.taskGitRevision) + - name: pathInRepo + value: tasks/marketplacesvm-push-disk-images/marketplacesvm-push-disk-images.yaml + params: + - name: snapshotPath + value: "$(tasks.collect-data.results.snapshotSpec)" + - name: dataPath + value: "$(tasks.collect-data.results.data)" + - name: cloudMarketplacesSecret + value: "$(tasks.collect-marketplacesvm-secret.results.cloudMarketplacesSecret)" + workspaces: + - name: data + workspace: release-workspace + runAfter: + - collect-marketplacesvm-secret + finally: + - name: cleanup + taskRef: + resolver: "git" + params: + - name: url + value: $(params.taskGitUrl) + - name: revision + value: $(params.taskGitRevision) + - name: pathInRepo + value: tasks/cleanup-workspace/cleanup-workspace.yaml + when: + - input: $(params.postCleanUp) + operator: in + values: ["true"] + params: + - name: subdirectory + value: "$(context.pipelineRun.uid)" + - name: pipelineRunUid + value: $(context.pipelineRun.uid) + workspaces: + - name: input + workspace: release-workspace