From 94bf6b64422936d1a08340b89a349a8d8ce4c94c Mon Sep 17 00:00:00 2001 From: cmoulliard <463790+cmoulliard@users.noreply.github.com> Date: Wed, 27 Nov 2024 09:24:01 +0000 Subject: [PATCH] [create-pull-request] automated change --- SCENARIO.md | 3480 +++++++++++++++++++++++++-------------------------- 1 file changed, 1740 insertions(+), 1740 deletions(-) diff --git a/SCENARIO.md b/SCENARIO.md index 9632dc7..10954c9 100644 --- a/SCENARIO.md +++ b/SCENARIO.md @@ -1,249 +1,1099 @@ # Scenario This document is generated by the job \'.github/workflows/publish-pipelines.yml\' using the [configurations](configurations/) files ! -## konflux +## tekton -### Build +### Example -#### PipelineRun performing a build of a Quarkus application using pack CLI +#### Simple example of a Tekton pipeline echoing a message Command to be executed: ```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/konflux/build-quarkus-app-cfg.yaml +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-embedded-script-cfg.yaml ``` using as configuration: ```yaml -# configurations/konflux/build-quarkus-app-cfg.yaml +# configurations/tekton/simple-job-embedded-script-cfg.yaml -# The type will be used by the application to generate the resources for the selected provider: konflux, tekton -provider: konflux +provider: tekton resourceType: PipelineRun -domain: build -namespace: user-ns1 +domain: example -repository: - url: https://github.com/ch007m/new-quarkus-app-1 - dockerfilePath: src/main/docker/Dockerfile.jvm +job: + name: simple-job-embedded-script # name of the pipeline to be created + description: Simple example of a Tekton pipeline echoing a message -# To generate the Konflux Application and/or Component CR -application: - name: my-quarkus - enable: false -component: - name: my-quarkus-app - enable: false + actions: + - name: say-hello + script: | + #!/usr/bin/env bash + + set -e + echo "Say Hello" +``` +Generated file: +```yaml +# generated/tekton/example/pipelinerun-simple-job-embedded-script.yaml + +apiVersion: "tekton.dev/v1" +kind: "PipelineRun" +metadata: + annotations: + tekton.dev/pipelines.minVersion: "0.60.x" + tekton.dev/displayName: "Simple example of a Tekton pipeline echoing a message" + tekton.dev/platforms: "linux/amd64" + labels: + app.kubernetes.io/version: "0.1" + name: "simple-job-embedded-script" +spec: + pipelineSpec: + tasks: + - name: "say-hello" + taskSpec: + stepTemplate: {} + steps: + - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: |- + #!/usr/bin/env bash + + set -e + echo "Say Hello" + timeouts: + pipeline: "300000000000ns" + +``` +#### Simple example of a Tekton pipeline echoing a message and pushing a result + +Command to be executed: +```bash +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-results-script-cfg.yaml +``` +using as configuration: +```yaml +# configurations/tekton/simple-job-results-script-cfg.yaml + +# The type will be used by the application to generate the resources for the selected provider: konflux, tekton +provider: tekton +resourceType: PipelineRun +domain: example job: - name: quarkus-1-on-push - description: PipelineRun performing a build of a Quarkus application using pack CLI + name: simple-job-results-file-script + description: Simple example of a Tekton pipeline echoing a message and pushing a result - workspaces: - - name: source-dir - workspace: workspace - - name: pack-workspace - workspace: workspace + actions: + - name: say-hello + results: + - FOO: "A Foo user" + scriptFileUrl: file://scripts/echo.sh +``` +Generated file: +```yaml +# generated/tekton/example/pipelinerun-simple-job-results-file-script.yaml - results: - - IMAGE_URL: "$(tasks.build-container.results.IMAGE_URL)" - - IMAGE_DIGEST: "$(tasks.build-container.results.IMAGE_DIGEST)" - - BASE_IMAGES_DIGESTS: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" +apiVersion: "tekton.dev/v1" +kind: "PipelineRun" +metadata: + annotations: + tekton.dev/pipelines.minVersion: "0.60.x" + tekton.dev/displayName: "Simple example of a Tekton pipeline echoing a message\ + \ and pushing a result" + tekton.dev/platforms: "linux/amd64" + labels: + app.kubernetes.io/version: "0.1" + name: "simple-job-results-file-script" +spec: + pipelineSpec: + tasks: + - name: "say-hello" + taskSpec: + results: + - description: "A Foo user" + name: "FOO" + stepTemplate: {} + steps: + - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: |- + #!/usr/bin/env bash - - CHAINS-GIT_URL: "$(tasks.clone-repository.results.url)" - - CHAINS-GIT_COMMIT: "$(tasks.clone-repository.results.commit)" + set -e + echo "Say Hello" + timeouts: + pipeline: "300000000000ns" - params: - - git-url: "{{source_url}}" - - revision: "{{revision}}" - - output-image: "quay.io/ch007m/user-ns1/my-quarkus/quarkus-1:{{revision}}" - - image-expires-after: "5d" - - build-image-index: "" - # We need the following parameters when used within the Pipeline: when condition, etc - - build-source-image: false - - prefetch-input: "" +``` +#### Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye - # Buildpack params - - source-dir: "source" - - imageUrl: "buildpacksio/pack" - - imageTag: "latest" - - packCmdBuilderFlags: - - build - - -B - - quay.io/snowdrop/ubi-builder - - -e - - BP_JVM_VERSION=21 - - quarkus-hello:1.0 +Command to be executed: +```bash +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-two-actions-cfg.yaml +``` +using as configuration: +```yaml +# configurations/tekton/simple-job-two-actions-cfg.yaml - # Remark : As the Pipeline(run) resource of konflux already defines mandatory steps to perform actions as listed here - it is then not needed - # to detail them here except the actions that you want to include part of the build process +# The type will be used by the application to generate the resources for the selected provider: konflux, tekton +provider: tekton +resourceType: PipelineRun +# The domain allows to organize the resources, tasks to be generated +domain: example - # The actions to be executed should match/map the name ofg the Task declared in an OCI Bundle or Git repository url - # Examples: - # - pack: to build an image using the Pack CLI - # - build: to build an application using a builder image - # - pack-builder: to create a builder image using pack CLI - # - stack: to create a base stack image build or run - # - meta/composite: to package the buildpacks of a "meta/composite" buildpack project - # - buildpack: to package a "buildpack" project - # - extension: to package an "extension" project - # - actions: - - name: pack - ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25 - workspaces: - - name: source-dir - workspace: workspace - - name: pack-workspace - workspace: workspace - params: - - PACK_SOURCE_DIR: "$(params.source-dir)" - - PACK_CLI_IMAGE: "$(params.imageUrl)" - - PACK_CLI_IMAGE_VERSION: "$(params.imageTag)" - - PACK_CMD_FLAGS: - - "$(params.packCmdBuilderFlags)" +# Kubernetes namespace +namespace: demo +job: + name: simple-job-two-actions # name of the pipeline to be created + description: Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye + actions: + - name: say-hello + script: | + #!/usr/bin/env bash + + set -e + echo "Say Hello" + - name: say-goodbye + script: | + #!/usr/bin/env bash + + set -e + echo "and say Good bye to all of you !" ``` Generated file: ```yaml -# generated/konflux/build/pipelinerun-quarkus-1-on-push.yaml +# generated/tekton/example/pipelinerun-simple-job-two-actions.yaml apiVersion: "tekton.dev/v1" kind: "PipelineRun" metadata: annotations: - build.appstudio.redhat.com/target_branch: "{{target_branch}}" - build.appstudio.redhat.com/commit_sha: "{{revision}}" - pipelinesascode.tekton.dev/on-cel-expression: "event == 'push' && target_branch\ - \ == 'main'" - pipelinesascode.tekton.dev/max-keep-runs: "3" - build.appstudio.openshift.io/repo: "https://github.com/ch007m/new-quarkus-app-1?rev={{revision}}" + tekton.dev/pipelines.minVersion: "0.60.x" + tekton.dev/displayName: "Simple example of a Tekton pipeline including 2 actions\ + \ echoing Hello and Good bye" + tekton.dev/platforms: "linux/amd64" labels: - appstudio.openshift.io/application: "my-quarkus" - pipelines.appstudio.openshift.io/type: "build" - pipelines.openshift.io/strategy: "build" - appstudio.openshift.io/component: "my-quarkus-app" - pipelines.openshift.io/used-by: "build-cloud" - pipelines.openshift.io/runtime: "java" - name: "quarkus-1-on-push" - namespace: "user-ns1" + app.kubernetes.io/version: "0.1" + name: "simple-job-two-actions" + namespace: "demo" spec: - params: - - name: "git-url" - value: "{{source_url}}" - - name: "revision" - value: "{{revision}}" - - name: "image-expires-after" - value: "5d" - - name: "build-image-index" - value: "" - - name: "build-source-image" - value: "false" - - name: "prefetch-input" - value: "" - - name: "git-url" - value: "{{source_url}}" - - name: "revision" - value: "{{revision}}" - - name: "output-image" - value: "quay.io/ch007m/user-ns1/my-quarkus/quarkus-1:{{revision}}" - - name: "image-expires-after" - value: "5d" - - name: "build-image-index" - value: "" - - name: "build-source-image" - value: "false" - - name: "prefetch-input" - value: "" + pipelineSpec: + tasks: + - name: "say-hello" + taskSpec: + stepTemplate: {} + steps: + - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: | + #!/usr/bin/env bash + + set -e + echo "Say Hello" + - name: "say-goodbye" + runAfter: + - "say-hello" + taskSpec: + stepTemplate: {} + steps: + - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: |- + #!/usr/bin/env bash + + set -e + echo "and say Good bye to all of you !" + timeouts: + pipeline: "300000000000ns" + +``` +#### Simple example of a Tekton pipeline echoing a message + +Command to be executed: +```bash +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-fetch-file-script-cfg.yaml +``` +using as configuration: +```yaml +# configurations/tekton/simple-job-fetch-file-script-cfg.yaml + +# The type will be used by the application to generate the resources for the selected provider: konflux, tekton +provider: tekton +resourceType: PipelineRun +domain: example + +job: + name: simple-job-fetch-file-script + description: Simple example of a Tekton pipeline echoing a message + + actions: + - name: say-hello + scriptFileUrl: file://scripts/echo.sh +``` +Generated file: +```yaml +# generated/tekton/example/pipelinerun-simple-job-fetch-file-script.yaml + +apiVersion: "tekton.dev/v1" +kind: "PipelineRun" +metadata: + annotations: + tekton.dev/pipelines.minVersion: "0.60.x" + tekton.dev/displayName: "Simple example of a Tekton pipeline echoing a message" + tekton.dev/platforms: "linux/amd64" + labels: + app.kubernetes.io/version: "0.1" + name: "simple-job-fetch-file-script" +spec: + pipelineSpec: + tasks: + - name: "say-hello" + taskSpec: + stepTemplate: {} + steps: + - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: |- + #!/usr/bin/env bash + + set -e + echo "Say Hello" + timeouts: + pipeline: "300000000000ns" + +``` +#### Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye when condition is met + +Command to be executed: +```bash +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-two-actions-when-cfg.yaml +``` +using as configuration: +```yaml +# configurations/tekton/simple-job-two-actions-when-cfg.yaml + +provider: tekton +resourceType: PipelineRun +domain: example +namespace: demo + +job: + name: simple-job-two-actions-when # name of the pipeline to be created + description: Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye when condition is met + params: + - message: true + actions: + - name: say-hello + script: | + #!/usr/bin/env bash + + set -e + echo "Say Hello" + - name: say-goodbye + when: + - "$(params.message): true" + script: | + #!/usr/bin/env bash + + set -e + echo "and say Good bye to all of you !" +``` +Generated file: +```yaml +# generated/tekton/example/pipelinerun-simple-job-two-actions-when.yaml + +apiVersion: "tekton.dev/v1" +kind: "PipelineRun" +metadata: + annotations: + tekton.dev/pipelines.minVersion: "0.60.x" + tekton.dev/displayName: "Simple example of a Tekton pipeline including 2 actions\ + \ echoing Hello and Good bye when condition is met" + tekton.dev/platforms: "linux/amd64" + labels: + app.kubernetes.io/version: "0.1" + name: "simple-job-two-actions-when" + namespace: "demo" +spec: + params: + - name: "message" + value: "true" + pipelineSpec: + tasks: + - name: "say-hello" + taskSpec: + stepTemplate: {} + steps: + - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: | + #!/usr/bin/env bash + + set -e + echo "Say Hello" + - name: "say-goodbye" + runAfter: + - "say-hello" + taskSpec: + stepTemplate: {} + steps: + - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: |- + #!/usr/bin/env bash + + set -e + echo "and say Good bye to all of you !" + when: + - input: "$(params.message)" + operator: "in" + values: + - "true" + timeouts: + pipeline: "300000000000ns" + +``` +#### Simple example of a Tekton task echoing a message + +Command to be executed: +```bash +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-action-embedded-script-cfg.yaml +``` +using as configuration: +```yaml +# configurations/tekton/simple-action-embedded-script-cfg.yaml + +provider: tekton +resourceType: TaskRun +domain: example + +job: + name: simple-action-embedded-script + description: Simple example of a Tekton task echoing a message + + actions: + - name: say-hello + script: | + #!/usr/bin/env bash + + set -e + echo "Say Hello" +``` +Generated file: +```yaml +# generated/tekton/example/taskrun-simple-action-embedded-script.yaml + +apiVersion: "tekton.dev/v1" +kind: "TaskRun" +metadata: + labels: + tekton.dev/taskRun: "simple-action-embedded-script" + name: "simple-action-embedded-script" +spec: + taskSpec: + steps: + - command: + - null + image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "say-hello" + script: |- + #!/usr/bin/env bash + + set -e + echo "Say Hello" + +``` +#### Simple example of a Tekton pipeline echoing a message + +Command to be executed: +```bash +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-fetch-script-cfg.yaml +``` +using as configuration: +```yaml +# configurations/tekton/simple-job-fetch-script-cfg.yaml + +# The type will be used by the application to generate the resources for the selected provider: konflux, tekton +provider: tekton +resourceType: PipelineRun +domain: example + +# Kubernetes namespace +namespace: + +job: + name: simple-job-fetch-script # name of the pipeline to be created + description: Simple example of a Tekton pipeline echoing a message + + actions: + - name: say-hello + # The ref or reference expressed using the uri://: + # will fetch the code of the action to be executed + ref: + # The url of the script file to be executed using a linux container + scriptFileUrl: https://raw.githubusercontent.com/ch007m/pipeline-dsl-builder/main/scripts/echo.sh +``` +Generated file: +```yaml +# generated/tekton/example/pipelinerun-simple-job-fetch-script.yaml + +apiVersion: "tekton.dev/v1" +kind: "PipelineRun" +metadata: + annotations: + tekton.dev/pipelines.minVersion: "0.60.x" + tekton.dev/displayName: "Simple example of a Tekton pipeline echoing a message" + tekton.dev/platforms: "linux/amd64" + labels: + app.kubernetes.io/version: "0.1" + name: "simple-job-fetch-script" +spec: + pipelineSpec: + tasks: + - name: "say-hello" + taskSpec: + stepTemplate: {} + steps: + - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: | + #!/usr/bin/env bash + + set -e + echo "Say Hello" + timeouts: + pipeline: "300000000000ns" + +``` +#### Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye and sharing the message using a workspace + +Command to be executed: +```bash +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-two-actions-worskpace-cfg.yaml +``` +using as configuration: +```yaml +# configurations/tekton/simple-job-two-actions-worskpace-cfg.yaml + +provider: tekton +resourceType: PipelineRun +domain: example + +namespace: demo + +job: + name: simple-job-two-actions-wks + description: Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye and sharing the message using a workspace + workspaces: + - name: shared-wks + + actions: + - name: say-hello + script: | + #!/usr/bin/env bash + + set -e + if [ "$(workspaces.shared-wks.bound)" == "true" ] ; then + echo Hello from action - say-hello > $(workspaces.shared-wks.path)/message + fi + workspaces: + - name: shared-wks + workspace: shared-wks + - name: say-goodbye + script: | + #!/usr/bin/env bash + + set -e + if [ "$(workspaces.shared-wks.bound)" == "true" ] ; then + cat $(workspaces.shared-wks.path)/message + fi + echo "Saying Good bye to all of you from action: say-goodbye" + workspaces: + - name: shared-wks + workspace: shared-wks +``` +Generated file: +```yaml +# generated/tekton/example/pipelinerun-simple-job-two-actions-wks.yaml + +apiVersion: "tekton.dev/v1" +kind: "PipelineRun" +metadata: + annotations: + tekton.dev/pipelines.minVersion: "0.60.x" + tekton.dev/displayName: "Simple example of a Tekton pipeline including 2 actions\ + \ echoing Hello and Good bye and sharing the message using a workspace" + tekton.dev/platforms: "linux/amd64" + labels: + app.kubernetes.io/version: "0.1" + name: "simple-job-two-actions-wks" + namespace: "demo" +spec: + pipelineSpec: + tasks: + - name: "say-hello" + taskSpec: + stepTemplate: {} + steps: + - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: | + #!/usr/bin/env bash + + set -e + if [ "$(workspaces.shared-wks.bound)" == "true" ] ; then + echo Hello from action - say-hello > $(workspaces.shared-wks.path)/message + fi + workspaces: + - name: "shared-wks" + workspace: "shared-wks" + - name: "say-goodbye" + runAfter: + - "say-hello" + taskSpec: + stepTemplate: {} + steps: + - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: | + #!/usr/bin/env bash + + set -e + if [ "$(workspaces.shared-wks.bound)" == "true" ] ; then + cat $(workspaces.shared-wks.path)/message + fi + echo "Saying Good bye to all of you from action: say-goodbye" + workspaces: + - name: "shared-wks" + workspace: "shared-wks" + timeouts: + pipeline: "300000000000ns" + workspaces: + - name: "shared-wks" + volumeClaimTemplate: + apiVersion: "v1" + kind: "PersistentVolumeClaim" + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + +``` +## tekton + +### Demo + +#### Such a job will not work as the [*] "notation" with array param is not supported in a task's script + +Command to be executed: +```bash +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/basic3-issue-cfg.yaml +``` +using as configuration: +```yaml +# configurations/tekton/basic3-issue-cfg.yaml + +provider: tekton +resourceType: PipelineRun +domain: demo +# Such a job will not work as the [*] "notation" +# with array param is not supported in a task's script +job: + name: basic-job-3 + description: Such a job will not work as the [*] "notation" with array param is not supported in a task's script + actions: + - name: say-hello + params: + - name: team + value: Aurea + script: | + #!/usr/bin/env bash + + members=($(params.team[*])) + + for member in "${members[@]}"; do + echo "Say hello to: $member" + done +``` +Generated file: +```yaml +# generated/tekton/demo/pipelinerun-basic-job-3.yaml + +apiVersion: "tekton.dev/v1" +kind: "PipelineRun" +metadata: + annotations: + tekton.dev/pipelines.minVersion: "0.60.x" + tekton.dev/displayName: "Such a job will not work as the [*] \"notation\" with\ + \ array param is not supported in a task's script" + tekton.dev/platforms: "linux/amd64" + labels: + app.kubernetes.io/version: "0.1" + name: "basic-job-3" +spec: + pipelineSpec: + tasks: + - name: "say-hello" + params: + - name: "name" + value: "team" + - name: "value" + value: "Aurea" + taskSpec: + stepTemplate: {} + steps: + - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: |- + #!/usr/bin/env bash + + members=($(params.team[*])) + + for member in "${members[@]}"; do + echo "Say hello to: $member" + done + timeouts: + pipeline: "300000000000ns" + +``` +#### Basic job echoing a message using the param teamMember + +Command to be executed: +```bash +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/basic2-cfg.yaml +``` +using as configuration: +```yaml +# configurations/tekton/basic2-cfg.yaml + +provider: tekton +resourceType: PipelineRun +domain: demo +job: + name: basic-job-2 + description: Basic job echoing a message using the param teamMember + actions: + - name: say-hello + params: + - name: teamMember + value: Aurea + script: | + #!/usr/bin/env bash + + echo $(params.teamMember) +``` +Generated file: +```yaml +# generated/tekton/demo/pipelinerun-basic-job-2.yaml + +apiVersion: "tekton.dev/v1" +kind: "PipelineRun" +metadata: + annotations: + tekton.dev/pipelines.minVersion: "0.60.x" + tekton.dev/displayName: "Basic job echoing a message using the param teamMember" + tekton.dev/platforms: "linux/amd64" + labels: + app.kubernetes.io/version: "0.1" + name: "basic-job-2" +spec: + pipelineSpec: + tasks: + - name: "say-hello" + params: + - name: "name" + value: "teamMember" + - name: "value" + value: "Aurea" + taskSpec: + stepTemplate: {} + steps: + - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: |- + #!/usr/bin/env bash + + echo $(params.teamMember) + timeouts: + pipeline: "300000000000ns" + +``` +#### Basic job echoing a message + +Command to be executed: +```bash +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/basic1-cfg.yaml +``` +using as configuration: +```yaml +# configurations/tekton/basic1-cfg.yaml + +provider: tekton +resourceType: PipelineRun +domain: demo +job: + name: basic-job-1 + description: Basic job echoing a message + actions: + - name: say-hello + script: | + #!/usr/bin/env bash + + echo "Say hello to the team" +``` +Generated file: +```yaml +# generated/tekton/demo/pipelinerun-basic-job-1.yaml + +apiVersion: "tekton.dev/v1" +kind: "PipelineRun" +metadata: + annotations: + tekton.dev/pipelines.minVersion: "0.60.x" + tekton.dev/displayName: "Basic job echoing a message" + tekton.dev/platforms: "linux/amd64" + labels: + app.kubernetes.io/version: "0.1" + name: "basic-job-1" +spec: + pipelineSpec: + tasks: + - name: "say-hello" + taskSpec: + stepTemplate: {} + steps: + - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + name: "run-script" + script: |- + #!/usr/bin/env bash + + echo "Say hello to the team" + timeouts: + pipeline: "300000000000ns" + +``` +## tekton + +### Buildpack + +#### This Pipeline builds a builder image using the pack CLI. + +Command to be executed: +```bash +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/pack-builder-git-task-cfg.yaml +``` +using as configuration: +```yaml +# configurations/tekton/pack-builder-git-task-cfg.yaml + +provider: tekton +resourceType: PipelineRun +domain: buildpack +namespace: + +job: + name: pack-builder-git-task + description: "This Pipeline builds a builder image using the pack CLI." + params: + - debug: true + - git-url: "https://github.com/redhat-buildpacks/ubi-image-builder.git" + - source-dir: "." + - output-image: "gitea.cnoe.localtest.me:8443/giteaadmin/ubi-builder" + - imageUrl: "buildpacksio/pack" + - imageTag: "latest" + - packCmdBuilderFlags: + - -v + - --publish + # The workspaces declared here will be mounted for each action except if an action overrides it to use a different name + workspaces: + - name: pack-workspace + volumeClaimTemplate: + storage: 1Gi + accessMode: ReadWriteOnce + - name: source-dir + volumeClaimTemplate: + storage: 1Gi + accessMode: ReadWriteOnce + - name: data-store + volumeSources: + - secret: pack-config-toml + - secret: gitea-creds # quay-creds, docker-creds, etc + actions: + - name: git-clone + ref: bundle://quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:de0ca8872c791944c479231e21d68379b54877aaf42e5f766ef4a8728970f8b3 + params: + - url: "$(params.git-url)" + - subdirectory: "." + workspaces: + - name: output + workspace: source-dir + - name: fetch-packconfig-registrysecret + ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25 + - name: list-source-workspace + ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25 + - name: pack-builder + ref: url://https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/pack-builder/0.1/pack-builder.yml + params: + - PACK_SOURCE_DIR: "$(params.source-dir)" + - PACK_CLI_IMAGE: "$(params.imageUrl)" + - PACK_CLI_IMAGE_VERSION: "$(params.imageTag)" + - BUILDER_IMAGE_NAME: "$(params.output-image)" + - PACK_BUILDER_TOML: "ubi-builder.toml" + - PACK_CMD_FLAGS: + - "$(params.packCmdBuilderFlags)" + + +``` +Generated file: +```yaml +# generated/tekton/buildpack/pipelinerun-pack-builder-git-task.yaml + +apiVersion: "tekton.dev/v1" +kind: "PipelineRun" +metadata: + annotations: + tekton.dev/pipelines.minVersion: "0.60.x" + tekton.dev/displayName: "This Pipeline builds a builder image using the pack CLI." + tekton.dev/platforms: "linux/amd64" + labels: + app.kubernetes.io/version: "0.1" + name: "pack-builder-git-task" +spec: + params: + - name: "debug" + value: "true" + - name: "git-url" + value: "https://github.com/redhat-buildpacks/ubi-image-builder.git" - name: "source-dir" - value: "source" + value: "." + - name: "output-image" + value: "gitea.cnoe.localtest.me:8443/giteaadmin/ubi-builder" - name: "imageUrl" value: "buildpacksio/pack" - name: "imageTag" value: "latest" - name: "packCmdBuilderFlags" value: - - "build" - - "-B" - - "quay.io/snowdrop/ubi-builder" - - "-e" - - "BP_JVM_VERSION=21" - - "quarkus-hello:1.0" + - "-v" + - "--publish" pipelineSpec: - finally: - - name: "show-sbom" + tasks: + - name: "git-clone" params: - - name: "IMAGE_URL" - value: "$(tasks.build-container.results.IMAGE_URL)" + - name: "url" + value: "$(params.git-url)" + - name: "subdirectory" + value: "." taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1" + value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:de0ca8872c791944c479231e21d68379b54877aaf42e5f766ef4a8728970f8b3" - name: "name" - value: "show-sbom" + value: "git-clone" - name: "kind" value: "task" resolver: "bundles" - - name: "summary" - params: - - name: "pipelinerun-name" - value: "$(context.pipelineRun.name)" - - name: "git-url" - value: "$(tasks.git-clone.results.url)?rev=$(tasks.git-clone.results.commit)" - - name: "image-url" - value: "$(params.output-image)" - - name: "build-task-status" - value: "$(tasks.build-container.status)" + workspaces: + - name: "output" + workspace: "source-dir" + - name: "fetch-packconfig-registrysecret" + runAfter: + - "git-clone" taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-summary:0.2" + value: "quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25" - name: "name" - value: "summary" + value: "fetch-packconfig-registrysecret" - name: "kind" value: "task" resolver: "bundles" - workspaces: - - name: "workspace" - workspace: "workspace" - results: - - name: "IMAGE_URL" - value: "$(tasks.build-container.results.IMAGE_URL)" - - name: "IMAGE_DIGEST" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "BASE_IMAGES_DIGESTS" - value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" - - name: "CHAINS-GIT_URL" - value: "$(tasks.git-clone.results.url)" - - name: "CHAINS-GIT_COMMIT" - value: "$(tasks.git-clone.results.commit)" - tasks: - - name: "init" - params: - - name: "image-url" - value: "$(params.output-image)" - - name: "rebuild" - value: "$(params.rebuild)" - - name: "skip-checks" - value: "$(params.skip-checks)" + - name: "list-source-workspace" + runAfter: + - "fetch-packconfig-registrysecret" taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-init:0.2" + value: "quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25" - name: "name" - value: "init" + value: "list-source-workspace" - name: "kind" value: "task" resolver: "bundles" + - name: "pack-builder" + params: + - name: "PACK_SOURCE_DIR" + value: "$(params.source-dir)" + - name: "PACK_CLI_IMAGE" + value: "$(params.imageUrl)" + - name: "PACK_CLI_IMAGE_VERSION" + value: "$(params.imageTag)" + - name: "BUILDER_IMAGE_NAME" + value: "$(params.output-image)" + - name: "PACK_BUILDER_TOML" + value: "ubi-builder.toml" + - name: "PACK_CMD_FLAGS" + value: + - "$(params.packCmdBuilderFlags)" + runAfter: + - "list-source-workspace" + taskRef: + params: + - name: "url" + value: "https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/pack-builder/0.1/pack-builder.yml" + resolver: "http" + workspaces: + - name: "source-dir" + workspace: "source-dir" + - name: "pack-workspace" + workspace: "pack-workspace" + timeouts: + pipeline: "300000000000ns" + workspaces: + - name: "pack-workspace" + volumeClaimTemplate: + apiVersion: "v1" + kind: "PersistentVolumeClaim" + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + - name: "source-dir" + volumeClaimTemplate: + apiVersion: "v1" + kind: "PersistentVolumeClaim" + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + - name: "data-store" + projected: + sources: + - secret: + name: "pack-config-toml" + - secret: + name: "gitea-creds" + +``` +#### This Pipeline builds a builder image using the pack CLI. + +Command to be executed: +```bash +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/pack-builder-cfg.yaml +``` +using as configuration: +```yaml +# configurations/tekton/pack-builder-cfg.yaml + +provider: tekton +resourceType: PipelineRun +domain: buildpack +namespace: + +job: + name: pack-builder-push + description: "This Pipeline builds a builder image using the pack CLI." + params: + - debug: true + - git-url: "https://github.com/redhat-buildpacks/ubi-image-builder.git" + - source-dir: "." + - output-image: "gitea.cnoe.localtest.me:8443/giteaadmin/ubi-builder" + - imageUrl: "buildpacksio/pack" + - imageTag: "latest" + - packCmdBuilderFlags: + - -v + - --publish + # The workspaces declared here will be mounted for each action except if an action overrides it to use a different name + workspaces: + - name: pack-workspace + volumeClaimTemplate: + storage: 1Gi + accessMode: ReadWriteOnce + - name: source-dir + volumeClaimTemplate: + storage: 1Gi + accessMode: ReadWriteOnce + - name: data-store + volumeSources: + - secret: pack-config-toml + - secret: gitea-creds # quay-creds, docker-creds, etc + actions: + - name: git-clone + ref: bundle://quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:de0ca8872c791944c479231e21d68379b54877aaf42e5f766ef4a8728970f8b3 + params: + - url: "$(params.git-url)" + - subdirectory: "." + workspaces: + - name: output + workspace: source-dir + - name: fetch-packconfig-registrysecret + ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25 + - name: list-source-workspace + ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25 + - name: pack-builder + ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25 + params: + - PACK_SOURCE_DIR: "$(params.source-dir)" + - PACK_CLI_IMAGE: "$(params.imageUrl)" + - PACK_CLI_IMAGE_VERSION: "$(params.imageTag)" + - BUILDER_IMAGE_NAME: "$(params.output-image)" + - PACK_BUILDER_TOML: "ubi-builder.toml" + - PACK_CMD_FLAGS: + - "$(params.packCmdBuilderFlags)" + + +``` +Generated file: +```yaml +# generated/tekton/buildpack/pipelinerun-pack-builder-push.yaml + +apiVersion: "tekton.dev/v1" +kind: "PipelineRun" +metadata: + annotations: + tekton.dev/pipelines.minVersion: "0.60.x" + tekton.dev/displayName: "This Pipeline builds a builder image using the pack CLI." + tekton.dev/platforms: "linux/amd64" + labels: + app.kubernetes.io/version: "0.1" + name: "pack-builder-push" +spec: + params: + - name: "debug" + value: "true" + - name: "git-url" + value: "https://github.com/redhat-buildpacks/ubi-image-builder.git" + - name: "source-dir" + value: "." + - name: "output-image" + value: "gitea.cnoe.localtest.me:8443/giteaadmin/ubi-builder" + - name: "imageUrl" + value: "buildpacksio/pack" + - name: "imageTag" + value: "latest" + - name: "packCmdBuilderFlags" + value: + - "-v" + - "--publish" + pipelineSpec: + tasks: - name: "git-clone" params: - name: "url" value: "$(params.git-url)" - runAfter: - - "init" + - name: "subdirectory" + value: "." taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1" + value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:de0ca8872c791944c479231e21d68379b54877aaf42e5f766ef4a8728970f8b3" - name: "name" value: "git-clone" - name: "kind" @@ -251,171 +1101,61 @@ spec: resolver: "bundles" workspaces: - name: "output" - workspace: "workspace" - - name: "basic-auth" - workspace: "git-auth" - - name: "prefetch-dependencies" - params: - - name: "input" - value: "$(params.prefetch-input)" + workspace: "source-dir" + - name: "fetch-packconfig-registrysecret" runAfter: - "git-clone" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1" - - name: "name" - value: "prefetch-dependencies" - - name: "kind" - value: "task" - resolver: "bundles" - workspaces: - - name: "source" - workspace: "workspace" - - name: "git-basic-auth" - workspace: "git-auth" - - name: "build-container" - params: - - name: "PACK_SOURCE_DIR" - value: "$(params.source-dir)" - - name: "PACK_CLI_IMAGE" - value: "$(params.imageUrl)" - - name: "PACK_CLI_IMAGE_VERSION" - value: "$(params.imageTag)" - - name: "PACK_CMD_FLAGS" - value: - - "$(params.packCmdBuilderFlags)" taskRef: params: - name: "bundle" value: "quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25" - name: "name" - value: "pack" + value: "fetch-packconfig-registrysecret" - name: "kind" value: "task" resolver: "bundles" - workspaces: - - name: "source-dir" - workspace: "workspace" - - name: "pack-workspace" - workspace: "workspace" - - name: "build-image-index" - params: - - name: "IMAGE" - value: "$(params.output-image)" - - name: "COMMIT_SHA" - value: "$(tasks.git-clone.results.commit)" - - name: "IMAGE_EXPIRES_AFTER" - value: "$(params.image-expires-after)" - - name: "ALWAYS_BUILD_INDEX" - value: "$(params.build-image-index)" - - name: "IMAGES" - value: - - "$(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "list-source-workspace" runAfter: - - "build-container" + - "fetch-packconfig-registrysecret" taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1" + value: "quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25" - name: "name" - value: "build-image-index" + value: "list-source-workspace" - name: "kind" value: "task" resolver: "bundles" - - name: "source-build" + - name: "pack-builder" params: - - name: "BINARY_IMAGE" + - name: "PACK_SOURCE_DIR" + value: "$(params.source-dir)" + - name: "PACK_CLI_IMAGE" + value: "$(params.imageUrl)" + - name: "PACK_CLI_IMAGE_VERSION" + value: "$(params.imageTag)" + - name: "BUILDER_IMAGE_NAME" value: "$(params.output-image)" - - name: "BASE_IMAGES" - value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-source-build:0.1" - - name: "name" - value: "source-build" - - name: "kind" - value: "task" - resolver: "bundles" - workspaces: - - name: "workspace" - workspace: "workspace" - - name: "clair-scan" - params: - - name: "image-digest" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "image-url" - value: "$(tasks.build-container.results.IMAGE_URL)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1" - - name: "name" - value: "clair-scan" - - name: "kind" - value: "task" - resolver: "bundles" - - name: "ecosystem-cert-preflight-checks" - params: - - name: "image-url" - value: "$(tasks.build-container.results.IMAGE_URL)" - runAfter: - - "build-container" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1" - - name: "name" - value: "ecosystem-cert-preflight-checks" - - name: "kind" - value: "task" - resolver: "bundles" - - name: "sast-snyk-check" - params: - - name: "image-digest" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "image-url" - value: "$(tasks.build-container.results.IMAGE_URL)" - runAfter: - - "git-clone" - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2" - - name: "name" - value: "sast-snyk-check" - - name: "kind" - value: "task" - resolver: "bundles" - workspaces: - - name: "workspace" - workspace: "workspace" - - name: "clamav-scan" - params: - - name: "image-digest" - value: "$(tasks.build-container.results.IMAGE_DIGEST)" - - name: "image-url" - value: "$(tasks.build-container.results.IMAGE_URL)" + - name: "PACK_BUILDER_TOML" + value: "ubi-builder.toml" + - name: "PACK_CMD_FLAGS" + value: + - "$(params.packCmdBuilderFlags)" runAfter: - - "build-container" + - "list-source-workspace" taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1" + value: "quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25" - name: "name" - value: "clamav-scan" + value: "pack-builder" - name: "kind" value: "task" resolver: "bundles" timeouts: pipeline: "300000000000ns" workspaces: - - name: "workspace" + - name: "pack-workspace" volumeClaimTemplate: apiVersion: "v1" kind: "PersistentVolumeClaim" @@ -425,9 +1165,6 @@ spec: resources: requests: storage: "1Gi" - - name: "git-auth" - secret: - secretName: "{{ git_auth_secret }}" - name: "source-dir" volumeClaimTemplate: apiVersion: "v1" @@ -438,27 +1175,28 @@ spec: resources: requests: storage: "1Gi" - - name: "pack-workspace" - volumeClaimTemplate: - apiVersion: "v1" - kind: "PersistentVolumeClaim" - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "1Gi" + - name: "data-store" + projected: + sources: + - secret: + name: "pack-config-toml" + - secret: + name: "gitea-creds" ``` -#### PipelineRun doing a build of a Quarkus application using buildpack - extension task +## konflux + +### Build + +#### PipelineRun performing a build of a Quarkus application using buildpack task and lifecycle Command to be executed: ```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/konflux/build-quarkus-app-lifecycle-extension-cfg.yaml +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/konflux/build-quarkus-app-lifecycle-build-cfg.yaml ``` using as configuration: ```yaml -# configurations/konflux/build-quarkus-app-lifecycle-extension-cfg.yaml +# configurations/konflux/build-quarkus-app-lifecycle-build-cfg.yaml # The type will be used by the application to generate the resources for the selected provider: konflux, tekton provider: konflux @@ -473,14 +1211,14 @@ repository: # To generate the Konflux Application and/or Component CR application: name: my-quarkus - enable: true + enable: false component: name: my-quarkus-app - enable: true + enable: false job: name: quarkus-1-on-push - description: PipelineRun doing a build of a Quarkus application using buildpack - extension task + description: PipelineRun performing a build of a Quarkus application using buildpack task and lifecycle results: - IMAGE_URL: "$(tasks.build-container.results.IMAGE_URL)" @@ -493,51 +1231,17 @@ job: params: - git-url: "{{source_url}}" - revision: "{{revision}}" - - output-image: "quay.io/ch007m/my-quarkus:{{revision}}" - - image-expires-after: "5d" - - build-image-index: "" - - skip-checks: "true" - # We need the following parameters when used within the Pipeline: when condition, etc - - build-source-image: false - - prefetch-input: "" - # SBOM Grype - - grype-version: v0.79.6 - - grype-sbom-format: table - - # Buildpack params - - actions: - # Finally - - name: show-sbom - finally: true - # ref: bundle://quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:9bfc6b99ef038800fe131d7b45ff3cd4da3a415dd536f7c657b3527b01c4a13b - # params: - # - IMAGE_URL: "$(tasks.build-container.results.IMAGE_URL)" - ref: url://https://raw.githubusercontent.com/tektoncd/catalog/main/task/grype/0.1/grype.yaml - params: - - GRYPE_IMAGE: anchore/grype:$(params.grype-version) - - ARGS: - - $(tasks.build-container.results.IMAGE_URL) - - -o $(params.grype-sbom-format) - - - name: summary # Konflux uses as name show-summary !! - finally: true - ref: bundle://quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:d97c04ab42f277b1103eb6f3a053b247849f4f5b3237ea302a8ecada3b24e15b - params: - - pipelinerun-name: "$(context.pipelineRun.name)" - - git-url: "$(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit)" - - image-url: "$(params.output-image)" - - build-task-status: "$(tasks.build-container.status)" - - # Our build and check tasks - - name: buildpacks-extension-check - ref: url://https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/buildpacks-extension-check/01/buildpacks-extension-check.yaml - params: - - builderImage: paketocommunity/builder-ubi-base:latest - - credentialsHome: /tekton/creds-secrets/ + - output-image: "quay.io/ch007m/my-quarkus:{{revision}}" + - image-expires-after: "5d" + - build-image-index: "" + # We need the following parameters when used within the Pipeline: when condition, etc + - build-source-image: false + - prefetch-input: "" + # Buildpack params - - name: buildpacks-extension-phases - ref: url://https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/buildpacks-extension-phases/01/buildpacks-extension-phases.yaml + actions: + - name: buildpacks-phases + ref: url://https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/buildpacks-phases/01/buildpacks-phases.yaml workspaces: - name: source workspace: workspace @@ -545,13 +1249,14 @@ job: - APP_IMAGE: $(params.output-image) - SOURCE_SUBPATH: "source" - CNB_LOG_LEVEL: "info" + - CNB_BUILDER_IMAGE: paketocommunity/builder-ubi-base:latest - CNB_LIFECYCLE_IMAGE: buildpacksio/lifecycle:0.20.1 - CNB_PLATFORM_API: "0.14" - - CNB_BUILDER_IMAGE: paketocommunity/builder-ubi-base:latest + - CNB_EXPERIMENTAL_MODE: "false" - CNB_BUILD_IMAGE: paketocommunity/build-ubi-base:latest - CNB_RUN_IMAGE: paketocommunity/run-ubi-base:latest - - CNB_USER_ID: $(tasks.buildpacks-extension-check.results.uid) - - CNB_GROUP_ID: $(tasks.buildpacks-extension-check.results.gid) + - CNB_GROUP_ID: 1000 # see: https://github.com/paketo-community/ubi-base-stack/blob/main/stack/stack.toml#L10-L12 + - CNB_USER_ID: 1002 - CNB_ENV_VARS: - BP_JVM_VERSION=21 ``` @@ -902,15 +1607,15 @@ spec: storage: "1Gi" ``` -#### PipelineRun performing a build of a Quarkus application using buildpack task and lifecycle +#### PipelineRun performing a build of a Quarkus application using pack CLI Command to be executed: ```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/konflux/build-quarkus-app-lifecycle-build-cfg.yaml +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/konflux/build-quarkus-app-cfg.yaml ``` using as configuration: ```yaml -# configurations/konflux/build-quarkus-app-lifecycle-build-cfg.yaml +# configurations/konflux/build-quarkus-app-cfg.yaml # The type will be used by the application to generate the resources for the selected provider: konflux, tekton provider: konflux @@ -932,7 +1637,13 @@ component: job: name: quarkus-1-on-push - description: PipelineRun performing a build of a Quarkus application using buildpack task and lifecycle + description: PipelineRun performing a build of a Quarkus application using pack CLI + + workspaces: + - name: source-dir + workspace: workspace + - name: pack-workspace + workspace: workspace results: - IMAGE_URL: "$(tasks.build-container.results.IMAGE_URL)" @@ -945,34 +1656,54 @@ job: params: - git-url: "{{source_url}}" - revision: "{{revision}}" - - output-image: "quay.io/ch007m/my-quarkus:{{revision}}" + - output-image: "quay.io/ch007m/user-ns1/my-quarkus/quarkus-1:{{revision}}" - image-expires-after: "5d" - build-image-index: "" # We need the following parameters when used within the Pipeline: when condition, etc - build-source-image: false - prefetch-input: "" + # Buildpack params + - source-dir: "source" + - imageUrl: "buildpacksio/pack" + - imageTag: "latest" + - packCmdBuilderFlags: + - build + - -B + - quay.io/snowdrop/ubi-builder + - -e + - BP_JVM_VERSION=21 + - quarkus-hello:1.0 + + # Remark : As the Pipeline(run) resource of konflux already defines mandatory steps to perform actions as listed here - it is then not needed + # to detail them here except the actions that you want to include part of the build process + # The actions to be executed should match/map the name ofg the Task declared in an OCI Bundle or Git repository url + # Examples: + # - pack: to build an image using the Pack CLI + # - build: to build an application using a builder image + # - pack-builder: to create a builder image using pack CLI + # - stack: to create a base stack image build or run + # - meta/composite: to package the buildpacks of a "meta/composite" buildpack project + # - buildpack: to package a "buildpack" project + # - extension: to package an "extension" project + # actions: - - name: buildpacks-phases - ref: url://https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/buildpacks-phases/01/buildpacks-phases.yaml + - name: pack + ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25 workspaces: - - name: source + - name: source-dir + workspace: workspace + - name: pack-workspace workspace: workspace params: - - APP_IMAGE: $(params.output-image) - - SOURCE_SUBPATH: "source" - - CNB_LOG_LEVEL: "info" - - CNB_BUILDER_IMAGE: paketocommunity/builder-ubi-base:latest - - CNB_LIFECYCLE_IMAGE: buildpacksio/lifecycle:0.20.1 - - CNB_PLATFORM_API: "0.14" - - CNB_EXPERIMENTAL_MODE: "false" - - CNB_BUILD_IMAGE: paketocommunity/build-ubi-base:latest - - CNB_RUN_IMAGE: paketocommunity/run-ubi-base:latest - - CNB_GROUP_ID: 1000 # see: https://github.com/paketo-community/ubi-base-stack/blob/main/stack/stack.toml#L10-L12 - - CNB_USER_ID: 1002 - - CNB_ENV_VARS: - - BP_JVM_VERSION=21 + - PACK_SOURCE_DIR: "$(params.source-dir)" + - PACK_CLI_IMAGE: "$(params.imageUrl)" + - PACK_CLI_IMAGE_VERSION: "$(params.imageTag)" + - PACK_CMD_FLAGS: + - "$(params.packCmdBuilderFlags)" + + ``` Generated file: ```yaml @@ -1321,100 +2052,114 @@ spec: storage: "1Gi" ``` -## konflux - -### Remote-build - -#### PipelineRun using the pack cli to build the builder image remotely +#### PipelineRun doing a build of a Quarkus application using buildpack - extension task Command to be executed: ```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/konflux/build-remote-ssh-cfg.yaml +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/konflux/build-quarkus-app-lifecycle-extension-cfg.yaml ``` using as configuration: ```yaml -# configurations/konflux/build-remote-ssh-cfg.yaml +# configurations/konflux/build-quarkus-app-lifecycle-extension-cfg.yaml # The type will be used by the application to generate the resources for the selected provider: konflux, tekton provider: konflux resourceType: PipelineRun -domain: remote-build -namespace: cmoullia-tenant +domain: build +namespace: user-ns1 repository: - url: https://github.com/redhat-buildpacks/builder-ubi-base + url: https://github.com/ch007m/new-quarkus-app-1 + dockerfilePath: src/main/docker/Dockerfile.jvm -# To generate the Application and/or Component CR +# To generate the Konflux Application and/or Component CR application: - name: buildpack-remote - enable: false + name: my-quarkus + enable: true component: - name: builder-ubi-base - enable: false + name: my-quarkus-app + enable: true job: - name: builder-ubi-base - description: PipelineRun using the pack cli to build the builder image remotely - timeout: "0h15m0s" + name: quarkus-1-on-push + description: PipelineRun doing a build of a Quarkus application using buildpack - extension task + + results: + - IMAGE_URL: "$(tasks.build-container.results.IMAGE_URL)" + - IMAGE_DIGEST: "$(tasks.build-container.results.IMAGE_DIGEST)" + - BASE_IMAGES_DIGESTS: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" + + - CHAINS-GIT_URL: "$(tasks.clone-repository.results.url)" + - CHAINS-GIT_COMMIT: "$(tasks.clone-repository.results.commit)" params: - # Konflux param - - output-image: quay.io/redhat-user-workloads/cmoullia-tenant/buildpack-remote/builder-ubi-base:{{revision}} + - git-url: "{{source_url}}" + - revision: "{{revision}}" + - output-image: "quay.io/ch007m/my-quarkus:{{revision}}" + - image-expires-after: "5d" + - build-image-index: "" + - skip-checks: "true" + # We need the following parameters when used within the Pipeline: when condition, etc + - build-source-image: false + - prefetch-input: "" + # SBOM Grype + - grype-version: v0.79.6 + - grype-sbom-format: table + + # Buildpack params actions: - - name: pack - runAfter: prefetch-dependencies # TODO: IS there a better way to set such a value : default or not - image: quay.io/konflux-ci/buildah-task:latest@sha256:860a239c5f25376a435a514ae6d53a5c75b1fa492461d17774e9b7cb32d1e275 + # Finally + - name: show-sbom + finally: true + # ref: bundle://quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:9bfc6b99ef038800fe131d7b45ff3cd4da3a415dd536f7c657b3527b01c4a13b + # params: + # - IMAGE_URL: "$(tasks.build-container.results.IMAGE_URL)" + ref: url://https://raw.githubusercontent.com/tektoncd/catalog/main/task/grype/0.1/grype.yaml params: - # Konflux - - PLATFORM: linux-mlarge/amd64 # linux-root/amd64 # We need it in order to configure the multi-arch-platform controller properly - see: https://github.com/redhat-appstudio/infra-deployments/blob/main/components/multi-platform-controller/production/host-config.yaml + - GRYPE_IMAGE: anchore/grype:$(params.grype-version) + - ARGS: + - $(tasks.build-container.results.IMAGE_URL) + - -o $(params.grype-sbom-format) - # Image to use to execute remotely the SSH script using podman run - - BUILDER_IMAGE: quay.io/konflux-ci/buildah-task:latest@sha256:860a239c5f25376a435a514ae6d53a5c75b1fa492461d17774e9b7cb32d1e275 + - name: summary # Konflux uses as name show-summary !! + finally: true + ref: bundle://quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:d97c04ab42f277b1103eb6f3a053b247849f4f5b3237ea302a8ecada3b24e15b + params: + - pipelinerun-name: "$(context.pipelineRun.name)" + - git-url: "$(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit)" + - image-url: "$(params.output-image)" + - build-task-status: "$(tasks.build-container.status)" - # Buildpack - - REPOSITORY_TO_FETCH: "https://github.com/redhat-buildpacks/builder-ubi-base" - - PACK_CLI_VERSION: "v0.35.1" - - BUILD_ARGS: - - "-v" + # Our build and check tasks + - name: buildpacks-extension-check + ref: url://https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/buildpacks-extension-check/01/buildpacks-extension-check.yaml + params: + - builderImage: paketocommunity/builder-ubi-base:latest + - credentialsHome: /tekton/creds-secrets/ + + - name: buildpacks-extension-phases + ref: url://https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/buildpacks-extension-phases/01/buildpacks-extension-phases.yaml workspaces: - name: source workspace: workspace - - results: - - IMAGE_URL: "Image repository and tag where the built image was pushed" - - IMAGE_DIGEST: "Digest of the image just built" - - IMAGE_REF: "Image reference of the built image" - - BASE_IMAGES_DIGESTS: "Digests of the base images used for build" - - SBOM_BLOB_URL: "SBOM Image URL" - - # env var ar not injected within the tekton's pod running the script - envs: - - BUILDER_IMAGE: $(params.BUILDER_IMAGE) - - PLATFORM: $(params.PLATFORM) - - REPOSITORY_TO_FETCH: $(params.REPOSITORY_TO_FETCH) - - IMAGE: $(params.output-image) - - PACK_CLI_VERSION: $(params.PACK_CLI_VERSION) - - args: - - $(params.BUILD_ARGS[*]) - - #scriptFileUrl: https://raw.githubusercontent.com/ch007m/pipeline-dsl-builder/main/scripts/ssh-remote.sh - volumes: - - name: ssh - mountPath: /ssh - # readOnly: true ==> The default value is true - secret: "multi-platform-ssh-$(context.taskRun.name)" - - name: workdir - mountPath: /var/workdir - readOnly: false - emptyDir: "{}" - - scriptFileUrl: "file://configurations/konflux/ubi-builder-image.sh" + params: + - APP_IMAGE: $(params.output-image) + - SOURCE_SUBPATH: "source" + - CNB_LOG_LEVEL: "info" + - CNB_LIFECYCLE_IMAGE: buildpacksio/lifecycle:0.20.1 + - CNB_PLATFORM_API: "0.14" + - CNB_BUILDER_IMAGE: paketocommunity/builder-ubi-base:latest + - CNB_BUILD_IMAGE: paketocommunity/build-ubi-base:latest + - CNB_RUN_IMAGE: paketocommunity/run-ubi-base:latest + - CNB_USER_ID: $(tasks.buildpacks-extension-check.results.uid) + - CNB_GROUP_ID: $(tasks.buildpacks-extension-check.results.gid) + - CNB_ENV_VARS: + - BP_JVM_VERSION=21 ``` Generated file: ```yaml -# generated/konflux/remote-build/pipelinerun-builder-ubi-base.yaml +# generated/konflux/build/pipelinerun-quarkus-1-on-push.yaml apiVersion: "tekton.dev/v1" kind: "PipelineRun" @@ -1425,16 +2170,16 @@ metadata: pipelinesascode.tekton.dev/on-cel-expression: "event == 'push' && target_branch\ \ == 'main'" pipelinesascode.tekton.dev/max-keep-runs: "3" - build.appstudio.openshift.io/repo: "https://github.com/redhat-buildpacks/builder-ubi-base?rev={{revision}}" + build.appstudio.openshift.io/repo: "https://github.com/ch007m/new-quarkus-app-1?rev={{revision}}" labels: - appstudio.openshift.io/application: "buildpack-remote" + appstudio.openshift.io/application: "my-quarkus" pipelines.appstudio.openshift.io/type: "build" - pipelines.openshift.io/strategy: "remote-build" - appstudio.openshift.io/component: "builder-ubi-base" + pipelines.openshift.io/strategy: "build" + appstudio.openshift.io/component: "my-quarkus-app" pipelines.openshift.io/used-by: "build-cloud" pipelines.openshift.io/runtime: "java" - name: "builder-ubi-base" - namespace: "cmoullia-tenant" + name: "quarkus-1-on-push" + namespace: "user-ns1" spec: params: - name: "git-url" @@ -1449,8 +2194,34 @@ spec: value: "false" - name: "prefetch-input" value: "" + - name: "git-url" + value: "{{source_url}}" + - name: "revision" + value: "{{revision}}" - name: "output-image" - value: "quay.io/redhat-user-workloads/cmoullia-tenant/buildpack-remote/builder-ubi-base:{{revision}}" + value: "quay.io/ch007m/user-ns1/my-quarkus/quarkus-1:{{revision}}" + - name: "image-expires-after" + value: "5d" + - name: "build-image-index" + value: "" + - name: "build-source-image" + value: "false" + - name: "prefetch-input" + value: "" + - name: "source-dir" + value: "source" + - name: "imageUrl" + value: "buildpacksio/pack" + - name: "imageTag" + value: "latest" + - name: "packCmdBuilderFlags" + value: + - "build" + - "-B" + - "quay.io/snowdrop/ubi-builder" + - "-e" + - "BP_JVM_VERSION=21" + - "quarkus-hello:1.0" pipelineSpec: finally: - name: "show-sbom" @@ -1559,240 +2330,28 @@ spec: workspace: "git-auth" - name: "build-container" params: - - name: "PLATFORM" - value: "linux-mlarge/amd64" - - name: "BUILDER_IMAGE" - value: "quay.io/konflux-ci/buildah-task:latest@sha256:860a239c5f25376a435a514ae6d53a5c75b1fa492461d17774e9b7cb32d1e275" - - name: "REPOSITORY_TO_FETCH" - value: "https://github.com/redhat-buildpacks/builder-ubi-base" - - name: "PACK_CLI_VERSION" - value: "v0.35.1" - - name: "BUILD_ARGS" + - name: "PACK_SOURCE_DIR" + value: "$(params.source-dir)" + - name: "PACK_CLI_IMAGE" + value: "$(params.imageUrl)" + - name: "PACK_CLI_IMAGE_VERSION" + value: "$(params.imageTag)" + - name: "PACK_CMD_FLAGS" value: - - "-v" - runAfter: - - "prefetch-dependencies" - taskSpec: - results: - - description: "Image repository and tag where the built image was pushed" - name: "IMAGE_URL" - - description: "Digest of the image just built" - name: "IMAGE_DIGEST" - - description: "Image reference of the built image" - name: "IMAGE_REF" - - description: "Digests of the base images used for build" - name: "BASE_IMAGES_DIGESTS" - - description: "SBOM Image URL" - name: "SBOM_BLOB_URL" - stepTemplate: - env: - - name: "BUILDER_IMAGE" - value: "$(params.BUILDER_IMAGE)" - - name: "PLATFORM" - value: "$(params.PLATFORM)" - - name: "REPOSITORY_TO_FETCH" - value: "$(params.REPOSITORY_TO_FETCH)" - - name: "IMAGE" - value: "$(params.output-image)" - - name: "PACK_CLI_VERSION" - value: "$(params.PACK_CLI_VERSION)" - steps: - - args: - - "$(params.BUILD_ARGS[*])" - image: "quay.io/konflux-ci/buildah-task:latest@sha256:860a239c5f25376a435a514ae6d53a5c75b1fa492461d17774e9b7cb32d1e275" - name: "run-script" - script: |- - #!/usr/bin/env bash - set -eu - set -o pipefail - - echo "##########################################################################################" - echo "### Step 1 :: Configure SSH and rsync folders from tekton to the VM" - echo "##########################################################################################" - mkdir -p ~/.ssh - if [ -e "/ssh/error" ]; then - #no server could be provisioned - cat /ssh/error - exit 1 - elif [ -e "/ssh/otp" ]; then - curl --cacert /ssh/otp-ca -XPOST -d @/ssh/otp $(cat /ssh/otp-server) >~/.ssh/id_rsa - echo "" >> ~/.ssh/id_rsa - else - cp /ssh/id_rsa ~/.ssh - fi - chmod 0400 ~/.ssh/id_rsa - - export SSH_HOST=$(cat /ssh/host) - export BUILD_DIR=$(cat /ssh/user-dir) - export SSH_ARGS="-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ServerAliveCountMax=10" - - echo "### Export different variables which are used within the script like args, repository to fetch, etc" - export REPOSITORY_TO_FETCH=${REPOSITORY_TO_FETCH} - export BUILD_ARGS="$@" - - ssh $SSH_ARGS "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" - - echo "### rsync folders from pod to VM ..." - rsync -ra /var/workdir/ "$SSH_HOST:$BUILD_DIR/volumes/workdir/" - rsync -ra "/tekton/results/" "$SSH_HOST:$BUILD_DIR/results/" - - echo "##########################################################################################" - echo "### Step 2 :: Create the bash script to be executed within the VM" - echo "##########################################################################################" - mkdir -p scripts - cat >scripts/script-build.sh <<'REMOTESSHEOF' - #!/bin/sh - - TEMP_DIR="$HOME/tmp" - USER_BIN_DIR="$HOME/bin" - BUILDPACK_PROJECTS="$HOME/buildpack-repo" - - mkdir -p ${TEMP_DIR} - mkdir -p ${USER_BIN_DIR} - mkdir -p ${BUILDPACK_PROJECTS} - - export PATH=$PATH:${USER_BIN_DIR} - - echo "### Podman info ###" - podman version - - echo "### Start podman.socket ##" - systemctl --user start podman.socket - systemctl status podman.socket - - echo "### Installing jq ..." - curl -sSL https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux-amd64 > ${USER_BIN_DIR}/jq - chmod +x ${USER_BIN_DIR}/jq - - echo "### Install tomlq tool ..." - curl -sSL https://github.com/cryptaliagy/tomlq/releases/download/0.1.6/tomlq.amd64.tgz | tar -vxz tq - mv tq ${USER_BIN_DIR}/tq - - echo "### Install syft" - curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- - # Not needed as syft is already saved under bin/syft => mv bin/syft ${USER_BIN_DIR}/syft - syft --version - - echo "### Install cosign" - curl -O -sL https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64 - mv cosign-linux-amd64 ${USER_BIN_DIR}/cosign - chmod +x ${USER_BIN_DIR}/cosign - cosign version - - echo "### Install pack ###" - curl -sSL "https://github.com/buildpacks/pack/releases/download/${PACK_CLI_VERSION}/pack-${PACK_CLI_VERSION}-linux.tgz" | tar -C ${TEMP_DIR} --no-same-owner -xzv pack - mv ${TEMP_DIR}/pack ${USER_BIN_DIR} - - echo "### Pack version ###" - pack --version - pack config experimental true - - echo "### Fetch the tarball of the buildpack project to build" - echo "### Git repo: ${REPOSITORY_TO_FETCH}" - curl -sSL "${REPOSITORY_TO_FETCH}/tarball/main" | tar -xz -C ${TEMP_DIR} - mv ${TEMP_DIR}/redhat-buildpacks-builder-ubi-base-* ${BUILDPACK_PROJECTS}/builder-ubi-base - cd ${BUILDPACK_PROJECTS}/builder-ubi-base - - echo "### Build the builder image using pack" - for build_arg in "${BUILD_ARGS[@]}"; do - PACK_ARGS+=" $build_arg" - done - - echo "### Pack extra args: $PACK_ARGS" - - echo "### Execute: pack builder create ..." - export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock - echo "pack builder create ${IMAGE} --config builder.toml ${PACK_ARGS}" - pack builder create ${IMAGE} --config builder.toml ${PACK_ARGS} - - echo "### Export the image as OCI" - podman push "$IMAGE" "oci:konflux-final-image:$IMAGE" - - echo "###########################################################" - echo "### Export: IMAGE_URL, IMAGE_DIGEST & BASE_IMAGES_DIGESTS under: $BUILD_DIR/volumes/workdir/" - echo "###########################################################" - echo -n "$IMAGE" > $BUILD_DIR/volumes/workdir/IMAGE_URL - - BASE_IMAGE=$(tq -f builder.toml -o json 'stack' | jq -r '."build-image"') - podman inspect ${BASE_IMAGE} | jq -r '.[].Digest' > $BUILD_DIR/volumes/workdir/BASE_IMAGES_DIGESTS - - echo "### Push the image produced and get its digest: $IMAGE" - podman push \ - --digestfile $BUILD_DIR/volumes/workdir/IMAGE_DIGEST \ - "$IMAGE" - - echo "########################################" - echo "### Running syft on the image filesystem" - echo "########################################" - syft -v scan oci-dir:konflux-final-image -o cyclonedx-json > $BUILD_DIR/volumes/workdir/sbom-image.json - - echo "### Show the content of the sbom file" - cat $BUILD_DIR/volumes/workdir/sbom-image.json # | jq -r '.' - - { - echo -n "${IMAGE}@" - cat "$BUILD_DIR/volumes/workdir/IMAGE_DIGEST" - } > $BUILD_DIR/volumes/workdir/IMAGE_REF - echo "Image reference: $(cat $BUILD_DIR/volumes/workdir/IMAGE_REF)" - - echo "########################################" - echo "### Add the SBOM to the image" - echo "########################################" - cosign attach sbom --sbom $BUILD_DIR/volumes/workdir/sbom-image.json --type cyclonedx $(cat $BUILD_DIR/volumes/workdir/IMAGE_REF) - - REMOTESSHEOF - chmod +x scripts/script-build.sh - - echo "##########################################################################################" - echo "### Step 3 :: Execute the bash script on the VM" - echo "##########################################################################################" - rsync -ra scripts "$SSH_HOST:$BUILD_DIR" - rsync -ra "$HOME/.docker/" "$SSH_HOST:$BUILD_DIR/.docker/" - - ssh $SSH_ARGS "$SSH_HOST" \ - "REPOSITORY_TO_FETCH=${REPOSITORY_TO_FETCH} BUILDER_IMAGE=$BUILDER_IMAGE PLATFORM=$PLATFORM IMAGE=$IMAGE PACK_CLI_VERSION=$PACK_CLI_VERSION BUILD_ARGS=$BUILD_ARGS" BUILD_DIR=$BUILD_DIR \ - scripts/script-build.sh - - echo "### rsync folders from VM to pod" - rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/workdir/" "/var/workdir/" - rsync -ra "$SSH_HOST:$BUILD_DIR/results/" "/tekton/results/" - - echo "##########################################################################################" - echo "### Step 4 :: Export results to Tekton" - echo "##########################################################################################" - - echo "### Export the tekton results" - echo "### IMAGE_URL: $(cat /var/workdir/IMAGE_URL)" - cat /var/workdir/IMAGE_URL > "$(results.IMAGE_URL.path)" - - echo "### IMAGE_DIGEST: $(cat /var/workdir/IMAGE_DIGEST)" - cat /var/workdir/IMAGE_DIGEST > "$(results.IMAGE_DIGEST.path)" - - echo "### IMAGE_REF: $(cat /var/workdir/IMAGE_REF)" - cat /var/workdir/IMAGE_REF > "$(results.IMAGE_REF.path)" - - echo "### BASE_IMAGES_DIGESTS: $(cat /var/workdir/BASE_IMAGES_DIGESTS)" - cat /var/workdir/BASE_IMAGES_DIGESTS > "$(results.BASE_IMAGES_DIGESTS.path)" - - SBOM_REPO="${IMAGE%:*}" - SBOM_DIGEST="$(sha256sum /var/workdir/sbom-image.json | cut -d' ' -f1)" - echo "### SBOM_BLOB_URL: ${SBOM_REPO}@sha256:${SBOM_DIGEST}" - echo -n "${SBOM_REPO}@sha256:${SBOM_DIGEST}" | tee "$(results.SBOM_BLOB_URL.path)" - volumeMounts: - - mountPath: "/ssh" - name: "ssh" - readOnly: true - - mountPath: "/var/workdir" - name: "workdir" - readOnly: false - volumes: - - name: "ssh" - secret: - secretName: "multi-platform-ssh-$(context.taskRun.name)" - - emptyDir: {} - name: "workdir" + - "$(params.packCmdBuilderFlags)" + taskRef: + params: + - name: "bundle" + value: "quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25" + - name: "name" + value: "pack" + - name: "kind" + value: "task" + resolver: "bundles" workspaces: - - name: "source" + - name: "source-dir" + workspace: "workspace" + - name: "pack-workspace" workspace: "workspace" - name: "build-image-index" params: @@ -1908,7 +2467,7 @@ spec: value: "task" resolver: "bundles" timeouts: - pipeline: "900000000000ns" + pipeline: "300000000000ns" workspaces: - name: "workspace" volumeClaimTemplate: @@ -1923,172 +2482,17 @@ spec: - name: "git-auth" secret: secretName: "{{ git_auth_secret }}" - -``` -## tekton - -### Example - -#### Simple example of a Tekton pipeline echoing a message - -Command to be executed: -```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-fetch-file-script-cfg.yaml -``` -using as configuration: -```yaml -# configurations/tekton/simple-job-fetch-file-script-cfg.yaml - -# The type will be used by the application to generate the resources for the selected provider: konflux, tekton -provider: tekton -resourceType: PipelineRun -domain: example - -job: - name: simple-job-fetch-file-script - description: Simple example of a Tekton pipeline echoing a message - - actions: - - name: say-hello - scriptFileUrl: file://scripts/echo.sh -``` -Generated file: -```yaml -# generated/tekton/example/pipelinerun-simple-job-fetch-file-script.yaml - -apiVersion: "tekton.dev/v1" -kind: "PipelineRun" -metadata: - annotations: - tekton.dev/pipelines.minVersion: "0.60.x" - tekton.dev/displayName: "Simple example of a Tekton pipeline echoing a message" - tekton.dev/platforms: "linux/amd64" - labels: - app.kubernetes.io/version: "0.1" - name: "simple-job-fetch-file-script" -spec: - pipelineSpec: - tasks: - - name: "say-hello" - taskSpec: - stepTemplate: {} - steps: - - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" - name: "run-script" - script: |- - #!