Merge pull request #1977 from rnc/PIPELINE

Containerbuild / konflux

deploy/base-development.sh

@@ -26,6 +26,9 @@ fi
 if [ -z "$JBS_S3_SYNC_ENABLED" ]; then
     export JBS_S3_SYNC_ENABLED=true
 fi
+if [ -z "$JBS_CONTAINER_BUILDS" ]; then
+    export JBS_CONTAINER_BUILDS=false
+fi
 if [ -z "$JBS_MAX_MEMORY" ]; then
     export JBS_MAX_MEMORY=4096
 fi
@@ -65,6 +68,7 @@ ${GIT_DEPLOY_TOKEN}
 ${GIT_DEPLOY_URL}
 ${GIT_DISABLE_SSL_VERIFICATION}
 ${JBS_BUILD_IMAGE_SECRET}
+${JBS_CONTAINER_BUILDS}
 ${JBS_GIT_CREDENTIALS}
 ${JBS_QUAY_IMAGE}
 ${JBS_MAX_MEMORY}

deploy/base/config.yaml

@@ -5,6 +5,7 @@ metadata:
   name: jvm-build-config
 spec:
   enableRebuilds: true
+  containerBuilds: ${JBS_CONTAINER_BUILDS}
   mavenBaseLocations:
     maven-repository-300-jboss: "https://repository.jboss.org/nexus/content/groups/public/"
     maven-repository-301-confluent: "https://packages.confluent.io/maven"

deploy/console/base/kustomization.yaml

@@ -1,11 +1,13 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
-commonLabels:
-  app: hacbs-jvm-console
 resources:
-  - deployment.yaml
-  - sa.yaml
-  - rbac.yaml
-  - service.yaml
-  - route.yaml
+- deployment.yaml
+- sa.yaml
+- rbac.yaml
+- service.yaml
+- route.yaml
+labels:
+- includeSelectors: true
+  pairs:
+    app: hacbs-jvm-console

deploy/crds/base/jvmbuildservice.io_jbsconfigs.yaml

@@ -92,6 +92,10 @@ spec:
                   workerThreads:
                     type: string
                 type: object
+              containerBuilds:
+                description: Whether to use a standard build pipeline or build in
+                  a Docker container via buildah.
+                type: boolean
               enableRebuilds:
                 type: boolean
               gitSourceArchive:

deploy/minikube-ci.sh

@@ -38,6 +38,7 @@ export JVM_BUILD_SERVICE_IMAGE=quay.io/$QUAY_USERNAME/hacbs-jvm-controller
 # Represents an empty dockerconfig.json
 export JBS_BUILD_IMAGE_SECRET="ewogICAgImF1dGhzIjogewogICAgfQp9Cg==" # notsecret
 export JBS_S3_SYNC_ENABLED="\"false\""
+export JBS_CONTAINER_BUILDS=false
 export JBS_MAX_MEMORY=4096
 
 cat $DIR/base/namespace/namespace.yaml | envsubst '${JBS_WORKER_NAMESPACE}' | kubectl apply -f -
@@ -55,6 +56,7 @@ ${GIT_DEPLOY_TOKEN}
 ${GIT_DEPLOY_URL}
 ${GIT_DISABLE_SSL_VERIFICATION}
 ${JBS_BUILD_IMAGE_SECRET}
+${JBS_CONTAINER_BUILDS}
 ${JBS_GIT_CREDENTIALS}
 ${JBS_QUAY_IMAGE}
 ${JBS_MAX_MEMORY}

deploy/operator/base/kustomization.yaml

@@ -1,11 +1,13 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
-commonLabels:
-  app: hacbs-jvm-operator
 resources:
-  - deployment.yaml
-  - namespace.yaml
-  - sa.yaml
-  - rbac.yaml
-  - metricservice.yaml
+- deployment.yaml
+- namespace.yaml
+- sa.yaml
+- rbac.yaml
+- metricservice.yaml
+labels:
+- includeSelectors: true
+  pairs:
+    app: hacbs-jvm-operator

go.mod

@@ -5,10 +5,9 @@ go 1.22.0
 toolchain go1.22.6
 
 require (
-	github.com/CycloneDX/cyclonedx-go v0.9.0
 	github.com/aws/aws-sdk-go v1.54.19
 	github.com/go-logr/logr v1.4.2
-	github.com/google/go-containerregistry v0.20.1
+	github.com/google/go-containerregistry v0.20.1 // indirect
 	github.com/google/uuid v1.6.0
 	github.com/konflux-ci/image-controller v0.0.0-20240809150447-338fc0d1a859
 	github.com/onsi/gomega v1.34.1
@@ -42,12 +41,8 @@ require (
 	github.com/blendle/zapdriver v1.3.1 // indirect
 	github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/docker/cli v26.1.2+incompatible // indirect
-	github.com/docker/distribution v2.8.3+incompatible // indirect
 	github.com/docker/docker v26.1.5+incompatible // indirect
-	github.com/docker/docker-credential-helpers v0.8.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
@@ -83,7 +78,6 @@ require (
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
-	github.com/klauspost/compress v1.17.4 // indirect
 	github.com/ktr0731/go-ansisgr v0.1.0 // indirect
 	github.com/ktr0731/go-fuzzyfinder v0.8.0 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
@@ -93,28 +87,24 @@ require (
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.15 // indirect
 	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
-	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/moby/term v0.0.0-20221205130635-1aeaba878587 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/nsf/termbox-go v1.1.1 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/common v0.51.1 // indirect
 	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/prometheus/statsd_exporter v0.22.7 // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect
-	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/spf13/cobra v1.8.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/stoewer/go-strcase v1.2.0 // indirect
 	github.com/tektoncd/triggers v0.27.0 // indirect
-	github.com/vbatts/tar-split v0.11.5 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect

go.sum

@@ -48,8 +48,6 @@ github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZ
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/CycloneDX/cyclonedx-go v0.9.0 h1:inaif7qD8bivyxp7XLgxUYtOXWtDez7+j72qKTMQTb8=
-github.com/CycloneDX/cyclonedx-go v0.9.0/go.mod h1:NE/EWvzELOFlG6+ljX/QeMlVt9VKcTwu8u0ccsACEsw=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
 github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 h1:+vx7roKuyA63nhn5WAunQHLTznkw5W8b1Xc0dNjp83s=
 github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2/go.mod h1:HBCaDeC1lPdgDeDbhX8XFpy1jqjK0IBG8W5K+xYqA0w=
@@ -74,8 +72,6 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/blendle/zapdriver v1.3.1 h1:C3dydBOWYRiOk+B8X9IVZ5IOe+7cl+tGOexN4QqHfpE=
 github.com/blendle/zapdriver v1.3.1/go.mod h1:mdXfREi6u5MArG4j9fewC+FGnXaBR+T4Ox4J2u4eHCc=
-github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M=
-github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g=
 github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw=
@@ -522,8 +518,6 @@ github.com/tektoncd/pipeline v0.59.2 h1:hspD31XWToUIFnUFkUitjqGBnW0hd9Q9cVHYbhjp
 github.com/tektoncd/pipeline v0.59.2/go.mod h1:VjXZUGLrOy45B35ufbJZ2DLMt+TSJ3R4ZjKJvi7RWg4=
 github.com/tektoncd/triggers v0.27.0 h1:c55e/YJF6Vs5BEarqDYksFYuR4sFbmAVEqrLNPZvXUk=
 github.com/tektoncd/triggers v0.27.0/go.mod h1:DkkAkdSd9aAW9RklUVyFRKQ8kONmZQw4Ur2G1r3wFQo=
-github.com/terminalstatic/go-xsd-validate v0.1.5 h1:RqpJnf6HGE2CB/lZB1A8BYguk8uRtcvYAPLCF15qguo=
-github.com/terminalstatic/go-xsd-validate v0.1.5/go.mod h1:18lsvYFofBflqCrvo1umpABZ99+GneNTw2kEEc8UPJw=
 github.com/tidwall/gjson v1.12.1 h1:ikuZsLdhr8Ws0IdROXUS1Gi4v9Z4pGqpX/CvJkxvfpo=
 github.com/tidwall/gjson v1.12.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
 github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
@@ -536,12 +530,6 @@ github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C
 github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs=
 github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts=
 github.com/vbatts/tar-split v0.11.5/go.mod h1:yZbwRsSeGjusneWgA781EKej9HF8vme8okylkAeNKLk=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
-github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
-github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ=
 github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=

java-components/build-request-processor/src/main/java/com/redhat/hacbs/container/deploy/BuildVerifyCommand.java

@@ -214,8 +214,7 @@ public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) {
             }
             for (var i : contaminatedGavs.entrySet()) {
                 if (!i.getValue().getAllowed()) {
-                    gavs.removeAll(i.getValue().getContaminatedArtifacts());
-//                    i.getValue().getContaminatedArtifacts().forEach(gavs::remove);
+                    i.getValue().getContaminatedArtifacts().forEach(gavs::remove);
                 }
             }
             generateBuildSbom();
@@ -241,6 +240,7 @@ public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) {
         }
     }
 
