Skip to content

Commit

Permalink
Merge pull request #2153 from tecarter94/domain-proxy
Browse files Browse the repository at this point in the history
Domain proxy integration
  • Loading branch information
tecarter94 authored Dec 17, 2024
2 parents be23096 + 52624af commit b57f71e
Show file tree
Hide file tree
Showing 104 changed files with 4,116 additions and 1,523 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/minikube.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ jobs:
export JVM_BUILD_SERVICE_IMAGE=quay.io/$JBS_QUAY_ORG/$JBS_QUAY_IMAGE_CONTROLLER:$JBS_QUAY_IMAGE_TAG
export JVM_BUILD_SERVICE_CACHE_IMAGE=quay.io/$JBS_QUAY_ORG/konflux-jbs-pnc-tenant/jvm-build-service/cache:$JBS_QUAY_IMAGE_TAG
export JVM_BUILD_SERVICE_REQPROCESSOR_IMAGE=quay.io/$JBS_QUAY_ORG/konflux-jbs-pnc-tenant/jvm-build-service/build-request-processor:$JBS_QUAY_IMAGE_TAG
export JVM_BUILD_SERVICE_DOMAIN_PROXY_IMAGE=quay.io/$JBS_QUAY_ORG/konflux-jbs-pnc-tenant/jvm-build-service/domain-proxy:$JBS_QUAY_IMAGE_TAG
echo "Using worker namespace $JBS_WORKER_NAMESPACE DEV_IP $DEV_IP JVM_BUILD_SERVICE_IMAGE $JVM_BUILD_SERVICE_IMAGE"
Expand Down Expand Up @@ -139,6 +140,7 @@ jobs:
export JVM_BUILD_SERVICE_IMAGE=quay.io/$JBS_QUAY_ORG/$JBS_QUAY_IMAGE_CONTROLLER:$JBS_QUAY_IMAGE_TAG
export JVM_BUILD_SERVICE_CACHE_IMAGE=quay.io/$JBS_QUAY_ORG/konflux-jbs-pnc-tenant/jvm-build-service/cache:$JBS_QUAY_IMAGE_TAG
export JVM_BUILD_SERVICE_REQPROCESSOR_IMAGE=quay.io/$JBS_QUAY_ORG/konflux-jbs-pnc-tenant/jvm-build-service/build-request-processor:$JBS_QUAY_IMAGE_TAG
export JVM_BUILD_SERVICE_DOMAIN_PROXY_IMAGE=quay.io/$JBS_QUAY_ORG/konflux-jbs-pnc-tenant/jvm-build-service/domain-proxy:$JBS_QUAY_IMAGE_TAG
echo "Using worker namespace $JBS_WORKER_NAMESPACE DEV_IP $DEV_IP JVM_BUILD_SERVICE_IMAGE $JVM_BUILD_SERVICE_IMAGE"
Expand Down
97 changes: 34 additions & 63 deletions .tekton/domain-proxy-pull-request.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,18 +27,15 @@ spec:
- name: image-expires-after
value: 5d
- name: dockerfile
value: Dockerfile
value: /cmd/domainproxy/docker/Dockerfile.all-in-one
- name: path-context
value: .
pipelineSpec:
description: |
This pipeline is ideal for building container images from a Containerfile while reducing network traffic.
_Uses `buildah` to create a container image. It also optionally creates a source image and runs some build-time tests. EC will flag a violation for [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) if any tasks are added to the pipeline.
This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build?tab=tags)_
finally:
- name: show-sbom
params:
- name: IMAGE_URL
value: $(tasks.build-image-index.results.IMAGE_URL)
value: $(tasks.build-container.results.IMAGE_URL)
taskRef:
params:
- name: name
Expand All @@ -57,7 +54,7 @@ spec:
- name: image-url
value: $(params.output-image)
- name: build-task-status
value: $(tasks.build-image-index.status)
value: $(tasks.build-container.status)
taskRef:
params:
- name: name
Expand Down Expand Up @@ -107,6 +104,10 @@ spec:
description: Build dependencies to be prefetched by Cachi2
name: prefetch-input
type: string
- default: "false"
description: Java build
name: java
type: string
- default: ""
description: Image tag expiration time, time values could be something like
1h, 2d, 3w for hours, days, and weeks, respectively.
Expand All @@ -115,10 +116,6 @@ spec:
description: Build a source image.
name: build-source-image
type: string
- default: "false"
description: Add built image into an OCI image index
name: build-image-index
type: string
- default: []
description: Array of --build-arg values ("arg=value" strings) for buildah
name: build-args
Expand All @@ -130,16 +127,19 @@ spec:
results:
- description: ""
name: IMAGE_URL
value: $(tasks.build-image-index.results.IMAGE_URL)
value: $(tasks.build-container.results.IMAGE_URL)
- description: ""
name: IMAGE_DIGEST
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
value: $(tasks.build-container.results.IMAGE_DIGEST)
- description: ""
name: CHAINS-GIT_URL
value: $(tasks.clone-repository.results.url)
- description: ""
name: CHAINS-GIT_COMMIT
value: $(tasks.clone-repository.results.commit)
- description: ""
name: JAVA_COMMUNITY_DEPENDENCIES
value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES)
tasks:
- name: init
params:
Expand Down Expand Up @@ -252,41 +252,12 @@ spec:
workspaces:
- name: source
workspace: workspace
- name: build-image-index
params:
- name: IMAGE
value: $(params.output-image)
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit)
- name: IMAGE_EXPIRES_AFTER
value: $(params.image-expires-after)
- name: ALWAYS_BUILD_INDEX
value: $(params.build-image-index)
- name: IMAGES
value:
- $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)
runAfter:
- build-container
taskRef:
params:
- name: name
value: build-image-index
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:ebc17bb22481160eec6eb7277df1e48b90f599bebe563cd4f046807f4e32ced3
- name: kind
value: task
resolver: bundles
when:
- input: $(tasks.init.results.build)
operator: in
values:
- "true"
- name: build-source-image
params:
- name: BINARY_IMAGE
value: $(params.output-image)
runAfter:
- build-image-index
- build-container
taskRef:
params:
- name: name
Expand All @@ -311,11 +282,11 @@ spec:
- name: deprecated-base-image-check
params:
- name: IMAGE_URL
value: $(tasks.build-image-index.results.IMAGE_URL)
value: $(tasks.build-container.results.IMAGE_URL)
- name: IMAGE_DIGEST
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
value: $(tasks.build-container.results.IMAGE_DIGEST)
runAfter:
- build-image-index
- build-container
taskRef:
params:
- name: name
Expand All @@ -333,11 +304,11 @@ spec:
- name: clair-scan
params:
- name: image-digest
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
value: $(tasks.build-container.results.IMAGE_DIGEST)
- name: image-url
value: $(tasks.build-image-index.results.IMAGE_URL)
value: $(tasks.build-container.results.IMAGE_URL)
runAfter:
- build-image-index
- build-container
taskRef:
params:
- name: name
Expand All @@ -355,9 +326,9 @@ spec:
- name: ecosystem-cert-preflight-checks
params:
- name: image-url
value: $(tasks.build-image-index.results.IMAGE_URL)
value: $(tasks.build-container.results.IMAGE_URL)
runAfter:
- build-image-index
- build-container
taskRef:
params:
- name: name
Expand All @@ -375,11 +346,11 @@ spec:
- name: sast-snyk-check
params:
- name: image-digest
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
value: $(tasks.build-container.results.IMAGE_DIGEST)
- name: image-url
value: $(tasks.build-image-index.results.IMAGE_URL)
value: $(tasks.build-container.results.IMAGE_URL)
runAfter:
- build-image-index
- build-container
taskRef:
params:
- name: name
Expand All @@ -400,11 +371,11 @@ spec:
- name: clamav-scan
params:
- name: image-digest
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
value: $(tasks.build-container.results.IMAGE_DIGEST)
- name: image-url
value: $(tasks.build-image-index.results.IMAGE_URL)
value: $(tasks.build-container.results.IMAGE_URL)
runAfter:
- build-image-index
- build-container
taskRef:
params:
- name: name
Expand All @@ -422,9 +393,9 @@ spec:
- name: apply-tags
params:
- name: IMAGE
value: $(tasks.build-image-index.results.IMAGE_URL)
value: $(tasks.build-container.results.IMAGE_URL)
runAfter:
- build-image-index
- build-container
taskRef:
params:
- name: name
Expand All @@ -437,15 +408,15 @@ spec:
- name: push-dockerfile
params:
- name: IMAGE
value: $(tasks.build-image-index.results.IMAGE_URL)
value: $(tasks.build-container.results.IMAGE_URL)
- name: IMAGE_DIGEST
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
value: $(tasks.build-container.results.IMAGE_DIGEST)
- name: DOCKERFILE
value: $(params.dockerfile)
- name: CONTEXT
value: $(params.path-context)
runAfter:
- build-image-index
- build-container
taskRef:
params:
- name: name
Expand Down
Loading

0 comments on commit b57f71e

Please sign in to comment.