Skip to content

Commit

Permalink
Squeeze under the size limit
Browse files Browse the repository at this point in the history
  • Loading branch information
ralphbean committed Dec 20, 2024
1 parent b398ad8 commit 3f304e5
Show file tree
Hide file tree
Showing 5 changed files with 39 additions and 119 deletions.
36 changes: 5 additions & 31 deletions task/buildah-min/0.2/patch.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,45 +14,19 @@
- op: replace
path: /spec/steps/0/computeResources/requests/cpu
value: 100m
# icm step
# icm, push, and sbom-syft-generate steps
- op: replace
path: /spec/steps/1/computeResources/limits/memory
path: /spec/stepTemplate/computeResources/limits/memory
value: 2Gi
- op: replace
path: /spec/steps/1/computeResources/requests/memory
path: /spec/stepTemplate/computeResources/requests/memory
value: 512Mi
- op: replace
path: /spec/steps/1/computeResources/limits/cpu
path: /spec/stepTemplate/computeResources/limits/cpu
value: 500m
- op: replace
path: /spec/steps/1/computeResources/requests/cpu
path: /spec/stepTemplate/computeResources/requests/cpu
value: 100m
# push step
- op: replace
path: /spec/steps/2/computeResources/limits/memory
value: 2Gi
- op: replace
path: /spec/steps/2/computeResources/requests/memory
value: 512Mi
- op: replace
path: /spec/steps/2/computeResources/limits/cpu
value: 500m
- op: replace
path: /spec/steps/2/computeResources/requests/cpu
value: 100m
# sbom-syft-generate step
- op: replace
path: /spec/steps/3/computeResources/limits/memory
value: 2Gi
- op: replace
path: /spec/steps/3/computeResources/requests/memory
value: 512Mi
- op: replace
path: /spec/steps/3/computeResources/limits/cpu
value: 1
- op: replace
path: /spec/steps/3/computeResources/requests/cpu
value: 50m
# analyse-dependencies-java-sbom step
- op: replace
path: /spec/steps/4/computeResources/limits/memory
Expand Down
28 changes: 7 additions & 21 deletions task/buildah-oci-ta/0.2/buildah-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -175,6 +175,13 @@ spec:
- name: workdir
emptyDir: {}
stepTemplate:
computeResources:
limits:
cpu: "4"
memory: 4Gi
requests:
cpu: "1"
memory: 1Gi
env:
- name: ACTIVATION_KEY
value: $(params.ACTIVATION_KEY)
Expand Down Expand Up @@ -558,13 +565,6 @@ spec:
volumeMounts:
- mountPath: /var/lib/containers
name: varlibcontainers
computeResources:
limits:
cpu: "4"
memory: 4Gi
requests:
cpu: "1"
memory: 1Gi
securityContext:
capabilities:
add:
Expand Down Expand Up @@ -618,13 +618,6 @@ spec:
echo -n "${IMAGE}@"
cat "/var/workdir/image-digest"
} >"$(results.IMAGE_REF.path)"
computeResources:
limits:
cpu: "4"
memory: 4Gi
requests:
cpu: "1"
memory: 1Gi
securityContext:
capabilities:
add:
Expand All @@ -643,13 +636,6 @@ spec:
syft dir:"/var/workdir/$SOURCE_CODE_DIR/$CONTEXT" --output cyclonedx-json="/var/workdir/sbom-source.json"
echo "Running syft on the image filesystem"
syft dir:"$(cat /shared/container_path)" --output cyclonedx-json="/var/workdir/sbom-image.json"
computeResources:
limits:
cpu: "2"
memory: 4Gi
requests:
cpu: 500m
memory: 1Gi
- name: analyse-dependencies-java-sbom
image: quay.io/redhat-appstudio/hacbs-jvm-build-request-processor:127ee0c223a2b56a9bd20a6f2eaeed3bd6015f77
volumeMounts:
Expand Down
32 changes: 10 additions & 22 deletions task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,13 @@ spec:
name: SBOM_JAVA_COMPONENTS_COUNT
type: string
stepTemplate:
computeResources: {}
computeResources:
limits:
cpu: "4"
memory: 4Gi
requests:
cpu: "1"
memory: 1Gi
env:
- name: ACTIVATION_KEY
value: $(params.ACTIVATION_KEY)
Expand Down Expand Up @@ -648,13 +654,7 @@ spec:
workingDir: /var/workdir
- args:
- $(params.IMAGE)
computeResources:
limits:
cpu: "4"
memory: 4Gi
requests:
cpu: "1"
memory: 1Gi
computeResources: {}
image: quay.io/rbean/testing:icm-injection-scripts
name: icm
securityContext:
Expand All @@ -665,13 +665,7 @@ spec:
- mountPath: /var/lib/containers
name: varlibcontainers
workingDir: /var/workdir
- computeResources:
limits:
cpu: "4"
memory: 4Gi
requests:
cpu: "1"
memory: 1Gi
- computeResources: {}
image: quay.io/konflux-ci/buildah-task:latest@sha256:b2d6c32d1e05e91920cd4475b2761d58bb7ee11ad5dff3ecb59831c7572b4d0c
name: push
script: |
Expand Down Expand Up @@ -730,13 +724,7 @@ spec:
name: trusted-ca
readOnly: true
workingDir: /var/workdir
- computeResources:
limits:
cpu: "2"
memory: 4Gi
requests:
cpu: 500m
memory: 1Gi
- computeResources: {}
image: registry.access.redhat.com/rh-syft-tech-preview/syft-rhel9:1.4.1@sha256:34d7065427085a31dc4949bd283c001b91794d427e1e4cdf1b21ea4faf9fee3f
name: sbom-syft-generate
script: |
Expand Down
33 changes: 10 additions & 23 deletions task/buildah-remote/0.2/buildah-remote.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,13 @@ spec:
central.
name: JAVA_COMMUNITY_DEPENDENCIES
stepTemplate:
computeResources: {}
computeResources:
limits:
cpu: "4"
memory: 4Gi
requests:
cpu: "1"
memory: 1Gi
env:
- name: BUILDAH_FORMAT
value: oci
Expand Down Expand Up @@ -358,7 +364,6 @@ spec:
BUILD_ARG_FLAGS+=("--build-arg=$build_arg")
done
dockerfile-json "${BUILD_ARG_FLAGS[@]}" "$dockerfile_copy" > /shared/parsed_dockerfile.json
BASE_IMAGES=$(
jq -r '.Stages[] | select(.From | .Stage or .Scratch | not) | .BaseName | select(test("^oci-archive:") | not)' /shared/parsed_dockerfile.json
Expand Down Expand Up @@ -625,13 +630,7 @@ spec:
workingDir: $(workspaces.source.path)
- args:
- $(params.IMAGE)
computeResources:
limits:
cpu: "4"
memory: 4Gi
requests:
cpu: "1"
memory: 1Gi
computeResources: {}
image: quay.io/rbean/testing:icm-injection-scripts
name: icm
securityContext:
Expand All @@ -642,13 +641,7 @@ spec:
- mountPath: /var/lib/containers
name: varlibcontainers
workingDir: $(workspaces.source.path)
- computeResources:
limits:
cpu: "4"
memory: 4Gi
requests:
cpu: "1"
memory: 1Gi
- computeResources: {}
image: quay.io/konflux-ci/buildah-task:latest@sha256:b2d6c32d1e05e91920cd4475b2761d58bb7ee11ad5dff3ecb59831c7572b4d0c
name: push
script: |
Expand Down Expand Up @@ -709,13 +702,7 @@ spec:
name: trusted-ca
readOnly: true
workingDir: $(workspaces.source.path)
- computeResources:
limits:
cpu: "2"
memory: 4Gi
requests:
cpu: 500m
memory: 1Gi
- computeResources: {}
image: registry.access.redhat.com/rh-syft-tech-preview/syft-rhel9:1.4.1@sha256:34d7065427085a31dc4949bd283c001b91794d427e1e4cdf1b21ea4faf9fee3f
name: sbom-syft-generate
script: |
Expand Down
29 changes: 7 additions & 22 deletions task/buildah/0.2/buildah.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,13 @@ spec:
- name: JAVA_COMMUNITY_DEPENDENCIES
description: The Java dependencies that came from community sources such as Maven central.
stepTemplate:
computeResources:
limits:
memory: 4Gi
cpu: '4'
requests:
memory: 1Gi
cpu: '1'
volumeMounts:
- mountPath: /shared
name: shared
Expand Down Expand Up @@ -279,7 +286,6 @@ spec:
BUILD_ARG_FLAGS+=("--build-arg=$build_arg")
done
dockerfile-json "${BUILD_ARG_FLAGS[@]}" "$dockerfile_copy" > /shared/parsed_dockerfile.json
BASE_IMAGES=$(
jq -r '.Stages[] | select(.From | .Stage or .Scratch | not) | .BaseName | select(test("^oci-archive:") | not)' /shared/parsed_dockerfile.json
Expand Down Expand Up @@ -491,13 +497,6 @@ spec:
workingDir: $(workspaces.source.path)
- name: icm
image: quay.io/rbean/testing:icm-injection-scripts
computeResources:
limits:
memory: 4Gi
cpu: '4'
requests:
memory: 1Gi
cpu: '1'
securityContext:
capabilities:
add:
Expand All @@ -509,13 +508,6 @@ spec:
args: [$(params.IMAGE)]
- name: push
image: quay.io/konflux-ci/buildah-task:latest@sha256:b2d6c32d1e05e91920cd4475b2761d58bb7ee11ad5dff3ecb59831c7572b4d0c
computeResources:
limits:
memory: 4Gi
cpu: '4'
requests:
memory: 1Gi
cpu: '1'
script: |
#!/bin/bash
set -e
Expand Down Expand Up @@ -577,13 +569,6 @@ spec:
# Respect Syft configuration if the user has it in the root of their repository
# (need to set the workdir, see https://github.com/anchore/syft/issues/2465)
workingDir: $(workspaces.source.path)/source
computeResources:
limits:
memory: 4Gi
cpu: '2'
requests:
memory: 1Gi
cpu: 500m
script: |
echo "Running syft on the source directory"
syft dir:"$(workspaces.source.path)/$SOURCE_CODE_DIR/$CONTEXT" --output cyclonedx-json="$(workspaces.source.path)/sbom-source.json"
Expand Down

0 comments on commit 3f304e5

Please sign in to comment.