From 3f304e556868d7e285b9a40b2cca36958f644f10 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Fri, 20 Dec 2024 10:16:38 -0500 Subject: [PATCH] Squeeze under the size limit --- task/buildah-min/0.2/patch.yaml | 36 +++---------------- task/buildah-oci-ta/0.2/buildah-oci-ta.yaml | 28 ++++----------- .../0.2/buildah-remote-oci-ta.yaml | 32 ++++++----------- task/buildah-remote/0.2/buildah-remote.yaml | 33 ++++++----------- task/buildah/0.2/buildah.yaml | 29 ++++----------- 5 files changed, 39 insertions(+), 119 deletions(-) diff --git a/task/buildah-min/0.2/patch.yaml b/task/buildah-min/0.2/patch.yaml index e97ac9aef..488f0b794 100644 --- a/task/buildah-min/0.2/patch.yaml +++ b/task/buildah-min/0.2/patch.yaml @@ -14,45 +14,19 @@ - op: replace path: /spec/steps/0/computeResources/requests/cpu value: 100m -# icm step +# icm, push, and sbom-syft-generate steps - op: replace - path: /spec/steps/1/computeResources/limits/memory + path: /spec/stepTemplate/computeResources/limits/memory value: 2Gi - op: replace - path: /spec/steps/1/computeResources/requests/memory + path: /spec/stepTemplate/computeResources/requests/memory value: 512Mi - op: replace - path: /spec/steps/1/computeResources/limits/cpu + path: /spec/stepTemplate/computeResources/limits/cpu value: 500m - op: replace - path: /spec/steps/1/computeResources/requests/cpu + path: /spec/stepTemplate/computeResources/requests/cpu value: 100m -# push step -- op: replace - path: /spec/steps/2/computeResources/limits/memory - value: 2Gi -- op: replace - path: /spec/steps/2/computeResources/requests/memory - value: 512Mi -- op: replace - path: /spec/steps/2/computeResources/limits/cpu - value: 500m -- op: replace - path: /spec/steps/2/computeResources/requests/cpu - value: 100m -# sbom-syft-generate step -- op: replace - path: /spec/steps/3/computeResources/limits/memory - value: 2Gi -- op: replace - path: /spec/steps/3/computeResources/requests/memory - value: 512Mi -- op: replace - path: /spec/steps/3/computeResources/limits/cpu - value: 1 -- op: replace - path: /spec/steps/3/computeResources/requests/cpu - value: 50m # analyse-dependencies-java-sbom step - op: replace path: /spec/steps/4/computeResources/limits/memory diff --git a/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml b/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml index 31b022c85..d6fde573e 100644 --- a/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml +++ b/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml @@ -175,6 +175,13 @@ spec: - name: workdir emptyDir: {} stepTemplate: + computeResources: + limits: + cpu: "4" + memory: 4Gi + requests: + cpu: "1" + memory: 1Gi env: - name: ACTIVATION_KEY value: $(params.ACTIVATION_KEY) @@ -558,13 +565,6 @@ spec: volumeMounts: - mountPath: /var/lib/containers name: varlibcontainers - computeResources: - limits: - cpu: "4" - memory: 4Gi - requests: - cpu: "1" - memory: 1Gi securityContext: capabilities: add: @@ -618,13 +618,6 @@ spec: echo -n "${IMAGE}@" cat "/var/workdir/image-digest" } >"$(results.IMAGE_REF.path)" - computeResources: - limits: - cpu: "4" - memory: 4Gi - requests: - cpu: "1" - memory: 1Gi securityContext: capabilities: add: @@ -643,13 +636,6 @@ spec: syft dir:"/var/workdir/$SOURCE_CODE_DIR/$CONTEXT" --output cyclonedx-json="/var/workdir/sbom-source.json" echo "Running syft on the image filesystem" syft dir:"$(cat /shared/container_path)" --output cyclonedx-json="/var/workdir/sbom-image.json" - computeResources: - limits: - cpu: "2" - memory: 4Gi - requests: - cpu: 500m - memory: 1Gi - name: analyse-dependencies-java-sbom image: quay.io/redhat-appstudio/hacbs-jvm-build-request-processor:127ee0c223a2b56a9bd20a6f2eaeed3bd6015f77 volumeMounts: diff --git a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml index 2969e43d4..c8a2d40fe 100644 --- a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml +++ b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml @@ -154,7 +154,13 @@ spec: name: SBOM_JAVA_COMPONENTS_COUNT type: string stepTemplate: - computeResources: {} + computeResources: + limits: + cpu: "4" + memory: 4Gi + requests: + cpu: "1" + memory: 1Gi env: - name: ACTIVATION_KEY value: $(params.ACTIVATION_KEY) @@ -648,13 +654,7 @@ spec: workingDir: /var/workdir - args: - $(params.IMAGE) - computeResources: - limits: - cpu: "4" - memory: 4Gi - requests: - cpu: "1" - memory: 1Gi + computeResources: {} image: quay.io/rbean/testing:icm-injection-scripts name: icm securityContext: @@ -665,13 +665,7 @@ spec: - mountPath: /var/lib/containers name: varlibcontainers workingDir: /var/workdir - - computeResources: - limits: - cpu: "4" - memory: 4Gi - requests: - cpu: "1" - memory: 1Gi + - computeResources: {} image: quay.io/konflux-ci/buildah-task:latest@sha256:b2d6c32d1e05e91920cd4475b2761d58bb7ee11ad5dff3ecb59831c7572b4d0c name: push script: | @@ -730,13 +724,7 @@ spec: name: trusted-ca readOnly: true workingDir: /var/workdir - - computeResources: - limits: - cpu: "2" - memory: 4Gi - requests: - cpu: 500m - memory: 1Gi + - computeResources: {} image: registry.access.redhat.com/rh-syft-tech-preview/syft-rhel9:1.4.1@sha256:34d7065427085a31dc4949bd283c001b91794d427e1e4cdf1b21ea4faf9fee3f name: sbom-syft-generate script: | diff --git a/task/buildah-remote/0.2/buildah-remote.yaml b/task/buildah-remote/0.2/buildah-remote.yaml index c48b4f7f8..a6e4cd600 100644 --- a/task/buildah-remote/0.2/buildah-remote.yaml +++ b/task/buildah-remote/0.2/buildah-remote.yaml @@ -145,7 +145,13 @@ spec: central. name: JAVA_COMMUNITY_DEPENDENCIES stepTemplate: - computeResources: {} + computeResources: + limits: + cpu: "4" + memory: 4Gi + requests: + cpu: "1" + memory: 1Gi env: - name: BUILDAH_FORMAT value: oci @@ -358,7 +364,6 @@ spec: BUILD_ARG_FLAGS+=("--build-arg=$build_arg") done - dockerfile-json "${BUILD_ARG_FLAGS[@]}" "$dockerfile_copy" > /shared/parsed_dockerfile.json BASE_IMAGES=$( jq -r '.Stages[] | select(.From | .Stage or .Scratch | not) | .BaseName | select(test("^oci-archive:") | not)' /shared/parsed_dockerfile.json @@ -625,13 +630,7 @@ spec: workingDir: $(workspaces.source.path) - args: - $(params.IMAGE) - computeResources: - limits: - cpu: "4" - memory: 4Gi - requests: - cpu: "1" - memory: 1Gi + computeResources: {} image: quay.io/rbean/testing:icm-injection-scripts name: icm securityContext: @@ -642,13 +641,7 @@ spec: - mountPath: /var/lib/containers name: varlibcontainers workingDir: $(workspaces.source.path) - - computeResources: - limits: - cpu: "4" - memory: 4Gi - requests: - cpu: "1" - memory: 1Gi + - computeResources: {} image: quay.io/konflux-ci/buildah-task:latest@sha256:b2d6c32d1e05e91920cd4475b2761d58bb7ee11ad5dff3ecb59831c7572b4d0c name: push script: | @@ -709,13 +702,7 @@ spec: name: trusted-ca readOnly: true workingDir: $(workspaces.source.path) - - computeResources: - limits: - cpu: "2" - memory: 4Gi - requests: - cpu: 500m - memory: 1Gi + - computeResources: {} image: registry.access.redhat.com/rh-syft-tech-preview/syft-rhel9:1.4.1@sha256:34d7065427085a31dc4949bd283c001b91794d427e1e4cdf1b21ea4faf9fee3f name: sbom-syft-generate script: | diff --git a/task/buildah/0.2/buildah.yaml b/task/buildah/0.2/buildah.yaml index 871d8037b..acfe4b430 100644 --- a/task/buildah/0.2/buildah.yaml +++ b/task/buildah/0.2/buildah.yaml @@ -124,6 +124,13 @@ spec: - name: JAVA_COMMUNITY_DEPENDENCIES description: The Java dependencies that came from community sources such as Maven central. stepTemplate: + computeResources: + limits: + memory: 4Gi + cpu: '4' + requests: + memory: 1Gi + cpu: '1' volumeMounts: - mountPath: /shared name: shared @@ -279,7 +286,6 @@ spec: BUILD_ARG_FLAGS+=("--build-arg=$build_arg") done - dockerfile-json "${BUILD_ARG_FLAGS[@]}" "$dockerfile_copy" > /shared/parsed_dockerfile.json BASE_IMAGES=$( jq -r '.Stages[] | select(.From | .Stage or .Scratch | not) | .BaseName | select(test("^oci-archive:") | not)' /shared/parsed_dockerfile.json @@ -491,13 +497,6 @@ spec: workingDir: $(workspaces.source.path) - name: icm image: quay.io/rbean/testing:icm-injection-scripts - computeResources: - limits: - memory: 4Gi - cpu: '4' - requests: - memory: 1Gi - cpu: '1' securityContext: capabilities: add: @@ -509,13 +508,6 @@ spec: args: [$(params.IMAGE)] - name: push image: quay.io/konflux-ci/buildah-task:latest@sha256:b2d6c32d1e05e91920cd4475b2761d58bb7ee11ad5dff3ecb59831c7572b4d0c - computeResources: - limits: - memory: 4Gi - cpu: '4' - requests: - memory: 1Gi - cpu: '1' script: | #!/bin/bash set -e @@ -577,13 +569,6 @@ spec: # Respect Syft configuration if the user has it in the root of their repository # (need to set the workdir, see https://github.com/anchore/syft/issues/2465) workingDir: $(workspaces.source.path)/source - computeResources: - limits: - memory: 4Gi - cpu: '2' - requests: - memory: 1Gi - cpu: 500m script: | echo "Running syft on the source directory" syft dir:"$(workspaces.source.path)/$SOURCE_CODE_DIR/$CONTEXT" --output cyclonedx-json="$(workspaces.source.path)/sbom-source.json"