+    // TODO: ### For container-builds, should sbom generation be delegated to the task within that? If it supports it?
     private void generateBuildSbom() {
         if (buildInfoPath == null) {
             Log.infof("Not generating build sbom, path not set");

java-components/build-request-processor/src/main/java/com/redhat/hacbs/container/deploy/TagDeployCommand.java

@@ -15,11 +15,11 @@
 
 import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
 import com.amazonaws.auth.profile.ProfileCredentialsProvider;
-import com.amazonaws.regions.Regions;
+import com.amazonaws.regions.Region;
+import com.amazonaws.regions.RegionUtils;
 import com.amazonaws.services.codeartifact.AWSCodeArtifactClientBuilder;
 import com.amazonaws.services.codeartifact.model.GetAuthorizationTokenRequest;
 import com.amazonaws.util.AwsHostNameUtils;
-import com.redhat.hacbs.container.deploy.git.Git;
 import com.redhat.hacbs.container.deploy.mavenrepository.CodeArtifactRepository;
 import com.redhat.hacbs.container.deploy.mavenrepository.MavenRepositoryDeployer;
 
@@ -48,36 +48,6 @@ public class TagDeployCommand implements Runnable {
     @CommandLine.Option(names = "--mvn-repo")
     String mvnRepo;
 
-    @ConfigProperty(name = "git.deploy.token")
-    Optional<String> gitToken;
-
-    // If endpoint is null then default GitHub API endpoint is used. Otherwise:
-    // for GitHub, endpoint like https://api.github.com
-    // for GitLib, endpoint like https://gitlab.com
-    @CommandLine.Option(names = "--git-url")
-    String gitURL;
-
-    @CommandLine.Option(names = "--git-identity")
-    String gitIdentity;
-
-    @CommandLine.Option(names = "--git-disable-ssl-verification")
-    boolean gitDisableSSLVerification;
-
-    @CommandLine.Option(names = "--git-reuse-repository")
-    boolean reuseRepository;
-
-    @CommandLine.Option(names = "--image-id")
-    String imageId;
-
-    @CommandLine.Option(required = true, names = "--scm-uri")
-    String scmUri;
-
-    @CommandLine.Option(required = true, names = "--scm-commit")
-    String commit;
-
-    @CommandLine.Option(required = true, names = "--source-path")
-    Path sourcePath;
-
     @Inject
     BootstrapMavenContext mvnCtx;
 
@@ -86,21 +56,6 @@ public void run() {
 
             var deploymentPath = Path.of(artifactDirectory);
 
-            // TODO: Should we write out to a 'DependencyPipelineResults' a GitArchive?
-            Git.GitStatus archivedSourceTags = new Git.GitStatus();
-            // Save the source first regardless of deployment checks
-            if (isNotEmpty(gitIdentity) && gitToken.isPresent()) {
-                var git = Git.builder(gitURL, gitIdentity, gitToken.get(), gitDisableSSLVerification);
-                if (reuseRepository) {
-                    git.initialise(scmUri);
-                } else {
-                    Log.warnf("Not reusing repository; creating under %s", scmUri);
-                    git.create(scmUri);
-                }
-                Log.infof("Pushing changes back to URL %s", git.getName());
-                archivedSourceTags = git.add(sourcePath, commit, imageId);
-            }
-
             if (!deploymentPath.toFile().exists()) {
                 Log.warnf("No deployed artifacts found. Has the build been correctly configured to deploy?");
                 throw new RuntimeException("Deploy failed");
@@ -127,11 +82,11 @@ public void run() {
                         String domainOwner = repo.substring(firstDash + 1, repo.indexOf("."));
                         Log.infof("Generating AWS token for domain %s, owner %s, region %s", domain, domainOwner, parsedRegion);
 
-                        Regions region = Regions.fromName(parsedRegion);
+                        Region region = RegionUtils.getRegion(parsedRegion);
                         var awsClient = AWSCodeArtifactClientBuilder.standard()
                                 .withCredentials(awsProfile.isEmpty() ? DefaultAWSCredentialsProviderChain.getInstance()
                                         : new ProfileCredentialsProvider(awsProfile.get()))
-                                .withRegion(region).build();
+                                .withRegion(region.getName()).build();
                         mvnPassword = Optional.of(awsClient.getAuthorizationToken(
                                 new GetAuthorizationTokenRequest().withDomain(domain).withDomainOwner(domainOwner))
                                 .getAuthorizationToken());

java-components/resource-model/src/main/resources/crds/jvmbuildservice.io_jbsconfigs.yaml

@@ -92,6 +92,10 @@ spec:
                   workerThreads:
                     type: string
                 type: object
+              containerBuilds:
+                description: Whether to use a standard build pipeline or build in
+                  a Docker container via buildah.
+                type: boolean
               enableRebuilds:
                 type: boolean
               gitSourceArchive: