cachi2: run cachi2

Add cachi2 step that: - fetches deps - create env file and env json - make source archives - remove git (option to keep git will be added later) - merge sboms into single one Signed-off-by: Martin Basti <[email protected]>
containerbuildsystem · Oct 18, 2024 · d44b461 · d44b461
1 parent 793fd18
commit d44b461
Showing 1 changed file with 66 additions and 0 deletions.
diff --git a/tekton/tasks/binary-container-cachi2.yaml b/tekton/tasks/binary-container-cachi2.yaml
@@ -15,6 +15,9 @@ spec:
     - name: user-params
       type: string
       description: User parameters in JSON format
+    - name: log-level
+      description: Set cachi2 log level (debug, info, warning, error)
+      default: "info"
 
   workspaces:
     - name: ws-build-dir
@@ -51,3 +54,66 @@ spec:
           --namespace=$(context.taskRun.namespace) \
           --pipeline-run-name="$(params.pipeline-run-name)" \
           binary-container-cachi2-init
+    - name: binary-container-cachi2-run
+      image: "quay.io/redhat-appstudio/cachi2:latest"  # TODO: configurable image
+      env:
+        - name: LOG_LEVEL
+          value: $(params.log-level)
+      workingDir: $(workspaces.ws-home-dir.path)
+      resources:
+        requests:
+          memory: 512Mi
+          cpu: 250m
+        limits:
+          memory: 1Gi
+          cpu: 395m
+      script: |
+        #!/usr/bin/bash
+        set -eux
+        CACHI2_DIR="$(workspaces.ws-build-dir.path)/_cachi2_remote_sources"
+
+        if [ ! -d "$CACHI2_DIR" ]; then
+          echo "Skipping step: remote sources not found"
+          exit 0
+        fi
+
+        SBOMS=()
+
+        # Process each remote source
+        for SOURCE_DIR in "${CACHI2_DIR}/*/"
+        do
+          pushd "${SOURCE_DIR}"
+
+          FOR_OUTPUT_DIR="$(cat cachi2_for_output_dir_opt.txt)"
+
+          cachi2 --log-level="$LOG_LEVEL" fetch-deps \
+            --source="app/" \
+            --output="deps/" \
+            "$(cat cachi2_pkg_options.json)"
+
+          SBOMS+=("${SOURCE_DIR}/deps/bom.json")
+
+          cachi2 --log-level="$LOG_LEVEL" generate-env "deps/" \
+            --format json \
+            --for-output-dir="${FOR_OUTPUT_DIR}" \
+            --output "cachi2.env.json"
+
+          rm -fr app/.git/   # remove git directory
+
+          # create source archive before injecting files
+          tar -czf remote-source.tar.gz app/ deps/
+
+          cachi2 --log-level="$LOG_LEVEL" inject-files "deps/" \
+            --for-output-dir="${FOR_OUTPUT_DIR}"
+
+          popd
+        done
+
+        if [ "${#SBOMS[@]}" -gt 1 ]; then
+          # merge multiple sboms into single one
+          cachi2 --log-level="$LOG_LEVEL" merge-sboms ${SBOMS[@]} \
+            --output "${CACHI2_DIR}/bom.json"
+        else
+          # single SBOM is the final SBOM
+          cp "${SBOMS[0]}" "${CACHI2_DIR}/bom.json"
+        fi