Add required configurations for tenant release

Add serviceaccount, role and secrets to run tenant pipeline Add tenant pipeline to push image to quay registry Signed-off-by: savitaashture <[email protected]>
openshift-pipelines · Dec 5, 2024 · 6e2cf29 · 6e2cf29
1 parent 846d31f
commit 6e2cf29
Show file tree

Hide file tree

Showing 4 changed files with 100 additions and 0 deletions.
diff --git a/release/next/role.yaml b/release/next/role.yaml
@@ -0,0 +1,27 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: tekton-ecosystem-tenant
+  name: release-plan-role-next
+rules:
+- apiGroups:
+  - appstudio.redhat.com
+  resources:
+  - snapshots
+  verbs:
+  - get
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  namespace: tekton-ecosystem-tenant
+  name: release-plan-rolebinding-next
+subjects:
+- kind: ServiceAccount
+  name: release-registry-openshift-pipelines-next
+  apiGroup: ""
+roleRef:
+  kind: Role
+  name: release-plan-role-next
+  apiGroup: rbac.authorization.k8s.io
diff --git a/release/next/secret.yaml b/release/next/secret.yaml
@@ -0,0 +1,11 @@
+kind: Secret
+apiVersion: v1
+metadata:
+  name: release-registry-openshift-pipelines-next
+  namespace: tekton-ecosystem-tenant
+  annotations:
+    tekton.dev/docker-0: https://quay.io
+data:
+  username: xyz
+  password: abc
+type: kubernetes.io/basic-auth
diff --git a/release/next/service-account.yaml b/release/next/service-account.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: v1
+imagePullSecrets:
+- name: release-registry-openshift-pipelines-next
+kind: ServiceAccount
+metadata:
+  name: release-registry-openshift-pipelines-next
+  namespace: tekton-ecosystem-tenant
+secrets:
+- name: release-registry-openshift-pipelines-next
diff --git a/tenantpipelines/pipeline.yaml b/tenantpipelines/pipeline.yaml
@@ -0,0 +1,52 @@
+---
+apiVersion: tekton.dev/v1
+kind: Pipeline
+metadata:
+  name: tenant-pipeline-next
+  labels:
+    app.kubernetes.io/version: "0.1"
+  annotations:
+    tekton.dev/pipelines.minVersion: "0.12.1"
+    tekton.dev/tags: release
+spec:
+  description: Pipeline to push built images to quay registry for nightly build
+  params:
+    - name: released_version
+      type: string
+    - name: snapshot
+      type: string
+  tasks:
+    - name: create-tag
+      params:
+        - name: RELEASED_VERSION
+          value: "$(params.released_version)"
+        - name: SNAPSHOT
+          value: "$(params.snapshot)"
+      taskSpec:
+        params:
+          - name: RELEASED_VERSION
+            type: string
+          - name: SNAPSHOT
+            type: string
+        steps:
+          - name: create-tag
+            image: quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f
+            script: |
+              #!/usr/bin/env sh
+              set -eo pipefail
+              echo $(params.RELEASED_VERSION)
+              get-resource "snapshot" $(params.SNAPSHOT) > /tmp/snapshot.json
+              cat /tmp/snapshot.json
+              file="/tmp/snapshot.json"
+
+              container_images=($(jq -r '.spec.components[].containerImage' "$file"))
+
+              for container_image in "${container_images[@]}"; do
+                image=$(echo "$container_image" | sed "s|quay.io/redhat-user-workloads/tekton-ecosystem-tenant|quay.io/openshift-pipeline|")
+                # get image without SHA
+                image_no_sha=$(echo "$image" | sed 's/@sha256:.*//')
+                # split the word with "/" to combine words using "-"
+                IFS="/" read -r -a parts <<< "$image_no_sha"
+                new_image="quay.io/openshift-pipeline/${parts[2]}-${parts[3]}:next"
+                skopeo copy docker://"$container_image" docker://"$new_image" --all --preserve-digests
+              done