From 7946097c40659aab4ea9b4a51f6a19bfff2d705e Mon Sep 17 00:00:00 2001 From: Rishab Prasad Date: Fri, 13 Dec 2024 12:54:01 +0530 Subject: [PATCH 1/3] add test workflow --- ...rhoai-fbc-fragment-v2-16-pull-request.yaml | 504 ++++++++++++++++++ 1 file changed, 504 insertions(+) create mode 100644 .tekton/rhoai-fbc-fragment-v2-16-pull-request.yaml diff --git a/.tekton/rhoai-fbc-fragment-v2-16-pull-request.yaml b/.tekton/rhoai-fbc-fragment-v2-16-pull-request.yaml new file mode 100644 index 000000000..285ab67b7 --- /dev/null +++ b/.tekton/rhoai-fbc-fragment-v2-16-pull-request.yaml @@ -0,0 +1,504 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/red-hat-data-services/RHOAI-Build-Config?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "rhoai-2.16" + creationTimestamp: + labels: + appstudio.openshift.io/application: rhoai-v2-16 + appstudio.openshift.io/component: rhoai-fbc-fragment-v2-16 + pipelines.appstudio.openshift.io/type: build + name: rhoai-fbc-fragment-v2-16-on-schedule + namespace: rhoai-tenant +spec: + params: + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/rhoai/rhoai-fbc-fragment:{{target_branch}} + - name: build-platforms + value: + - linux/x86_64 + - name: dockerfile + value: Dockerfile + - name: path-context + value: catalog/v4.13 + - name: build-args-file + value: catalog/catalog_build_args.map + pipelineSpec: + description: | + This pipeline is ideal for building and verifying [file-based catalogs](https://konflux-ci.dev/docs/advanced-how-tos/building-olm.adoc#building-the-file-based-catalog). + + _Uses `buildah` to create a container image. Its build-time tests are limited to verifying the included catalog and do not scan the image. + This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-fbc-builder?tab=tags)_ + finally: + - name: show-sbom + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + taskRef: + params: + - name: name + value: show-sbom + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 + - name: kind + value: task + resolver: bundles + - name: send-slack-notification + params: + - name: message + value: "$(tasks.rhoai-init.results.slack-message-failure-text)" + - name: secret-name + value: rhoai-konflux-secret + - name: key-name + value: slack-webhook + taskRef: + params: + - name: name + value: slack-webhook-notification + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-slack-webhook-notification:0.1@sha256:dc17b70633363d78414b8c06dc1660d25742935f106a6116995638e1210c2730 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.status) + operator: in + values: + - "Failed" + - name: share-fbc-details + params: + - name: message + value: "$(tasks.prepare-slack-message.results.slack-message-sucess-text)" + - name: secret-name + value: rhoai-konflux-secret + - name: key-name + value: slack-webhook + taskRef: + params: + - name: name + value: slack-webhook-notification + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-slack-webhook-notification:0.1@sha256:dc17b70633363d78414b8c06dc1660d25742935f106a6116995638e1210c2730 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.status) + operator: in + values: + - "Completed" + - "Succeeded" + - name: custom-task + params: + - name: pipelinerun-name + value: "$(context.pipelineRun.name)" + - name: fbc-check-status + value: "$(tasks.fbc-related-image-check.status)" + - name: overall-task-status + value: "$(tasks.status)" + taskSpec: + steps: + - image: quay.io/rhoai-konflux/alpine:latest + name: rhoai-init + script: | + pipelinerun_name=$(params.pipelinerun-name) + fbc_check_status=$(params.fbc-check-status) + overall_task_status=$(params.overall-task-status) + + echo "pipelinerun-name = $pipelinerun_name" + echo "fbc_check_status = $fbc_check_status" + echo "overall_task_status-name = $overall_task_status" + + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: Path to the source code of an application's component from where to build image. + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile inside the context specified by parameter path-context + name: dockerfile + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "true" + description: Skip checks against built image + name: skip-checks + type: string + - default: "true" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched by Cachi2 + name: prefetch-input + type: string + - default: "" + description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. + name: image-expires-after + - default: "false" + description: Build a source image. + name: build-source-image + type: string + - default: "false" + description: Add built image into an OCI image index + name: build-image-index + type: string + - default: [] + description: Array of --build-arg values ("arg=value" strings) for buildah + name: build-args + type: array + - default: "" + description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file + name: build-args-file + type: string + - default: + - linux/x86_64 + description: List of platforms to build the container images on. The available + set of values is determined by the configuration of the multi-platform-controller. + name: build-platforms + type: array + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + tasks: + - name: rhoai-init + params: + - name: pipelinerun-name + value: "$(context.pipelineRun.name)" + taskSpec: + results: + - description: Notification text to be posted to slack + name: slack-message-failure-text + steps: + - image: quay.io/rhoai-konflux/alpine:latest + name: rhoai-init + env: + - name: slack_message + valueFrom: + secretKeyRef: + name: rhoai-konflux-secret + key: slack-component-failure-notification + script: | + pipelinerun_name=$(params.pipelinerun-name) + target_branch={{target_branch}} + echo "pipelinerun-name = $pipelinerun_name" + + application_name=${target_branch/rhoai-/} + application_name=rhoai-v${application_name/./-} + echo "application-name = $application_name" + + component_name=${pipelinerun_name/-on-*/} + echo "component-name = $component_name" + + KONFLUX_SERVER="https://konflux.apps.stone-prod-p02.hjvn.p1.openshiftapps.com" + build_url="${KONFLUX_SERVER}/application-pipeline/workspaces/rhoai/applications/${application_name}/pipelineruns/${pipelinerun_name}/logs" + + build_time="$(date +%Y-%m-%dT%H:%M:%S)" + + slack_message=${slack_message/__BUILD__URL__/$build_url} + slack_message=${slack_message/__PIPELINERUN__NAME__/$pipelinerun_name} + slack_message=${slack_message/__BUILD__TIME__/$build_time} + + echo -en "${slack_message}" > "$(results.slack-message-failure-text.path)" + - name: init + params: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: skip-checks + value: "false" #"$(params.skip-checks) + taskRef: + params: + - name: name + value: init + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:60063fefe88e111d129cb59caff97c912722927c8a0f750253553d4c527a2396 + - name: kind + value: task + resolver: bundles + runAfter: + - rhoai-init + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + - name: ociStorage + value: $(params.output-image).git + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) + runAfter: + - init + taskRef: + params: + - name: name + value: git-clone-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:8ab0c7a7ac4a4c59740a24304e17cc64fe8745376d19396c4660fc0e1a957a1b + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image).prefetch + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: prefetch-dependencies-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:3e51d7c477ba00bd0c7de2d8f89269131646d2582e631b9aee91fb4b022d4555 + - name: kind + value: task + resolver: bundles + workspaces: + - name: git-basic-auth + workspace: git-auth + - name: netrc + workspace: netrc + - name: build-images + matrix: + params: + - name: PLATFORM + value: + - $(params.build-platforms) + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + - name: IMAGE_APPEND_PLATFORM + value: "true" + - name: LABELS + value: + - version=v2.16.1 + - url=$(params.git-url) + - git.url=$(params.git-url) + - git.commit=$(params.revision) + - release='$(tasks.clone-repository.results.commit-timestamp)' + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: buildah-remote-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.2@sha256:1f23a1a77a256fb5672d043a46a4a8b912cfe9b256502ae1a92dd9d4feb38440 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - name: build-image-index + params: + - name: IMAGE + value: $(params.output-image) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: ALWAYS_BUILD_INDEX + value: $(params.build-image-index) + - name: IMAGES + value: + - $(tasks.build-images.results.IMAGE_REF[*]) + runAfter: + - build-images + taskRef: + params: + - name: name + value: build-image-index + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:37328a4b2fc686435531ba423c26c2051822a4e70b06088c4d8eaf0e8fa6d65b + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - name: deprecated-base-image-check + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:5a1a165fa02270f0a947d8a2131ee9d8be0b8e9d34123828c2bef589e504ee84 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: apply-tags + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: ADDITIONAL_TAGS + value: + - '{{target_branch}}-{{revision}}' + - '{{target_branch}}-nightly' + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:0767c115d4ba4854d106c9cdfabdc1f1298bc2742a3fea4fefbac4b9c5873d6e + - name: kind + value: task + resolver: bundles + - name: validate-fbc + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: validate-fbc + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-validate-fbc:0.1@sha256:84f0ba9ac7428e14e3d1ac0f67dc1bea950095724fd0ab2e6e2622c8f0364637 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: prepare-slack-message + params: + - name: pipelinerun-name + value: "$(context.pipelineRun.name)" + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + taskSpec: + results: + - description: Notification text to be posted to slack + name: slack-message-sucess-text + steps: + - image: alpine + name: rhoai-init + script: | + pipelinerun_name=$(params.pipelinerun-name) + target_branch={{target_branch}} + echo "pipelinerun-name = $pipelinerun_name" + + application_name=${target_branch/rhoai-/} + application_name=rhoai-v${application_name/./-} + echo "application-name = $application_name" + + component_name=${pipelinerun_name/-on-*/} + echo "component-name = $component_name" + + KONFLUX_SERVER="https://konflux.apps.stone-prod-p02.hjvn.p1.openshiftapps.com" + build_url="${KONFLUX_SERVER}/application-pipeline/workspaces/rhoai/applications/${application_name}/pipelineruns/${pipelinerun_name}/logs" + + alertEmoji=":nightly:" + build_time="$(date +%Y-%m-%dT%H:%M:%S)" + slack_message="${alertEmoji} A new *nightly build* is available for ${target_branch}: ${build_time}" + slack_message=$(echo -e "${slack_message}\nImage: $(params.image-url)@$(params.image-digest)") + slack_message=$(echo -e "${slack_message}\n<${build_url}|${pipelinerun_name}>") + + echo -n "${slack_message}" > "$(results.slack-message-sucess-text.path)" + + runAfter: + - build-image-index + workspaces: + - name: git-auth + optional: true + - name: netrc + optional: true + taskRunTemplate: {} + workspaces: + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} From 82098654fcb5ac781edebf87d9095c0f265b8999 Mon Sep 17 00:00:00 2001 From: Rishab Prasad Date: Fri, 13 Dec 2024 12:56:03 +0530 Subject: [PATCH 2/3] fix --- .tekton/rhoai-fbc-fragment-v2-16-pull-request.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.tekton/rhoai-fbc-fragment-v2-16-pull-request.yaml b/.tekton/rhoai-fbc-fragment-v2-16-pull-request.yaml index 285ab67b7..3c8d9419c 100644 --- a/.tekton/rhoai-fbc-fragment-v2-16-pull-request.yaml +++ b/.tekton/rhoai-fbc-fragment-v2-16-pull-request.yaml @@ -12,7 +12,7 @@ metadata: appstudio.openshift.io/application: rhoai-v2-16 appstudio.openshift.io/component: rhoai-fbc-fragment-v2-16 pipelines.appstudio.openshift.io/type: build - name: rhoai-fbc-fragment-v2-16-on-schedule + name: rhoai-fbc-fragment-v2-16-on-pull-request namespace: rhoai-tenant spec: params: From 234b95d7ea327e5938623c41c4d9d0e7504bb76f Mon Sep 17 00:00:00 2001 From: Rishab Prasad Date: Fri, 13 Dec 2024 13:01:09 +0530 Subject: [PATCH 3/3] fix --- .tekton/rhoai-fbc-fragment-v2-16-pull-request.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.tekton/rhoai-fbc-fragment-v2-16-pull-request.yaml b/.tekton/rhoai-fbc-fragment-v2-16-pull-request.yaml index 3c8d9419c..fe67d0110 100644 --- a/.tekton/rhoai-fbc-fragment-v2-16-pull-request.yaml +++ b/.tekton/rhoai-fbc-fragment-v2-16-pull-request.yaml @@ -101,7 +101,7 @@ spec: - name: pipelinerun-name value: "$(context.pipelineRun.name)" - name: fbc-check-status - value: "$(tasks.fbc-related-image-check.status)" + value: "$(tasks.validate-fbc.status)" - name: overall-task-status value: "$(tasks.status)" taskSpec: