From 764c47802709bbe5b8116567c4d0f9c09b42ed43 Mon Sep 17 00:00:00 2001 From: Adam Cmiel Date: Tue, 28 May 2024 17:21:30 +0200 Subject: [PATCH] Run build-definitions CI in konflux-ci namespace STONEBLD-2339 After https://github.com/konflux-ci/build-definitions/pull/1041, the build-definitions pipelines will need push access to quay.io/konflux-ci. Run the pipelines in the konflux-ci namespace, where the appstudio-pipeline service account has quay.io/konflux-ci push access by default. Also add redhat-appstudio-tekton-catalog-build-definitions-pull-secret to the konflux-ci namespace. It is needed for push access to quay.io/redhat-appstudio-tekton-catalog. Previously, the secret lived in the tekton-ci namespace (but wasn't defined anywhere). Signed-off-by: Adam Cmiel --- components/konflux-ci/base/repository.yaml | 7 ++++++ .../konflux-ci/production/kustomization.yaml | 1 + ...catalog-build-definitions-pull-secret.yaml | 24 +++++++++++++++++++ components/tekton-ci/base/repository.yaml | 7 ------ 4 files changed, 32 insertions(+), 7 deletions(-) create mode 100644 components/konflux-ci/production/redhat-appstudio-tekton-catalog-build-definitions-pull-secret.yaml diff --git a/components/konflux-ci/base/repository.yaml b/components/konflux-ci/base/repository.yaml index 250671156ff..85d020a6ca8 100644 --- a/components/konflux-ci/base/repository.yaml +++ b/components/konflux-ci/base/repository.yaml @@ -12,3 +12,10 @@ metadata: name: ci-helper-app spec: url: "https://github.com/konflux-ci/ci-helper-app" +--- +apiVersion: pipelinesascode.tekton.dev/v1alpha1 +kind: Repository +metadata: + name: build-definitions +spec: + url: "https://github.com/konflux-ci/build-definitions" diff --git a/components/konflux-ci/production/kustomization.yaml b/components/konflux-ci/production/kustomization.yaml index 58bbc82ab9f..7eb5a19af80 100644 --- a/components/konflux-ci/production/kustomization.yaml +++ b/components/konflux-ci/production/kustomization.yaml @@ -5,6 +5,7 @@ resources: - ../base/external-secrets - plnsvc-ci-secret.yaml - plnsvc-codecov-secret.yaml +- redhat-appstudio-tekton-catalog-build-definitions-pull-secret.yaml patches: - path: quay-push-secret-konflux-ci.yaml diff --git a/components/konflux-ci/production/redhat-appstudio-tekton-catalog-build-definitions-pull-secret.yaml b/components/konflux-ci/production/redhat-appstudio-tekton-catalog-build-definitions-pull-secret.yaml new file mode 100644 index 00000000000..33b70581fe4 --- /dev/null +++ b/components/konflux-ci/production/redhat-appstudio-tekton-catalog-build-definitions-pull-secret.yaml @@ -0,0 +1,24 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: redhat-appstudio-tekton-catalog-build-definitions-pull-secret + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "-1" +spec: + dataFrom: + - extract: + key: production/build/tekton-ci/redhat-appstudio-tekton-catalog-build-definitions-pull-secret + refreshInterval: 15m + secretStoreRef: + kind: ClusterSecretStore + name: appsre-stonesoup-vault + target: + creationPolicy: Owner + deletionPolicy: Delete + name: redhat-appstudio-tekton-catalog-build-definitions-pull-secret + template: + engineVersion: v2 + type: kubernetes.io/dockerconfigjson + data: + .dockerconfigjson: "{{ .config }}" diff --git a/components/tekton-ci/base/repository.yaml b/components/tekton-ci/base/repository.yaml index 442fb425d02..f9463fc3050 100644 --- a/components/tekton-ci/base/repository.yaml +++ b/components/tekton-ci/base/repository.yaml @@ -36,13 +36,6 @@ spec: --- apiVersion: pipelinesascode.tekton.dev/v1alpha1 kind: Repository -metadata: - name: build-definitions -spec: - url: "https://github.com/konflux-ci/build-definitions" ---- -apiVersion: pipelinesascode.tekton.dev/v1alpha1 -kind: Repository metadata: name: jvm-build-service spec: