diff --git a/SCENARIO.md b/SCENARIO.md index 2441229a..3eb6455f 100644 --- a/SCENARIO.md +++ b/SCENARIO.md @@ -1,640 +1,116 @@ # Scenario This document is generated by the job \'.github/workflows/publish-pipelines.yml\' using the [configurations](configurations/) files ! -## konflux +## tekton -### Build +### Example -#### PipelineRun performing a build of a Quarkus application using a bash script +#### Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye and sharing the message using a workspace Command to be executed: ```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/konflux/build-bash-jam-cfg.yaml +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-two-actions-worskpace-cfg.yaml ``` using as configuration: ```yaml -# configurations/konflux/build-bash-jam-cfg.yaml - -# The type will be used by the application to generate the resources for the selected provider: konflux, tekton -type: konflux -domain: build -namespace: user-ns1 +# configurations/tekton/simple-job-two-actions-worskpace-cfg.yaml -repository: - url: https://github.com/ch007m/new-quarkus-app-1 - dockerfilePath: src/main/docker/Dockerfile.jvm +type: tekton +domain: example -# To generate the Application and/or Component CR -application: - name: my-quarkus - enable: false -component: - name: quarkus-1 - enable: false +namespace: demo job: + name: simple-job-two-actions-wks + description: Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye and sharing the message using a workspace resourceType: PipelineRun - name: quarkus-1-on-push - description: PipelineRun performing a build of a Quarkus application using a bash script - workspaces: - - name: workspace - volumeClaimTemplate: - storage: 1Gi - accessMode: ReadWriteOnce - - name: git-auth - secret: - name: "{{ git_auth_secret }}" - - results: - - IMAGE_URL: "$(tasks.build-container.results.IMAGE_URL)" - - IMAGE_DIGEST: "$(tasks.build-container.results.IMAGE_DIGEST)" - - BASE_IMAGES_DIGESTS: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" - - CHAINS-GIT_URL: "$(tasks.clone-repository.results.url)" - - CHAINS-GIT_COMMIT: "$(tasks.clone-repository.results.commit)" - - params: - - git-url: "{{source_url}}" - - revision: "{{revision}}" - - output-image: "quay.io/ch007m/user-ns1/my-quarkus/quarkus-1:{{revision}}" - - image-expires-after: "5d" - - build-image-index: "" - # We need the following parameters when defined part of the PipelineSpec with default value and used by a task - - build-source-image: false - - prefetch-input: "" - - # Buildpack params - - source-dir: "source" - - imageUrl: "buildpacksio/pack" - - imageTag: "latest" - - packCmdBuilderFlags: - - build - - -B - - quay.io/snowdrop/ubi-builder - - -e - - BP_JVM_VERSION=21 - - quarkus-hello:1.0 + - name: shared-wks + volumeClaimTemplate: + storage: 1Gi + accessMode: ReadWriteOnce actions: - # Finally - - name: show-sbom - finally: true - ref: bundle://quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:9bfc6b99ef038800fe131d7b45ff3cd4da3a415dd536f7c657b3527b01c4a13b - params: - - IMAGE_URL: "$(tasks.build-container.results.IMAGE_URL)" - - - name: summary # Konflux uses as name show-summary !! - finally: true - ref: bundle://quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:d97c04ab42f277b1103eb6f3a053b247849f4f5b3237ea302a8ecada3b24e15b - params: - - pipelinerun-name: "$(context.pipelineRun.name)" - - git-url: "$(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit)" - - image-url: "$(params.output-image)" - - build-task-status: "$(tasks.build-container.status)" - - # Tasks - - name: jam - params: - - JAM_VERSION: "v2.9.0" - - results: - - IMAGE_URL: "Image repository where the built image was pushed" - - IMAGE_DIGEST: "Digest of the image just built" - - BASE_IMAGES_DIGESTS: "Digests of the base images used for build" - - args: - - "$(params.packCmdBuilderFlags)" - + - name: say-hello script: | #!/usr/bin/env bash - set -e - - function util::tools::os() { - case "$(uname)" in - "Darwin") - echo "${1:-darwin}" - ;; - - "Linux") - echo "linux" - ;; - - *) - util::print::error "Unknown OS \"$(uname)\"" - exit 1 - esac - } - - function util::tools::arch() { - case "$(uname -m)" in - arm64|aarch64) - echo "arm64" - ;; - - amd64|x86_64) - if [[ "${1:-}" == "--blank-amd64" ]]; then - echo "" - elif [[ "${1:-}" == "--uname-format-amd64" ]]; then - echo "x86_64" - else - echo "amd64" - fi - ;; - - *) - util::print::error "Unknown Architecture \"$(uname -m)\"" - exit 1 - esac - } - - outputDir="/usr/local/bin/" - curl_args=( - "--fail" - "--silent" - "--location" - "--output" "${outputDir}/jam" - ) - - os=$(util::tools::os) - arch=$(util::tools::arch) - - echo "Installing jam $(params.JAM_VERSION)" - curl "https://github.com/paketo-buildpacks/jam/releases/download/$(params.JAM_VERSION)/jam-${os}-${arch}" \ - "${curl_args[@]}" - chmod +x ${outputDir}/jam - jam version - - echo "This is a test demo - 1" - - stack_dirpath="." - cat < ${stack_dirpath}/stack.toml - id = "io.buildpacks.stacks.ubi8" - homepage = "https://github.com/paketo-community/ubi-base-stack" - maintainer = "Paketo Community" - - platforms = ["linux/amd64"] - - [build] - description = "base build ubi8 image to support buildpacks" - dockerfile = "./build.Dockerfile" - gid = 1000 - shell = "/bin/bash" - uid = 1002 - - [build.args] - - [run] - description = "base run ubi8 image to support buildpacks" - dockerfile = "./run.Dockerfile" - gid = 1000 - shell = "/bin/bash" - uid = 1001 - - [run.args] - EOF - - cat < ${stack_dirpath}/build.Dockerfile - FROM registry.access.redhat.com/ubi8/ubi-minimal:latest - EOF - - cat < ${stack_dirpath}/run.Dockerfile - FROM registry.access.redhat.com/ubi8/ubi-minimal:latest - EOF - - args=( - --config "${stack_dirpath}/stack.toml" - --build-output "${build_dirpath}/build.oci" - --run-output "${build_dirpath}/run.oci" - ) - jam create-stack "${args[@]}" - - echo -n "URL of the image build is : quarkus-hello:1.0" | tee "$(results.IMAGE_URL.path)" - echo -n "sha256ddddddddddddddddddddd" | tee "$(results.IMAGE_DIGEST.path)" - echo -n "sha256eeeeeeeeeeeeeeeeeeeeee" | tee "$(results.BASE_IMAGES_DIGESTS.path)" - - - + set -e + if [ "$(workspaces.shared-wks.bound)" == "true" ] ; then + echo Hello from action - say-hello > $(workspaces.shared-wks.path)/message + fi + workspaces: + - name: shared-wks + workspace: shared-wks + - name: say-goodbye + script: | + #!/usr/bin/env bash - - - + set -e + if [ "$(workspaces.shared-wks.bound)" == "true" ] ; then + cat $(workspaces.shared-wks.path)/message + fi + echo "Saying Good bye to all of you from action: say-goodbye" + workspaces: + - name: shared-wks + workspace: shared-wks ``` Generated file: ```yaml -# generated/konflux/build/pipelinerun-quarkus-1-on-push.yaml +# generated/tekton/example/pipelinerun-simple-job-two-actions-wks.yaml apiVersion: "tekton.dev/v1" kind: "PipelineRun" metadata: annotations: - pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: "event == 'push' && target_branch\ - \ == 'main'" - build.appstudio.openshift.io/repo: "https://github.com/ch007m/new-quarkus-app-1?rev={{revision}}" - build.appstudio.redhat.com/commit_sha: "{{revision}}" - build.appstudio.redhat.com/target_branch: "{{target_branch}}" + tekton.dev/pipelines.minVersion: "0.60.x" + tekton.dev/displayName: "Simple example of a Tekton pipeline including 2 actions\ + \ echoing Hello and Good bye and sharing the message using a workspace" + tekton.dev/platforms: "linux/amd64" labels: - pipelines.appstudio.openshift.io/type: "build" - pipelines.openshift.io/strategy: "build" - pipelines.openshift.io/used-by: "build-cloud" - pipelines.openshift.io/runtime: "java" - appstudio.openshift.io/application: "my-quarkus" - appstudio.openshift.io/component: "quarkus-1" - name: "quarkus-1-on-push" - namespace: "user-ns1" + app.kubernetes.io/version: "0.1" + name: "simple-job-two-actions-wks" + namespace: "demo" spec: - params: - - name: "git-url" - value: "{{source_url}}" - - name: "revision" - value: "{{revision}}" - - name: "output-image" - value: "quay.io/ch007m/user-ns1/my-quarkus/quarkus-1:{{revision}}" - - name: "image-expires-after" - value: "5d" - - name: "build-image-index" - value: "" - - name: "build-source-image" - value: "false" - - name: "prefetch-input" - value: "" - - name: "source-dir" - value: "source" - - name: "imageUrl" - value: "buildpacksio/pack" - - name: "imageTag" - value: "latest" - - name: "packCmdBuilderFlags" - value: - - "build" - - "-B" - - "quay.io/snowdrop/ubi-builder" - - "-e" - - "BP_JVM_VERSION=21" - - "quarkus-hello:1.0" pipelineSpec: - finally: - - name: "show-sbom" - params: - - name: "IMAGE_URL" - value: "$(tasks.build-container.results.IMAGE_URL)" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:9bfc6b99ef038800fe131d7b45ff3cd4da3a415dd536f7c657b3527b01c4a13b" - - name: "name" - value: "show-sbom" - - name: "kind" - value: "task" - resolver: "bundles" - - name: "summary" - params: - - name: "pipelinerun-name" - value: "$(context.pipelineRun.name)" - - name: "git-url" - value: "$(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit)" - - name: "image-url" - value: "$(params.output-image)" - - name: "build-task-status" - value: "$(tasks.build-container.status)" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:d97c04ab42f277b1103eb6f3a053b247849f4f5b3237ea302a8ecada3b24e15b" - - name: "name" - value: "summary" - - name: "kind" - value: "task" - resolver: "bundles" - workspaces: - - name: "workspace" - workspace: "workspace" - results: - - name: "IMAGE_URL" - value: "$(tasks.build-container.results.IMAGE_URL)" - - name: "IMAGE_DIGEST" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "BASE_IMAGES_DIGESTS" - value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" - - name: "CHAINS-GIT_URL" - value: "$(tasks.clone-repository.results.url)" - - name: "CHAINS-GIT_COMMIT" - value: "$(tasks.clone-repository.results.commit)" tasks: - - name: "init" - params: - - name: "image-url" - value: "$(params.output-image" - - name: "rebuild" - value: "$(params.rebuild" - - name: "skip-checks" - value: "$(params.skip-checks" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:092c113b614f6551113f17605ae9cb7e822aa704d07f0e37ed209da23ce392cc" - - name: "name" - value: "init" - - name: "kind" - value: "task" - resolver: "bundles" - - name: "clone-repository" - params: - - name: "url" - value: "$(params.git-url)" - runAfter: - - "init" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:0bb1be8363557e8e07ec34a3c5daaaaa23c9d533f0bb12f00dc604d00de50814" - - name: "name" - value: "git-clone" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(tasks.init.results.build)" - operator: "in" - values: - - "true" - workspaces: - - name: "output" - workspace: "workspace" - - name: "basic-auth" - workspace: "git-auth" - - name: "prefetch-dependencies" - params: - - name: "input" - value: "$(params.prefetch-input)" - runAfter: - - "clone-repository" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:058a59f72997c9cf1be20978eb6a145d8d4d436c6098f2460bd96766bb363b20" - - name: "name" - value: "prefetch-dependencies" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.prefetch-input)" - operator: "notin" - values: - - "" - workspaces: - - name: "source" - workspace: "workspace" - - name: "git-basic-auth" - workspace: "git-auth" - - name: "jam" - params: - - name: "JAM_VERSION" - value: "v2.9.0" - runAfter: - - "prefetch-dependencies" + - name: "say-hello" taskSpec: - results: - - description: "Image repository where the built image was pushed" - name: "IMAGE_URL" - - description: "Digest of the image just built" - name: "IMAGE_DIGEST" - - description: "Digests of the base images used for build" - name: "BASE_IMAGES_DIGESTS" steps: - - args: - - "$(params.packCmdBuilderFlags)" - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" name: "run-script" - script: "#!/usr/bin/env bash\nset -e\n\nfunction util::tools::os() {\n \ - \ case \"$(uname)\" in\n \"Darwin\")\n echo \"${1:-darwin}\"\n ;;\n\ - \ \n \"Linux\")\n echo \"linux\"\n ;;\n \n *)\n util::print::error\ - \ \"Unknown OS \\\"$(uname)\\\"\"\n exit 1\n esac\n}\n\nfunction util::tools::arch()\ - \ {\n case \"$(uname -m)\" in\n arm64|aarch64)\n echo \"arm64\"\ - \n ;;\n\n amd64|x86_64)\n if [[ \"${1:-}\" == \"--blank-amd64\"\ - \ ]]; then\n echo \"\"\n elif [[ \"${1:-}\" == \"--uname-format-amd64\"\ - \ ]]; then\n echo \"x86_64\"\n else\n echo \"amd64\"\ - \n fi\n ;;\n\n *)\n util::print::error \"Unknown Architecture\ - \ \\\"$(uname -m)\\\"\"\n exit 1\n esac\n}\n\noutputDir=\"/usr/local/bin/\"\ - \ncurl_args=(\n \"--fail\"\n \"--silent\"\n \"--location\"\n \"--output\"\ - \ \"${outputDir}/jam\"\n)\n\nos=$(util::tools::os)\narch=$(util::tools::arch)\n\ - \necho \"Installing jam $(params.JAM_VERSION)\"\ncurl \"https://github.com/paketo-buildpacks/jam/releases/download/$(params.JAM_VERSION)/jam-${os}-${arch}\"\ - \ \\\n \"${curl_args[@]}\"\nchmod +x ${outputDir}/jam\njam version\n\n\ - echo \"This is a test demo - 1\"\n\nstack_dirpath=\".\"\ncat < ${stack_dirpath}/stack.toml\n\ - id = \"io.buildpacks.stacks.ubi8\"\nhomepage = \"https://github.com/paketo-community/ubi-base-stack\"\ - \nmaintainer = \"Paketo Community\"\n\nplatforms = [\"linux/amd64\"]\n\ - \n[build]\n description = \"base build ubi8 image to support buildpacks\"\ - \n dockerfile = \"./build.Dockerfile\"\n gid = 1000\n shell = \"/bin/bash\"\ - \n uid = 1002\n\n [build.args]\n\n[run]\n description = \"base run\ - \ ubi8 image to support buildpacks\"\n dockerfile = \"./run.Dockerfile\"\ - \n gid = 1000\n shell = \"/bin/bash\"\n uid = 1001\n\n [run.args]\n\ - EOF\n\ncat < ${stack_dirpath}/build.Dockerfile\nFROM registry.access.redhat.com/ubi8/ubi-minimal:latest\n\ - EOF\n\ncat < ${stack_dirpath}/run.Dockerfile\nFROM registry.access.redhat.com/ubi8/ubi-minimal:latest\n\ - EOF\n\nargs=(\n --config \"${stack_dirpath}/stack.toml\"\n --build-output\ - \ \"${build_dirpath}/build.oci\"\n --run-output \"${build_dirpath}/run.oci\"\ - \n)\njam create-stack \"${args[@]}\"\n \necho -n \"URL of the image\ - \ build is : quarkus-hello:1.0\" | tee \"$(results.IMAGE_URL.path)\"\n\ - echo -n \"sha256ddddddddddddddddddddd\" | tee \"$(results.IMAGE_DIGEST.path)\"\ - \necho -n \"sha256eeeeeeeeeeeeeeeeeeeeee\" | tee \"$(results.BASE_IMAGES_DIGESTS.path)\"\ - \n" - - name: "build-image-index" - params: - - name: "IMAGE" - value: "$(params.output-image)" - - name: "COMMIT_SHA" - value: "$(tasks.clone-repository.results.commit)" - - name: "IMAGE_EXPIRES_AFTER" - value: "$(params.image-expires-after)" - - name: "ALWAYS_BUILD_INDEX" - value: "$(params.build-image-index)" - - name: "IMAGES" - value: - - "$(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:409ff39379c50d3c257229b4c6d6600e35eb53637504c47fb36ade262c70716e" - - name: "name" - value: "build-image-index" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(tasks.init.results.build)" - operator: "in" - values: - - "true" + script: | + #!/usr/bin/env bash + + set -e + if [ "$(workspaces.shared-wks.bound)" == "true" ] ; then + echo Hello from action - say-hello > $(workspaces.shared-wks.path)/message + fi workspaces: - - name: "workspace" - workspace: "workspace" - - name: "build-source-image" - params: - - name: "BINARY_IMAGE" - value: "$(params.output-image)" - - name: "BASE_IMAGES" - value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" + - name: "shared-wks" + workspace: "shared-wks" + - name: "say-goodbye" runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:21cb5ebaff7a9216903cf78933dc4ec4dd6283a52636b16590a5f52ceb278269" - - name: "name" - value: "source-build" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.build-source-image)" - operator: "in" - values: - - "true" + - "say-hello" + taskSpec: + steps: + - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: | + #!/usr/bin/env bash + + set -e + if [ "$(workspaces.shared-wks.bound)" == "true" ] ; then + cat $(workspaces.shared-wks.path)/message + fi + echo "Saying Good bye to all of you from action: say-goodbye" workspaces: - - name: "workspace" - workspace: "workspace" - - name: "deprecated-image-check" - params: - - name: "IMAGE_URL" - value: "$(tasks.build-container.results.IMAGE_URL)" - - name: "IMAGE_DIGEST" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "BASE_IMAGES_DIGESTS" - value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:d98fa9daf5ee12dfbf00880b83d092d01ce9994d79836548d2f82748bb0c64a2" - - name: "name" - value: "deprecated-image-check" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - - name: "clair-scan" - params: - - name: "image-digest" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "image-url" - value: "$(tasks.build-container.results.IMAGE_URL)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1@sha256:baea4be429cf8d91f7c758378cea42819fe324f25a7f957bf9805409cab6d123" - - name: "name" - value: "clair-scan" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - - name: "ecosystem-cert-preflight-checks" - params: - - name: "image-url" - value: "$(tasks.build-container.results.IMAGE_URL)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:5131cce0f93d0b728c7bcc0d6cee4c61d4c9f67c6d619c627e41e3c9775b497d" - - name: "name" - value: "ecosystem-cert-preflight-checks" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - - name: "sast-snyk-check" - params: - - name: "image-digest" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "image-url" - value: "$(tasks.build-container.results.IMAGE_URL)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2@sha256:82c42d27c9c59db6cf6c235e89f7b37f5cdfc75d0d361ca0ee91ae703ba72301" - - name: "name" - value: "sast-snyk-check" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "true" - workspaces: - - name: "workspace" - workspace: "workspace" - - name: "clamav-scan" - params: - - name: "image-digest" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "image-url" - value: "$(tasks.build-container.results.IMAGE_URL)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:7bb17b937c9342f305468e8a6d0a22493e3ecde58977bd2ffc8b50e2fa234d58" - - name: "name" - value: "clamav-scan" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - - name: "sbom-json-check" - params: - - name: "IMAGE_URL" - value: "$(tasks.build-container.results.IMAGE_URL)" - - name: "IMAGE_DIGEST" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1@sha256:2c5de51ec858fc8d47e41c65b20c83fdac249425d67ed6d1058f9f3e0b574500" - - name: "name" - value: "sbom-json-check" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" + - name: "shared-wks" + workspace: "shared-wks" timeouts: - pipeline: "3600000000000ns" + pipeline: "300000000000ns" workspaces: - - name: "workspace" + - name: "shared-wks" volumeClaimTemplate: apiVersion: "v1" kind: "PersistentVolumeClaim" @@ -644,921 +120,720 @@ spec: resources: requests: storage: "1Gi" - - name: "git-auth" - secret: - secretName: "{{ git_auth_secret }}" ``` -#### PipelineRun performing a build of a Quarkus application using pack CLI +#### Simple example of a Tekton pipeline echoing a message Command to be executed: ```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/konflux/build-quarkus-app-cfg.yaml +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-fetch-script-cfg.yaml ``` using as configuration: ```yaml -# configurations/konflux/build-quarkus-app-cfg.yaml +# configurations/tekton/simple-job-fetch-script-cfg.yaml # The type will be used by the application to generate the resources for the selected provider: konflux, tekton -type: konflux -domain: build -namespace: user-ns1 - -repository: - url: https://github.com/ch007m/new-quarkus-app-1 - dockerfilePath: src/main/docker/Dockerfile.jvm +type: tekton +# The domain allows to organize the resources, tasks to be generated +domain: example -# To generate the Konflux Application and/or Component CR -application: - name: my-quarkus - enable: false -component: - name: quarkus-1 - enable: false +# Kubernetes namespace +namespace: job: + name: simple-job-fetch-script # name of the pipeline to be created + description: Simple example of a Tekton pipeline echoing a message + # One of the supported resources: PipelineRun, Pipeline resourceType: PipelineRun - name: quarkus-app-on-push - description: PipelineRun performing a build of a Quarkus application using pack CLI - - workspaces: - - name: workspace - volumeClaimTemplate: - storage: 1Gi - accessMode: ReadWriteOnce - - name: git-auth - secret: - name: "{{ git_auth_secret }}" - - results: - - IMAGE_URL: "$(tasks.build-container.results.IMAGE_URL)" - - IMAGE_DIGEST: "$(tasks.build-container.results.IMAGE_DIGEST)" - - BASE_IMAGES_DIGESTS: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" - - - CHAINS-GIT_URL: "$(tasks.clone-repository.results.url)" - - CHAINS-GIT_COMMIT: "$(tasks.clone-repository.results.commit)" - - params: - - git-url: "{{source_url}}" - - revision: "{{revision}}" - - output-image: "quay.io/ch007m/user-ns1/my-quarkus/quarkus-1:{{revision}}" - - image-expires-after: "5d" - - build-image-index: "" - # We need the following parameters when used within the Pipeline: when condition, etc - - build-source-image: false - - prefetch-input: "" - - # Buildpack params - - source-dir: "source" - - imageUrl: "buildpacksio/pack" - - imageTag: "latest" - - packCmdBuilderFlags: - - build - - -B - - quay.io/snowdrop/ubi-builder - - -e - - BP_JVM_VERSION=21 - - quarkus-hello:1.0 - - # Remark : As the Pipeline(run) resource of konflux already defines mandatory steps to perform actions as listed here - it is then not needed - # to detail them here except the actions that you want to include part of the build process - # The actions to be executed should match/map the name ofg the Task declared in an OCI Bundle or Git repository url - # Examples: - # - pack: to build an image using the Pack CLI - # - build: to build an application using a builder image - # - pack-builder: to create a builder image using pack CLI - # - stack: to create a base stack image build or run - # - meta/composite: to package the buildpacks of a "meta/composite" buildpack project - # - buildpack: to package a "buildpack" project - # - extension: to package an "extension" project - # actions: - - name: pack - ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4 - workspaces: - - name: source-dir - workspace: workspace - - name: pack-workspace - workspace: workspace - params: - - PACK_SOURCE_DIR: "$(params.source-dir)" - - PACK_CLI_IMAGE: "$(params.imageUrl)" - - PACK_CLI_IMAGE_VERSION: "$(params.imageTag)" - - PACK_CMD_FLAGS: - - "$(params.packCmdBuilderFlags)" - - + - name: say-hello + # The ref or reference expressed using the uri://: + # will fetch the code of the action to be executed + ref: + # The url of the script file to be executed using a linux container + scriptFileUrl: https://raw.githubusercontent.com/ch007m/pipeline-dsl-builder/main/scripts/echo.sh ``` Generated file: ```yaml -# generated/konflux/build/pipelinerun-quarkus-app-on-push.yaml +# generated/tekton/example/pipelinerun-simple-job-fetch-script.yaml apiVersion: "tekton.dev/v1" kind: "PipelineRun" metadata: annotations: - pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: "event == 'push' && target_branch\ - \ == 'main'" - build.appstudio.openshift.io/repo: "https://github.com/ch007m/new-quarkus-app-1?rev={{revision}}" - build.appstudio.redhat.com/commit_sha: "{{revision}}" - build.appstudio.redhat.com/target_branch: "{{target_branch}}" + tekton.dev/pipelines.minVersion: "0.60.x" + tekton.dev/displayName: "Simple example of a Tekton pipeline echoing a message" + tekton.dev/platforms: "linux/amd64" labels: - pipelines.openshift.io/strategy: "build" - pipelines.appstudio.openshift.io/type: "build" - pipelines.openshift.io/used-by: "build-cloud" - pipelines.openshift.io/runtime: "java" - appstudio.openshift.io/application: "my-quarkus" - appstudio.openshift.io/component: "quarkus-1" - name: "quarkus-app-on-push" - namespace: "user-ns1" + app.kubernetes.io/version: "0.1" + name: "simple-job-fetch-script" spec: - params: - - name: "git-url" - value: "{{source_url}}" - - name: "revision" - value: "{{revision}}" - - name: "output-image" - value: "quay.io/ch007m/user-ns1/my-quarkus/quarkus-1:{{revision}}" - - name: "image-expires-after" - value: "5d" - - name: "build-image-index" - value: "" - - name: "build-source-image" - value: "false" - - name: "prefetch-input" - value: "" - - name: "source-dir" - value: "source" - - name: "imageUrl" - value: "buildpacksio/pack" - - name: "imageTag" - value: "latest" - - name: "packCmdBuilderFlags" - value: - - "build" - - "-B" - - "quay.io/snowdrop/ubi-builder" - - "-e" - - "BP_JVM_VERSION=21" - - "quarkus-hello:1.0" pipelineSpec: - results: - - name: "IMAGE_URL" - value: "$(tasks.build-container.results.IMAGE_URL)" - - name: "IMAGE_DIGEST" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "BASE_IMAGES_DIGESTS" - value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" - - name: "CHAINS-GIT_URL" - value: "$(tasks.clone-repository.results.url)" - - name: "CHAINS-GIT_COMMIT" - value: "$(tasks.clone-repository.results.commit)" tasks: - - name: "init" - params: - - name: "image-url" - value: "$(params.output-image" - - name: "rebuild" - value: "$(params.rebuild" - - name: "skip-checks" - value: "$(params.skip-checks" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:092c113b614f6551113f17605ae9cb7e822aa704d07f0e37ed209da23ce392cc" - - name: "name" - value: "init" - - name: "kind" - value: "task" - resolver: "bundles" - - name: "clone-repository" - params: - - name: "url" - value: "$(params.git-url)" - runAfter: - - "init" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:0bb1be8363557e8e07ec34a3c5daaaaa23c9d533f0bb12f00dc604d00de50814" - - name: "name" - value: "git-clone" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(tasks.init.results.build)" - operator: "in" - values: - - "true" - workspaces: - - name: "output" - workspace: "workspace" - - name: "basic-auth" - workspace: "git-auth" - - name: "prefetch-dependencies" - params: - - name: "input" - value: "$(params.prefetch-input)" - runAfter: - - "clone-repository" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:058a59f72997c9cf1be20978eb6a145d8d4d436c6098f2460bd96766bb363b20" - - name: "name" - value: "prefetch-dependencies" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.prefetch-input)" - operator: "notin" - values: - - "" - workspaces: - - name: "source" - workspace: "workspace" - - name: "git-basic-auth" - workspace: "git-auth" - - name: "build-container" - params: - - name: "PACK_SOURCE_DIR" - value: "$(params.source-dir)" - - name: "PACK_CLI_IMAGE" - value: "$(params.imageUrl)" - - name: "PACK_CLI_IMAGE_VERSION" - value: "$(params.imageTag)" - - name: "PACK_CMD_FLAGS" - value: - - "$(params.packCmdBuilderFlags)" - runAfter: - - "prefetch-dependencies" - taskRef: - params: - - name: "bundle" - value: "quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4" - - name: "name" - value: "pack" - - name: "kind" - value: "task" - resolver: "bundles" - workspaces: - - name: "source-dir" - workspace: "workspace" - - name: "pack-workspace" - workspace: "workspace" - - name: "build-image-index" - params: - - name: "IMAGE" - value: "$(params.output-image)" - - name: "COMMIT_SHA" - value: "$(tasks.clone-repository.results.commit)" - - name: "IMAGE_EXPIRES_AFTER" - value: "$(params.image-expires-after)" - - name: "ALWAYS_BUILD_INDEX" - value: "$(params.build-image-index)" - - name: "IMAGES" - value: - - "$(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:409ff39379c50d3c257229b4c6d6600e35eb53637504c47fb36ade262c70716e" - - name: "name" - value: "build-image-index" - - name: "kind" - value: "task" - resolver: "bundles" + - name: "say-hello" + taskSpec: + steps: + - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: | + #!/usr/bin/env bash + + set -e + echo "Say Hello" + timeouts: + pipeline: "300000000000ns" + +``` +#### Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye when condition is met + +Command to be executed: +```bash +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-two-actions-when-cfg.yaml +``` +using as configuration: +```yaml +# configurations/tekton/simple-job-two-actions-when-cfg.yaml + +type: tekton +domain: example +namespace: demo + +job: + name: simple-job-two-actions-when # name of the pipeline to be created + description: Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye when condition is met + resourceType: PipelineRun + params: + - message: true + actions: + - name: say-hello + script: | + #!/usr/bin/env bash + + set -e + echo "Say Hello" + - name: say-goodbye when: - - input: "$(tasks.init.results.build)" - operator: "in" - values: - - "true" - workspaces: - - name: "workspace" - workspace: "workspace" - - name: "build-source-image" - params: - - name: "BINARY_IMAGE" - value: "$(params.output-image)" - - name: "BASE_IMAGES" - value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" + - "$(params.message): true" + script: | + #!/usr/bin/env bash + + set -e + echo "and say Good bye to all of you !" +``` +Generated file: +```yaml +# generated/tekton/example/pipelinerun-simple-job-two-actions-when.yaml + +apiVersion: "tekton.dev/v1" +kind: "PipelineRun" +metadata: + annotations: + tekton.dev/pipelines.minVersion: "0.60.x" + tekton.dev/displayName: "Simple example of a Tekton pipeline including 2 actions\ + \ echoing Hello and Good bye when condition is met" + tekton.dev/platforms: "linux/amd64" + labels: + app.kubernetes.io/version: "0.1" + name: "simple-job-two-actions-when" + namespace: "demo" +spec: + params: + - name: "message" + value: "true" + pipelineSpec: + tasks: + - name: "say-hello" + taskSpec: + steps: + - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: | + #!/usr/bin/env bash + + set -e + echo "Say Hello" + - name: "say-goodbye" runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:21cb5ebaff7a9216903cf78933dc4ec4dd6283a52636b16590a5f52ceb278269" - - name: "name" - value: "source-build" - - name: "kind" - value: "task" - resolver: "bundles" + - "say-hello" + taskSpec: + steps: + - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: |- + #!/usr/bin/env bash + + set -e + echo "and say Good bye to all of you !" when: - - input: "$(params.build-source-image)" + - input: "$(params.message)" operator: "in" values: - "true" - workspaces: - - name: "workspace" - workspace: "workspace" - - name: "deprecated-image-check" - params: - - name: "IMAGE_URL" - value: "$(tasks.build-container.results.IMAGE_URL)" - - name: "IMAGE_DIGEST" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "BASE_IMAGES_DIGESTS" - value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:d98fa9daf5ee12dfbf00880b83d092d01ce9994d79836548d2f82748bb0c64a2" - - name: "name" - value: "deprecated-image-check" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - - name: "clair-scan" - params: - - name: "image-digest" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "image-url" - value: "$(tasks.build-container.results.IMAGE_URL)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1@sha256:baea4be429cf8d91f7c758378cea42819fe324f25a7f957bf9805409cab6d123" - - name: "name" - value: "clair-scan" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - - name: "ecosystem-cert-preflight-checks" - params: - - name: "image-url" - value: "$(tasks.build-container.results.IMAGE_URL)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:5131cce0f93d0b728c7bcc0d6cee4c61d4c9f67c6d619c627e41e3c9775b497d" - - name: "name" - value: "ecosystem-cert-preflight-checks" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - - name: "sast-snyk-check" - params: - - name: "image-digest" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "image-url" - value: "$(tasks.build-container.results.IMAGE_URL)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2@sha256:82c42d27c9c59db6cf6c235e89f7b37f5cdfc75d0d361ca0ee91ae703ba72301" - - name: "name" - value: "sast-snyk-check" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "true" - workspaces: - - name: "workspace" - workspace: "workspace" - - name: "clamav-scan" - params: - - name: "image-digest" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "image-url" - value: "$(tasks.build-container.results.IMAGE_URL)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:7bb17b937c9342f305468e8a6d0a22493e3ecde58977bd2ffc8b50e2fa234d58" - - name: "name" - value: "clamav-scan" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - - name: "sbom-json-check" - params: - - name: "IMAGE_URL" - value: "$(tasks.build-container.results.IMAGE_URL)" - - name: "IMAGE_DIGEST" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1@sha256:2c5de51ec858fc8d47e41c65b20c83fdac249425d67ed6d1058f9f3e0b574500" - - name: "name" - value: "sbom-json-check" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" timeouts: - pipeline: "3600000000000ns" - workspaces: - - name: "workspace" - volumeClaimTemplate: - apiVersion: "v1" - kind: "PersistentVolumeClaim" - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "1Gi" - - name: "git-auth" - secret: - secretName: "{{ git_auth_secret }}" + pipeline: "300000000000ns" ``` -#### PipelineRun performing a build of a Quarkus application using buildpack task and lifecycle +#### Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye Command to be executed: ```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/konflux/build-quarkus-app-lifecycle-build-cfg.yaml +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-two-actions-cfg.yaml ``` using as configuration: ```yaml -# configurations/konflux/build-quarkus-app-lifecycle-build-cfg.yaml +# configurations/tekton/simple-job-two-actions-cfg.yaml # The type will be used by the application to generate the resources for the selected provider: konflux, tekton -type: konflux -domain: build -namespace: user-ns1 - -repository: - url: https://github.com/ch007m/new-quarkus-app-1 - dockerfilePath: src/main/docker/Dockerfile.jvm +type: tekton +# The domain allows to organize the resources, tasks to be generated +domain: example -# To generate the Konflux Application and/or Component CR -application: - name: my-quarkus - enable: false -component: - name: quarkus-1 - enable: false +# Kubernetes namespace +namespace: demo job: + name: simple-job-two-actions # name of the pipeline to be created + description: Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye + # One of the supported resources: PipelineRun, Pipeline resourceType: PipelineRun - name: quarkus-app-on-push - description: PipelineRun performing a build of a Quarkus application using buildpack task and lifecycle - - workspaces: - - name: workspace - volumeClaimTemplate: - storage: 1Gi - accessMode: ReadWriteOnce - - name: git-auth - secret: - name: "{{ git_auth_secret }}" - - results: - - IMAGE_URL: "$(tasks.build-container.results.IMAGE_URL)" - - IMAGE_DIGEST: "$(tasks.build-container.results.IMAGE_DIGEST)" - - BASE_IMAGES_DIGESTS: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" - - - CHAINS-GIT_URL: "$(tasks.clone-repository.results.url)" - - CHAINS-GIT_COMMIT: "$(tasks.clone-repository.results.commit)" - - params: - - git-url: "{{source_url}}" - - revision: "{{revision}}" - - output-image: "quay.io/ch007m/my-quarkus:{{revision}}" - - image-expires-after: "5d" - - build-image-index: "" - # We need the following parameters when used within the Pipeline: when condition, etc - - build-source-image: false - - prefetch-input: "" - # Buildpack params actions: - - name: buildpacks-phases - ref: url://https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/buildpacks-phases/01/buildpacks-phases.yaml - workspaces: - - name: source - workspace: workspace - params: - - APP_IMAGE: $(params.output-image) - - SOURCE_SUBPATH: "source" - - CNB_LOG_LEVEL: "info" - - CNB_BUILDER_IMAGE: paketocommunity/builder-ubi-base:latest - - CNB_LIFECYCLE_IMAGE: buildpacksio/lifecycle:0.20.1 - - CNB_PLATFORM_API: "0.14" - - CNB_EXPERIMENTAL_MODE: "false" - - CNB_BUILD_IMAGE: paketocommunity/build-ubi-base:latest - - CNB_RUN_IMAGE: paketocommunity/run-ubi-base:latest - - CNB_GROUP_ID: 1000 # see: https://github.com/paketo-community/ubi-base-stack/blob/main/stack/stack.toml#L10-L12 - - CNB_USER_ID: 1002 - - CNB_ENV_VARS: - - BP_JVM_VERSION=21 + - name: say-hello + script: | + #!/usr/bin/env bash + + set -e + echo "Say Hello" + - name: say-goodbye + script: | + #!/usr/bin/env bash + + set -e + echo "and say Good bye to all of you !" ``` Generated file: ```yaml -# generated/konflux/build/pipelinerun-quarkus-app-on-push.yaml +# generated/tekton/example/pipelinerun-simple-job-two-actions.yaml apiVersion: "tekton.dev/v1" kind: "PipelineRun" metadata: annotations: - pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: "event == 'push' && target_branch\ - \ == 'main'" - build.appstudio.openshift.io/repo: "https://github.com/ch007m/new-quarkus-app-1?rev={{revision}}" - build.appstudio.redhat.com/commit_sha: "{{revision}}" - build.appstudio.redhat.com/target_branch: "{{target_branch}}" + tekton.dev/pipelines.minVersion: "0.60.x" + tekton.dev/displayName: "Simple example of a Tekton pipeline including 2 actions\ + \ echoing Hello and Good bye" + tekton.dev/platforms: "linux/amd64" labels: - pipelines.openshift.io/strategy: "build" - pipelines.appstudio.openshift.io/type: "build" - pipelines.openshift.io/used-by: "build-cloud" - pipelines.openshift.io/runtime: "java" - appstudio.openshift.io/application: "my-quarkus" - appstudio.openshift.io/component: "quarkus-1" - name: "quarkus-app-on-push" - namespace: "user-ns1" + app.kubernetes.io/version: "0.1" + name: "simple-job-two-actions" + namespace: "demo" spec: - params: - - name: "git-url" - value: "{{source_url}}" - - name: "revision" - value: "{{revision}}" - - name: "output-image" - value: "quay.io/ch007m/user-ns1/my-quarkus/quarkus-1:{{revision}}" - - name: "image-expires-after" - value: "5d" - - name: "build-image-index" - value: "" - - name: "build-source-image" - value: "false" - - name: "prefetch-input" - value: "" - - name: "source-dir" - value: "source" - - name: "imageUrl" - value: "buildpacksio/pack" - - name: "imageTag" - value: "latest" - - name: "packCmdBuilderFlags" - value: - - "build" - - "-B" - - "quay.io/snowdrop/ubi-builder" - - "-e" - - "BP_JVM_VERSION=21" - - "quarkus-hello:1.0" pipelineSpec: - results: - - name: "IMAGE_URL" - value: "$(tasks.build-container.results.IMAGE_URL)" - - name: "IMAGE_DIGEST" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "BASE_IMAGES_DIGESTS" - value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" - - name: "CHAINS-GIT_URL" - value: "$(tasks.clone-repository.results.url)" - - name: "CHAINS-GIT_COMMIT" - value: "$(tasks.clone-repository.results.commit)" tasks: - - name: "init" - params: - - name: "image-url" - value: "$(params.output-image" - - name: "rebuild" - value: "$(params.rebuild" - - name: "skip-checks" - value: "$(params.skip-checks" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:092c113b614f6551113f17605ae9cb7e822aa704d07f0e37ed209da23ce392cc" - - name: "name" - value: "init" - - name: "kind" - value: "task" - resolver: "bundles" - - name: "clone-repository" - params: - - name: "url" - value: "$(params.git-url)" + - name: "say-hello" + taskSpec: + steps: + - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: | + #!/usr/bin/env bash + + set -e + echo "Say Hello" + - name: "say-goodbye" runAfter: - - "init" + - "say-hello" + taskSpec: + steps: + - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: |- + #!/usr/bin/env bash + + set -e + echo "and say Good bye to all of you !" + timeouts: + pipeline: "300000000000ns" + +``` +#### Simple example of a Tekton pipeline echoing a message + +Command to be executed: +```bash +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-embedded-script-cfg.yaml +``` +using as configuration: +```yaml +# configurations/tekton/simple-job-embedded-script-cfg.yaml + +# The type will be used by the application to generate the resources for the selected provider: konflux, tekton +type: tekton +# The domain allows to organize the resources, tasks to be generated +domain: example + +# Kubernetes namespace +namespace: user + +job: + name: simple-job-embedded-script # name of the pipeline to be created + description: Simple example of a Tekton pipeline echoing a message + + # One of the supported resources: PipelineRun, Pipeline + resourceType: PipelineRun + + actions: + - name: say-hello + # The ref or reference expressed using the uri://: + # will fetch the code of the action to be executed + ref: + # The script to be executed using a linux container + script: | + #!/usr/bin/env bash + + set -e + echo "Say Hello" +``` +Generated file: +```yaml +# generated/tekton/example/pipelinerun-simple-job-embedded-script.yaml + +apiVersion: "tekton.dev/v1" +kind: "PipelineRun" +metadata: + annotations: + tekton.dev/pipelines.minVersion: "0.60.x" + tekton.dev/displayName: "Simple example of a Tekton pipeline echoing a message" + tekton.dev/platforms: "linux/amd64" + labels: + app.kubernetes.io/version: "0.1" + name: "simple-job-embedded-script" + namespace: "user" +spec: + pipelineSpec: + tasks: + - name: "say-hello" + taskSpec: + steps: + - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: |- + #!/usr/bin/env bash + + set -e + echo "Say Hello" + timeouts: + pipeline: "300000000000ns" + +``` +### Buildpack + +#### This Pipeline builds a builder image using the pack CLI. + +Command to be executed: +```bash +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/pack-builder-cfg.yaml +``` +using as configuration: +```yaml +# configurations/tekton/pack-builder-cfg.yaml + +type: tekton +domain: buildpack +namespace: + +job: + # One of the supported resources: PipelineRun, Pipeline + resourceType: PipelineRun + name: pack-builder-push + description: "This Pipeline builds a builder image using the pack CLI." + params: + - debug: true + - git-url: "https://github.com/redhat-buildpacks/ubi-image-builder.git" + - source-dir: "." + - output-image: "gitea.cnoe.localtest.me:8443/giteaadmin/ubi-builder" + - imageUrl: "buildpacksio/pack" + - imageTag: "latest" + - packCmdBuilderFlags: + - -v + - --publish + # The workspaces declared here will be mounted for each action except if an action overrides it to use a different name + workspaces: + - name: pack-workspace + volumeClaimTemplate: + storage: 1Gi + accessMode: ReadWriteOnce + - name: source-dir + volumeClaimTemplate: + storage: 1Gi + accessMode: ReadWriteOnce + - name: data-store + volumeSources: + - secret: pack-config-toml + - secret: gitea-creds # quay-creds, docker-creds, etc + actions: + - name: git-clone + ref: bundle://quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:de0ca8872c791944c479231e21d68379b54877aaf42e5f766ef4a8728970f8b3 + params: + - url: "$(params.git-url)" + - subdirectory: "." + workspaces: + - name: output + workspace: source-dir + - name: fetch-packconfig-registrysecret + ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4 + - name: list-source-workspace + ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4 + - name: pack-builder + ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4 + params: + - PACK_SOURCE_DIR: "$(params.source-dir)" + - PACK_CLI_IMAGE: "$(params.imageUrl)" + - PACK_CLI_IMAGE_VERSION: "$(params.imageTag)" + - BUILDER_IMAGE_NAME: "$(params.output-image)" + - PACK_BUILDER_TOML: "ubi-builder.toml" + - PACK_CMD_FLAGS: + - "$(params.packCmdBuilderFlags)" + + +``` +Generated file: +```yaml +# generated/tekton/buildpack/pipelinerun-pack-builder-push.yaml + +apiVersion: "tekton.dev/v1" +kind: "PipelineRun" +metadata: + annotations: + tekton.dev/pipelines.minVersion: "0.60.x" + tekton.dev/displayName: "This Pipeline builds a builder image using the pack CLI." + tekton.dev/platforms: "linux/amd64" + labels: + app.kubernetes.io/version: "0.1" + name: "pack-builder-push" +spec: + params: + - name: "debug" + value: "true" + - name: "git-url" + value: "https://github.com/redhat-buildpacks/ubi-image-builder.git" + - name: "source-dir" + value: "." + - name: "output-image" + value: "gitea.cnoe.localtest.me:8443/giteaadmin/ubi-builder" + - name: "imageUrl" + value: "buildpacksio/pack" + - name: "imageTag" + value: "latest" + - name: "packCmdBuilderFlags" + value: + - "-v" + - "--publish" + pipelineSpec: + tasks: + - name: "git-clone" + params: + - name: "url" + value: "$(params.git-url)" + - name: "subdirectory" + value: "." taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:0bb1be8363557e8e07ec34a3c5daaaaa23c9d533f0bb12f00dc604d00de50814" + value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:de0ca8872c791944c479231e21d68379b54877aaf42e5f766ef4a8728970f8b3" - name: "name" value: "git-clone" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(tasks.init.results.build)" - operator: "in" - values: - - "true" workspaces: - name: "output" - workspace: "workspace" - - name: "basic-auth" - workspace: "git-auth" - - name: "prefetch-dependencies" - params: - - name: "input" - value: "$(params.prefetch-input)" + workspace: "source-dir" + - name: "fetch-packconfig-registrysecret" runAfter: - - "clone-repository" + - "git-clone" taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:058a59f72997c9cf1be20978eb6a145d8d4d436c6098f2460bd96766bb363b20" + value: "quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4" - name: "name" - value: "prefetch-dependencies" + value: "fetch-packconfig-registrysecret" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.prefetch-input)" - operator: "notin" - values: - - "" workspaces: - - name: "source" - workspace: "workspace" - - name: "git-basic-auth" - workspace: "git-auth" - - name: "build-container" - params: - - name: "PACK_SOURCE_DIR" - value: "$(params.source-dir)" - - name: "PACK_CLI_IMAGE" - value: "$(params.imageUrl)" - - name: "PACK_CLI_IMAGE_VERSION" - value: "$(params.imageTag)" - - name: "PACK_CMD_FLAGS" - value: - - "$(params.packCmdBuilderFlags)" + - name: "data-store" + workspace: "data-store" + - name: "pack-workspace" + workspace: "pack-workspace" + - name: "list-source-workspace" runAfter: - - "prefetch-dependencies" + - "fetch-packconfig-registrysecret" taskRef: params: - name: "bundle" value: "quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4" - name: "name" - value: "pack" + value: "list-source-workspace" - name: "kind" value: "task" resolver: "bundles" workspaces: - name: "source-dir" - workspace: "workspace" + workspace: "source-dir" - name: "pack-workspace" - workspace: "workspace" - - name: "build-image-index" + workspace: "pack-workspace" + - name: "pack-builder" params: - - name: "IMAGE" + - name: "PACK_SOURCE_DIR" + value: "$(params.source-dir)" + - name: "PACK_CLI_IMAGE" + value: "$(params.imageUrl)" + - name: "PACK_CLI_IMAGE_VERSION" + value: "$(params.imageTag)" + - name: "BUILDER_IMAGE_NAME" value: "$(params.output-image)" - - name: "COMMIT_SHA" - value: "$(tasks.clone-repository.results.commit)" - - name: "IMAGE_EXPIRES_AFTER" - value: "$(params.image-expires-after)" - - name: "ALWAYS_BUILD_INDEX" - value: "$(params.build-image-index)" - - name: "IMAGES" + - name: "PACK_BUILDER_TOML" + value: "ubi-builder.toml" + - name: "PACK_CMD_FLAGS" value: - - "$(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)" + - "$(params.packCmdBuilderFlags)" runAfter: - - "build-container" + - "list-source-workspace" taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:409ff39379c50d3c257229b4c6d6600e35eb53637504c47fb36ade262c70716e" + value: "quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4" - name: "name" - value: "build-image-index" + value: "pack-builder" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(tasks.init.results.build)" - operator: "in" - values: - - "true" workspaces: - - name: "workspace" - workspace: "workspace" - - name: "build-source-image" + - name: "source-dir" + workspace: "source-dir" + - name: "pack-workspace" + workspace: "pack-workspace" + timeouts: + pipeline: "300000000000ns" + workspaces: + - name: "pack-workspace" + volumeClaimTemplate: + apiVersion: "v1" + kind: "PersistentVolumeClaim" + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + - name: "source-dir" + volumeClaimTemplate: + apiVersion: "v1" + kind: "PersistentVolumeClaim" + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + - name: "data-store" + projected: + sources: + - secret: + name: "pack-config-toml" + - secret: + name: "gitea-creds" + +``` +#### This Pipeline builds a builder image using the pack CLI. + +Command to be executed: +```bash +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/pack-builder-git-task-cfg.yaml +``` +using as configuration: +```yaml +# configurations/tekton/pack-builder-git-task-cfg.yaml + +type: tekton +domain: buildpack +namespace: + +job: + # One of the supported resources: PipelineRun, Pipeline + resourceType: PipelineRun + name: pack-builder-git-task + description: "This Pipeline builds a builder image using the pack CLI." + params: + - debug: true + - git-url: "https://github.com/redhat-buildpacks/ubi-image-builder.git" + - source-dir: "." + - output-image: "gitea.cnoe.localtest.me:8443/giteaadmin/ubi-builder" + - imageUrl: "buildpacksio/pack" + - imageTag: "latest" + - packCmdBuilderFlags: + - -v + - --publish + # The workspaces declared here will be mounted for each action except if an action overrides it to use a different name + workspaces: + - name: pack-workspace + volumeClaimTemplate: + storage: 1Gi + accessMode: ReadWriteOnce + - name: source-dir + volumeClaimTemplate: + storage: 1Gi + accessMode: ReadWriteOnce + - name: data-store + volumeSources: + - secret: pack-config-toml + - secret: gitea-creds # quay-creds, docker-creds, etc + actions: + - name: git-clone + ref: bundle://quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:de0ca8872c791944c479231e21d68379b54877aaf42e5f766ef4a8728970f8b3 params: - - name: "BINARY_IMAGE" - value: "$(params.output-image)" - - name: "BASE_IMAGES" - value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" - runAfter: - - "build-container" + - url: "$(params.git-url)" + - subdirectory: "." + workspaces: + - name: output + workspace: source-dir + - name: fetch-packconfig-registrysecret + ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4 + - name: list-source-workspace + ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4 + - name: pack-builder + ref: url://https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/pack-builder/0.1/pack-builder.yml + params: + - PACK_SOURCE_DIR: "$(params.source-dir)" + - PACK_CLI_IMAGE: "$(params.imageUrl)" + - PACK_CLI_IMAGE_VERSION: "$(params.imageTag)" + - BUILDER_IMAGE_NAME: "$(params.output-image)" + - PACK_BUILDER_TOML: "ubi-builder.toml" + - PACK_CMD_FLAGS: + - "$(params.packCmdBuilderFlags)" + + +``` +Generated file: +```yaml +# generated/tekton/buildpack/pipelinerun-pack-builder-git-task.yaml + +apiVersion: "tekton.dev/v1" +kind: "PipelineRun" +metadata: + annotations: + tekton.dev/pipelines.minVersion: "0.60.x" + tekton.dev/displayName: "This Pipeline builds a builder image using the pack CLI." + tekton.dev/platforms: "linux/amd64" + labels: + app.kubernetes.io/version: "0.1" + name: "pack-builder-git-task" +spec: + params: + - name: "debug" + value: "true" + - name: "git-url" + value: "https://github.com/redhat-buildpacks/ubi-image-builder.git" + - name: "source-dir" + value: "." + - name: "output-image" + value: "gitea.cnoe.localtest.me:8443/giteaadmin/ubi-builder" + - name: "imageUrl" + value: "buildpacksio/pack" + - name: "imageTag" + value: "latest" + - name: "packCmdBuilderFlags" + value: + - "-v" + - "--publish" + pipelineSpec: + tasks: + - name: "git-clone" + params: + - name: "url" + value: "$(params.git-url)" + - name: "subdirectory" + value: "." taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:21cb5ebaff7a9216903cf78933dc4ec4dd6283a52636b16590a5f52ceb278269" + value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:de0ca8872c791944c479231e21d68379b54877aaf42e5f766ef4a8728970f8b3" - name: "name" - value: "source-build" + value: "git-clone" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.build-source-image)" - operator: "in" - values: - - "true" workspaces: - - name: "workspace" - workspace: "workspace" - - name: "deprecated-image-check" - params: - - name: "IMAGE_URL" - value: "$(tasks.build-container.results.IMAGE_URL)" - - name: "IMAGE_DIGEST" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "BASE_IMAGES_DIGESTS" - value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" + - name: "output" + workspace: "source-dir" + - name: "fetch-packconfig-registrysecret" runAfter: - - "build-container" + - "git-clone" taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:d98fa9daf5ee12dfbf00880b83d092d01ce9994d79836548d2f82748bb0c64a2" + value: "quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4" - name: "name" - value: "deprecated-image-check" + value: "fetch-packconfig-registrysecret" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - - name: "clair-scan" - params: - - name: "image-digest" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "image-url" - value: "$(tasks.build-container.results.IMAGE_URL)" + workspaces: + - name: "data-store" + workspace: "data-store" + - name: "pack-workspace" + workspace: "pack-workspace" + - name: "list-source-workspace" runAfter: - - "build-container" + - "fetch-packconfig-registrysecret" taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1@sha256:baea4be429cf8d91f7c758378cea42819fe324f25a7f957bf9805409cab6d123" + value: "quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4" - name: "name" - value: "clair-scan" + value: "list-source-workspace" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - - name: "ecosystem-cert-preflight-checks" + workspaces: + - name: "source-dir" + workspace: "source-dir" + - name: "pack-workspace" + workspace: "pack-workspace" + - name: "pack-builder" params: - - name: "image-url" - value: "$(tasks.build-container.results.IMAGE_URL)" + - name: "PACK_SOURCE_DIR" + value: "$(params.source-dir)" + - name: "PACK_CLI_IMAGE" + value: "$(params.imageUrl)" + - name: "PACK_CLI_IMAGE_VERSION" + value: "$(params.imageTag)" + - name: "BUILDER_IMAGE_NAME" + value: "$(params.output-image)" + - name: "PACK_BUILDER_TOML" + value: "ubi-builder.toml" + - name: "PACK_CMD_FLAGS" + value: + - "$(params.packCmdBuilderFlags)" runAfter: - - "build-container" + - "list-source-workspace" taskRef: params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:5131cce0f93d0b728c7bcc0d6cee4c61d4c9f67c6d619c627e41e3c9775b497d" - - name: "name" - value: "ecosystem-cert-preflight-checks" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - - name: "sast-snyk-check" - params: - - name: "image-digest" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "image-url" - value: "$(tasks.build-container.results.IMAGE_URL)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2@sha256:82c42d27c9c59db6cf6c235e89f7b37f5cdfc75d0d361ca0ee91ae703ba72301" - - name: "name" - value: "sast-snyk-check" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "true" + - name: "url" + value: "https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/pack-builder/0.1/pack-builder.yml" + resolver: "http" workspaces: - - name: "workspace" - workspace: "workspace" - - name: "clamav-scan" - params: - - name: "image-digest" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "image-url" - value: "$(tasks.build-container.results.IMAGE_URL)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:7bb17b937c9342f305468e8a6d0a22493e3ecde58977bd2ffc8b50e2fa234d58" - - name: "name" - value: "clamav-scan" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - - name: "sbom-json-check" - params: - - name: "IMAGE_URL" - value: "$(tasks.build-container.results.IMAGE_URL)" - - name: "IMAGE_DIGEST" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1@sha256:2c5de51ec858fc8d47e41c65b20c83fdac249425d67ed6d1058f9f3e0b574500" - - name: "name" - value: "sbom-json-check" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" + - name: "source-dir" + workspace: "source-dir" + - name: "pack-workspace" + workspace: "pack-workspace" timeouts: - pipeline: "3600000000000ns" + pipeline: "300000000000ns" workspaces: - - name: "workspace" + - name: "pack-workspace" volumeClaimTemplate: apiVersion: "v1" kind: "PersistentVolumeClaim" @@ -1568,589 +843,226 @@ spec: resources: requests: storage: "1Gi" - - name: "git-auth" - secret: - secretName: "{{ git_auth_secret }}" + - name: "source-dir" + volumeClaimTemplate: + apiVersion: "v1" + kind: "PersistentVolumeClaim" + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + - name: "data-store" + projected: + sources: + - secret: + name: "pack-config-toml" + - secret: + name: "gitea-creds" ``` -#### PipelineRun performing a build of a Quarkus application using a bash script +### Demo + +#### Basic job echoing a message using the param teamMember Command to be executed: ```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/konflux/build-bash-pack-cfg.yaml +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/basic2-cfg.yaml ``` using as configuration: ```yaml -# configurations/konflux/build-bash-pack-cfg.yaml - -# The type will be used by the application to generate the resources for the selected provider: konflux, tekton -type: konflux -domain: build -namespace: user-ns1 - -repository: - url: https://github.com/ch007m/new-quarkus-app-1 - dockerfilePath: src/main/docker/Dockerfile.jvm - -# To generate the Application and/or Component CR -application: - name: my-quarkus - enable: false -component: - name: quarkus-1 - enable: false +# configurations/tekton/basic2-cfg.yaml +type: tekton +domain: demo job: resourceType: PipelineRun - name: quarkus-1-on-push - description: PipelineRun performing a build of a Quarkus application using a bash script - - workspaces: - - name: workspace - volumeClaimTemplate: - storage: 1Gi - accessMode: ReadWriteOnce - - name: git-auth - secret: - name: "{{ git_auth_secret }}" - - results: - - IMAGE_URL: "$(tasks.build-container.results.IMAGE_URL)" - - IMAGE_DIGEST: "$(tasks.build-container.results.IMAGE_DIGEST)" - - BASE_IMAGES_DIGESTS: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" - #- JAVA_COMMUNITY_DEPENDENCIES: "$(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES)" - - CHAINS-GIT_URL: "$(tasks.clone-repository.results.url)" - - CHAINS-GIT_COMMIT: "$(tasks.clone-repository.results.commit)" - - params: - - git-url: "{{source_url}}" - - revision: "{{revision}}" - - output-image: "quay.io/ch007m/user-ns1/my-quarkus/quarkus-1:{{revision}}" - - image-expires-after: "5d" - - build-image-index: "" - # We need the following parameters when defined part of the PipelineSpec with default value and used by a task - - build-source-image: false - - prefetch-input: "" - - # Buildpack params - - source-dir: "source" - - imageUrl: "buildpacksio/pack" - - imageTag: "latest" - - packCmdBuilderFlags: - - build - - -B - - quay.io/snowdrop/ubi-builder - - -e - - BP_JVM_VERSION=21 - - quarkus-hello:1.0 - + name: basic-job-2 + description: Basic job echoing a message using the param teamMember actions: - # Finally - - name: show-sbom - finally: true - ref: bundle://quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:9bfc6b99ef038800fe131d7b45ff3cd4da3a415dd536f7c657b3527b01c4a13b - params: - - IMAGE_URL: "$(tasks.build-container.results.IMAGE_URL)" - - - name: summary # Konflux uses as name show-summary !! - finally: true - ref: bundle://quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:d97c04ab42f277b1103eb6f3a053b247849f4f5b3237ea302a8ecada3b24e15b - params: - - pipelinerun-name: "$(context.pipelineRun.name)" - - git-url: "$(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit)" - - image-url: "$(params.output-image)" - - build-task-status: "$(tasks.build-container.status)" - - # Tasks - - name: pack + - name: say-hello params: - - PACK_SOURCE_DIR: "$(params.source-dir)" - - PACK_CLI_VERSION: "v0.35.1" - #- PACK_CMD_FLAGS: - # - "$(params.packCmdBuilderFlags)" - results: - - IMAGE_URL: "Image repository where the built image was pushed" - - IMAGE_DIGEST: "Digest of the image just built" - - BASE_IMAGES_DIGESTS: "Digests of the base images used for build" - - args: - - "$(params.packCmdBuilderFlags)" - + - name: teamMember + value: Aurea script: | #!/usr/bin/env bash - set -e - echo "Installing pack ..." - curl -sSL "https://github.com/buildpacks/pack/releases/download/$(params.PACK_CLI_VERSION)/pack-$(params.PACK_CLI_VERSION)-linux.tgz" | tar -C /usr/local/bin/ --no-same-owner -xzv pack - - echo "Checking pack ..." - pack --version - - # We cannot get the array from the params PACK_CMD_FLAGS within the bash script as substitution don't work in this case !! - - echo "Getting the arguments ..." - for cmd_arg in "$@"; do - CLI_ARGS+=("$cmd_arg") - done - - echo "Here are the arguments to be passed to the pack CLI" - for i in "$CLI_ARGS[@]"; do - echo "arg: $i" - done - - echo "Building the image ..." - pack "${CLI_ARGS[@]}" - - echo -n "URL of the image build is : quarkus-hello:1.0" | tee "$(results.IMAGE_URL.path)" - echo -n "sha256ddddddddddddddddddddd" | tee "$(results.IMAGE_DIGEST.path)" - echo -n "sha256eeeeeeeeeeeeeeeeeeeeee" | tee "$(results.BASE_IMAGES_DIGESTS.path)" - - - - - - - - + echo $(params.teamMember) ``` Generated file: ```yaml -# generated/konflux/build/pipelinerun-quarkus-1-on-push.yaml +# generated/tekton/demo/pipelinerun-basic-job-2.yaml apiVersion: "tekton.dev/v1" kind: "PipelineRun" metadata: annotations: - pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: "event == 'push' && target_branch\ - \ == 'main'" - build.appstudio.openshift.io/repo: "https://github.com/ch007m/new-quarkus-app-1?rev={{revision}}" - build.appstudio.redhat.com/commit_sha: "{{revision}}" - build.appstudio.redhat.com/target_branch: "{{target_branch}}" + tekton.dev/pipelines.minVersion: "0.60.x" + tekton.dev/displayName: "Basic job echoing a message using the param teamMember" + tekton.dev/platforms: "linux/amd64" labels: - pipelines.appstudio.openshift.io/type: "build" - pipelines.openshift.io/strategy: "build" - pipelines.openshift.io/used-by: "build-cloud" - pipelines.openshift.io/runtime: "java" - appstudio.openshift.io/application: "my-quarkus" - appstudio.openshift.io/component: "quarkus-1" - name: "quarkus-1-on-push" - namespace: "user-ns1" + app.kubernetes.io/version: "0.1" + name: "basic-job-2" spec: - params: - - name: "git-url" - value: "{{source_url}}" - - name: "revision" - value: "{{revision}}" - - name: "output-image" - value: "quay.io/ch007m/user-ns1/my-quarkus/quarkus-1:{{revision}}" - - name: "image-expires-after" - value: "5d" - - name: "build-image-index" - value: "" - - name: "build-source-image" - value: "false" - - name: "prefetch-input" - value: "" - - name: "source-dir" - value: "source" - - name: "imageUrl" - value: "buildpacksio/pack" - - name: "imageTag" - value: "latest" - - name: "packCmdBuilderFlags" - value: - - "build" - - "-B" - - "quay.io/snowdrop/ubi-builder" - - "-e" - - "BP_JVM_VERSION=21" - - "quarkus-hello:1.0" pipelineSpec: - finally: - - name: "show-sbom" - params: - - name: "IMAGE_URL" - value: "$(tasks.build-container.results.IMAGE_URL)" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:9bfc6b99ef038800fe131d7b45ff3cd4da3a415dd536f7c657b3527b01c4a13b" - - name: "name" - value: "show-sbom" - - name: "kind" - value: "task" - resolver: "bundles" - - name: "summary" - params: - - name: "pipelinerun-name" - value: "$(context.pipelineRun.name)" - - name: "git-url" - value: "$(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit)" - - name: "image-url" - value: "$(params.output-image)" - - name: "build-task-status" - value: "$(tasks.build-container.status)" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:d97c04ab42f277b1103eb6f3a053b247849f4f5b3237ea302a8ecada3b24e15b" - - name: "name" - value: "summary" - - name: "kind" - value: "task" - resolver: "bundles" - workspaces: - - name: "workspace" - workspace: "workspace" - results: - - name: "IMAGE_URL" - value: "$(tasks.build-container.results.IMAGE_URL)" - - name: "IMAGE_DIGEST" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "BASE_IMAGES_DIGESTS" - value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" - - name: "CHAINS-GIT_URL" - value: "$(tasks.clone-repository.results.url)" - - name: "CHAINS-GIT_COMMIT" - value: "$(tasks.clone-repository.results.commit)" tasks: - - name: "init" - params: - - name: "image-url" - value: "$(params.output-image" - - name: "rebuild" - value: "$(params.rebuild" - - name: "skip-checks" - value: "$(params.skip-checks" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:092c113b614f6551113f17605ae9cb7e822aa704d07f0e37ed209da23ce392cc" - - name: "name" - value: "init" - - name: "kind" - value: "task" - resolver: "bundles" - - name: "clone-repository" + - name: "say-hello" params: - - name: "url" - value: "$(params.git-url)" - runAfter: - - "init" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:0bb1be8363557e8e07ec34a3c5daaaaa23c9d533f0bb12f00dc604d00de50814" - - name: "name" - value: "git-clone" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(tasks.init.results.build)" - operator: "in" - values: - - "true" - workspaces: - - name: "output" - workspace: "workspace" - - name: "basic-auth" - workspace: "git-auth" - - name: "prefetch-dependencies" + - name: "name" + value: "teamMember" + - name: "value" + value: "Aurea" + taskSpec: + steps: + - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: |- + #!/usr/bin/env bash + + echo $(params.teamMember) + timeouts: + pipeline: "300000000000ns" + +``` +#### Basic job echoing a message + +Command to be executed: +```bash +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/basic1-cfg.yaml +``` +using as configuration: +```yaml +# configurations/tekton/basic1-cfg.yaml + +type: tekton +domain: demo +job: + resourceType: PipelineRun + name: basic-job-1 + description: Basic job echoing a message + actions: + - name: say-hello + script: | + #!/usr/bin/env bash + + echo "Say hello to the team" +``` +Generated file: +```yaml +# generated/tekton/demo/pipelinerun-basic-job-1.yaml + +apiVersion: "tekton.dev/v1" +kind: "PipelineRun" +metadata: + annotations: + tekton.dev/pipelines.minVersion: "0.60.x" + tekton.dev/displayName: "Basic job echoing a message" + tekton.dev/platforms: "linux/amd64" + labels: + app.kubernetes.io/version: "0.1" + name: "basic-job-1" +spec: + pipelineSpec: + tasks: + - name: "say-hello" + taskSpec: + steps: + - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: |- + #!/usr/bin/env bash + + echo "Say hello to the team" + timeouts: + pipeline: "300000000000ns" + +``` +#### Such a job will not work as the [*] "notation" with array param is not supported in a task's script + +Command to be executed: +```bash +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/basic3-issue-cfg.yaml +``` +using as configuration: +```yaml +# configurations/tekton/basic3-issue-cfg.yaml + +type: tekton +domain: demo +# Such a job will not work as the [*] "notation" +# with array param is not supported in a task's script +job: + resourceType: PipelineRun + name: basic-job-3 + description: Such a job will not work as the [*] "notation" with array param is not supported in a task's script + actions: + - name: say-hello params: - - name: "input" - value: "$(params.prefetch-input)" - runAfter: - - "clone-repository" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:058a59f72997c9cf1be20978eb6a145d8d4d436c6098f2460bd96766bb363b20" - - name: "name" - value: "prefetch-dependencies" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.prefetch-input)" - operator: "notin" - values: - - "" - workspaces: - - name: "source" - workspace: "workspace" - - name: "git-basic-auth" - workspace: "git-auth" - - name: "jam" + - name: team + value: Aurea + script: | + #!/usr/bin/env bash + + members=($(params.team[*])) + + for member in "${members[@]}"; do + echo "Say hello to: $member" + done +``` +Generated file: +```yaml +# generated/tekton/demo/pipelinerun-basic-job-3.yaml + +apiVersion: "tekton.dev/v1" +kind: "PipelineRun" +metadata: + annotations: + tekton.dev/pipelines.minVersion: "0.60.x" + tekton.dev/displayName: "Such a job will not work as the [*] \"notation\" with\ + \ array param is not supported in a task's script" + tekton.dev/platforms: "linux/amd64" + labels: + app.kubernetes.io/version: "0.1" + name: "basic-job-3" +spec: + pipelineSpec: + tasks: + - name: "say-hello" params: - - name: "JAM_VERSION" - value: "v2.9.0" - runAfter: - - "prefetch-dependencies" + - name: "name" + value: "team" + - name: "value" + value: "Aurea" taskSpec: - results: - - description: "Image repository where the built image was pushed" - name: "IMAGE_URL" - - description: "Digest of the image just built" - name: "IMAGE_DIGEST" - - description: "Digests of the base images used for build" - name: "BASE_IMAGES_DIGESTS" steps: - - args: - - "$(params.packCmdBuilderFlags)" - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" name: "run-script" - script: "#!/usr/bin/env bash\nset -e\n\nfunction util::tools::os() {\n \ - \ case \"$(uname)\" in\n \"Darwin\")\n echo \"${1:-darwin}\"\n ;;\n\ - \ \n \"Linux\")\n echo \"linux\"\n ;;\n \n *)\n util::print::error\ - \ \"Unknown OS \\\"$(uname)\\\"\"\n exit 1\n esac\n}\n\nfunction util::tools::arch()\ - \ {\n case \"$(uname -m)\" in\n arm64|aarch64)\n echo \"arm64\"\ - \n ;;\n\n amd64|x86_64)\n if [[ \"${1:-}\" == \"--blank-amd64\"\ - \ ]]; then\n echo \"\"\n elif [[ \"${1:-}\" == \"--uname-format-amd64\"\ - \ ]]; then\n echo \"x86_64\"\n else\n echo \"amd64\"\ - \n fi\n ;;\n\n *)\n util::print::error \"Unknown Architecture\ - \ \\\"$(uname -m)\\\"\"\n exit 1\n esac\n}\n\noutputDir=\"/usr/local/bin/\"\ - \ncurl_args=(\n \"--fail\"\n \"--silent\"\n \"--location\"\n \"--output\"\ - \ \"${outputDir}/jam\"\n)\n\nos=$(util::tools::os)\narch=$(util::tools::arch)\n\ - \necho \"Installing jam $(params.JAM_VERSION)\"\ncurl \"https://github.com/paketo-buildpacks/jam/releases/download/$(params.JAM_VERSION)/jam-${os}-${arch}\"\ - \ \\\n \"${curl_args[@]}\"\nchmod +x ${outputDir}/jam\njam version\n\n\ - echo \"This is a test demo - 1\"\n\nstack_dirpath=\".\"\ncat < ${stack_dirpath}/stack.toml\n\ - id = \"io.buildpacks.stacks.ubi8\"\nhomepage = \"https://github.com/paketo-community/ubi-base-stack\"\ - \nmaintainer = \"Paketo Community\"\n\nplatforms = [\"linux/amd64\"]\n\ - \n[build]\n description = \"base build ubi8 image to support buildpacks\"\ - \n dockerfile = \"./build.Dockerfile\"\n gid = 1000\n shell = \"/bin/bash\"\ - \n uid = 1002\n\n [build.args]\n\n[run]\n description = \"base run\ - \ ubi8 image to support buildpacks\"\n dockerfile = \"./run.Dockerfile\"\ - \n gid = 1000\n shell = \"/bin/bash\"\n uid = 1001\n\n [run.args]\n\ - EOF\n\ncat < ${stack_dirpath}/build.Dockerfile\nFROM registry.access.redhat.com/ubi8/ubi-minimal:latest\n\ - EOF\n\ncat < ${stack_dirpath}/run.Dockerfile\nFROM registry.access.redhat.com/ubi8/ubi-minimal:latest\n\ - EOF\n\nargs=(\n --config \"${stack_dirpath}/stack.toml\"\n --build-output\ - \ \"${build_dirpath}/build.oci\"\n --run-output \"${build_dirpath}/run.oci\"\ - \n)\njam create-stack \"${args[@]}\"\n \necho -n \"URL of the image\ - \ build is : quarkus-hello:1.0\" | tee \"$(results.IMAGE_URL.path)\"\n\ - echo -n \"sha256ddddddddddddddddddddd\" | tee \"$(results.IMAGE_DIGEST.path)\"\ - \necho -n \"sha256eeeeeeeeeeeeeeeeeeeeee\" | tee \"$(results.BASE_IMAGES_DIGESTS.path)\"\ - \n" - - name: "build-image-index" - params: - - name: "IMAGE" - value: "$(params.output-image)" - - name: "COMMIT_SHA" - value: "$(tasks.clone-repository.results.commit)" - - name: "IMAGE_EXPIRES_AFTER" - value: "$(params.image-expires-after)" - - name: "ALWAYS_BUILD_INDEX" - value: "$(params.build-image-index)" - - name: "IMAGES" - value: - - "$(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:409ff39379c50d3c257229b4c6d6600e35eb53637504c47fb36ade262c70716e" - - name: "name" - value: "build-image-index" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(tasks.init.results.build)" - operator: "in" - values: - - "true" - workspaces: - - name: "workspace" - workspace: "workspace" - - name: "build-source-image" - params: - - name: "BINARY_IMAGE" - value: "$(params.output-image)" - - name: "BASE_IMAGES" - value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:21cb5ebaff7a9216903cf78933dc4ec4dd6283a52636b16590a5f52ceb278269" - - name: "name" - value: "source-build" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.build-source-image)" - operator: "in" - values: - - "true" - workspaces: - - name: "workspace" - workspace: "workspace" - - name: "deprecated-image-check" - params: - - name: "IMAGE_URL" - value: "$(tasks.build-container.results.IMAGE_URL)" - - name: "IMAGE_DIGEST" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "BASE_IMAGES_DIGESTS" - value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:d98fa9daf5ee12dfbf00880b83d092d01ce9994d79836548d2f82748bb0c64a2" - - name: "name" - value: "deprecated-image-check" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - - name: "clair-scan" - params: - - name: "image-digest" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "image-url" - value: "$(tasks.build-container.results.IMAGE_URL)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1@sha256:baea4be429cf8d91f7c758378cea42819fe324f25a7f957bf9805409cab6d123" - - name: "name" - value: "clair-scan" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - - name: "ecosystem-cert-preflight-checks" - params: - - name: "image-url" - value: "$(tasks.build-container.results.IMAGE_URL)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:5131cce0f93d0b728c7bcc0d6cee4c61d4c9f67c6d619c627e41e3c9775b497d" - - name: "name" - value: "ecosystem-cert-preflight-checks" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - - name: "sast-snyk-check" - params: - - name: "image-digest" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "image-url" - value: "$(tasks.build-container.results.IMAGE_URL)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2@sha256:82c42d27c9c59db6cf6c235e89f7b37f5cdfc75d0d361ca0ee91ae703ba72301" - - name: "name" - value: "sast-snyk-check" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "true" - workspaces: - - name: "workspace" - workspace: "workspace" - - name: "clamav-scan" - params: - - name: "image-digest" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "image-url" - value: "$(tasks.build-container.results.IMAGE_URL)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:7bb17b937c9342f305468e8a6d0a22493e3ecde58977bd2ffc8b50e2fa234d58" - - name: "name" - value: "clamav-scan" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - - name: "sbom-json-check" - params: - - name: "IMAGE_URL" - value: "$(tasks.build-container.results.IMAGE_URL)" - - name: "IMAGE_DIGEST" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1@sha256:2c5de51ec858fc8d47e41c65b20c83fdac249425d67ed6d1058f9f3e0b574500" - - name: "name" - value: "sbom-json-check" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" + script: |- + #!/usr/bin/env bash + + members=($(params.team[*])) + + for member in "${members[@]}"; do + echo "Say hello to: $member" + done timeouts: - pipeline: "3600000000000ns" - workspaces: - - name: "workspace" - volumeClaimTemplate: - apiVersion: "v1" - kind: "PersistentVolumeClaim" - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "1Gi" - - name: "git-auth" - secret: - secretName: "{{ git_auth_secret }}" + pipeline: "300000000000ns" ``` +## konflux + +### Build + #### PipelineRun performing a build of a Quarkus application using buildpack task and lifecycle Command to be executed: ```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/konflux/build-quarkus-app-lifecycle-extension-cfg.yaml +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/konflux/build-quarkus-app-lifecycle-build-cfg.yaml ``` using as configuration: ```yaml -# configurations/konflux/build-quarkus-app-lifecycle-extension-cfg.yaml +# configurations/konflux/build-quarkus-app-lifecycle-build-cfg.yaml # The type will be used by the application to generate the resources for the selected provider: konflux, tekton type: konflux @@ -2166,13 +1078,13 @@ application: name: my-quarkus enable: false component: - name: quarkus-1 + name: my-quarkus-app enable: false job: # One of the supported resources: PipelineRun, Pipeline resourceType: PipelineRun - name: quarkus-app-on-push + name: quarkus-1-on-push description: PipelineRun performing a build of a Quarkus application using buildpack task and lifecycle workspaces: @@ -2204,14 +1116,8 @@ job: # Buildpack params actions: - - name: buildpacks-extension-check - ref: url://https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/buildpacks-extension-check/01/buildpacks-extension-check.yaml - params: - - builderImage: paketocommunity/builder-ubi-base:latest - - credentialsHome: /tekton/creds-secrets/ - - - name: buildpacks-extension-phases - ref: url://https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/buildpacks-extension-phases/01/buildpacks-extension-phases.yaml + - name: buildpacks-phases + ref: url://https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/buildpacks-phases/01/buildpacks-phases.yaml workspaces: - name: source workspace: workspace @@ -2225,33 +1131,33 @@ job: - CNB_EXPERIMENTAL_MODE: "false" - CNB_BUILD_IMAGE: paketocommunity/build-ubi-base:latest - CNB_RUN_IMAGE: paketocommunity/run-ubi-base:latest - - CNB_USER_ID: $(tasks.buildpacks-extension-check.results.uid) - - CNB_GROUP_ID: $(tasks.buildpacks-extension-check.results.gid) + - CNB_GROUP_ID: 1000 # see: https://github.com/paketo-community/ubi-base-stack/blob/main/stack/stack.toml#L10-L12 + - CNB_USER_ID: 1002 - CNB_ENV_VARS: - BP_JVM_VERSION=21 ``` Generated file: ```yaml -# generated/konflux/build/pipelinerun-quarkus-app-on-push.yaml +# generated/konflux/build/pipelinerun-quarkus-1-on-push.yaml apiVersion: "tekton.dev/v1" kind: "PipelineRun" metadata: annotations: - pipelinesascode.tekton.dev/max-keep-runs: "3" + build.appstudio.redhat.com/target_branch: "{{target_branch}}" + build.appstudio.redhat.com/commit_sha: "{{revision}}" pipelinesascode.tekton.dev/on-cel-expression: "event == 'push' && target_branch\ \ == 'main'" + pipelinesascode.tekton.dev/max-keep-runs: "3" build.appstudio.openshift.io/repo: "https://github.com/ch007m/new-quarkus-app-1?rev={{revision}}" - build.appstudio.redhat.com/commit_sha: "{{revision}}" - build.appstudio.redhat.com/target_branch: "{{target_branch}}" labels: - pipelines.openshift.io/strategy: "build" + appstudio.openshift.io/application: "my-quarkus" pipelines.appstudio.openshift.io/type: "build" + pipelines.openshift.io/strategy: "build" + appstudio.openshift.io/component: "my-quarkus-app" pipelines.openshift.io/used-by: "build-cloud" pipelines.openshift.io/runtime: "java" - appstudio.openshift.io/application: "my-quarkus" - appstudio.openshift.io/component: "quarkus-1" - name: "quarkus-app-on-push" + name: "quarkus-1-on-push" namespace: "user-ns1" spec: params: @@ -2260,7 +1166,7 @@ spec: - name: "revision" value: "{{revision}}" - name: "output-image" - value: "quay.io/ch007m/user-ns1/my-quarkus/quarkus-1:{{revision}}" + value: "quay.io/ch007m/builder-ubi-base:{{revision}}" - name: "image-expires-after" value: "5d" - name: "build-image-index" @@ -2284,36 +1190,72 @@ spec: - "BP_JVM_VERSION=21" - "quarkus-hello:1.0" pipelineSpec: - results: - - name: "IMAGE_URL" - value: "$(tasks.build-container.results.IMAGE_URL)" - - name: "IMAGE_DIGEST" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "BASE_IMAGES_DIGESTS" - value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" + finally: + - name: "show-sbom" + params: + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1" + - name: "name" + value: "show-sbom" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "summary" + params: + - name: "pipelinerun-name" + value: "$(context.pipelineRun.name)" + - name: "git-url" + value: "$(tasks.git-clone.results.url)?rev=$(tasks.git-clone.results.commit)" + - name: "image-url" + value: "$(params.output-image)" + - name: "build-task-status" + value: "$(tasks.build-container.status)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-summary:0.2" + - name: "name" + value: "summary" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "workspace" + workspace: "workspace" + results: + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" + - name: "IMAGE_DIGEST" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "BASE_IMAGES_DIGESTS" + value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" - name: "CHAINS-GIT_URL" - value: "$(tasks.clone-repository.results.url)" + value: "$(tasks.git-clone.results.url)" - name: "CHAINS-GIT_COMMIT" - value: "$(tasks.clone-repository.results.commit)" + value: "$(tasks.git-clone.results.commit)" tasks: - name: "init" params: - name: "image-url" - value: "$(params.output-image" + value: "$(params.output-image)" - name: "rebuild" - value: "$(params.rebuild" + value: "$(params.rebuild)" - name: "skip-checks" - value: "$(params.skip-checks" + value: "$(params.skip-checks)" taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:092c113b614f6551113f17605ae9cb7e822aa704d07f0e37ed209da23ce392cc" + value: "quay.io/konflux-ci/tekton-catalog/task-init:0.2" - name: "name" value: "init" - name: "kind" value: "task" resolver: "bundles" - - name: "clone-repository" + - name: "git-clone" params: - name: "url" value: "$(params.git-url)" @@ -2322,17 +1264,12 @@ spec: taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:0bb1be8363557e8e07ec34a3c5daaaaa23c9d533f0bb12f00dc604d00de50814" + value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1" - name: "name" value: "git-clone" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(tasks.init.results.build)" - operator: "in" - values: - - "true" workspaces: - name: "output" workspace: "workspace" @@ -2343,21 +1280,16 @@ spec: - name: "input" value: "$(params.prefetch-input)" runAfter: - - "clone-repository" + - "git-clone" taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:058a59f72997c9cf1be20978eb6a145d8d4d436c6098f2460bd96766bb363b20" + value: "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1" - name: "name" value: "prefetch-dependencies" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.prefetch-input)" - operator: "notin" - values: - - "" workspaces: - name: "source" workspace: "workspace" @@ -2365,37 +1297,58 @@ spec: workspace: "git-auth" - name: "build-container" params: - - name: "PACK_SOURCE_DIR" - value: "$(params.source-dir)" - - name: "PACK_CLI_IMAGE" - value: "$(params.imageUrl)" - - name: "PACK_CLI_IMAGE_VERSION" - value: "$(params.imageTag)" - - name: "PACK_CMD_FLAGS" - value: - - "$(params.packCmdBuilderFlags)" - runAfter: - - "prefetch-dependencies" - taskRef: - params: - - name: "bundle" - value: "quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4" - - name: "name" - value: "pack" - - name: "kind" - value: "task" - resolver: "bundles" - workspaces: - - name: "source-dir" - workspace: "workspace" - - name: "pack-workspace" - workspace: "workspace" + - name: "JAM_VERSION" + value: "v2.9.0" + taskSpec: + results: + - description: "Image repository where the built image was pushed" + name: "IMAGE_URL" + - description: "Digest of the image just built" + name: "IMAGE_DIGEST" + - description: "Digests of the base images used for build" + name: "BASE_IMAGES_DIGESTS" + steps: + - args: + - "$(params.packCmdBuilderFlags)" + image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: "#!/usr/bin/env bash\nset -e\n\nfunction util::tools::os() {\n \ + \ case \"$(uname)\" in\n \"Darwin\")\n echo \"${1:-darwin}\"\n ;;\n\ + \ \n \"Linux\")\n echo \"linux\"\n ;;\n \n *)\n util::print::error\ + \ \"Unknown OS \\\"$(uname)\\\"\"\n exit 1\n esac\n}\n\nfunction util::tools::arch()\ + \ {\n case \"$(uname -m)\" in\n arm64|aarch64)\n echo \"arm64\"\ + \n ;;\n\n amd64|x86_64)\n if [[ \"${1:-}\" == \"--blank-amd64\"\ + \ ]]; then\n echo \"\"\n elif [[ \"${1:-}\" == \"--uname-format-amd64\"\ + \ ]]; then\n echo \"x86_64\"\n else\n echo \"amd64\"\ + \n fi\n ;;\n\n *)\n util::print::error \"Unknown Architecture\ + \ \\\"$(uname -m)\\\"\"\n exit 1\n esac\n}\n\noutputDir=\"/usr/local/bin/\"\ + \ncurl_args=(\n \"--fail\"\n \"--silent\"\n \"--location\"\n \"--output\"\ + \ \"${outputDir}/jam\"\n)\n\nos=$(util::tools::os)\narch=$(util::tools::arch)\n\ + \necho \"Installing jam $(params.JAM_VERSION)\"\ncurl \"https://github.com/paketo-buildpacks/jam/releases/download/$(params.JAM_VERSION)/jam-${os}-${arch}\"\ + \ \\\n \"${curl_args[@]}\"\nchmod +x ${outputDir}/jam\njam version\n\n\ + echo \"This is a test demo - 1\"\n\nstack_dirpath=\".\"\ncat < ${stack_dirpath}/stack.toml\n\ + id = \"io.buildpacks.stacks.ubi8\"\nhomepage = \"https://github.com/paketo-community/ubi-base-stack\"\ + \nmaintainer = \"Paketo Community\"\n\nplatforms = [\"linux/amd64\"]\n\ + \n[build]\n description = \"base build ubi8 image to support buildpacks\"\ + \n dockerfile = \"./build.Dockerfile\"\n gid = 1000\n shell = \"/bin/bash\"\ + \n uid = 1002\n\n [build.args]\n\n[run]\n description = \"base run\ + \ ubi8 image to support buildpacks\"\n dockerfile = \"./run.Dockerfile\"\ + \n gid = 1000\n shell = \"/bin/bash\"\n uid = 1001\n\n [run.args]\n\ + EOF\n\ncat < ${stack_dirpath}/build.Dockerfile\nFROM registry.access.redhat.com/ubi8/ubi-minimal:latest\n\ + EOF\n\ncat < ${stack_dirpath}/run.Dockerfile\nFROM registry.access.redhat.com/ubi8/ubi-minimal:latest\n\ + EOF\n\nargs=(\n --config \"${stack_dirpath}/stack.toml\"\n --build-output\ + \ \"${build_dirpath}/build.oci\"\n --run-output \"${build_dirpath}/run.oci\"\ + \n)\njam create-stack \"${args[@]}\"\n \necho -n \"URL of the image\ + \ build is : quarkus-hello:1.0\" | tee \"$(results.IMAGE_URL.path)\"\n\ + echo -n \"sha256ddddddddddddddddddddd\" | tee \"$(results.IMAGE_DIGEST.path)\"\ + \necho -n \"sha256eeeeeeeeeeeeeeeeeeeeee\" | tee \"$(results.BASE_IMAGES_DIGESTS.path)\"\ + \n" - name: "build-image-index" params: - name: "IMAGE" value: "$(params.output-image)" - name: "COMMIT_SHA" - value: "$(tasks.clone-repository.results.commit)" + value: "$(tasks.git-clone.results.commit)" - name: "IMAGE_EXPIRES_AFTER" value: "$(params.image-expires-after)" - name: "ALWAYS_BUILD_INDEX" @@ -2408,21 +1361,16 @@ spec: taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:409ff39379c50d3c257229b4c6d6600e35eb53637504c47fb36ade262c70716e" + value: "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1" - name: "name" value: "build-image-index" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(tasks.init.results.build)" - operator: "in" - values: - - "true" workspaces: - name: "workspace" workspace: "workspace" - - name: "build-source-image" + - name: "source-build" params: - name: "BINARY_IMAGE" value: "$(params.output-image)" @@ -2433,44 +1381,15 @@ spec: taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:21cb5ebaff7a9216903cf78933dc4ec4dd6283a52636b16590a5f52ceb278269" + value: "quay.io/konflux-ci/tekton-catalog/task-source-build:0.1" - name: "name" value: "source-build" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.build-source-image)" - operator: "in" - values: - - "true" workspaces: - name: "workspace" workspace: "workspace" - - name: "deprecated-image-check" - params: - - name: "IMAGE_URL" - value: "$(tasks.build-container.results.IMAGE_URL)" - - name: "IMAGE_DIGEST" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "BASE_IMAGES_DIGESTS" - value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:d98fa9daf5ee12dfbf00880b83d092d01ce9994d79836548d2f82748bb0c64a2" - - name: "name" - value: "deprecated-image-check" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - name: "clair-scan" params: - name: "image-digest" @@ -2482,17 +1401,12 @@ spec: taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1@sha256:baea4be429cf8d91f7c758378cea42819fe324f25a7f957bf9805409cab6d123" + value: "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1" - name: "name" value: "clair-scan" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - name: "ecosystem-cert-preflight-checks" params: - name: "image-url" @@ -2502,17 +1416,12 @@ spec: taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:5131cce0f93d0b728c7bcc0d6cee4c61d4c9f67c6d619c627e41e3c9775b497d" + value: "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1" - name: "name" value: "ecosystem-cert-preflight-checks" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - name: "sast-snyk-check" params: - name: "image-digest" @@ -2520,21 +1429,16 @@ spec: - name: "image-url" value: "$(tasks.build-container.results.IMAGE_URL)" runAfter: - - "build-container" + - "git-clone" taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2@sha256:82c42d27c9c59db6cf6c235e89f7b37f5cdfc75d0d361ca0ee91ae703ba72301" + value: "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2" - name: "name" value: "sast-snyk-check" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "true" workspaces: - name: "workspace" workspace: "workspace" @@ -2549,41 +1453,31 @@ spec: taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:7bb17b937c9342f305468e8a6d0a22493e3ecde58977bd2ffc8b50e2fa234d58" + value: "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1" - name: "name" value: "clamav-scan" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - name: "sbom-json-check" params: - - name: "IMAGE_URL" - value: "$(tasks.build-container.results.IMAGE_URL)" - name: "IMAGE_DIGEST" value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" runAfter: - "build-container" taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1@sha256:2c5de51ec858fc8d47e41c65b20c83fdac249425d67ed6d1058f9f3e0b574500" + value: "quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1" - name: "name" value: "sbom-json-check" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" timeouts: - pipeline: "3600000000000ns" + pipeline: "300000000000ns" workspaces: - name: "workspace" volumeClaimTemplate: @@ -2600,736 +1494,1700 @@ spec: secretName: "{{ git_auth_secret }}" ``` -## tekton - -### Example - -#### Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye +#### PipelineRun performing a build of a Quarkus application using a bash script Command to be executed: ```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-two-actions-cfg.yaml +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/konflux/build-bash-jam-cfg.yaml ``` using as configuration: ```yaml -# configurations/tekton/simple-job-two-actions-cfg.yaml +# configurations/konflux/build-bash-jam-cfg.yaml # The type will be used by the application to generate the resources for the selected provider: konflux, tekton -type: tekton -# The domain allows to organize the resources, tasks to be generated -domain: example +type: konflux +domain: build +namespace: user-ns1 -# Kubernetes namespace -namespace: demo +repository: + url: https://github.com/ch007m/new-quarkus-app-1 + dockerfilePath: src/main/docker/Dockerfile.jvm -job: - name: simple-job-two-actions # name of the pipeline to be created - description: Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye +# To generate the Application and/or Component CR +application: + name: my-quarkus + enable: false +component: + name: my-quarkus-app + enable: false - # One of the supported resources: PipelineRun, Pipeline +job: resourceType: PipelineRun + name: quarkus-1-on-push + description: PipelineRun performing a build of a Quarkus application using a bash script + + params: + # Buildpack params + - source-dir: "source" + - imageUrl: "buildpacksio/pack" + - imageTag: "latest" + - packCmdBuilderFlags: + - build + - -B + - quay.io/snowdrop/ubi-builder + - -e + - BP_JVM_VERSION=21 + - quarkus-hello:1.0 actions: - - name: say-hello + # Tasks + - name: jam + params: + - JAM_VERSION: "v2.9.0" + + results: + - IMAGE_URL: "Image repository where the built image was pushed" + - IMAGE_DIGEST: "Digest of the image just built" + - BASE_IMAGES_DIGESTS: "Digests of the base images used for build" + + args: + - "$(params.packCmdBuilderFlags)" + script: | #!/usr/bin/env bash - set -e - echo "Say Hello" - - name: say-goodbye - script: | - #!/usr/bin/env bash - set -e - echo "and say Good bye to all of you !" -``` -Generated file: -```yaml -# generated/tekton/example/pipelinerun-simple-job-two-actions.yaml - -apiVersion: "tekton.dev/v1" -kind: "PipelineRun" -metadata: - annotations: - tekton.dev/pipelines.minVersion: "0.60.x" - tekton.dev/displayName: "Simple example of a Tekton pipeline including 2 actions\ - \ echoing Hello and Good bye" - tekton.dev/platforms: "linux/amd64" - labels: - app.kubernetes.io/version: "0.1" - name: "simple-job-two-actions" - namespace: "demo" -spec: - pipelineSpec: - tasks: - - name: "say-hello" - taskSpec: - steps: - - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" - name: "run-script" - script: | - #!/usr/bin/env bash - - set -e - echo "Say Hello" - - name: "say-goodbye" - runAfter: - - "say-hello" - taskSpec: - steps: - - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" - name: "run-script" - script: |- - #!/usr/bin/env bash - - set -e - echo "and say Good bye to all of you !" - timeouts: - pipeline: "300000000000ns" - -``` -#### Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye and sharing the message using a workspace - -Command to be executed: -```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-two-actions-worskpace-cfg.yaml -``` -using as configuration: -```yaml -# configurations/tekton/simple-job-two-actions-worskpace-cfg.yaml + function util::tools::os() { + case "$(uname)" in + "Darwin") + echo "${1:-darwin}" + ;; + + "Linux") + echo "linux" + ;; + + *) + util::print::error "Unknown OS \"$(uname)\"" + exit 1 + esac + } + + function util::tools::arch() { + case "$(uname -m)" in + arm64|aarch64) + echo "arm64" + ;; + + amd64|x86_64) + if [[ "${1:-}" == "--blank-amd64" ]]; then + echo "" + elif [[ "${1:-}" == "--uname-format-amd64" ]]; then + echo "x86_64" + else + echo "amd64" + fi + ;; + + *) + util::print::error "Unknown Architecture \"$(uname -m)\"" + exit 1 + esac + } + + outputDir="/usr/local/bin/" + curl_args=( + "--fail" + "--silent" + "--location" + "--output" "${outputDir}/jam" + ) + + os=$(util::tools::os) + arch=$(util::tools::arch) + + echo "Installing jam $(params.JAM_VERSION)" + curl "https://github.com/paketo-buildpacks/jam/releases/download/$(params.JAM_VERSION)/jam-${os}-${arch}" \ + "${curl_args[@]}" + chmod +x ${outputDir}/jam + jam version + + echo "This is a test demo - 1" + + stack_dirpath="." + cat < ${stack_dirpath}/stack.toml + id = "io.buildpacks.stacks.ubi8" + homepage = "https://github.com/paketo-community/ubi-base-stack" + maintainer = "Paketo Community" + + platforms = ["linux/amd64"] + + [build] + description = "base build ubi8 image to support buildpacks" + dockerfile = "./build.Dockerfile" + gid = 1000 + shell = "/bin/bash" + uid = 1002 + + [build.args] + + [run] + description = "base run ubi8 image to support buildpacks" + dockerfile = "./run.Dockerfile" + gid = 1000 + shell = "/bin/bash" + uid = 1001 + + [run.args] + EOF + + cat < ${stack_dirpath}/build.Dockerfile + FROM registry.access.redhat.com/ubi8/ubi-minimal:latest + EOF + + cat < ${stack_dirpath}/run.Dockerfile + FROM registry.access.redhat.com/ubi8/ubi-minimal:latest + EOF + + args=( + --config "${stack_dirpath}/stack.toml" + --build-output "${build_dirpath}/build.oci" + --run-output "${build_dirpath}/run.oci" + ) + jam create-stack "${args[@]}" + + echo -n "URL of the image build is : quarkus-hello:1.0" | tee "$(results.IMAGE_URL.path)" + echo -n "sha256ddddddddddddddddddddd" | tee "$(results.IMAGE_DIGEST.path)" + echo -n "sha256eeeeeeeeeeeeeeeeeeeeee" | tee "$(results.BASE_IMAGES_DIGESTS.path)" + -type: tekton -domain: example + + + -namespace: demo -job: - name: simple-job-two-actions-wks - description: Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye and sharing the message using a workspace - resourceType: PipelineRun - workspaces: - - name: shared-wks - volumeClaimTemplate: - storage: 1Gi - accessMode: ReadWriteOnce - actions: - - name: say-hello - script: | - #!/usr/bin/env bash - - set -e - if [ "$(workspaces.shared-wks.bound)" == "true" ] ; then - echo Hello from action - say-hello > $(workspaces.shared-wks.path)/message - fi - workspaces: - - name: shared-wks - workspace: shared-wks - - name: say-goodbye - script: | - #!/usr/bin/env bash - - set -e - if [ "$(workspaces.shared-wks.bound)" == "true" ] ; then - cat $(workspaces.shared-wks.path)/message - fi - echo "Saying Good bye to all of you from action: say-goodbye" - workspaces: - - name: shared-wks - workspace: shared-wks ``` Generated file: ```yaml -# generated/tekton/example/pipelinerun-simple-job-two-actions-wks.yaml +# generated/konflux/build/pipelinerun-quarkus-1-on-push.yaml apiVersion: "tekton.dev/v1" kind: "PipelineRun" metadata: annotations: - tekton.dev/pipelines.minVersion: "0.60.x" - tekton.dev/displayName: "Simple example of a Tekton pipeline including 2 actions\ - \ echoing Hello and Good bye and sharing the message using a workspace" - tekton.dev/platforms: "linux/amd64" + build.appstudio.redhat.com/target_branch: "{{target_branch}}" + build.appstudio.redhat.com/commit_sha: "{{revision}}" + pipelinesascode.tekton.dev/on-cel-expression: "event == 'push' && target_branch\ + \ == 'main'" + pipelinesascode.tekton.dev/max-keep-runs: "3" + build.appstudio.openshift.io/repo: "https://github.com/ch007m/new-quarkus-app-1?rev={{revision}}" labels: - app.kubernetes.io/version: "0.1" - name: "simple-job-two-actions-wks" - namespace: "demo" + appstudio.openshift.io/application: "my-quarkus" + pipelines.appstudio.openshift.io/type: "build" + pipelines.openshift.io/strategy: "build" + appstudio.openshift.io/component: "my-quarkus-app" + pipelines.openshift.io/used-by: "build-cloud" + pipelines.openshift.io/runtime: "java" + name: "quarkus-1-on-push" + namespace: "user-ns1" spec: + params: + - name: "git-url" + value: "{{source_url}}" + - name: "revision" + value: "{{revision}}" + - name: "output-image" + value: "quay.io/ch007m/builder-ubi-base:{{revision}}" + - name: "image-expires-after" + value: "5d" + - name: "build-image-index" + value: "" + - name: "build-source-image" + value: "false" + - name: "prefetch-input" + value: "" + - name: "source-dir" + value: "source" + - name: "imageUrl" + value: "buildpacksio/pack" + - name: "imageTag" + value: "latest" + - name: "packCmdBuilderFlags" + value: + - "build" + - "-B" + - "quay.io/snowdrop/ubi-builder" + - "-e" + - "BP_JVM_VERSION=21" + - "quarkus-hello:1.0" pipelineSpec: - tasks: - - name: "say-hello" - taskSpec: - steps: - - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" - name: "run-script" - script: | - #!/usr/bin/env bash - - set -e - if [ "$(workspaces.shared-wks.bound)" == "true" ] ; then - echo Hello from action - say-hello > $(workspaces.shared-wks.path)/message - fi - workspaces: - - name: "shared-wks" - workspace: "shared-wks" - - name: "say-goodbye" - runAfter: - - "say-hello" - taskSpec: - steps: - - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" - name: "run-script" - script: | - #!/usr/bin/env bash - - set -e - if [ "$(workspaces.shared-wks.bound)" == "true" ] ; then - cat $(workspaces.shared-wks.path)/message - fi - echo "Saying Good bye to all of you from action: say-goodbye" + finally: + - name: "show-sbom" + params: + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1" + - name: "name" + value: "show-sbom" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "summary" + params: + - name: "pipelinerun-name" + value: "$(context.pipelineRun.name)" + - name: "git-url" + value: "$(tasks.git-clone.results.url)?rev=$(tasks.git-clone.results.commit)" + - name: "image-url" + value: "$(params.output-image)" + - name: "build-task-status" + value: "$(tasks.build-container.status)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-summary:0.2" + - name: "name" + value: "summary" + - name: "kind" + value: "task" + resolver: "bundles" workspaces: - - name: "shared-wks" - workspace: "shared-wks" - timeouts: - pipeline: "300000000000ns" - workspaces: - - name: "shared-wks" - volumeClaimTemplate: - apiVersion: "v1" - kind: "PersistentVolumeClaim" - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "1Gi" - -``` -#### Simple example of a Tekton pipeline echoing a message - -Command to be executed: -```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-fetch-script-cfg.yaml -``` -using as configuration: -```yaml -# configurations/tekton/simple-job-fetch-script-cfg.yaml - -# The type will be used by the application to generate the resources for the selected provider: konflux, tekton -type: tekton -# The domain allows to organize the resources, tasks to be generated -domain: example - -# Kubernetes namespace -namespace: - -job: - name: simple-job-fetch-script # name of the pipeline to be created - description: Simple example of a Tekton pipeline echoing a message - - # One of the supported resources: PipelineRun, Pipeline - resourceType: PipelineRun - - actions: - - name: say-hello - # The ref or reference expressed using the uri://: - # will fetch the code of the action to be executed - ref: - # The url of the script file to be executed using a linux container - scriptFileUrl: https://raw.githubusercontent.com/ch007m/pipeline-dsl-builder/main/scripts/echo.sh -``` -Generated file: -```yaml -# generated/tekton/example/pipelinerun-simple-job-fetch-script.yaml - -apiVersion: "tekton.dev/v1" -kind: "PipelineRun" -metadata: - annotations: - tekton.dev/pipelines.minVersion: "0.60.x" - tekton.dev/displayName: "Simple example of a Tekton pipeline echoing a message" - tekton.dev/platforms: "linux/amd64" - labels: - app.kubernetes.io/version: "0.1" - name: "simple-job-fetch-script" -spec: - pipelineSpec: - tasks: - - name: "say-hello" - taskSpec: - steps: - - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" - name: "run-script" - script: | - #!/usr/bin/env bash - - set -e - echo "Say Hello" - timeouts: - pipeline: "300000000000ns" - -``` -#### Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye when condition is met - -Command to be executed: -```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-two-actions-when-cfg.yaml -``` -using as configuration: -```yaml -# configurations/tekton/simple-job-two-actions-when-cfg.yaml - -type: tekton -domain: example -namespace: demo - -job: - name: simple-job-two-actions-when # name of the pipeline to be created - description: Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye when condition is met - resourceType: PipelineRun - params: - - message: true - actions: - - name: say-hello - script: | - #!/usr/bin/env bash - - set -e - echo "Say Hello" - - name: say-goodbye - when: - - "$(params.message): true" - script: | - #!/usr/bin/env bash - - set -e - echo "and say Good bye to all of you !" -``` -Generated file: -```yaml -# generated/tekton/example/pipelinerun-simple-job-two-actions-when.yaml - -apiVersion: "tekton.dev/v1" -kind: "PipelineRun" -metadata: - annotations: - tekton.dev/pipelines.minVersion: "0.60.x" - tekton.dev/displayName: "Simple example of a Tekton pipeline including 2 actions\ - \ echoing Hello and Good bye when condition is met" - tekton.dev/platforms: "linux/amd64" - labels: - app.kubernetes.io/version: "0.1" - name: "simple-job-two-actions-when" - namespace: "demo" -spec: - params: - - name: "message" - value: "true" - pipelineSpec: + - name: "workspace" + workspace: "workspace" + results: + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" + - name: "IMAGE_DIGEST" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "BASE_IMAGES_DIGESTS" + value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" + - name: "CHAINS-GIT_URL" + value: "$(tasks.git-clone.results.url)" + - name: "CHAINS-GIT_COMMIT" + value: "$(tasks.git-clone.results.commit)" tasks: - - name: "say-hello" - taskSpec: - steps: - - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" - name: "run-script" - script: | - #!/usr/bin/env bash - - set -e - echo "Say Hello" - - name: "say-goodbye" + - name: "init" + params: + - name: "image-url" + value: "$(params.output-image)" + - name: "rebuild" + value: "$(params.rebuild)" + - name: "skip-checks" + value: "$(params.skip-checks)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-init:0.2" + - name: "name" + value: "init" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "git-clone" + params: + - name: "url" + value: "$(params.git-url)" runAfter: - - "say-hello" + - "init" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1" + - name: "name" + value: "git-clone" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "output" + workspace: "workspace" + - name: "basic-auth" + workspace: "git-auth" + - name: "prefetch-dependencies" + params: + - name: "input" + value: "$(params.prefetch-input)" + runAfter: + - "git-clone" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1" + - name: "name" + value: "prefetch-dependencies" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "source" + workspace: "workspace" + - name: "git-basic-auth" + workspace: "git-auth" + - name: "build-container" + params: + - name: "JAM_VERSION" + value: "v2.9.0" taskSpec: + results: + - description: "Image repository where the built image was pushed" + name: "IMAGE_URL" + - description: "Digest of the image just built" + name: "IMAGE_DIGEST" + - description: "Digests of the base images used for build" + name: "BASE_IMAGES_DIGESTS" steps: - - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + - args: + - "$(params.packCmdBuilderFlags)" + image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" name: "run-script" - script: |- - #!/usr/bin/env bash - - set -e - echo "and say Good bye to all of you !" - when: - - input: "$(params.message)" - operator: "in" - values: - - "true" + script: "#!/usr/bin/env bash\nset -e\n\nfunction util::tools::os() {\n \ + \ case \"$(uname)\" in\n \"Darwin\")\n echo \"${1:-darwin}\"\n ;;\n\ + \ \n \"Linux\")\n echo \"linux\"\n ;;\n \n *)\n util::print::error\ + \ \"Unknown OS \\\"$(uname)\\\"\"\n exit 1\n esac\n}\n\nfunction util::tools::arch()\ + \ {\n case \"$(uname -m)\" in\n arm64|aarch64)\n echo \"arm64\"\ + \n ;;\n\n amd64|x86_64)\n if [[ \"${1:-}\" == \"--blank-amd64\"\ + \ ]]; then\n echo \"\"\n elif [[ \"${1:-}\" == \"--uname-format-amd64\"\ + \ ]]; then\n echo \"x86_64\"\n else\n echo \"amd64\"\ + \n fi\n ;;\n\n *)\n util::print::error \"Unknown Architecture\ + \ \\\"$(uname -m)\\\"\"\n exit 1\n esac\n}\n\noutputDir=\"/usr/local/bin/\"\ + \ncurl_args=(\n \"--fail\"\n \"--silent\"\n \"--location\"\n \"--output\"\ + \ \"${outputDir}/jam\"\n)\n\nos=$(util::tools::os)\narch=$(util::tools::arch)\n\ + \necho \"Installing jam $(params.JAM_VERSION)\"\ncurl \"https://github.com/paketo-buildpacks/jam/releases/download/$(params.JAM_VERSION)/jam-${os}-${arch}\"\ + \ \\\n \"${curl_args[@]}\"\nchmod +x ${outputDir}/jam\njam version\n\n\ + echo \"This is a test demo - 1\"\n\nstack_dirpath=\".\"\ncat < ${stack_dirpath}/stack.toml\n\ + id = \"io.buildpacks.stacks.ubi8\"\nhomepage = \"https://github.com/paketo-community/ubi-base-stack\"\ + \nmaintainer = \"Paketo Community\"\n\nplatforms = [\"linux/amd64\"]\n\ + \n[build]\n description = \"base build ubi8 image to support buildpacks\"\ + \n dockerfile = \"./build.Dockerfile\"\n gid = 1000\n shell = \"/bin/bash\"\ + \n uid = 1002\n\n [build.args]\n\n[run]\n description = \"base run\ + \ ubi8 image to support buildpacks\"\n dockerfile = \"./run.Dockerfile\"\ + \n gid = 1000\n shell = \"/bin/bash\"\n uid = 1001\n\n [run.args]\n\ + EOF\n\ncat < ${stack_dirpath}/build.Dockerfile\nFROM registry.access.redhat.com/ubi8/ubi-minimal:latest\n\ + EOF\n\ncat < ${stack_dirpath}/run.Dockerfile\nFROM registry.access.redhat.com/ubi8/ubi-minimal:latest\n\ + EOF\n\nargs=(\n --config \"${stack_dirpath}/stack.toml\"\n --build-output\ + \ \"${build_dirpath}/build.oci\"\n --run-output \"${build_dirpath}/run.oci\"\ + \n)\njam create-stack \"${args[@]}\"\n \necho -n \"URL of the image\ + \ build is : quarkus-hello:1.0\" | tee \"$(results.IMAGE_URL.path)\"\n\ + echo -n \"sha256ddddddddddddddddddddd\" | tee \"$(results.IMAGE_DIGEST.path)\"\ + \necho -n \"sha256eeeeeeeeeeeeeeeeeeeeee\" | tee \"$(results.BASE_IMAGES_DIGESTS.path)\"\ + \n" + - name: "build-image-index" + params: + - name: "IMAGE" + value: "$(params.output-image)" + - name: "COMMIT_SHA" + value: "$(tasks.git-clone.results.commit)" + - name: "IMAGE_EXPIRES_AFTER" + value: "$(params.image-expires-after)" + - name: "ALWAYS_BUILD_INDEX" + value: "$(params.build-image-index)" + - name: "IMAGES" + value: + - "$(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1" + - name: "name" + value: "build-image-index" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "workspace" + workspace: "workspace" + - name: "source-build" + params: + - name: "BINARY_IMAGE" + value: "$(params.output-image)" + - name: "BASE_IMAGES" + value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-source-build:0.1" + - name: "name" + value: "source-build" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "workspace" + workspace: "workspace" + - name: "clair-scan" + params: + - name: "image-digest" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1" + - name: "name" + value: "clair-scan" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "ecosystem-cert-preflight-checks" + params: + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1" + - name: "name" + value: "ecosystem-cert-preflight-checks" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "sast-snyk-check" + params: + - name: "image-digest" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "git-clone" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2" + - name: "name" + value: "sast-snyk-check" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "workspace" + workspace: "workspace" + - name: "clamav-scan" + params: + - name: "image-digest" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1" + - name: "name" + value: "clamav-scan" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "sbom-json-check" + params: + - name: "IMAGE_DIGEST" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1" + - name: "name" + value: "sbom-json-check" + - name: "kind" + value: "task" + resolver: "bundles" timeouts: pipeline: "300000000000ns" + workspaces: + - name: "workspace" + volumeClaimTemplate: + apiVersion: "v1" + kind: "PersistentVolumeClaim" + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + - name: "git-auth" + secret: + secretName: "{{ git_auth_secret }}" ``` -#### Simple example of a Tekton pipeline echoing a message +#### PipelineRun performing a build of a Quarkus application using pack CLI Command to be executed: ```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-embedded-script-cfg.yaml +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/konflux/build-quarkus-app-cfg.yaml ``` using as configuration: ```yaml -# configurations/tekton/simple-job-embedded-script-cfg.yaml +# configurations/konflux/build-quarkus-app-cfg.yaml # The type will be used by the application to generate the resources for the selected provider: konflux, tekton -type: tekton -# The domain allows to organize the resources, tasks to be generated -domain: example +type: konflux +domain: build +namespace: user-ns1 -# Kubernetes namespace -namespace: user +repository: + url: https://github.com/ch007m/new-quarkus-app-1 + dockerfilePath: src/main/docker/Dockerfile.jvm -job: - name: simple-job-embedded-script # name of the pipeline to be created - description: Simple example of a Tekton pipeline echoing a message +# To generate the Konflux Application and/or Component CR +application: + name: my-quarkus + enable: false +component: + name: my-quarkus-app + enable: false +job: # One of the supported resources: PipelineRun, Pipeline resourceType: PipelineRun + name: quarkus-1-on-push + description: PipelineRun performing a build of a Quarkus application using pack CLI - actions: - - name: say-hello - # The ref or reference expressed using the uri://: - # will fetch the code of the action to be executed - ref: - # The script to be executed using a linux container - script: | - #!/usr/bin/env bash - - set -e - echo "Say Hello" -``` -Generated file: -```yaml -# generated/tekton/example/pipelinerun-simple-job-embedded-script.yaml - -apiVersion: "tekton.dev/v1" -kind: "PipelineRun" -metadata: - annotations: - tekton.dev/pipelines.minVersion: "0.60.x" - tekton.dev/displayName: "Simple example of a Tekton pipeline echoing a message" - tekton.dev/platforms: "linux/amd64" - labels: - app.kubernetes.io/version: "0.1" - name: "simple-job-embedded-script" - namespace: "user" -spec: - pipelineSpec: - tasks: - - name: "say-hello" - taskSpec: - steps: - - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" - name: "run-script" - script: |- - #!/usr/bin/env bash + workspaces: + - name: workspace + volumeClaimTemplate: + storage: 1Gi + accessMode: ReadWriteOnce + - name: git-auth + secret: + name: "{{ git_auth_secret }}" - set -e - echo "Say Hello" - timeouts: - pipeline: "300000000000ns" + results: + - IMAGE_URL: "$(tasks.build-container.results.IMAGE_URL)" + - IMAGE_DIGEST: "$(tasks.build-container.results.IMAGE_DIGEST)" + - BASE_IMAGES_DIGESTS: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" -``` -### Demo + - CHAINS-GIT_URL: "$(tasks.clone-repository.results.url)" + - CHAINS-GIT_COMMIT: "$(tasks.clone-repository.results.commit)" -#### Such a job will not work as the [*] "notation" with array param is not supported in a task's script + params: + - git-url: "{{source_url}}" + - revision: "{{revision}}" + - output-image: "quay.io/ch007m/user-ns1/my-quarkus/quarkus-1:{{revision}}" + - image-expires-after: "5d" + - build-image-index: "" + # We need the following parameters when used within the Pipeline: when condition, etc + - build-source-image: false + - prefetch-input: "" -Command to be executed: -```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/basic3-issue-cfg.yaml -``` -using as configuration: -```yaml -# configurations/tekton/basic3-issue-cfg.yaml + # Buildpack params + - source-dir: "source" + - imageUrl: "buildpacksio/pack" + - imageTag: "latest" + - packCmdBuilderFlags: + - build + - -B + - quay.io/snowdrop/ubi-builder + - -e + - BP_JVM_VERSION=21 + - quarkus-hello:1.0 -type: tekton -domain: demo -# Such a job will not work as the [*] "notation" -# with array param is not supported in a task's script -job: - resourceType: PipelineRun - name: basic-job-3 - description: Such a job will not work as the [*] "notation" with array param is not supported in a task's script + # Remark : As the Pipeline(run) resource of konflux already defines mandatory steps to perform actions as listed here - it is then not needed + # to detail them here except the actions that you want to include part of the build process + + # The actions to be executed should match/map the name ofg the Task declared in an OCI Bundle or Git repository url + # Examples: + # - pack: to build an image using the Pack CLI + # - build: to build an application using a builder image + # - pack-builder: to create a builder image using pack CLI + # - stack: to create a base stack image build or run + # - meta/composite: to package the buildpacks of a "meta/composite" buildpack project + # - buildpack: to package a "buildpack" project + # - extension: to package an "extension" project + # actions: - - name: say-hello + - name: pack + ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4 + workspaces: + - name: source-dir + workspace: workspace + - name: pack-workspace + workspace: workspace params: - - name: team - value: Aurea - script: | - #!/usr/bin/env bash - - members=($(params.team[*])) - - for member in "${members[@]}"; do - echo "Say hello to: $member" - done + - PACK_SOURCE_DIR: "$(params.source-dir)" + - PACK_CLI_IMAGE: "$(params.imageUrl)" + - PACK_CLI_IMAGE_VERSION: "$(params.imageTag)" + - PACK_CMD_FLAGS: + - "$(params.packCmdBuilderFlags)" + + ``` Generated file: ```yaml -# generated/tekton/demo/pipelinerun-basic-job-3.yaml +# generated/konflux/build/pipelinerun-quarkus-1-on-push.yaml apiVersion: "tekton.dev/v1" kind: "PipelineRun" metadata: annotations: - tekton.dev/pipelines.minVersion: "0.60.x" - tekton.dev/displayName: "Such a job will not work as the [*] \"notation\" with\ - \ array param is not supported in a task's script" - tekton.dev/platforms: "linux/amd64" + build.appstudio.redhat.com/target_branch: "{{target_branch}}" + build.appstudio.redhat.com/commit_sha: "{{revision}}" + pipelinesascode.tekton.dev/on-cel-expression: "event == 'push' && target_branch\ + \ == 'main'" + pipelinesascode.tekton.dev/max-keep-runs: "3" + build.appstudio.openshift.io/repo: "https://github.com/ch007m/new-quarkus-app-1?rev={{revision}}" labels: - app.kubernetes.io/version: "0.1" - name: "basic-job-3" + appstudio.openshift.io/application: "my-quarkus" + pipelines.appstudio.openshift.io/type: "build" + pipelines.openshift.io/strategy: "build" + appstudio.openshift.io/component: "my-quarkus-app" + pipelines.openshift.io/used-by: "build-cloud" + pipelines.openshift.io/runtime: "java" + name: "quarkus-1-on-push" + namespace: "user-ns1" spec: + params: + - name: "git-url" + value: "{{source_url}}" + - name: "revision" + value: "{{revision}}" + - name: "output-image" + value: "quay.io/ch007m/builder-ubi-base:{{revision}}" + - name: "image-expires-after" + value: "5d" + - name: "build-image-index" + value: "" + - name: "build-source-image" + value: "false" + - name: "prefetch-input" + value: "" + - name: "source-dir" + value: "source" + - name: "imageUrl" + value: "buildpacksio/pack" + - name: "imageTag" + value: "latest" + - name: "packCmdBuilderFlags" + value: + - "build" + - "-B" + - "quay.io/snowdrop/ubi-builder" + - "-e" + - "BP_JVM_VERSION=21" + - "quarkus-hello:1.0" pipelineSpec: + finally: + - name: "show-sbom" + params: + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1" + - name: "name" + value: "show-sbom" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "summary" + params: + - name: "pipelinerun-name" + value: "$(context.pipelineRun.name)" + - name: "git-url" + value: "$(tasks.git-clone.results.url)?rev=$(tasks.git-clone.results.commit)" + - name: "image-url" + value: "$(params.output-image)" + - name: "build-task-status" + value: "$(tasks.build-container.status)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-summary:0.2" + - name: "name" + value: "summary" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "workspace" + workspace: "workspace" + results: + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" + - name: "IMAGE_DIGEST" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "BASE_IMAGES_DIGESTS" + value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" + - name: "CHAINS-GIT_URL" + value: "$(tasks.git-clone.results.url)" + - name: "CHAINS-GIT_COMMIT" + value: "$(tasks.git-clone.results.commit)" tasks: - - name: "say-hello" + - name: "init" + params: + - name: "image-url" + value: "$(params.output-image)" + - name: "rebuild" + value: "$(params.rebuild)" + - name: "skip-checks" + value: "$(params.skip-checks)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-init:0.2" + - name: "name" + value: "init" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "git-clone" + params: + - name: "url" + value: "$(params.git-url)" + runAfter: + - "init" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1" + - name: "name" + value: "git-clone" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "output" + workspace: "workspace" + - name: "basic-auth" + workspace: "git-auth" + - name: "prefetch-dependencies" + params: + - name: "input" + value: "$(params.prefetch-input)" + runAfter: + - "git-clone" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1" + - name: "name" + value: "prefetch-dependencies" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "source" + workspace: "workspace" + - name: "git-basic-auth" + workspace: "git-auth" + - name: "build-container" + params: + - name: "JAM_VERSION" + value: "v2.9.0" + taskSpec: + results: + - description: "Image repository where the built image was pushed" + name: "IMAGE_URL" + - description: "Digest of the image just built" + name: "IMAGE_DIGEST" + - description: "Digests of the base images used for build" + name: "BASE_IMAGES_DIGESTS" + steps: + - args: + - "$(params.packCmdBuilderFlags)" + image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: "#!/usr/bin/env bash\nset -e\n\nfunction util::tools::os() {\n \ + \ case \"$(uname)\" in\n \"Darwin\")\n echo \"${1:-darwin}\"\n ;;\n\ + \ \n \"Linux\")\n echo \"linux\"\n ;;\n \n *)\n util::print::error\ + \ \"Unknown OS \\\"$(uname)\\\"\"\n exit 1\n esac\n}\n\nfunction util::tools::arch()\ + \ {\n case \"$(uname -m)\" in\n arm64|aarch64)\n echo \"arm64\"\ + \n ;;\n\n amd64|x86_64)\n if [[ \"${1:-}\" == \"--blank-amd64\"\ + \ ]]; then\n echo \"\"\n elif [[ \"${1:-}\" == \"--uname-format-amd64\"\ + \ ]]; then\n echo \"x86_64\"\n else\n echo \"amd64\"\ + \n fi\n ;;\n\n *)\n util::print::error \"Unknown Architecture\ + \ \\\"$(uname -m)\\\"\"\n exit 1\n esac\n}\n\noutputDir=\"/usr/local/bin/\"\ + \ncurl_args=(\n \"--fail\"\n \"--silent\"\n \"--location\"\n \"--output\"\ + \ \"${outputDir}/jam\"\n)\n\nos=$(util::tools::os)\narch=$(util::tools::arch)\n\ + \necho \"Installing jam $(params.JAM_VERSION)\"\ncurl \"https://github.com/paketo-buildpacks/jam/releases/download/$(params.JAM_VERSION)/jam-${os}-${arch}\"\ + \ \\\n \"${curl_args[@]}\"\nchmod +x ${outputDir}/jam\njam version\n\n\ + echo \"This is a test demo - 1\"\n\nstack_dirpath=\".\"\ncat < ${stack_dirpath}/stack.toml\n\ + id = \"io.buildpacks.stacks.ubi8\"\nhomepage = \"https://github.com/paketo-community/ubi-base-stack\"\ + \nmaintainer = \"Paketo Community\"\n\nplatforms = [\"linux/amd64\"]\n\ + \n[build]\n description = \"base build ubi8 image to support buildpacks\"\ + \n dockerfile = \"./build.Dockerfile\"\n gid = 1000\n shell = \"/bin/bash\"\ + \n uid = 1002\n\n [build.args]\n\n[run]\n description = \"base run\ + \ ubi8 image to support buildpacks\"\n dockerfile = \"./run.Dockerfile\"\ + \n gid = 1000\n shell = \"/bin/bash\"\n uid = 1001\n\n [run.args]\n\ + EOF\n\ncat < ${stack_dirpath}/build.Dockerfile\nFROM registry.access.redhat.com/ubi8/ubi-minimal:latest\n\ + EOF\n\ncat < ${stack_dirpath}/run.Dockerfile\nFROM registry.access.redhat.com/ubi8/ubi-minimal:latest\n\ + EOF\n\nargs=(\n --config \"${stack_dirpath}/stack.toml\"\n --build-output\ + \ \"${build_dirpath}/build.oci\"\n --run-output \"${build_dirpath}/run.oci\"\ + \n)\njam create-stack \"${args[@]}\"\n \necho -n \"URL of the image\ + \ build is : quarkus-hello:1.0\" | tee \"$(results.IMAGE_URL.path)\"\n\ + echo -n \"sha256ddddddddddddddddddddd\" | tee \"$(results.IMAGE_DIGEST.path)\"\ + \necho -n \"sha256eeeeeeeeeeeeeeeeeeeeee\" | tee \"$(results.BASE_IMAGES_DIGESTS.path)\"\ + \n" + - name: "build-image-index" + params: + - name: "IMAGE" + value: "$(params.output-image)" + - name: "COMMIT_SHA" + value: "$(tasks.git-clone.results.commit)" + - name: "IMAGE_EXPIRES_AFTER" + value: "$(params.image-expires-after)" + - name: "ALWAYS_BUILD_INDEX" + value: "$(params.build-image-index)" + - name: "IMAGES" + value: + - "$(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1" + - name: "name" + value: "build-image-index" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "workspace" + workspace: "workspace" + - name: "source-build" + params: + - name: "BINARY_IMAGE" + value: "$(params.output-image)" + - name: "BASE_IMAGES" + value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-source-build:0.1" + - name: "name" + value: "source-build" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "workspace" + workspace: "workspace" + - name: "clair-scan" + params: + - name: "image-digest" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1" + - name: "name" + value: "clair-scan" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "ecosystem-cert-preflight-checks" + params: + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1" + - name: "name" + value: "ecosystem-cert-preflight-checks" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "sast-snyk-check" + params: + - name: "image-digest" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "git-clone" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2" + - name: "name" + value: "sast-snyk-check" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "workspace" + workspace: "workspace" + - name: "clamav-scan" + params: + - name: "image-digest" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1" + - name: "name" + value: "clamav-scan" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "sbom-json-check" + params: + - name: "IMAGE_DIGEST" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1" + - name: "name" + value: "sbom-json-check" + - name: "kind" + value: "task" + resolver: "bundles" + timeouts: + pipeline: "300000000000ns" + workspaces: + - name: "workspace" + volumeClaimTemplate: + apiVersion: "v1" + kind: "PersistentVolumeClaim" + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + - name: "git-auth" + secret: + secretName: "{{ git_auth_secret }}" + +``` +#### PipelineRun doing a build of a Quarkus application using buildpack - extension task + +Command to be executed: +```bash +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/konflux/build-quarkus-app-lifecycle-extension-cfg.yaml +``` +using as configuration: +```yaml +# configurations/konflux/build-quarkus-app-lifecycle-extension-cfg.yaml + +# The type will be used by the application to generate the resources for the selected provider: konflux, tekton +type: konflux +domain: build +namespace: user-ns1 + +repository: + url: https://github.com/ch007m/new-quarkus-app-1 + dockerfilePath: src/main/docker/Dockerfile.jvm + +# To generate the Konflux Application and/or Component CR +application: + name: my-quarkus + enable: true +component: + name: my-quarkus-app + enable: true + +job: + resourceType: PipelineRun + name: quarkus-1-on-push + description: PipelineRun doing a build of a Quarkus application using buildpack - extension task + + workspaces: + - name: workspace + volumeClaimTemplate: + storage: 1Gi + accessMode: ReadWriteOnce + - name: git-auth + secret: + name: "{{ git_auth_secret }}" + + results: + - IMAGE_URL: "$(tasks.build-container.results.IMAGE_URL)" + - IMAGE_DIGEST: "$(tasks.build-container.results.IMAGE_DIGEST)" + - BASE_IMAGES_DIGESTS: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" + + - CHAINS-GIT_URL: "$(tasks.clone-repository.results.url)" + - CHAINS-GIT_COMMIT: "$(tasks.clone-repository.results.commit)" + + params: + - git-url: "{{source_url}}" + - revision: "{{revision}}" + - output-image: "quay.io/ch007m/my-quarkus:{{revision}}" + - image-expires-after: "5d" + - build-image-index: "" + - skip-checks: "true" + # We need the following parameters when used within the Pipeline: when condition, etc + - build-source-image: false + - prefetch-input: "" + # SBOM Grype + - grype-version: v0.79.6 + - grype-sbom-format: table + + # Buildpack params + + actions: + # Finally + - name: show-sbom + finally: true + # ref: bundle://quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:9bfc6b99ef038800fe131d7b45ff3cd4da3a415dd536f7c657b3527b01c4a13b + # params: + # - IMAGE_URL: "$(tasks.build-container.results.IMAGE_URL)" + ref: url://https://raw.githubusercontent.com/tektoncd/catalog/main/task/grype/0.1/grype.yaml + params: + - GRYPE_IMAGE: anchore/grype:$(params.grype-version) + - ARGS: + - $(tasks.build-container.results.IMAGE_URL) + - -o $(params.grype-sbom-format) + + - name: summary # Konflux uses as name show-summary !! + finally: true + ref: bundle://quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:d97c04ab42f277b1103eb6f3a053b247849f4f5b3237ea302a8ecada3b24e15b + params: + - pipelinerun-name: "$(context.pipelineRun.name)" + - git-url: "$(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit)" + - image-url: "$(params.output-image)" + - build-task-status: "$(tasks.build-container.status)" + + # Our build and check tasks + - name: buildpacks-extension-check + ref: url://https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/buildpacks-extension-check/01/buildpacks-extension-check.yaml + params: + - builderImage: paketocommunity/builder-ubi-base:latest + - credentialsHome: /tekton/creds-secrets/ + + - name: buildpacks-extension-phases + ref: url://https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/buildpacks-extension-phases/01/buildpacks-extension-phases.yaml + workspaces: + - name: source + workspace: workspace + params: + - APP_IMAGE: $(params.output-image) + - SOURCE_SUBPATH: "source" + - CNB_LOG_LEVEL: "info" + - CNB_LIFECYCLE_IMAGE: buildpacksio/lifecycle:0.20.1 + - CNB_PLATFORM_API: "0.14" + - CNB_BUILDER_IMAGE: paketocommunity/builder-ubi-base:latest + - CNB_BUILD_IMAGE: paketocommunity/build-ubi-base:latest + - CNB_RUN_IMAGE: paketocommunity/run-ubi-base:latest + - CNB_USER_ID: $(tasks.buildpacks-extension-check.results.uid) + - CNB_GROUP_ID: $(tasks.buildpacks-extension-check.results.gid) + - CNB_ENV_VARS: + - BP_JVM_VERSION=21 +``` +Generated file: +```yaml +# generated/konflux/build/pipelinerun-quarkus-1-on-push.yaml + +apiVersion: "tekton.dev/v1" +kind: "PipelineRun" +metadata: + annotations: + build.appstudio.redhat.com/target_branch: "{{target_branch}}" + build.appstudio.redhat.com/commit_sha: "{{revision}}" + pipelinesascode.tekton.dev/on-cel-expression: "event == 'push' && target_branch\ + \ == 'main'" + pipelinesascode.tekton.dev/max-keep-runs: "3" + build.appstudio.openshift.io/repo: "https://github.com/ch007m/new-quarkus-app-1?rev={{revision}}" + labels: + appstudio.openshift.io/application: "my-quarkus" + pipelines.appstudio.openshift.io/type: "build" + pipelines.openshift.io/strategy: "build" + appstudio.openshift.io/component: "my-quarkus-app" + pipelines.openshift.io/used-by: "build-cloud" + pipelines.openshift.io/runtime: "java" + name: "quarkus-1-on-push" + namespace: "user-ns1" +spec: + params: + - name: "git-url" + value: "{{source_url}}" + - name: "revision" + value: "{{revision}}" + - name: "output-image" + value: "quay.io/ch007m/builder-ubi-base:{{revision}}" + - name: "image-expires-after" + value: "5d" + - name: "build-image-index" + value: "" + - name: "build-source-image" + value: "false" + - name: "prefetch-input" + value: "" + - name: "source-dir" + value: "source" + - name: "imageUrl" + value: "buildpacksio/pack" + - name: "imageTag" + value: "latest" + - name: "packCmdBuilderFlags" + value: + - "build" + - "-B" + - "quay.io/snowdrop/ubi-builder" + - "-e" + - "BP_JVM_VERSION=21" + - "quarkus-hello:1.0" + pipelineSpec: + finally: + - name: "show-sbom" + params: + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1" + - name: "name" + value: "show-sbom" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "summary" + params: + - name: "pipelinerun-name" + value: "$(context.pipelineRun.name)" + - name: "git-url" + value: "$(tasks.git-clone.results.url)?rev=$(tasks.git-clone.results.commit)" + - name: "image-url" + value: "$(params.output-image)" + - name: "build-task-status" + value: "$(tasks.build-container.status)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-summary:0.2" + - name: "name" + value: "summary" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "workspace" + workspace: "workspace" + results: + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" + - name: "IMAGE_DIGEST" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "BASE_IMAGES_DIGESTS" + value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" + - name: "CHAINS-GIT_URL" + value: "$(tasks.git-clone.results.url)" + - name: "CHAINS-GIT_COMMIT" + value: "$(tasks.git-clone.results.commit)" + tasks: + - name: "init" + params: + - name: "image-url" + value: "$(params.output-image)" + - name: "rebuild" + value: "$(params.rebuild)" + - name: "skip-checks" + value: "$(params.skip-checks)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-init:0.2" + - name: "name" + value: "init" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "git-clone" + params: + - name: "url" + value: "$(params.git-url)" + runAfter: + - "init" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1" + - name: "name" + value: "git-clone" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "output" + workspace: "workspace" + - name: "basic-auth" + workspace: "git-auth" + - name: "prefetch-dependencies" + params: + - name: "input" + value: "$(params.prefetch-input)" + runAfter: + - "git-clone" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1" + - name: "name" + value: "prefetch-dependencies" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "source" + workspace: "workspace" + - name: "git-basic-auth" + workspace: "git-auth" + - name: "build-container" + params: + - name: "JAM_VERSION" + value: "v2.9.0" + taskSpec: + results: + - description: "Image repository where the built image was pushed" + name: "IMAGE_URL" + - description: "Digest of the image just built" + name: "IMAGE_DIGEST" + - description: "Digests of the base images used for build" + name: "BASE_IMAGES_DIGESTS" + steps: + - args: + - "$(params.packCmdBuilderFlags)" + image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: "#!/usr/bin/env bash\nset -e\n\nfunction util::tools::os() {\n \ + \ case \"$(uname)\" in\n \"Darwin\")\n echo \"${1:-darwin}\"\n ;;\n\ + \ \n \"Linux\")\n echo \"linux\"\n ;;\n \n *)\n util::print::error\ + \ \"Unknown OS \\\"$(uname)\\\"\"\n exit 1\n esac\n}\n\nfunction util::tools::arch()\ + \ {\n case \"$(uname -m)\" in\n arm64|aarch64)\n echo \"arm64\"\ + \n ;;\n\n amd64|x86_64)\n if [[ \"${1:-}\" == \"--blank-amd64\"\ + \ ]]; then\n echo \"\"\n elif [[ \"${1:-}\" == \"--uname-format-amd64\"\ + \ ]]; then\n echo \"x86_64\"\n else\n echo \"amd64\"\ + \n fi\n ;;\n\n *)\n util::print::error \"Unknown Architecture\ + \ \\\"$(uname -m)\\\"\"\n exit 1\n esac\n}\n\noutputDir=\"/usr/local/bin/\"\ + \ncurl_args=(\n \"--fail\"\n \"--silent\"\n \"--location\"\n \"--output\"\ + \ \"${outputDir}/jam\"\n)\n\nos=$(util::tools::os)\narch=$(util::tools::arch)\n\ + \necho \"Installing jam $(params.JAM_VERSION)\"\ncurl \"https://github.com/paketo-buildpacks/jam/releases/download/$(params.JAM_VERSION)/jam-${os}-${arch}\"\ + \ \\\n \"${curl_args[@]}\"\nchmod +x ${outputDir}/jam\njam version\n\n\ + echo \"This is a test demo - 1\"\n\nstack_dirpath=\".\"\ncat < ${stack_dirpath}/stack.toml\n\ + id = \"io.buildpacks.stacks.ubi8\"\nhomepage = \"https://github.com/paketo-community/ubi-base-stack\"\ + \nmaintainer = \"Paketo Community\"\n\nplatforms = [\"linux/amd64\"]\n\ + \n[build]\n description = \"base build ubi8 image to support buildpacks\"\ + \n dockerfile = \"./build.Dockerfile\"\n gid = 1000\n shell = \"/bin/bash\"\ + \n uid = 1002\n\n [build.args]\n\n[run]\n description = \"base run\ + \ ubi8 image to support buildpacks\"\n dockerfile = \"./run.Dockerfile\"\ + \n gid = 1000\n shell = \"/bin/bash\"\n uid = 1001\n\n [run.args]\n\ + EOF\n\ncat < ${stack_dirpath}/build.Dockerfile\nFROM registry.access.redhat.com/ubi8/ubi-minimal:latest\n\ + EOF\n\ncat < ${stack_dirpath}/run.Dockerfile\nFROM registry.access.redhat.com/ubi8/ubi-minimal:latest\n\ + EOF\n\nargs=(\n --config \"${stack_dirpath}/stack.toml\"\n --build-output\ + \ \"${build_dirpath}/build.oci\"\n --run-output \"${build_dirpath}/run.oci\"\ + \n)\njam create-stack \"${args[@]}\"\n \necho -n \"URL of the image\ + \ build is : quarkus-hello:1.0\" | tee \"$(results.IMAGE_URL.path)\"\n\ + echo -n \"sha256ddddddddddddddddddddd\" | tee \"$(results.IMAGE_DIGEST.path)\"\ + \necho -n \"sha256eeeeeeeeeeeeeeeeeeeeee\" | tee \"$(results.BASE_IMAGES_DIGESTS.path)\"\ + \n" + - name: "build-image-index" + params: + - name: "IMAGE" + value: "$(params.output-image)" + - name: "COMMIT_SHA" + value: "$(tasks.git-clone.results.commit)" + - name: "IMAGE_EXPIRES_AFTER" + value: "$(params.image-expires-after)" + - name: "ALWAYS_BUILD_INDEX" + value: "$(params.build-image-index)" + - name: "IMAGES" + value: + - "$(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1" + - name: "name" + value: "build-image-index" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "workspace" + workspace: "workspace" + - name: "source-build" + params: + - name: "BINARY_IMAGE" + value: "$(params.output-image)" + - name: "BASE_IMAGES" + value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-source-build:0.1" + - name: "name" + value: "source-build" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "workspace" + workspace: "workspace" + - name: "clair-scan" + params: + - name: "image-digest" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1" + - name: "name" + value: "clair-scan" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "ecosystem-cert-preflight-checks" + params: + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1" + - name: "name" + value: "ecosystem-cert-preflight-checks" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "sast-snyk-check" + params: + - name: "image-digest" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "git-clone" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2" + - name: "name" + value: "sast-snyk-check" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "workspace" + workspace: "workspace" + - name: "clamav-scan" + params: + - name: "image-digest" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1" + - name: "name" + value: "clamav-scan" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "sbom-json-check" params: - - name: "name" - value: "team" - - name: "value" - value: "Aurea" - taskSpec: - steps: - - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" - name: "run-script" - script: |- - #!/usr/bin/env bash - - members=($(params.team[*])) - - for member in "${members[@]}"; do - echo "Say hello to: $member" - done + - name: "IMAGE_DIGEST" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1" + - name: "name" + value: "sbom-json-check" + - name: "kind" + value: "task" + resolver: "bundles" timeouts: pipeline: "300000000000ns" + workspaces: + - name: "workspace" + volumeClaimTemplate: + apiVersion: "v1" + kind: "PersistentVolumeClaim" + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + - name: "git-auth" + secret: + secretName: "{{ git_auth_secret }}" ``` -#### Basic job echoing a message +#### PipelineRun using the pack cli to build the builder image Command to be executed: ```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/basic1-cfg.yaml +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/konflux/build-bash-pack-cfg.yaml ``` using as configuration: ```yaml -# configurations/tekton/basic1-cfg.yaml - -type: tekton -domain: demo -job: - resourceType: PipelineRun - name: basic-job-1 - description: Basic job echoing a message - actions: - - name: say-hello - script: | - #!/usr/bin/env bash - - echo "Say hello to the team" -``` -Generated file: -```yaml -# generated/tekton/demo/pipelinerun-basic-job-1.yaml - -apiVersion: "tekton.dev/v1" -kind: "PipelineRun" -metadata: - annotations: - tekton.dev/pipelines.minVersion: "0.60.x" - tekton.dev/displayName: "Basic job echoing a message" - tekton.dev/platforms: "linux/amd64" - labels: - app.kubernetes.io/version: "0.1" - name: "basic-job-1" -spec: - pipelineSpec: - tasks: - - name: "say-hello" - taskSpec: - steps: - - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" - name: "run-script" - script: |- - #!/usr/bin/env bash +# configurations/konflux/build-bash-pack-cfg.yaml - echo "Say hello to the team" - timeouts: - pipeline: "300000000000ns" +# The type will be used by the application to generate the resources for the selected provider: konflux, tekton +type: konflux +domain: build +namespace: cmoullia -``` -#### Basic job echoing a message using the param teamMember +repository: + url: https://github.com/paketo-community/builder-ubi-base -Command to be executed: -```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/basic2-cfg.yaml -``` -using as configuration: -```yaml -# configurations/tekton/basic2-cfg.yaml +# To generate the Application and/or Component CR +application: + name: my-quarkus + enable: false +component: + name: my-quarkus-app + enable: false -type: tekton -domain: demo job: resourceType: PipelineRun - name: basic-job-2 - description: Basic job echoing a message using the param teamMember - actions: - - name: say-hello - params: - - name: teamMember - value: Aurea - script: | - #!/usr/bin/env bash - - echo $(params.teamMember) -``` -Generated file: -```yaml -# generated/tekton/demo/pipelinerun-basic-job-2.yaml - -apiVersion: "tekton.dev/v1" -kind: "PipelineRun" -metadata: - annotations: - tekton.dev/pipelines.minVersion: "0.60.x" - tekton.dev/displayName: "Basic job echoing a message using the param teamMember" - tekton.dev/platforms: "linux/amd64" - labels: - app.kubernetes.io/version: "0.1" - name: "basic-job-2" -spec: - pipelineSpec: - tasks: - - name: "say-hello" - params: - - name: "name" - value: "teamMember" - - name: "value" - value: "Aurea" - taskSpec: - steps: - - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" - name: "run-script" - script: |- - #!/usr/bin/env bash - - echo $(params.teamMember) - timeouts: - pipeline: "300000000000ns" - -``` -### Buildpack - -#### This Pipeline builds a builder image using the pack CLI. - -Command to be executed: -```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/pack-builder-git-task-cfg.yaml -``` -using as configuration: -```yaml -# configurations/tekton/pack-builder-git-task-cfg.yaml + name: pack-build-builder-image + description: PipelineRun using the pack cli to build the builder image -type: tekton -domain: buildpack -namespace: - -job: - # One of the supported resources: PipelineRun, Pipeline - resourceType: PipelineRun - name: pack-builder-git-task - description: "This Pipeline builds a builder image using the pack CLI." params: - - debug: true - - git-url: "https://github.com/redhat-buildpacks/ubi-image-builder.git" - - source-dir: "." - - output-image: "gitea.cnoe.localtest.me:8443/giteaadmin/ubi-builder" - - imageUrl: "buildpacksio/pack" - - imageTag: "latest" - - packCmdBuilderFlags: - - -v - - --publish - # The workspaces declared here will be mounted for each action except if an action overrides it to use a different name - workspaces: - - name: pack-workspace - volumeClaimTemplate: - storage: 1Gi - accessMode: ReadWriteOnce - - name: source-dir - volumeClaimTemplate: - storage: 1Gi - accessMode: ReadWriteOnce - - name: data-store - volumeSources: - - secret: pack-config-toml - - secret: gitea-creds # quay-creds, docker-creds, etc + # Buildpack params + - source-dir: "source" + - imageUrl: "buildpacksio/pack" + - imageTag: "latest" + - packCmdBuilderFlags: + - builder + - create + - builder + - --config + - $(workspaces.source.path)/$(params.SOURCE_SUBPATH)/builder.toml + actions: - - name: git-clone - ref: bundle://quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:de0ca8872c791944c479231e21d68379b54877aaf42e5f766ef4a8728970f8b3 - params: - - url: "$(params.git-url)" - - subdirectory: "." - workspaces: - - name: output - workspace: source-dir - - name: fetch-packconfig-registrysecret - ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4 - - name: list-source-workspace - ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4 - - name: pack-builder - ref: url://https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/pack-builder/0.1/pack-builder.yml + - name: pack params: - PACK_SOURCE_DIR: "$(params.source-dir)" - - PACK_CLI_IMAGE: "$(params.imageUrl)" - - PACK_CLI_IMAGE_VERSION: "$(params.imageTag)" - - BUILDER_IMAGE_NAME: "$(params.output-image)" - - PACK_BUILDER_TOML: "ubi-builder.toml" - - PACK_CMD_FLAGS: - - "$(params.packCmdBuilderFlags)" + - PACK_CLI_VERSION: "v0.35.1" + - DOCKER_HOST: $(tasks.virtualmachine.results.ip) + #- PACK_CMD_FLAGS: + # - "$(params.packCmdBuilderFlags)" + workspaces: + - name: source + workspace: workspace + results: + - IMAGE_URL: "Image repository where the built image was pushed" + - IMAGE_DIGEST: "Digest of the image just built" + - BASE_IMAGES_DIGESTS: "Digests of the base images used for build" + + args: + - "$(params.packCmdBuilderFlags)" + script: | + #!/usr/bin/env bash + set -e + + echo "Installing pack ..." + curl -sSL "https://github.com/buildpacks/pack/releases/download/$(params.PACK_CLI_VERSION)/pack-$(params.PACK_CLI_VERSION)-linux.tgz" | tar -C /usr/local/bin/ --no-same-owner -xzv pack + + echo "Checking pack ..." + pack --version + pack config experimental true + + export DOCKER_HOST=tcp://$(params.DOCKER_HOST):2376 + echo "DOCKER_HOST=tcp://$(params.DOCKER_HOST):2376" + + # We cannot get the array from the params PACK_CMD_FLAGS within the bash script as substitution don't work in this case !! + echo "Getting the arguments ..." + for cmd_arg in "$@"; do + CLI_ARGS+=("$cmd_arg") + done + + echo "Here are the arguments to be passed to the pack CLI" + for i in "$CLI_ARGS[@]"; do + echo "arg: $i" + done + + echo "Building the builder image ..." + echo "pack ${CLI_ARGS[@]}" + pack "${CLI_ARGS[@]}" + + echo -n "URL of the image build is : quarkus-hello:1.0" | tee "$(results.IMAGE_URL.path)" + echo -n "sha256ddddddddddddddddddddd" | tee "$(results.IMAGE_DIGEST.path)" + echo -n "sha256eeeeeeeeeeeeeeeeeeeeee" | tee "$(results.BASE_IMAGES_DIGESTS.path)" + + + + + + ``` Generated file: ```yaml -# generated/tekton/buildpack/pipelinerun-pack-builder-git-task.yaml +# generated/konflux/build/pipelinerun-pack-build-builder-image.yaml apiVersion: "tekton.dev/v1" kind: "PipelineRun" metadata: annotations: - tekton.dev/pipelines.minVersion: "0.60.x" - tekton.dev/displayName: "This Pipeline builds a builder image using the pack CLI." - tekton.dev/platforms: "linux/amd64" + build.appstudio.redhat.com/target_branch: "{{target_branch}}" + build.appstudio.redhat.com/commit_sha: "{{revision}}" + pipelinesascode.tekton.dev/on-cel-expression: "event == 'push' && target_branch\ + \ == 'main'" + pipelinesascode.tekton.dev/max-keep-runs: "3" + build.appstudio.openshift.io/repo: "https://github.com/paketo-community/builder-ubi-base?rev={{revision}}" labels: - app.kubernetes.io/version: "0.1" - name: "pack-builder-git-task" + appstudio.openshift.io/application: "my-quarkus" + pipelines.appstudio.openshift.io/type: "build" + pipelines.openshift.io/strategy: "build" + appstudio.openshift.io/component: "my-quarkus-app" + pipelines.openshift.io/used-by: "build-cloud" + pipelines.openshift.io/runtime: "java" + name: "pack-build-builder-image" + namespace: "cmoullia" spec: params: - - name: "debug" - value: "true" - name: "git-url" - value: "https://github.com/redhat-buildpacks/ubi-image-builder.git" - - name: "source-dir" - value: "." + value: "{{source_url}}" + - name: "revision" + value: "{{revision}}" - name: "output-image" - value: "gitea.cnoe.localtest.me:8443/giteaadmin/ubi-builder" + value: "quay.io/ch007m/builder-ubi-base:{{revision}}" + - name: "image-expires-after" + value: "5d" + - name: "build-image-index" + value: "" + - name: "build-source-image" + value: "false" + - name: "prefetch-input" + value: "" + - name: "source-dir" + value: "source" - name: "imageUrl" value: "buildpacksio/pack" - name: "imageTag" value: "latest" - name: "packCmdBuilderFlags" value: - - "-v" - - "--publish" + - "builder" + - "create" + - "builder" + - "--config" + - "$(workspaces.source.path)/$(params.SOURCE_SUBPATH)/builder.toml" pipelineSpec: + finally: + - name: "show-sbom" + params: + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1" + - name: "name" + value: "show-sbom" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "summary" + params: + - name: "pipelinerun-name" + value: "$(context.pipelineRun.name)" + - name: "git-url" + value: "$(tasks.git-clone.results.url)?rev=$(tasks.git-clone.results.commit)" + - name: "image-url" + value: "$(params.output-image)" + - name: "build-task-status" + value: "$(tasks.build-container.status)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-summary:0.2" + - name: "name" + value: "summary" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "workspace" + workspace: "workspace" + results: + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" + - name: "IMAGE_DIGEST" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "BASE_IMAGES_DIGESTS" + value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" + - name: "CHAINS-GIT_URL" + value: "$(tasks.git-clone.results.url)" + - name: "CHAINS-GIT_COMMIT" + value: "$(tasks.git-clone.results.commit)" tasks: + - name: "init" + params: + - name: "image-url" + value: "$(params.output-image)" + - name: "rebuild" + value: "$(params.rebuild)" + - name: "skip-checks" + value: "$(params.skip-checks)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-init:0.2" + - name: "name" + value: "init" + - name: "kind" + value: "task" + resolver: "bundles" - name: "git-clone" params: - name: "url" value: "$(params.git-url)" - - name: "subdirectory" - value: "." + runAfter: + - "init" taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:de0ca8872c791944c479231e21d68379b54877aaf42e5f766ef4a8728970f8b3" + value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1" - name: "name" value: "git-clone" - name: "kind" @@ -3337,82 +3195,222 @@ spec: resolver: "bundles" workspaces: - name: "output" - workspace: "source-dir" - - name: "fetch-packconfig-registrysecret" + workspace: "workspace" + - name: "basic-auth" + workspace: "git-auth" + - name: "prefetch-dependencies" + params: + - name: "input" + value: "$(params.prefetch-input)" + runAfter: + - "git-clone" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1" + - name: "name" + value: "prefetch-dependencies" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "source" + workspace: "workspace" + - name: "git-basic-auth" + workspace: "git-auth" + - name: "build-container" + params: + - name: "PACK_SOURCE_DIR" + value: "$(params.source-dir)" + - name: "PACK_CLI_VERSION" + value: "v0.35.1" + - name: "DOCKER_HOST" + value: "$(tasks.virtualmachine.results.ip)" + taskSpec: + results: + - description: "Image repository where the built image was pushed" + name: "IMAGE_URL" + - description: "Digest of the image just built" + name: "IMAGE_DIGEST" + - description: "Digests of the base images used for build" + name: "BASE_IMAGES_DIGESTS" + steps: + - args: + - "$(params.packCmdBuilderFlags)" + image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: | + #!/usr/bin/env bash + set -e + + echo "Installing pack ..." + curl -sSL "https://github.com/buildpacks/pack/releases/download/$(params.PACK_CLI_VERSION)/pack-$(params.PACK_CLI_VERSION)-linux.tgz" | tar -C /usr/local/bin/ --no-same-owner -xzv pack + + echo "Checking pack ..." + pack --version + pack config experimental true + + export DOCKER_HOST=tcp://$(params.DOCKER_HOST):2376 + echo "DOCKER_HOST=tcp://$(params.DOCKER_HOST):2376" + + # We cannot get the array from the params PACK_CMD_FLAGS within the bash script as substitution don't work in this case !! + echo "Getting the arguments ..." + for cmd_arg in "$@"; do + CLI_ARGS+=("$cmd_arg") + done + + echo "Here are the arguments to be passed to the pack CLI" + for i in "$CLI_ARGS[@]"; do + echo "arg: $i" + done + + echo "Building the builder image ..." + echo "pack ${CLI_ARGS[@]}" + pack "${CLI_ARGS[@]}" + + echo -n "URL of the image build is : quarkus-hello:1.0" | tee "$(results.IMAGE_URL.path)" + echo -n "sha256ddddddddddddddddddddd" | tee "$(results.IMAGE_DIGEST.path)" + echo -n "sha256eeeeeeeeeeeeeeeeeeeeee" | tee "$(results.BASE_IMAGES_DIGESTS.path)" + workspaces: + - name: "source" + workspace: "workspace" + - name: "build-image-index" + params: + - name: "IMAGE" + value: "$(params.output-image)" + - name: "COMMIT_SHA" + value: "$(tasks.git-clone.results.commit)" + - name: "IMAGE_EXPIRES_AFTER" + value: "$(params.image-expires-after)" + - name: "ALWAYS_BUILD_INDEX" + value: "$(params.build-image-index)" + - name: "IMAGES" + value: + - "$(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1" + - name: "name" + value: "build-image-index" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "workspace" + workspace: "workspace" + - name: "source-build" + params: + - name: "BINARY_IMAGE" + value: "$(params.output-image)" + - name: "BASE_IMAGES" + value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-source-build:0.1" + - name: "name" + value: "source-build" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "workspace" + workspace: "workspace" + - name: "clair-scan" + params: + - name: "image-digest" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1" + - name: "name" + value: "clair-scan" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "ecosystem-cert-preflight-checks" + params: + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1" + - name: "name" + value: "ecosystem-cert-preflight-checks" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "sast-snyk-check" + params: + - name: "image-digest" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" runAfter: - "git-clone" taskRef: params: - name: "bundle" - value: "quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4" + value: "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2" - name: "name" - value: "fetch-packconfig-registrysecret" + value: "sast-snyk-check" - name: "kind" value: "task" resolver: "bundles" workspaces: - - name: "data-store" - workspace: "data-store" - - name: "pack-workspace" - workspace: "pack-workspace" - - name: "list-source-workspace" + - name: "workspace" + workspace: "workspace" + - name: "clamav-scan" + params: + - name: "image-digest" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" runAfter: - - "fetch-packconfig-registrysecret" + - "build-container" taskRef: params: - name: "bundle" - value: "quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4" + value: "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1" - name: "name" - value: "list-source-workspace" + value: "clamav-scan" - name: "kind" value: "task" resolver: "bundles" - workspaces: - - name: "source-dir" - workspace: "source-dir" - - name: "pack-workspace" - workspace: "pack-workspace" - - name: "pack-builder" + - name: "sbom-json-check" params: - - name: "PACK_SOURCE_DIR" - value: "$(params.source-dir)" - - name: "PACK_CLI_IMAGE" - value: "$(params.imageUrl)" - - name: "PACK_CLI_IMAGE_VERSION" - value: "$(params.imageTag)" - - name: "BUILDER_IMAGE_NAME" - value: "$(params.output-image)" - - name: "PACK_BUILDER_TOML" - value: "ubi-builder.toml" - - name: "PACK_CMD_FLAGS" - value: - - "$(params.packCmdBuilderFlags)" + - name: "IMAGE_DIGEST" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" runAfter: - - "list-source-workspace" + - "build-container" taskRef: params: - - name: "url" - value: "https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/pack-builder/0.1/pack-builder.yml" - resolver: "http" - workspaces: - - name: "source-dir" - workspace: "source-dir" - - name: "pack-workspace" - workspace: "pack-workspace" + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1" + - name: "name" + value: "sbom-json-check" + - name: "kind" + value: "task" + resolver: "bundles" timeouts: pipeline: "300000000000ns" workspaces: - - name: "pack-workspace" - volumeClaimTemplate: - apiVersion: "v1" - kind: "PersistentVolumeClaim" - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "1Gi" - - name: "source-dir" + - name: "workspace" volumeClaimTemplate: apiVersion: "v1" kind: "PersistentVolumeClaim" @@ -3422,128 +3420,272 @@ spec: resources: requests: storage: "1Gi" - - name: "data-store" - projected: - sources: - - secret: - name: "pack-config-toml" - - secret: - name: "gitea-creds" + - name: "git-auth" + secret: + secretName: "{{ git_auth_secret }}" ``` -#### This Pipeline builds a builder image using the pack CLI. +### Remote-build + +#### PipelineRun using the pack cli to build the builder image remotely Command to be executed: ```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/pack-builder-cfg.yaml +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/konflux/build-remote-ssh-cfg.yaml ``` using as configuration: ```yaml -# configurations/tekton/pack-builder-cfg.yaml +# configurations/konflux/build-remote-ssh-cfg.yaml -type: tekton -domain: buildpack -namespace: +# The type will be used by the application to generate the resources for the selected provider: konflux, tekton +type: konflux +domain: remote-build +namespace: cmoullia-tenant + +repository: + url: https://github.com/paketo-community/builder-ubi-base + +# To generate the Application and/or Component CR +application: + name: buildpack-remote + enable: false +component: + name: buildpack-remote + enable: false job: - # One of the supported resources: PipelineRun, Pipeline resourceType: PipelineRun - name: pack-builder-push - description: "This Pipeline builds a builder image using the pack CLI." - params: - - debug: true - - git-url: "https://github.com/redhat-buildpacks/ubi-image-builder.git" - - source-dir: "." - - output-image: "gitea.cnoe.localtest.me:8443/giteaadmin/ubi-builder" - - imageUrl: "buildpacksio/pack" - - imageTag: "latest" - - packCmdBuilderFlags: - - -v - - --publish - # The workspaces declared here will be mounted for each action except if an action overrides it to use a different name + name: buildpack-remote + description: PipelineRun using the pack cli to build the builder image remotely + workspaces: - - name: pack-workspace - volumeClaimTemplate: - storage: 1Gi - accessMode: ReadWriteOnce - - name: source-dir - volumeClaimTemplate: - storage: 1Gi - accessMode: ReadWriteOnce - - name: data-store - volumeSources: - - secret: pack-config-toml - - secret: gitea-creds # quay-creds, docker-creds, etc + - name: ssh + secret: + name: multi-platform-ssh-$(context.taskRun.name) + + params: + # Buildpack params + - source-dir: "source" + - imageUrl: "buildpacksio/pack" + - imageTag: "latest" + - packCmdBuilderFlags: + - builder + - create + - builder + - --config + - $(workspaces.source.path)/builder.toml + actions: - - name: git-clone - ref: bundle://quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:de0ca8872c791944c479231e21d68379b54877aaf42e5f766ef4a8728970f8b3 - params: - - url: "$(params.git-url)" - - subdirectory: "." - workspaces: - - name: output - workspace: source-dir - - name: fetch-packconfig-registrysecret - ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4 - - name: list-source-workspace - ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4 - - name: pack-builder - ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4 + - name: pack + runAfter: prefetch-dependencies # TODO: IS there a better way to set such a value : default or not + image: quay.io/konflux-ci/buildah-task:latest@sha256:860a239c5f25376a435a514ae6d53a5c75b1fa492461d17774e9b7cb32d1e275 params: - PACK_SOURCE_DIR: "$(params.source-dir)" - - PACK_CLI_IMAGE: "$(params.imageUrl)" - - PACK_CLI_IMAGE_VERSION: "$(params.imageTag)" - - BUILDER_IMAGE_NAME: "$(params.output-image)" - - PACK_BUILDER_TOML: "ubi-builder.toml" - - PACK_CMD_FLAGS: - - "$(params.packCmdBuilderFlags)" + - PACK_CLI_VERSION: "v0.35.1" + - DOCKER_HOST: "" + - SOURCE_SUBPATH: "." + #- DOCKER_HOST: $(tasks.virtualmachine.results.ip) + #- PACK_CMD_FLAGS: + # - "$(params.packCmdBuilderFlags)" + workspaces: + - name: source + workspace: workspace + - name: ssh + workspace: ssh + + results: + - IMAGE_URL: "Image repository where the built image was pushed" + - IMAGE_DIGEST: "Digest of the image just built" + - BASE_IMAGES_DIGESTS: "Digests of the base images used for build" + + args: + - "$(params.packCmdBuilderFlags)" + + #scriptFileUrl: https://raw.githubusercontent.com/ch007m/pipeline-dsl-builder/main/scripts/ssh-remote.sh + script: | + #!/usr/bin/env bash + set -e + mkdir -p ~/.ssh + if [ -e "/ssh/error" ]; then + #no server could be provisioned + cat /ssh/error + exit 1 + fi + export SSH_HOST=$(cat /ssh/host) + cp /ssh/id_rsa ~/.ssh + + chmod 0400 ~/.ssh/id_rsa + export BUILD_DIR=$(cat /ssh/user-dir) + export SSH_ARGS="-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ServerAliveCountMax=10" + echo "$BUILD_DIR" + ssh $SSH_ARGS "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" + + ## TO BE REVIEWED ==> + echo "Installing pack ..." + curl -sSL "https://github.com/buildpacks/pack/releases/download/$(params.PACK_CLI_VERSION)/pack-$(params.PACK_CLI_VERSION)-linux.tgz" | tar -C /usr/local/bin/ --no-same-owner -xzv pack + + echo "Checking pack ..." + pack --version + pack config experimental true + + #export DOCKER_HOST=tcp://$(params.DOCKER_HOST):2376 + #echo "DOCKER_HOST=tcp://$(params.DOCKER_HOST):2376" + + # We cannot get the array from the params PACK_CMD_FLAGS within the bash script as substitution don't work in this case !! + echo "Getting the arguments ..." + for cmd_arg in "$@"; do + CLI_ARGS+=("$cmd_arg") + done + + echo "Here are the arguments to be passed to the pack CLI" + for i in "$CLI_ARGS[@]"; do + echo "arg: $i" + done + + echo "Building the builder image ..." + echo "pack ${CLI_ARGS[@]}" + pack "${CLI_ARGS[@]}" + + echo -n "URL of the image build is : quarkus-hello:1.0" | tee "$(results.IMAGE_URL.path)" + echo -n "sha256ddddddddddddddddddddd" | tee "$(results.IMAGE_DIGEST.path)" + echo -n "sha256eeeeeeeeeeeeeeeeeeeeee" | tee "$(results.BASE_IMAGES_DIGESTS.path)" + + + + + + ``` Generated file: ```yaml -# generated/tekton/buildpack/pipelinerun-pack-builder-push.yaml +# generated/konflux/remote-build/pipelinerun-buildpack-remote.yaml apiVersion: "tekton.dev/v1" kind: "PipelineRun" metadata: annotations: - tekton.dev/pipelines.minVersion: "0.60.x" - tekton.dev/displayName: "This Pipeline builds a builder image using the pack CLI." - tekton.dev/platforms: "linux/amd64" + build.appstudio.redhat.com/target_branch: "{{target_branch}}" + build.appstudio.redhat.com/commit_sha: "{{revision}}" + pipelinesascode.tekton.dev/on-cel-expression: "event == 'push' && target_branch\ + \ == 'main'" + pipelinesascode.tekton.dev/max-keep-runs: "3" + build.appstudio.openshift.io/repo: "https://github.com/paketo-community/builder-ubi-base?rev={{revision}}" labels: - app.kubernetes.io/version: "0.1" - name: "pack-builder-push" + appstudio.openshift.io/application: "buildpack-remote" + pipelines.appstudio.openshift.io/type: "build" + pipelines.openshift.io/strategy: "remote-build" + appstudio.openshift.io/component: "buildpack-remote" + pipelines.openshift.io/used-by: "build-cloud" + pipelines.openshift.io/runtime: "java" + name: "buildpack-remote" + namespace: "cmoullia-tenant" spec: params: - - name: "debug" - value: "true" - name: "git-url" - value: "https://github.com/redhat-buildpacks/ubi-image-builder.git" - - name: "source-dir" - value: "." + value: "{{source_url}}" + - name: "revision" + value: "{{revision}}" - name: "output-image" - value: "gitea.cnoe.localtest.me:8443/giteaadmin/ubi-builder" + value: "quay.io/ch007m/builder-ubi-base:{{revision}}" + - name: "image-expires-after" + value: "5d" + - name: "build-image-index" + value: "" + - name: "build-source-image" + value: "false" + - name: "prefetch-input" + value: "" + - name: "source-dir" + value: "source" - name: "imageUrl" value: "buildpacksio/pack" - name: "imageTag" value: "latest" - name: "packCmdBuilderFlags" value: - - "-v" - - "--publish" + - "builder" + - "create" + - "builder" + - "--config" + - "$(workspaces.source.path)/builder.toml" pipelineSpec: + finally: + - name: "show-sbom" + params: + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1" + - name: "name" + value: "show-sbom" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "summary" + params: + - name: "pipelinerun-name" + value: "$(context.pipelineRun.name)" + - name: "git-url" + value: "$(tasks.git-clone.results.url)?rev=$(tasks.git-clone.results.commit)" + - name: "image-url" + value: "$(params.output-image)" + - name: "build-task-status" + value: "$(tasks.build-container.status)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-summary:0.2" + - name: "name" + value: "summary" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "workspace" + workspace: "workspace" + results: + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" + - name: "IMAGE_DIGEST" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "BASE_IMAGES_DIGESTS" + value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" + - name: "CHAINS-GIT_URL" + value: "$(tasks.git-clone.results.url)" + - name: "CHAINS-GIT_COMMIT" + value: "$(tasks.git-clone.results.commit)" tasks: + - name: "init" + params: + - name: "image-url" + value: "$(params.output-image)" + - name: "rebuild" + value: "$(params.rebuild)" + - name: "skip-checks" + value: "$(params.skip-checks)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-init:0.2" + - name: "name" + value: "init" + - name: "kind" + value: "task" + resolver: "bundles" - name: "git-clone" params: - name: "url" value: "$(params.git-url)" - - name: "subdirectory" - value: "." + runAfter: + - "init" taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:de0ca8872c791944c479231e21d68379b54877aaf42e5f766ef4a8728970f8b3" + value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1" - name: "name" value: "git-clone" - name: "kind" @@ -3551,86 +3693,243 @@ spec: resolver: "bundles" workspaces: - name: "output" - workspace: "source-dir" - - name: "fetch-packconfig-registrysecret" + workspace: "workspace" + - name: "basic-auth" + workspace: "git-auth" + - name: "prefetch-dependencies" + params: + - name: "input" + value: "$(params.prefetch-input)" runAfter: - "git-clone" taskRef: params: - name: "bundle" - value: "quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4" + value: "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1" - name: "name" - value: "fetch-packconfig-registrysecret" + value: "prefetch-dependencies" - name: "kind" value: "task" resolver: "bundles" workspaces: - - name: "data-store" - workspace: "data-store" - - name: "pack-workspace" - workspace: "pack-workspace" - - name: "list-source-workspace" + - name: "source" + workspace: "workspace" + - name: "git-basic-auth" + workspace: "git-auth" + - name: "build-container" + params: + - name: "PACK_SOURCE_DIR" + value: "$(params.source-dir)" + - name: "PACK_CLI_VERSION" + value: "v0.35.1" + - name: "DOCKER_HOST" + value: "" + - name: "SOURCE_SUBPATH" + value: "." runAfter: - - "fetch-packconfig-registrysecret" + - "prefetch-dependencies" + taskSpec: + results: + - description: "Image repository where the built image was pushed" + name: "IMAGE_URL" + - description: "Digest of the image just built" + name: "IMAGE_DIGEST" + - description: "Digests of the base images used for build" + name: "BASE_IMAGES_DIGESTS" + steps: + - args: + - "$(params.packCmdBuilderFlags)" + image: "quay.io/konflux-ci/buildah-task:latest@sha256:860a239c5f25376a435a514ae6d53a5c75b1fa492461d17774e9b7cb32d1e275" + name: "run-script" + script: | + #!/usr/bin/env bash + set -e + mkdir -p ~/.ssh + if [ -e "/ssh/error" ]; then + #no server could be provisioned + cat /ssh/error + exit 1 + fi + export SSH_HOST=$(cat /ssh/host) + cp /ssh/id_rsa ~/.ssh + + chmod 0400 ~/.ssh/id_rsa + export BUILD_DIR=$(cat /ssh/user-dir) + export SSH_ARGS="-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ServerAliveCountMax=10" + echo "$BUILD_DIR" + ssh $SSH_ARGS "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" + + ## TO BE REVIEWED ==> + echo "Installing pack ..." + curl -sSL "https://github.com/buildpacks/pack/releases/download/$(params.PACK_CLI_VERSION)/pack-$(params.PACK_CLI_VERSION)-linux.tgz" | tar -C /usr/local/bin/ --no-same-owner -xzv pack + + echo "Checking pack ..." + pack --version + pack config experimental true + + #export DOCKER_HOST=tcp://$(params.DOCKER_HOST):2376 + #echo "DOCKER_HOST=tcp://$(params.DOCKER_HOST):2376" + + # We cannot get the array from the params PACK_CMD_FLAGS within the bash script as substitution don't work in this case !! + echo "Getting the arguments ..." + for cmd_arg in "$@"; do + CLI_ARGS+=("$cmd_arg") + done + + echo "Here are the arguments to be passed to the pack CLI" + for i in "$CLI_ARGS[@]"; do + echo "arg: $i" + done + + echo "Building the builder image ..." + echo "pack ${CLI_ARGS[@]}" + pack "${CLI_ARGS[@]}" + + echo -n "URL of the image build is : quarkus-hello:1.0" | tee "$(results.IMAGE_URL.path)" + echo -n "sha256ddddddddddddddddddddd" | tee "$(results.IMAGE_DIGEST.path)" + echo -n "sha256eeeeeeeeeeeeeeeeeeeeee" | tee "$(results.BASE_IMAGES_DIGESTS.path)" + workspaces: + - name: "source" + workspace: "workspace" + - name: "ssh" + workspace: "ssh" + - name: "build-image-index" + params: + - name: "IMAGE" + value: "$(params.output-image)" + - name: "COMMIT_SHA" + value: "$(tasks.git-clone.results.commit)" + - name: "IMAGE_EXPIRES_AFTER" + value: "$(params.image-expires-after)" + - name: "ALWAYS_BUILD_INDEX" + value: "$(params.build-image-index)" + - name: "IMAGES" + value: + - "$(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)" + runAfter: + - "build-container" taskRef: params: - name: "bundle" - value: "quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4" + value: "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1" - name: "name" - value: "list-source-workspace" + value: "build-image-index" - name: "kind" value: "task" resolver: "bundles" workspaces: - - name: "source-dir" - workspace: "source-dir" - - name: "pack-workspace" - workspace: "pack-workspace" - - name: "pack-builder" + - name: "workspace" + workspace: "workspace" + - name: "source-build" params: - - name: "PACK_SOURCE_DIR" - value: "$(params.source-dir)" - - name: "PACK_CLI_IMAGE" - value: "$(params.imageUrl)" - - name: "PACK_CLI_IMAGE_VERSION" - value: "$(params.imageTag)" - - name: "BUILDER_IMAGE_NAME" + - name: "BINARY_IMAGE" value: "$(params.output-image)" - - name: "PACK_BUILDER_TOML" - value: "ubi-builder.toml" - - name: "PACK_CMD_FLAGS" - value: - - "$(params.packCmdBuilderFlags)" + - name: "BASE_IMAGES" + value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" runAfter: - - "list-source-workspace" + - "build-container" taskRef: params: - name: "bundle" - value: "quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4" + value: "quay.io/konflux-ci/tekton-catalog/task-source-build:0.1" - name: "name" - value: "pack-builder" + value: "source-build" - name: "kind" value: "task" resolver: "bundles" workspaces: - - name: "source-dir" - workspace: "source-dir" - - name: "pack-workspace" - workspace: "pack-workspace" + - name: "workspace" + workspace: "workspace" + - name: "clair-scan" + params: + - name: "image-digest" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1" + - name: "name" + value: "clair-scan" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "ecosystem-cert-preflight-checks" + params: + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1" + - name: "name" + value: "ecosystem-cert-preflight-checks" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "sast-snyk-check" + params: + - name: "image-digest" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "git-clone" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2" + - name: "name" + value: "sast-snyk-check" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "workspace" + workspace: "workspace" + - name: "clamav-scan" + params: + - name: "image-digest" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1" + - name: "name" + value: "clamav-scan" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "sbom-json-check" + params: + - name: "IMAGE_DIGEST" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1" + - name: "name" + value: "sbom-json-check" + - name: "kind" + value: "task" + resolver: "bundles" timeouts: pipeline: "300000000000ns" workspaces: - - name: "pack-workspace" - volumeClaimTemplate: - apiVersion: "v1" - kind: "PersistentVolumeClaim" - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "1Gi" - - name: "source-dir" + - name: "workspace" volumeClaimTemplate: apiVersion: "v1" kind: "PersistentVolumeClaim" @@ -3640,12 +3939,11 @@ spec: resources: requests: storage: "1Gi" - - name: "data-store" - projected: - sources: - - secret: - name: "pack-config-toml" - - secret: - name: "gitea-creds" + - name: "git-auth" + secret: + secretName: "{{ git_auth_secret }}" + - name: "ssh" + secret: + secretName: "multi-platform-ssh-$(context.taskRun.name)" ``` diff --git a/generated/konflux/build/application-my-quarkus.yaml b/generated/konflux/build/application-my-quarkus.yaml new file mode 100644 index 00000000..5387a403 --- /dev/null +++ b/generated/konflux/build/application-my-quarkus.yaml @@ -0,0 +1,9 @@ +apiVersion: "appstudio.redhat.com/v1alpha1" +kind: "Application" +metadata: + annotations: + application.thumbnail: "10" + name: "my-quarkus" + namespace: "user-ns1" +spec: + displayName: "my-quarkus" diff --git a/generated/konflux/build/component-my-quarkus-app.yaml b/generated/konflux/build/component-my-quarkus-app.yaml new file mode 100644 index 00000000..1df1c743 --- /dev/null +++ b/generated/konflux/build/component-my-quarkus-app.yaml @@ -0,0 +1,17 @@ +apiVersion: "appstudio.redhat.com/v1alpha1" +kind: "Component" +metadata: + annotations: + build.appstudio.openshift.io/request: "configure-pac" + image.redhat.com/generate: "{\"visibility\":\"public\"}" + name: "my-quarkus-app" + namespace: "user-ns1" +spec: + application: "my-quarkus" + componentName: "my-quarkus-app" + source: + git: + context: "." + dockerfileUrl: "src/main/docker/Dockerfile.jvm" + revision: "main" + url: "https://github.com/ch007m/new-quarkus-app-1" diff --git a/generated/konflux/build/pipelinerun-quarkus-app-on-push.yaml b/generated/konflux/build/pipelinerun-pack-build-builder-image.yaml similarity index 67% rename from generated/konflux/build/pipelinerun-quarkus-app-on-push.yaml rename to generated/konflux/build/pipelinerun-pack-build-builder-image.yaml index afddbd29..dbb705a2 100644 --- a/generated/konflux/build/pipelinerun-quarkus-app-on-push.yaml +++ b/generated/konflux/build/pipelinerun-pack-build-builder-image.yaml @@ -2,21 +2,21 @@ apiVersion: "tekton.dev/v1" kind: "PipelineRun" metadata: annotations: - pipelinesascode.tekton.dev/max-keep-runs: "3" + build.appstudio.redhat.com/target_branch: "{{target_branch}}" + build.appstudio.redhat.com/commit_sha: "{{revision}}" pipelinesascode.tekton.dev/on-cel-expression: "event == 'push' && target_branch\ \ == 'main'" - build.appstudio.openshift.io/repo: "https://github.com/ch007m/new-quarkus-app-1?rev={{revision}}" - build.appstudio.redhat.com/commit_sha: "{{revision}}" - build.appstudio.redhat.com/target_branch: "{{target_branch}}" + pipelinesascode.tekton.dev/max-keep-runs: "3" + build.appstudio.openshift.io/repo: "https://github.com/paketo-community/builder-ubi-base?rev={{revision}}" labels: - pipelines.openshift.io/strategy: "build" + appstudio.openshift.io/application: "my-quarkus" pipelines.appstudio.openshift.io/type: "build" + pipelines.openshift.io/strategy: "build" + appstudio.openshift.io/component: "my-quarkus-app" pipelines.openshift.io/used-by: "build-cloud" pipelines.openshift.io/runtime: "java" - appstudio.openshift.io/application: "my-quarkus" - appstudio.openshift.io/component: "quarkus-1" - name: "quarkus-app-on-push" - namespace: "user-ns1" + name: "pack-build-builder-image" + namespace: "cmoullia" spec: params: - name: "git-url" @@ -24,7 +24,7 @@ spec: - name: "revision" value: "{{revision}}" - name: "output-image" - value: "quay.io/ch007m/user-ns1/my-quarkus/quarkus-1:{{revision}}" + value: "quay.io/ch007m/builder-ubi-base:{{revision}}" - name: "image-expires-after" value: "5d" - name: "build-image-index" @@ -41,13 +41,48 @@ spec: value: "latest" - name: "packCmdBuilderFlags" value: - - "build" - - "-B" - - "quay.io/snowdrop/ubi-builder" - - "-e" - - "BP_JVM_VERSION=21" - - "quarkus-hello:1.0" + - "builder" + - "create" + - "builder" + - "--config" + - "$(workspaces.source.path)/$(params.SOURCE_SUBPATH)/builder.toml" pipelineSpec: + finally: + - name: "show-sbom" + params: + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1" + - name: "name" + value: "show-sbom" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "summary" + params: + - name: "pipelinerun-name" + value: "$(context.pipelineRun.name)" + - name: "git-url" + value: "$(tasks.git-clone.results.url)?rev=$(tasks.git-clone.results.commit)" + - name: "image-url" + value: "$(params.output-image)" + - name: "build-task-status" + value: "$(tasks.build-container.status)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-summary:0.2" + - name: "name" + value: "summary" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "workspace" + workspace: "workspace" results: - name: "IMAGE_URL" value: "$(tasks.build-container.results.IMAGE_URL)" @@ -56,28 +91,28 @@ spec: - name: "BASE_IMAGES_DIGESTS" value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" - name: "CHAINS-GIT_URL" - value: "$(tasks.clone-repository.results.url)" + value: "$(tasks.git-clone.results.url)" - name: "CHAINS-GIT_COMMIT" - value: "$(tasks.clone-repository.results.commit)" + value: "$(tasks.git-clone.results.commit)" tasks: - name: "init" params: - name: "image-url" - value: "$(params.output-image" + value: "$(params.output-image)" - name: "rebuild" - value: "$(params.rebuild" + value: "$(params.rebuild)" - name: "skip-checks" - value: "$(params.skip-checks" + value: "$(params.skip-checks)" taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:092c113b614f6551113f17605ae9cb7e822aa704d07f0e37ed209da23ce392cc" + value: "quay.io/konflux-ci/tekton-catalog/task-init:0.2" - name: "name" value: "init" - name: "kind" value: "task" resolver: "bundles" - - name: "clone-repository" + - name: "git-clone" params: - name: "url" value: "$(params.git-url)" @@ -86,17 +121,12 @@ spec: taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:0bb1be8363557e8e07ec34a3c5daaaaa23c9d533f0bb12f00dc604d00de50814" + value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1" - name: "name" value: "git-clone" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(tasks.init.results.build)" - operator: "in" - values: - - "true" workspaces: - name: "output" workspace: "workspace" @@ -107,21 +137,16 @@ spec: - name: "input" value: "$(params.prefetch-input)" runAfter: - - "clone-repository" + - "git-clone" taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:058a59f72997c9cf1be20978eb6a145d8d4d436c6098f2460bd96766bb363b20" + value: "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1" - name: "name" value: "prefetch-dependencies" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.prefetch-input)" - operator: "notin" - values: - - "" workspaces: - name: "source" workspace: "workspace" @@ -131,35 +156,64 @@ spec: params: - name: "PACK_SOURCE_DIR" value: "$(params.source-dir)" - - name: "PACK_CLI_IMAGE" - value: "$(params.imageUrl)" - - name: "PACK_CLI_IMAGE_VERSION" - value: "$(params.imageTag)" - - name: "PACK_CMD_FLAGS" - value: - - "$(params.packCmdBuilderFlags)" - runAfter: - - "prefetch-dependencies" - taskRef: - params: - - name: "bundle" - value: "quay.io/ch007m/tekton-bundle:latest@sha256:bc130944a4ee377846abd2ffe9add0c8ad1dff571089d4e0b590e0c446660ac4" - - name: "name" - value: "pack" - - name: "kind" - value: "task" - resolver: "bundles" + - name: "PACK_CLI_VERSION" + value: "v0.35.1" + - name: "DOCKER_HOST" + value: "$(tasks.virtualmachine.results.ip)" + taskSpec: + results: + - description: "Image repository where the built image was pushed" + name: "IMAGE_URL" + - description: "Digest of the image just built" + name: "IMAGE_DIGEST" + - description: "Digests of the base images used for build" + name: "BASE_IMAGES_DIGESTS" + steps: + - args: + - "$(params.packCmdBuilderFlags)" + image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: | + #!/usr/bin/env bash + set -e + + echo "Installing pack ..." + curl -sSL "https://github.com/buildpacks/pack/releases/download/$(params.PACK_CLI_VERSION)/pack-$(params.PACK_CLI_VERSION)-linux.tgz" | tar -C /usr/local/bin/ --no-same-owner -xzv pack + + echo "Checking pack ..." + pack --version + pack config experimental true + + export DOCKER_HOST=tcp://$(params.DOCKER_HOST):2376 + echo "DOCKER_HOST=tcp://$(params.DOCKER_HOST):2376" + + # We cannot get the array from the params PACK_CMD_FLAGS within the bash script as substitution don't work in this case !! + echo "Getting the arguments ..." + for cmd_arg in "$@"; do + CLI_ARGS+=("$cmd_arg") + done + + echo "Here are the arguments to be passed to the pack CLI" + for i in "$CLI_ARGS[@]"; do + echo "arg: $i" + done + + echo "Building the builder image ..." + echo "pack ${CLI_ARGS[@]}" + pack "${CLI_ARGS[@]}" + + echo -n "URL of the image build is : quarkus-hello:1.0" | tee "$(results.IMAGE_URL.path)" + echo -n "sha256ddddddddddddddddddddd" | tee "$(results.IMAGE_DIGEST.path)" + echo -n "sha256eeeeeeeeeeeeeeeeeeeeee" | tee "$(results.BASE_IMAGES_DIGESTS.path)" workspaces: - - name: "source-dir" - workspace: "workspace" - - name: "pack-workspace" + - name: "source" workspace: "workspace" - name: "build-image-index" params: - name: "IMAGE" value: "$(params.output-image)" - name: "COMMIT_SHA" - value: "$(tasks.clone-repository.results.commit)" + value: "$(tasks.git-clone.results.commit)" - name: "IMAGE_EXPIRES_AFTER" value: "$(params.image-expires-after)" - name: "ALWAYS_BUILD_INDEX" @@ -172,21 +226,16 @@ spec: taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:409ff39379c50d3c257229b4c6d6600e35eb53637504c47fb36ade262c70716e" + value: "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1" - name: "name" value: "build-image-index" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(tasks.init.results.build)" - operator: "in" - values: - - "true" workspaces: - name: "workspace" workspace: "workspace" - - name: "build-source-image" + - name: "source-build" params: - name: "BINARY_IMAGE" value: "$(params.output-image)" @@ -197,44 +246,15 @@ spec: taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:21cb5ebaff7a9216903cf78933dc4ec4dd6283a52636b16590a5f52ceb278269" + value: "quay.io/konflux-ci/tekton-catalog/task-source-build:0.1" - name: "name" value: "source-build" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.build-source-image)" - operator: "in" - values: - - "true" workspaces: - name: "workspace" workspace: "workspace" - - name: "deprecated-image-check" - params: - - name: "IMAGE_URL" - value: "$(tasks.build-container.results.IMAGE_URL)" - - name: "IMAGE_DIGEST" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "BASE_IMAGES_DIGESTS" - value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:d98fa9daf5ee12dfbf00880b83d092d01ce9994d79836548d2f82748bb0c64a2" - - name: "name" - value: "deprecated-image-check" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - name: "clair-scan" params: - name: "image-digest" @@ -246,17 +266,12 @@ spec: taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1@sha256:baea4be429cf8d91f7c758378cea42819fe324f25a7f957bf9805409cab6d123" + value: "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1" - name: "name" value: "clair-scan" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - name: "ecosystem-cert-preflight-checks" params: - name: "image-url" @@ -266,17 +281,12 @@ spec: taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:5131cce0f93d0b728c7bcc0d6cee4c61d4c9f67c6d619c627e41e3c9775b497d" + value: "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1" - name: "name" value: "ecosystem-cert-preflight-checks" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - name: "sast-snyk-check" params: - name: "image-digest" @@ -284,21 +294,16 @@ spec: - name: "image-url" value: "$(tasks.build-container.results.IMAGE_URL)" runAfter: - - "build-container" + - "git-clone" taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2@sha256:82c42d27c9c59db6cf6c235e89f7b37f5cdfc75d0d361ca0ee91ae703ba72301" + value: "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2" - name: "name" value: "sast-snyk-check" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "true" workspaces: - name: "workspace" workspace: "workspace" @@ -313,41 +318,31 @@ spec: taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:7bb17b937c9342f305468e8a6d0a22493e3ecde58977bd2ffc8b50e2fa234d58" + value: "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1" - name: "name" value: "clamav-scan" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - name: "sbom-json-check" params: - - name: "IMAGE_URL" - value: "$(tasks.build-container.results.IMAGE_URL)" - name: "IMAGE_DIGEST" value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" runAfter: - "build-container" taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1@sha256:2c5de51ec858fc8d47e41c65b20c83fdac249425d67ed6d1058f9f3e0b574500" + value: "quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1" - name: "name" value: "sbom-json-check" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" timeouts: - pipeline: "3600000000000ns" + pipeline: "300000000000ns" workspaces: - name: "workspace" volumeClaimTemplate: diff --git a/generated/konflux/build/pipelinerun-quarkus-1-on-push.yaml b/generated/konflux/build/pipelinerun-quarkus-1-on-push.yaml index 6d8e8107..0e6ef46b 100644 --- a/generated/konflux/build/pipelinerun-quarkus-1-on-push.yaml +++ b/generated/konflux/build/pipelinerun-quarkus-1-on-push.yaml @@ -2,19 +2,19 @@ apiVersion: "tekton.dev/v1" kind: "PipelineRun" metadata: annotations: - pipelinesascode.tekton.dev/max-keep-runs: "3" + build.appstudio.redhat.com/target_branch: "{{target_branch}}" + build.appstudio.redhat.com/commit_sha: "{{revision}}" pipelinesascode.tekton.dev/on-cel-expression: "event == 'push' && target_branch\ \ == 'main'" + pipelinesascode.tekton.dev/max-keep-runs: "3" build.appstudio.openshift.io/repo: "https://github.com/ch007m/new-quarkus-app-1?rev={{revision}}" - build.appstudio.redhat.com/commit_sha: "{{revision}}" - build.appstudio.redhat.com/target_branch: "{{target_branch}}" labels: + appstudio.openshift.io/application: "my-quarkus" pipelines.appstudio.openshift.io/type: "build" pipelines.openshift.io/strategy: "build" + appstudio.openshift.io/component: "my-quarkus-app" pipelines.openshift.io/used-by: "build-cloud" pipelines.openshift.io/runtime: "java" - appstudio.openshift.io/application: "my-quarkus" - appstudio.openshift.io/component: "quarkus-1" name: "quarkus-1-on-push" namespace: "user-ns1" spec: @@ -24,7 +24,7 @@ spec: - name: "revision" value: "{{revision}}" - name: "output-image" - value: "quay.io/ch007m/user-ns1/my-quarkus/quarkus-1:{{revision}}" + value: "quay.io/ch007m/builder-ubi-base:{{revision}}" - name: "image-expires-after" value: "5d" - name: "build-image-index" @@ -56,7 +56,7 @@ spec: taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:9bfc6b99ef038800fe131d7b45ff3cd4da3a415dd536f7c657b3527b01c4a13b" + value: "quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1" - name: "name" value: "show-sbom" - name: "kind" @@ -67,7 +67,7 @@ spec: - name: "pipelinerun-name" value: "$(context.pipelineRun.name)" - name: "git-url" - value: "$(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit)" + value: "$(tasks.git-clone.results.url)?rev=$(tasks.git-clone.results.commit)" - name: "image-url" value: "$(params.output-image)" - name: "build-task-status" @@ -75,7 +75,7 @@ spec: taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:d97c04ab42f277b1103eb6f3a053b247849f4f5b3237ea302a8ecada3b24e15b" + value: "quay.io/konflux-ci/tekton-catalog/task-summary:0.2" - name: "name" value: "summary" - name: "kind" @@ -92,28 +92,28 @@ spec: - name: "BASE_IMAGES_DIGESTS" value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" - name: "CHAINS-GIT_URL" - value: "$(tasks.clone-repository.results.url)" + value: "$(tasks.git-clone.results.url)" - name: "CHAINS-GIT_COMMIT" - value: "$(tasks.clone-repository.results.commit)" + value: "$(tasks.git-clone.results.commit)" tasks: - name: "init" params: - name: "image-url" - value: "$(params.output-image" + value: "$(params.output-image)" - name: "rebuild" - value: "$(params.rebuild" + value: "$(params.rebuild)" - name: "skip-checks" - value: "$(params.skip-checks" + value: "$(params.skip-checks)" taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:092c113b614f6551113f17605ae9cb7e822aa704d07f0e37ed209da23ce392cc" + value: "quay.io/konflux-ci/tekton-catalog/task-init:0.2" - name: "name" value: "init" - name: "kind" value: "task" resolver: "bundles" - - name: "clone-repository" + - name: "git-clone" params: - name: "url" value: "$(params.git-url)" @@ -122,17 +122,12 @@ spec: taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:0bb1be8363557e8e07ec34a3c5daaaaa23c9d533f0bb12f00dc604d00de50814" + value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1" - name: "name" value: "git-clone" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(tasks.init.results.build)" - operator: "in" - values: - - "true" workspaces: - name: "output" workspace: "workspace" @@ -143,32 +138,25 @@ spec: - name: "input" value: "$(params.prefetch-input)" runAfter: - - "clone-repository" + - "git-clone" taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:058a59f72997c9cf1be20978eb6a145d8d4d436c6098f2460bd96766bb363b20" + value: "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1" - name: "name" value: "prefetch-dependencies" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.prefetch-input)" - operator: "notin" - values: - - "" workspaces: - name: "source" workspace: "workspace" - name: "git-basic-auth" workspace: "git-auth" - - name: "jam" + - name: "build-container" params: - name: "JAM_VERSION" value: "v2.9.0" - runAfter: - - "prefetch-dependencies" taskSpec: results: - description: "Image repository where the built image was pushed" @@ -218,7 +206,7 @@ spec: - name: "IMAGE" value: "$(params.output-image)" - name: "COMMIT_SHA" - value: "$(tasks.clone-repository.results.commit)" + value: "$(tasks.git-clone.results.commit)" - name: "IMAGE_EXPIRES_AFTER" value: "$(params.image-expires-after)" - name: "ALWAYS_BUILD_INDEX" @@ -231,21 +219,16 @@ spec: taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:409ff39379c50d3c257229b4c6d6600e35eb53637504c47fb36ade262c70716e" + value: "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1" - name: "name" value: "build-image-index" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(tasks.init.results.build)" - operator: "in" - values: - - "true" workspaces: - name: "workspace" workspace: "workspace" - - name: "build-source-image" + - name: "source-build" params: - name: "BINARY_IMAGE" value: "$(params.output-image)" @@ -256,44 +239,15 @@ spec: taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:21cb5ebaff7a9216903cf78933dc4ec4dd6283a52636b16590a5f52ceb278269" + value: "quay.io/konflux-ci/tekton-catalog/task-source-build:0.1" - name: "name" value: "source-build" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.build-source-image)" - operator: "in" - values: - - "true" workspaces: - name: "workspace" workspace: "workspace" - - name: "deprecated-image-check" - params: - - name: "IMAGE_URL" - value: "$(tasks.build-container.results.IMAGE_URL)" - - name: "IMAGE_DIGEST" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "BASE_IMAGES_DIGESTS" - value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:d98fa9daf5ee12dfbf00880b83d092d01ce9994d79836548d2f82748bb0c64a2" - - name: "name" - value: "deprecated-image-check" - - name: "kind" - value: "task" - resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - name: "clair-scan" params: - name: "image-digest" @@ -305,17 +259,12 @@ spec: taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1@sha256:baea4be429cf8d91f7c758378cea42819fe324f25a7f957bf9805409cab6d123" + value: "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1" - name: "name" value: "clair-scan" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - name: "ecosystem-cert-preflight-checks" params: - name: "image-url" @@ -325,17 +274,12 @@ spec: taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:5131cce0f93d0b728c7bcc0d6cee4c61d4c9f67c6d619c627e41e3c9775b497d" + value: "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1" - name: "name" value: "ecosystem-cert-preflight-checks" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - name: "sast-snyk-check" params: - name: "image-digest" @@ -343,21 +287,16 @@ spec: - name: "image-url" value: "$(tasks.build-container.results.IMAGE_URL)" runAfter: - - "build-container" + - "git-clone" taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2@sha256:82c42d27c9c59db6cf6c235e89f7b37f5cdfc75d0d361ca0ee91ae703ba72301" + value: "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2" - name: "name" value: "sast-snyk-check" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "true" workspaces: - name: "workspace" workspace: "workspace" @@ -372,41 +311,31 @@ spec: taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:7bb17b937c9342f305468e8a6d0a22493e3ecde58977bd2ffc8b50e2fa234d58" + value: "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1" - name: "name" value: "clamav-scan" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" - name: "sbom-json-check" params: - - name: "IMAGE_URL" - value: "$(tasks.build-container.results.IMAGE_URL)" - name: "IMAGE_DIGEST" value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" runAfter: - "build-container" taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1@sha256:2c5de51ec858fc8d47e41c65b20c83fdac249425d67ed6d1058f9f3e0b574500" + value: "quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1" - name: "name" value: "sbom-json-check" - name: "kind" value: "task" resolver: "bundles" - when: - - input: "$(params.skip-checks)" - operator: "in" - values: - - "false" timeouts: - pipeline: "3600000000000ns" + pipeline: "300000000000ns" workspaces: - name: "workspace" volumeClaimTemplate: diff --git a/generated/konflux/remote-build/pipelinerun-buildpack-remote.yaml b/generated/konflux/remote-build/pipelinerun-buildpack-remote.yaml new file mode 100644 index 00000000..e4055616 --- /dev/null +++ b/generated/konflux/remote-build/pipelinerun-buildpack-remote.yaml @@ -0,0 +1,383 @@ +apiVersion: "tekton.dev/v1" +kind: "PipelineRun" +metadata: + annotations: + build.appstudio.redhat.com/target_branch: "{{target_branch}}" + build.appstudio.redhat.com/commit_sha: "{{revision}}" + pipelinesascode.tekton.dev/on-cel-expression: "event == 'push' && target_branch\ + \ == 'main'" + pipelinesascode.tekton.dev/max-keep-runs: "3" + build.appstudio.openshift.io/repo: "https://github.com/paketo-community/builder-ubi-base?rev={{revision}}" + labels: + appstudio.openshift.io/application: "buildpack-remote" + pipelines.appstudio.openshift.io/type: "build" + pipelines.openshift.io/strategy: "remote-build" + appstudio.openshift.io/component: "buildpack-remote" + pipelines.openshift.io/used-by: "build-cloud" + pipelines.openshift.io/runtime: "java" + name: "buildpack-remote" + namespace: "cmoullia-tenant" +spec: + params: + - name: "git-url" + value: "{{source_url}}" + - name: "revision" + value: "{{revision}}" + - name: "output-image" + value: "quay.io/ch007m/builder-ubi-base:{{revision}}" + - name: "image-expires-after" + value: "5d" + - name: "build-image-index" + value: "" + - name: "build-source-image" + value: "false" + - name: "prefetch-input" + value: "" + - name: "source-dir" + value: "source" + - name: "imageUrl" + value: "buildpacksio/pack" + - name: "imageTag" + value: "latest" + - name: "packCmdBuilderFlags" + value: + - "builder" + - "create" + - "builder" + - "--config" + - "$(workspaces.source.path)/builder.toml" + pipelineSpec: + finally: + - name: "show-sbom" + params: + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1" + - name: "name" + value: "show-sbom" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "summary" + params: + - name: "pipelinerun-name" + value: "$(context.pipelineRun.name)" + - name: "git-url" + value: "$(tasks.git-clone.results.url)?rev=$(tasks.git-clone.results.commit)" + - name: "image-url" + value: "$(params.output-image)" + - name: "build-task-status" + value: "$(tasks.build-container.status)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-summary:0.2" + - name: "name" + value: "summary" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "workspace" + workspace: "workspace" + results: + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" + - name: "IMAGE_DIGEST" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "BASE_IMAGES_DIGESTS" + value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" + - name: "CHAINS-GIT_URL" + value: "$(tasks.git-clone.results.url)" + - name: "CHAINS-GIT_COMMIT" + value: "$(tasks.git-clone.results.commit)" + tasks: + - name: "init" + params: + - name: "image-url" + value: "$(params.output-image)" + - name: "rebuild" + value: "$(params.rebuild)" + - name: "skip-checks" + value: "$(params.skip-checks)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-init:0.2" + - name: "name" + value: "init" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "git-clone" + params: + - name: "url" + value: "$(params.git-url)" + runAfter: + - "init" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1" + - name: "name" + value: "git-clone" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "output" + workspace: "workspace" + - name: "basic-auth" + workspace: "git-auth" + - name: "prefetch-dependencies" + params: + - name: "input" + value: "$(params.prefetch-input)" + runAfter: + - "git-clone" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1" + - name: "name" + value: "prefetch-dependencies" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "source" + workspace: "workspace" + - name: "git-basic-auth" + workspace: "git-auth" + - name: "build-container" + params: + - name: "PACK_SOURCE_DIR" + value: "$(params.source-dir)" + - name: "PACK_CLI_VERSION" + value: "v0.35.1" + - name: "DOCKER_HOST" + value: "" + - name: "SOURCE_SUBPATH" + value: "." + runAfter: + - "prefetch-dependencies" + taskSpec: + results: + - description: "Image repository where the built image was pushed" + name: "IMAGE_URL" + - description: "Digest of the image just built" + name: "IMAGE_DIGEST" + - description: "Digests of the base images used for build" + name: "BASE_IMAGES_DIGESTS" + steps: + - args: + - "$(params.packCmdBuilderFlags)" + image: "quay.io/konflux-ci/buildah-task:latest@sha256:860a239c5f25376a435a514ae6d53a5c75b1fa492461d17774e9b7cb32d1e275" + name: "run-script" + script: | + #!/usr/bin/env bash + set -e + mkdir -p ~/.ssh + if [ -e "/ssh/error" ]; then + #no server could be provisioned + cat /ssh/error + exit 1 + fi + export SSH_HOST=$(cat /ssh/host) + cp /ssh/id_rsa ~/.ssh + + chmod 0400 ~/.ssh/id_rsa + export BUILD_DIR=$(cat /ssh/user-dir) + export SSH_ARGS="-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ServerAliveCountMax=10" + echo "$BUILD_DIR" + ssh $SSH_ARGS "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" + + ## TO BE REVIEWED ==> + echo "Installing pack ..." + curl -sSL "https://github.com/buildpacks/pack/releases/download/$(params.PACK_CLI_VERSION)/pack-$(params.PACK_CLI_VERSION)-linux.tgz" | tar -C /usr/local/bin/ --no-same-owner -xzv pack + + echo "Checking pack ..." + pack --version + pack config experimental true + + #export DOCKER_HOST=tcp://$(params.DOCKER_HOST):2376 + #echo "DOCKER_HOST=tcp://$(params.DOCKER_HOST):2376" + + # We cannot get the array from the params PACK_CMD_FLAGS within the bash script as substitution don't work in this case !! + echo "Getting the arguments ..." + for cmd_arg in "$@"; do + CLI_ARGS+=("$cmd_arg") + done + + echo "Here are the arguments to be passed to the pack CLI" + for i in "$CLI_ARGS[@]"; do + echo "arg: $i" + done + + echo "Building the builder image ..." + echo "pack ${CLI_ARGS[@]}" + pack "${CLI_ARGS[@]}" + + echo -n "URL of the image build is : quarkus-hello:1.0" | tee "$(results.IMAGE_URL.path)" + echo -n "sha256ddddddddddddddddddddd" | tee "$(results.IMAGE_DIGEST.path)" + echo -n "sha256eeeeeeeeeeeeeeeeeeeeee" | tee "$(results.BASE_IMAGES_DIGESTS.path)" + workspaces: + - name: "source" + workspace: "workspace" + - name: "ssh" + workspace: "ssh" + - name: "build-image-index" + params: + - name: "IMAGE" + value: "$(params.output-image)" + - name: "COMMIT_SHA" + value: "$(tasks.git-clone.results.commit)" + - name: "IMAGE_EXPIRES_AFTER" + value: "$(params.image-expires-after)" + - name: "ALWAYS_BUILD_INDEX" + value: "$(params.build-image-index)" + - name: "IMAGES" + value: + - "$(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1" + - name: "name" + value: "build-image-index" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "workspace" + workspace: "workspace" + - name: "source-build" + params: + - name: "BINARY_IMAGE" + value: "$(params.output-image)" + - name: "BASE_IMAGES" + value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-source-build:0.1" + - name: "name" + value: "source-build" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "workspace" + workspace: "workspace" + - name: "clair-scan" + params: + - name: "image-digest" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1" + - name: "name" + value: "clair-scan" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "ecosystem-cert-preflight-checks" + params: + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1" + - name: "name" + value: "ecosystem-cert-preflight-checks" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "sast-snyk-check" + params: + - name: "image-digest" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "git-clone" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2" + - name: "name" + value: "sast-snyk-check" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "workspace" + workspace: "workspace" + - name: "clamav-scan" + params: + - name: "image-digest" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1" + - name: "name" + value: "clamav-scan" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "sbom-json-check" + params: + - name: "IMAGE_DIGEST" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "build-container" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1" + - name: "name" + value: "sbom-json-check" + - name: "kind" + value: "task" + resolver: "bundles" + timeouts: + pipeline: "300000000000ns" + workspaces: + - name: "workspace" + volumeClaimTemplate: + apiVersion: "v1" + kind: "PersistentVolumeClaim" + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + - name: "git-auth" + secret: + secretName: "{{ git_auth_secret }}" + - name: "ssh" + secret: + secretName: "multi-platform-ssh-$(context.taskRun.name)"