/usr/bin/env bash - - set -e - echo "Say Hello" - timeouts: - pipeline: "300000000000ns" - -``` -#### Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye and sharing the message using a workspace - -Command to be executed: -```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-two-actions-worskpace-cfg.yaml -``` -using as configuration: -```yaml -# configurations/tekton/simple-job-two-actions-worskpace-cfg.yaml - -provider: tekton -resourceType: PipelineRun -domain: example - -namespace: demo - -job: - name: simple-job-two-actions-wks - description: Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye and sharing the message using a workspace - workspaces: - - name: shared-wks - - actions: - - name: say-hello - script: | - #!/usr/bin/env bash - - set -e - if [ "$(workspaces.shared-wks.bound)" == "true" ] ; then - echo Hello from action - say-hello > $(workspaces.shared-wks.path)/message - fi - workspaces: - - name: shared-wks - workspace: shared-wks - - name: say-goodbye - script: | - #!/usr/bin/env bash - - set -e - if [ "$(workspaces.shared-wks.bound)" == "true" ] ; then - cat $(workspaces.shared-wks.path)/message - fi - echo "Saying Good bye to all of you from action: say-goodbye" - workspaces: - - name: shared-wks - workspace: shared-wks -``` -Generated file: -```yaml -# generated/tekton/example/pipelinerun-simple-job-two-actions-wks.yaml - -apiVersion: "tekton.dev/v1" -kind: "PipelineRun" -metadata: - annotations: - tekton.dev/pipelines.minVersion: "0.60.x" - tekton.dev/displayName: "Simple example of a Tekton pipeline including 2 actions\ - \ echoing Hello and Good bye and sharing the message using a workspace" - tekton.dev/platforms: "linux/amd64" - labels: - app.kubernetes.io/version: "0.1" - name: "simple-job-two-actions-wks" - namespace: "demo" -spec: - pipelineSpec: - tasks: - - name: "say-hello" - taskSpec: - stepTemplate: {} - steps: - - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" - name: "run-script" - script: | - #!/usr/bin/env bash - - set -e - if [ "$(workspaces.shared-wks.bound)" == "true" ] ; then - echo Hello from action - say-hello > $(workspaces.shared-wks.path)/message - fi - workspaces: - - name: "shared-wks" - workspace: "shared-wks" - - name: "say-goodbye" - runAfter: - - "say-hello" - taskSpec: - stepTemplate: {} - steps: - - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" - name: "run-script" - script: | - #!/usr/bin/env bash - - set -e - if [ "$(workspaces.shared-wks.bound)" == "true" ] ; then - cat $(workspaces.shared-wks.path)/message - fi - echo "Saying Good bye to all of you from action: say-goodbye" - workspaces: - - name: "shared-wks" - workspace: "shared-wks" - timeouts: - pipeline: "300000000000ns" - workspaces: - - name: "shared-wks" + - name: "source-dir" + volumeClaimTemplate: + apiVersion: "v1" + kind: "PersistentVolumeClaim" + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + - name: "pack-workspace" volumeClaimTemplate: apiVersion: "v1" kind: "PersistentVolumeClaim" @@ -2099,804 +2503,597 @@ spec: requests: storage: "1Gi" -``` -#### Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye when condition is met - -Command to be executed: -```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-two-actions-when-cfg.yaml -``` -using as configuration: -```yaml -# configurations/tekton/simple-job-two-actions-when-cfg.yaml - -provider: tekton -resourceType: PipelineRun -domain: example -namespace: demo - -job: - name: simple-job-two-actions-when # name of the pipeline to be created - description: Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye when condition is met - params: - - message: true - actions: - - name: say-hello - script: | - #!/usr/bin/env bash - - set -e - echo "Say Hello" - - name: say-goodbye - when: - - "$(params.message): true" - script: | - #!/usr/bin/env bash - - set -e - echo "and say Good bye to all of you !" -``` -Generated file: -```yaml -# generated/tekton/example/pipelinerun-simple-job-two-actions-when.yaml - -apiVersion: "tekton.dev/v1" -kind: "PipelineRun" -metadata: - annotations: - tekton.dev/pipelines.minVersion: "0.60.x" - tekton.dev/displayName: "Simple example of a Tekton pipeline including 2 actions\ - \ echoing Hello and Good bye when condition is met" - tekton.dev/platforms: "linux/amd64" - labels: - app.kubernetes.io/version: "0.1" - name: "simple-job-two-actions-when" - namespace: "demo" -spec: - params: - - name: "message" - value: "true" - pipelineSpec: - tasks: - - name: "say-hello" - taskSpec: - stepTemplate: {} - steps: - - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" - name: "run-script" - script: | - #!/usr/bin/env bash - - set -e - echo "Say Hello" - - name: "say-goodbye" - runAfter: - - "say-hello" - taskSpec: - stepTemplate: {} - steps: - - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" - name: "run-script" - script: |- - #!/usr/bin/env bash +``` +## konflux - set -e - echo "and say Good bye to all of you !" - when: - - input: "$(params.message)" - operator: "in" - values: - - "true" - timeouts: - pipeline: "300000000000ns" +### Remote-build -``` -#### Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye +#### PipelineRun using the pack cli to build the builder image remotely Command to be executed: ```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-two-actions-cfg.yaml +java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/konflux/build-remote-ssh-cfg.yaml ``` using as configuration: ```yaml -# configurations/tekton/simple-job-two-actions-cfg.yaml +# configurations/konflux/build-remote-ssh-cfg.yaml # The type will be used by the application to generate the resources for the selected provider: konflux, tekton -provider: tekton +provider: konflux resourceType: PipelineRun -# The domain allows to organize the resources, tasks to be generated -domain: example +domain: remote-build +namespace: cmoullia-tenant -# Kubernetes namespace -namespace: demo +repository: + url: https://github.com/redhat-buildpacks/builder-ubi-base + +# To generate the Application and/or Component CR +application: + name: buildpack-remote + enable: false +component: + name: builder-ubi-base + enable: false job: - name: simple-job-two-actions # name of the pipeline to be created - description: Simple example of a Tekton pipeline including 2 actions echoing Hello and Good bye + name: builder-ubi-base + description: PipelineRun using the pack cli to build the builder image remotely + timeout: "0h15m0s" + + params: + # Konflux param + - output-image: quay.io/redhat-user-workloads/cmoullia-tenant/buildpack-remote/builder-ubi-base:{{revision}} actions: - - name: say-hello - script: | - #!/usr/bin/env bash - - set -e - echo "Say Hello" - - name: say-goodbye - script: | - #!/usr/bin/env bash - - set -e - echo "and say Good bye to all of you !" + - name: pack + runAfter: prefetch-dependencies # TODO: IS there a better way to set such a value : default or not + image: quay.io/konflux-ci/buildah-task:latest@sha256:860a239c5f25376a435a514ae6d53a5c75b1fa492461d17774e9b7cb32d1e275 + params: + # Konflux + - PLATFORM: linux-mlarge/amd64 # linux-root/amd64 # We need it in order to configure the multi-arch-platform controller properly - see: https://github.com/redhat-appstudio/infra-deployments/blob/main/components/multi-platform-controller/production/host-config.yaml + + # Image to use to execute remotely the SSH script using podman run + - BUILDER_IMAGE: quay.io/konflux-ci/buildah-task:latest@sha256:860a239c5f25376a435a514ae6d53a5c75b1fa492461d17774e9b7cb32d1e275 + + # Buildpack + - REPOSITORY_TO_FETCH: "https://github.com/redhat-buildpacks/builder-ubi-base" + - PACK_CLI_VERSION: "v0.35.1" + - BUILD_ARGS: + - "-v" + workspaces: + - name: source + workspace: workspace + + results: + - IMAGE_URL: "Image repository and tag where the built image was pushed" + - IMAGE_DIGEST: "Digest of the image just built" + - IMAGE_REF: "Image reference of the built image" + - BASE_IMAGES_DIGESTS: "Digests of the base images used for build" + - SBOM_BLOB_URL: "SBOM Image URL" + + # env var ar not injected within the tekton's pod running the script + envs: + - BUILDER_IMAGE: $(params.BUILDER_IMAGE) + - PLATFORM: $(params.PLATFORM) + - REPOSITORY_TO_FETCH: $(params.REPOSITORY_TO_FETCH) + - IMAGE: $(params.output-image) + - PACK_CLI_VERSION: $(params.PACK_CLI_VERSION) + + args: + - $(params.BUILD_ARGS[*]) + + #scriptFileUrl: https://raw.githubusercontent.com/ch007m/pipeline-dsl-builder/main/scripts/ssh-remote.sh + volumes: + - name: ssh + mountPath: /ssh + # readOnly: true ==> The default value is true + secret: "multi-platform-ssh-$(context.taskRun.name)" + - name: workdir + mountPath: /var/workdir + readOnly: false + emptyDir: "{}" + + scriptFileUrl: "file://configurations/konflux/ubi-builder-image.sh" ``` Generated file: ```yaml -# generated/tekton/example/pipelinerun-simple-job-two-actions.yaml +# generated/konflux/remote-build/pipelinerun-builder-ubi-base.yaml apiVersion: "tekton.dev/v1" kind: "PipelineRun" metadata: annotations: - tekton.dev/pipelines.minVersion: "0.60.x" - tekton.dev/displayName: "Simple example of a Tekton pipeline including 2 actions\ - \ echoing Hello and Good bye" - tekton.dev/platforms: "linux/amd64" + build.appstudio.redhat.com/target_branch: "{{target_branch}}" + build.appstudio.redhat.com/commit_sha: "{{revision}}" + pipelinesascode.tekton.dev/on-cel-expression: "event == 'push' && target_branch\ + \ == 'main'" + pipelinesascode.tekton.dev/max-keep-runs: "3" + build.appstudio.openshift.io/repo: "https://github.com/redhat-buildpacks/builder-ubi-base?rev={{revision}}" labels: - app.kubernetes.io/version: "0.1" - name: "simple-job-two-actions" - namespace: "demo" + appstudio.openshift.io/application: "buildpack-remote" + pipelines.appstudio.openshift.io/type: "build" + pipelines.openshift.io/strategy: "remote-build" + appstudio.openshift.io/component: "builder-ubi-base" + pipelines.openshift.io/used-by: "build-cloud" + pipelines.openshift.io/runtime: "java" + name: "builder-ubi-base" + namespace: "cmoullia-tenant" spec: + params: + - name: "git-url" + value: "{{source_url}}" + - name: "revision" + value: "{{revision}}" + - name: "image-expires-after" + value: "5d" + - name: "build-image-index" + value: "" + - name: "build-source-image" + value: "false" + - name: "prefetch-input" + value: "" + - name: "output-image" + value: "quay.io/redhat-user-workloads/cmoullia-tenant/buildpack-remote/builder-ubi-base:{{revision}}" pipelineSpec: + finally: + - name: "show-sbom" + params: + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1" + - name: "name" + value: "show-sbom" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "summary" + params: + - name: "pipelinerun-name" + value: "$(context.pipelineRun.name)" + - name: "git-url" + value: "$(tasks.git-clone.results.url)?rev=$(tasks.git-clone.results.commit)" + - name: "image-url" + value: "$(params.output-image)" + - name: "build-task-status" + value: "$(tasks.build-container.status)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-summary:0.2" + - name: "name" + value: "summary" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "workspace" + workspace: "workspace" + results: + - name: "IMAGE_URL" + value: "$(tasks.build-container.results.IMAGE_URL)" + - name: "IMAGE_DIGEST" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "BASE_IMAGES_DIGESTS" + value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" + - name: "CHAINS-GIT_URL" + value: "$(tasks.git-clone.results.url)" + - name: "CHAINS-GIT_COMMIT" + value: "$(tasks.git-clone.results.commit)" tasks: - - name: "say-hello" - taskSpec: - stepTemplate: {} - steps: - - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" - name: "run-script" - script: | - #!/usr/bin/env bash - - set -e - echo "Say Hello" - - name: "say-goodbye" + - name: "init" + params: + - name: "image-url" + value: "$(params.output-image)" + - name: "rebuild" + value: "$(params.rebuild)" + - name: "skip-checks" + value: "$(params.skip-checks)" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-init:0.2" + - name: "name" + value: "init" + - name: "kind" + value: "task" + resolver: "bundles" + - name: "git-clone" + params: + - name: "url" + value: "$(params.git-url)" + runAfter: + - "init" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1" + - name: "name" + value: "git-clone" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "output" + workspace: "workspace" + - name: "basic-auth" + workspace: "git-auth" + - name: "prefetch-dependencies" + params: + - name: "input" + value: "$(params.prefetch-input)" runAfter: - - "say-hello" + - "git-clone" + taskRef: + params: + - name: "bundle" + value: "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1" + - name: "name" + value: "prefetch-dependencies" + - name: "kind" + value: "task" + resolver: "bundles" + workspaces: + - name: "source" + workspace: "workspace" + - name: "git-basic-auth" + workspace: "git-auth" + - name: "build-container" + params: + - name: "PLATFORM" + value: "linux-mlarge/amd64" + - name: "BUILDER_IMAGE" + value: "quay.io/konflux-ci/buildah-task:latest@sha256:860a239c5f25376a435a514ae6d53a5c75b1fa492461d17774e9b7cb32d1e275" + - name: "REPOSITORY_TO_FETCH" + value: "https://github.com/redhat-buildpacks/builder-ubi-base" + - name: "PACK_CLI_VERSION" + value: "v0.35.1" + - name: "BUILD_ARGS" + value: + - "-v" + runAfter: + - "prefetch-dependencies" taskSpec: - stepTemplate: {} + results: + - description: "Image repository and tag where the built image was pushed" + name: "IMAGE_URL" + - description: "Digest of the image just built" + name: "IMAGE_DIGEST" + - description: "Image reference of the built image" + name: "IMAGE_REF" + - description: "Digests of the base images used for build" + name: "BASE_IMAGES_DIGESTS" + - description: "SBOM Image URL" + name: "SBOM_BLOB_URL" + stepTemplate: + env: + - name: "BUILDER_IMAGE" + value: "$(params.BUILDER_IMAGE)" + - name: "PLATFORM" + value: "$(params.PLATFORM)" + - name: "REPOSITORY_TO_FETCH" + value: "$(params.REPOSITORY_TO_FETCH)" + - name: "IMAGE" + value: "$(params.output-image)" + - name: "PACK_CLI_VERSION" + value: "$(params.PACK_CLI_VERSION)" steps: - - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" + - args: + - "$(params.BUILD_ARGS[*])" + image: "quay.io/konflux-ci/buildah-task:latest@sha256:860a239c5f25376a435a514ae6d53a5c75b1fa492461d17774e9b7cb32d1e275" name: "run-script" script: |- #!/usr/bin/env bash + set -eu + set -o pipefail - set -e - echo "and say Good bye to all of you !" - timeouts: - pipeline: "300000000000ns" - -``` -#### Simple example of a Tekton task echoing a message - -Command to be executed: -```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-action-embedded-script-cfg.yaml -``` -using as configuration: -```yaml -# configurations/tekton/simple-action-embedded-script-cfg.yaml - -provider: tekton -resourceType: TaskRun -domain: example - -job: - name: simple-action-embedded-script - description: Simple example of a Tekton task echoing a message + echo "##########################################################################################" + echo "### Step 1 :: Configure SSH and rsync folders from tekton to the VM" + echo "##########################################################################################" + mkdir -p ~/.ssh + if [ -e "/ssh/error" ]; then + #no server could be provisioned + cat /ssh/error + exit 1 + elif [ -e "/ssh/otp" ]; then + curl --cacert /ssh/otp-ca -XPOST -d @/ssh/otp $(cat /ssh/otp-server) >~/.ssh/id_rsa + echo "" >> ~/.ssh/id_rsa + else + cp /ssh/id_rsa ~/.ssh + fi + chmod 0400 ~/.ssh/id_rsa - actions: - - name: say-hello - script: | - #!/usr/bin/env bash - - set -e - echo "Say Hello" -``` -Generated file: -```yaml -# generated/tekton/example/taskrun-simple-action-embedded-script.yaml + export SSH_HOST=$(cat /ssh/host) + export BUILD_DIR=$(cat /ssh/user-dir) + export SSH_ARGS="-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ServerAliveCountMax=10" -apiVersion: "tekton.dev/v1" -kind: "TaskRun" -metadata: - labels: - tekton.dev/taskRun: "simple-action-embedded-script" - name: "simple-action-embedded-script" -spec: - taskSpec: - steps: - - command: - - null - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" - name: "say-hello" - script: |- - #!/usr/bin/env bash + echo "### Export different variables which are used within the script like args, repository to fetch, etc" + export REPOSITORY_TO_FETCH=${REPOSITORY_TO_FETCH} + export BUILD_ARGS="$@" - set -e - echo "Say Hello" + ssh $SSH_ARGS "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" -``` -#### Simple example of a Tekton pipeline echoing a message + echo "### rsync folders from pod to VM ..." + rsync -ra /var/workdir/ "$SSH_HOST:$BUILD_DIR/volumes/workdir/" + rsync -ra "/tekton/results/" "$SSH_HOST:$BUILD_DIR/results/" -Command to be executed: -```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-embedded-script-cfg.yaml -``` -using as configuration: -```yaml -# configurations/tekton/simple-job-embedded-script-cfg.yaml + echo "##########################################################################################" + echo "### Step 2 :: Create the bash script to be executed within the VM" + echo "##########################################################################################" + mkdir -p scripts + cat >scripts/script-build.sh <<'REMOTESSHEOF' + #!/bin/sh -provider: tekton -resourceType: PipelineRun -domain: example + TEMP_DIR="$HOME/tmp" + USER_BIN_DIR="$HOME/bin" + BUILDPACK_PROJECTS="$HOME/buildpack-repo" -job: - name: simple-job-embedded-script # name of the pipeline to be created - description: Simple example of a Tekton pipeline echoing a message + mkdir -p ${TEMP_DIR} + mkdir -p ${USER_BIN_DIR} + mkdir -p ${BUILDPACK_PROJECTS} - actions: - - name: say-hello - script: | - #!/usr/bin/env bash - - set -e - echo "Say Hello" -``` -Generated file: -```yaml -# generated/tekton/example/pipelinerun-simple-job-embedded-script.yaml + export PATH=$PATH:${USER_BIN_DIR} -apiVersion: "tekton.dev/v1" -kind: "PipelineRun" -metadata: - annotations: - tekton.dev/pipelines.minVersion: "0.60.x" - tekton.dev/displayName: "Simple example of a Tekton pipeline echoing a message" - tekton.dev/platforms: "linux/amd64" - labels: - app.kubernetes.io/version: "0.1" - name: "simple-job-embedded-script" -spec: - pipelineSpec: - tasks: - - name: "say-hello" - taskSpec: - stepTemplate: {} - steps: - - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" - name: "run-script" - script: |- - #!/usr/bin/env bash + echo "### Podman info ###" + podman version - set -e - echo "Say Hello" - timeouts: - pipeline: "300000000000ns" + echo "### Start podman.socket ##" + systemctl --user start podman.socket + systemctl status podman.socket -``` -#### Simple example of a Tekton pipeline echoing a message + echo "### Installing jq ..." + curl -sSL https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux-amd64 > ${USER_BIN_DIR}/jq + chmod +x ${USER_BIN_DIR}/jq -Command to be executed: -```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-fetch-script-cfg.yaml -``` -using as configuration: -```yaml -# configurations/tekton/simple-job-fetch-script-cfg.yaml + echo "### Install tomlq tool ..." + curl -sSL https://github.com/cryptaliagy/tomlq/releases/download/0.1.6/tomlq.amd64.tgz | tar -vxz tq + mv tq ${USER_BIN_DIR}/tq -# The type will be used by the application to generate the resources for the selected provider: konflux, tekton -provider: tekton -resourceType: PipelineRun -domain: example + echo "### Install syft" + curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- + # Not needed as syft is already saved under bin/syft => mv bin/syft ${USER_BIN_DIR}/syft + syft --version -# Kubernetes namespace -namespace: + echo "### Install cosign" + curl -O -sL https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64 + mv cosign-linux-amd64 ${USER_BIN_DIR}/cosign + chmod +x ${USER_BIN_DIR}/cosign + cosign version -job: - name: simple-job-fetch-script # name of the pipeline to be created - description: Simple example of a Tekton pipeline echoing a message + echo "### Install pack ###" + curl -sSL "https://github.com/buildpacks/pack/releases/download/${PACK_CLI_VERSION}/pack-${PACK_CLI_VERSION}-linux.tgz" | tar -C ${TEMP_DIR} --no-same-owner -xzv pack + mv ${TEMP_DIR}/pack ${USER_BIN_DIR} - actions: - - name: say-hello - # The ref or reference expressed using the uri://: - # will fetch the code of the action to be executed - ref: - # The url of the script file to be executed using a linux container - scriptFileUrl: https://raw.githubusercontent.com/ch007m/pipeline-dsl-builder/main/scripts/echo.sh -``` -Generated file: -```yaml -# generated/tekton/example/pipelinerun-simple-job-fetch-script.yaml + echo "### Pack version ###" + pack --version + pack config experimental true -apiVersion: "tekton.dev/v1" -kind: "PipelineRun" -metadata: - annotations: - tekton.dev/pipelines.minVersion: "0.60.x" - tekton.dev/displayName: "Simple example of a Tekton pipeline echoing a message" - tekton.dev/platforms: "linux/amd64" - labels: - app.kubernetes.io/version: "0.1" - name: "simple-job-fetch-script" -spec: - pipelineSpec: - tasks: - - name: "say-hello" - taskSpec: - stepTemplate: {} - steps: - - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" - name: "run-script" - script: | - #!/usr/bin/env bash + echo "### Fetch the tarball of the buildpack project to build" + echo "### Git repo: ${REPOSITORY_TO_FETCH}" + curl -sSL "${REPOSITORY_TO_FETCH}/tarball/main" | tar -xz -C ${TEMP_DIR} + mv ${TEMP_DIR}/redhat-buildpacks-builder-ubi-base-* ${BUILDPACK_PROJECTS}/builder-ubi-base + cd ${BUILDPACK_PROJECTS}/builder-ubi-base - set -e - echo "Say Hello" - timeouts: - pipeline: "300000000000ns" + echo "### Build the builder image using pack" + for build_arg in "${BUILD_ARGS[@]}"; do + PACK_ARGS+=" $build_arg" + done -``` -#### Simple example of a Tekton pipeline echoing a message and pushing a result + echo "### Pack extra args: $PACK_ARGS" -Command to be executed: -```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/simple-job-results-script-cfg.yaml -``` -using as configuration: -```yaml -# configurations/tekton/simple-job-results-script-cfg.yaml + echo "### Execute: pack builder create ..." + export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock + echo "pack builder create ${IMAGE} --config builder.toml ${PACK_ARGS}" + pack builder create ${IMAGE} --config builder.toml ${PACK_ARGS} -# The type will be used by the application to generate the resources for the selected provider: konflux, tekton -provider: tekton -resourceType: PipelineRun -domain: example + echo "### Export the image as OCI" + podman push "$IMAGE" "oci:konflux-final-image:$IMAGE" -job: - name: simple-job-results-file-script - description: Simple example of a Tekton pipeline echoing a message and pushing a result + echo "###########################################################" + echo "### Export: IMAGE_URL, IMAGE_DIGEST & BASE_IMAGES_DIGESTS under: $BUILD_DIR/volumes/workdir/" + echo "###########################################################" + echo -n "$IMAGE" > $BUILD_DIR/volumes/workdir/IMAGE_URL - actions: - - name: say-hello - results: - - FOO: "A Foo user" - scriptFileUrl: file://scripts/echo.sh -``` -Generated file: -```yaml -# generated/tekton/example/pipelinerun-simple-job-results-file-script.yaml + BASE_IMAGE=$(tq -f builder.toml -o json 'stack' | jq -r '."build-image"') + podman inspect ${BASE_IMAGE} | jq -r '.[].Digest' > $BUILD_DIR/volumes/workdir/BASE_IMAGES_DIGESTS -apiVersion: "tekton.dev/v1" -kind: "PipelineRun" -metadata: - annotations: - tekton.dev/pipelines.minVersion: "0.60.x" - tekton.dev/displayName: "Simple example of a Tekton pipeline echoing a message\ - \ and pushing a result" - tekton.dev/platforms: "linux/amd64" - labels: - app.kubernetes.io/version: "0.1" - name: "simple-job-results-file-script" -spec: - pipelineSpec: - tasks: - - name: "say-hello" - taskSpec: - results: - - description: "A Foo user" - name: "FOO" - stepTemplate: {} - steps: - - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" - name: "run-script" - script: |- - #!/usr/bin/env bash + echo "### Push the image produced and get its digest: $IMAGE" + podman push \ + --digestfile $BUILD_DIR/volumes/workdir/IMAGE_DIGEST \ + "$IMAGE" - set -e - echo "Say Hello" - timeouts: - pipeline: "300000000000ns" + echo "########################################" + echo "### Running syft on the image filesystem" + echo "########################################" + syft -v scan oci-dir:konflux-final-image -o cyclonedx-json > $BUILD_DIR/volumes/workdir/sbom-image.json -``` -## tekton + echo "### Show the content of the sbom file" + cat $BUILD_DIR/volumes/workdir/sbom-image.json # | jq -r '.' -### Buildpack + { + echo -n "${IMAGE}@" + cat "$BUILD_DIR/volumes/workdir/IMAGE_DIGEST" + } > $BUILD_DIR/volumes/workdir/IMAGE_REF + echo "Image reference: $(cat $BUILD_DIR/volumes/workdir/IMAGE_REF)" -#### This Pipeline builds a builder image using the pack CLI. + echo "########################################" + echo "### Add the SBOM to the image" + echo "########################################" + cosign attach sbom --sbom $BUILD_DIR/volumes/workdir/sbom-image.json --type cyclonedx $(cat $BUILD_DIR/volumes/workdir/IMAGE_REF) -Command to be executed: -```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/pack-builder-git-task-cfg.yaml -``` -using as configuration: -```yaml -# configurations/tekton/pack-builder-git-task-cfg.yaml + REMOTESSHEOF + chmod +x scripts/script-build.sh -provider: tekton -resourceType: PipelineRun -domain: buildpack -namespace: + echo "##########################################################################################" + echo "### Step 3 :: Execute the bash script on the VM" + echo "##########################################################################################" + rsync -ra scripts "$SSH_HOST:$BUILD_DIR" + rsync -ra "$HOME/.docker/" "$SSH_HOST:$BUILD_DIR/.docker/" -job: - name: pack-builder-git-task - description: "This Pipeline builds a builder image using the pack CLI." - params: - - debug: true - - git-url: "https://github.com/redhat-buildpacks/ubi-image-builder.git" - - source-dir: "." - - output-image: "gitea.cnoe.localtest.me:8443/giteaadmin/ubi-builder" - - imageUrl: "buildpacksio/pack" - - imageTag: "latest" - - packCmdBuilderFlags: - - -v - - --publish - # The workspaces declared here will be mounted for each action except if an action overrides it to use a different name - workspaces: - - name: pack-workspace - volumeClaimTemplate: - storage: 1Gi - accessMode: ReadWriteOnce - - name: source-dir - volumeClaimTemplate: - storage: 1Gi - accessMode: ReadWriteOnce - - name: data-store - volumeSources: - - secret: pack-config-toml - - secret: gitea-creds # quay-creds, docker-creds, etc - actions: - - name: git-clone - ref: bundle://quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:de0ca8872c791944c479231e21d68379b54877aaf42e5f766ef4a8728970f8b3 - params: - - url: "$(params.git-url)" - - subdirectory: "." - workspaces: - - name: output - workspace: source-dir - - name: fetch-packconfig-registrysecret - ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25 - - name: list-source-workspace - ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25 - - name: pack-builder - ref: url://https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/pack-builder/0.1/pack-builder.yml - params: - - PACK_SOURCE_DIR: "$(params.source-dir)" - - PACK_CLI_IMAGE: "$(params.imageUrl)" - - PACK_CLI_IMAGE_VERSION: "$(params.imageTag)" - - BUILDER_IMAGE_NAME: "$(params.output-image)" - - PACK_BUILDER_TOML: "ubi-builder.toml" - - PACK_CMD_FLAGS: - - "$(params.packCmdBuilderFlags)" + ssh $SSH_ARGS "$SSH_HOST" \ + "REPOSITORY_TO_FETCH=${REPOSITORY_TO_FETCH} BUILDER_IMAGE=$BUILDER_IMAGE PLATFORM=$PLATFORM IMAGE=$IMAGE PACK_CLI_VERSION=$PACK_CLI_VERSION BUILD_ARGS=$BUILD_ARGS" BUILD_DIR=$BUILD_DIR \ + scripts/script-build.sh + echo "### rsync folders from VM to pod" + rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/workdir/" "/var/workdir/" + rsync -ra "$SSH_HOST:$BUILD_DIR/results/" "/tekton/results/" -``` -Generated file: -```yaml -# generated/tekton/buildpack/pipelinerun-pack-builder-git-task.yaml + echo "##########################################################################################" + echo "### Step 4 :: Export results to Tekton" + echo "##########################################################################################" -apiVersion: "tekton.dev/v1" -kind: "PipelineRun" -metadata: - annotations: - tekton.dev/pipelines.minVersion: "0.60.x" - tekton.dev/displayName: "This Pipeline builds a builder image using the pack CLI." - tekton.dev/platforms: "linux/amd64" - labels: - app.kubernetes.io/version: "0.1" - name: "pack-builder-git-task" -spec: - params: - - name: "debug" - value: "true" - - name: "git-url" - value: "https://github.com/redhat-buildpacks/ubi-image-builder.git" - - name: "source-dir" - value: "." - - name: "output-image" - value: "gitea.cnoe.localtest.me:8443/giteaadmin/ubi-builder" - - name: "imageUrl" - value: "buildpacksio/pack" - - name: "imageTag" - value: "latest" - - name: "packCmdBuilderFlags" - value: - - "-v" - - "--publish" - pipelineSpec: - tasks: - - name: "git-clone" - params: - - name: "url" - value: "$(params.git-url)" - - name: "subdirectory" - value: "." - taskRef: - params: - - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:de0ca8872c791944c479231e21d68379b54877aaf42e5f766ef4a8728970f8b3" - - name: "name" - value: "git-clone" - - name: "kind" - value: "task" - resolver: "bundles" + echo "### Export the tekton results" + echo "### IMAGE_URL: $(cat /var/workdir/IMAGE_URL)" + cat /var/workdir/IMAGE_URL > "$(results.IMAGE_URL.path)" + + echo "### IMAGE_DIGEST: $(cat /var/workdir/IMAGE_DIGEST)" + cat /var/workdir/IMAGE_DIGEST > "$(results.IMAGE_DIGEST.path)" + + echo "### IMAGE_REF: $(cat /var/workdir/IMAGE_REF)" + cat /var/workdir/IMAGE_REF > "$(results.IMAGE_REF.path)" + + echo "### BASE_IMAGES_DIGESTS: $(cat /var/workdir/BASE_IMAGES_DIGESTS)" + cat /var/workdir/BASE_IMAGES_DIGESTS > "$(results.BASE_IMAGES_DIGESTS.path)" + + SBOM_REPO="${IMAGE%:*}" + SBOM_DIGEST="$(sha256sum /var/workdir/sbom-image.json | cut -d' ' -f1)" + echo "### SBOM_BLOB_URL: ${SBOM_REPO}@sha256:${SBOM_DIGEST}" + echo -n "${SBOM_REPO}@sha256:${SBOM_DIGEST}" | tee "$(results.SBOM_BLOB_URL.path)" + volumeMounts: + - mountPath: "/ssh" + name: "ssh" + readOnly: true + - mountPath: "/var/workdir" + name: "workdir" + readOnly: false + volumes: + - name: "ssh" + secret: + secretName: "multi-platform-ssh-$(context.taskRun.name)" + - emptyDir: {} + name: "workdir" workspaces: - - name: "output" - workspace: "source-dir" - - name: "fetch-packconfig-registrysecret" + - name: "source" + workspace: "workspace" + - name: "build-image-index" + params: + - name: "IMAGE" + value: "$(params.output-image)" + - name: "COMMIT_SHA" + value: "$(tasks.git-clone.results.commit)" + - name: "IMAGE_EXPIRES_AFTER" + value: "$(params.image-expires-after)" + - name: "ALWAYS_BUILD_INDEX" + value: "$(params.build-image-index)" + - name: "IMAGES" + value: + - "$(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)" runAfter: - - "git-clone" + - "build-container" taskRef: params: - name: "bundle" - value: "quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25" + value: "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1" - name: "name" - value: "fetch-packconfig-registrysecret" + value: "build-image-index" - name: "kind" value: "task" resolver: "bundles" - - name: "list-source-workspace" + - name: "source-build" + params: + - name: "BINARY_IMAGE" + value: "$(params.output-image)" + - name: "BASE_IMAGES" + value: "$(tasks.build-container.results.BASE_IMAGES_DIGESTS)" runAfter: - - "fetch-packconfig-registrysecret" + - "build-container" taskRef: params: - name: "bundle" - value: "quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25" + value: "quay.io/konflux-ci/tekton-catalog/task-source-build:0.1" - name: "name" - value: "list-source-workspace" + value: "source-build" - name: "kind" value: "task" resolver: "bundles" - - name: "pack-builder" - params: - - name: "PACK_SOURCE_DIR" - value: "$(params.source-dir)" - - name: "PACK_CLI_IMAGE" - value: "$(params.imageUrl)" - - name: "PACK_CLI_IMAGE_VERSION" - value: "$(params.imageTag)" - - name: "BUILDER_IMAGE_NAME" - value: "$(params.output-image)" - - name: "PACK_BUILDER_TOML" - value: "ubi-builder.toml" - - name: "PACK_CMD_FLAGS" - value: - - "$(params.packCmdBuilderFlags)" - runAfter: - - "list-source-workspace" - taskRef: - params: - - name: "url" - value: "https://raw.githubusercontent.com/redhat-buildpacks/catalog/main/tekton/task/pack-builder/0.1/pack-builder.yml" - resolver: "http" - workspaces: - - name: "source-dir" - workspace: "source-dir" - - name: "pack-workspace" - workspace: "pack-workspace" - timeouts: - pipeline: "300000000000ns" - workspaces: - - name: "pack-workspace" - volumeClaimTemplate: - apiVersion: "v1" - kind: "PersistentVolumeClaim" - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "1Gi" - - name: "source-dir" - volumeClaimTemplate: - apiVersion: "v1" - kind: "PersistentVolumeClaim" - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "1Gi" - - name: "data-store" - projected: - sources: - - secret: - name: "pack-config-toml" - - secret: - name: "gitea-creds" - -``` -#### This Pipeline builds a builder image using the pack CLI. - -Command to be executed: -```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/pack-builder-cfg.yaml -``` -using as configuration: -```yaml -# configurations/tekton/pack-builder-cfg.yaml - -provider: tekton -resourceType: PipelineRun -domain: buildpack -namespace: - -job: - name: pack-builder-push - description: "This Pipeline builds a builder image using the pack CLI." - params: - - debug: true - - git-url: "https://github.com/redhat-buildpacks/ubi-image-builder.git" - - source-dir: "." - - output-image: "gitea.cnoe.localtest.me:8443/giteaadmin/ubi-builder" - - imageUrl: "buildpacksio/pack" - - imageTag: "latest" - - packCmdBuilderFlags: - - -v - - --publish - # The workspaces declared here will be mounted for each action except if an action overrides it to use a different name - workspaces: - - name: pack-workspace - volumeClaimTemplate: - storage: 1Gi - accessMode: ReadWriteOnce - - name: source-dir - volumeClaimTemplate: - storage: 1Gi - accessMode: ReadWriteOnce - - name: data-store - volumeSources: - - secret: pack-config-toml - - secret: gitea-creds # quay-creds, docker-creds, etc - actions: - - name: git-clone - ref: bundle://quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:de0ca8872c791944c479231e21d68379b54877aaf42e5f766ef4a8728970f8b3 - params: - - url: "$(params.git-url)" - - subdirectory: "." workspaces: - - name: output - workspace: source-dir - - name: fetch-packconfig-registrysecret - ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25 - - name: list-source-workspace - ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25 - - name: pack-builder - ref: bundle://quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25 - params: - - PACK_SOURCE_DIR: "$(params.source-dir)" - - PACK_CLI_IMAGE: "$(params.imageUrl)" - - PACK_CLI_IMAGE_VERSION: "$(params.imageTag)" - - BUILDER_IMAGE_NAME: "$(params.output-image)" - - PACK_BUILDER_TOML: "ubi-builder.toml" - - PACK_CMD_FLAGS: - - "$(params.packCmdBuilderFlags)" - - -``` -Generated file: -```yaml -# generated/tekton/buildpack/pipelinerun-pack-builder-push.yaml - -apiVersion: "tekton.dev/v1" -kind: "PipelineRun" -metadata: - annotations: - tekton.dev/pipelines.minVersion: "0.60.x" - tekton.dev/displayName: "This Pipeline builds a builder image using the pack CLI." - tekton.dev/platforms: "linux/amd64" - labels: - app.kubernetes.io/version: "0.1" - name: "pack-builder-push" -spec: - params: - - name: "debug" - value: "true" - - name: "git-url" - value: "https://github.com/redhat-buildpacks/ubi-image-builder.git" - - name: "source-dir" - value: "." - - name: "output-image" - value: "gitea.cnoe.localtest.me:8443/giteaadmin/ubi-builder" - - name: "imageUrl" - value: "buildpacksio/pack" - - name: "imageTag" - value: "latest" - - name: "packCmdBuilderFlags" - value: - - "-v" - - "--publish" - pipelineSpec: - tasks: - - name: "git-clone" + - name: "workspace" + workspace: "workspace" + - name: "clair-scan" params: - - name: "url" - value: "$(params.git-url)" - - name: "subdirectory" - value: "." + - name: "image-digest" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" + runAfter: + - "build-container" taskRef: params: - name: "bundle" - value: "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:de0ca8872c791944c479231e21d68379b54877aaf42e5f766ef4a8728970f8b3" + value: "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.1" - name: "name" - value: "git-clone" + value: "clair-scan" - name: "kind" value: "task" resolver: "bundles" - workspaces: - - name: "output" - workspace: "source-dir" - - name: "fetch-packconfig-registrysecret" + - name: "ecosystem-cert-preflight-checks" + params: + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" runAfter: - - "git-clone" + - "build-container" taskRef: params: - name: "bundle" - value: "quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25" + value: "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1" - name: "name" - value: "fetch-packconfig-registrysecret" + value: "ecosystem-cert-preflight-checks" - name: "kind" value: "task" resolver: "bundles" - - name: "list-source-workspace" + - name: "sast-snyk-check" + params: + - name: "image-digest" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" runAfter: - - "fetch-packconfig-registrysecret" + - "git-clone" taskRef: params: - name: "bundle" - value: "quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25" + value: "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2" - name: "name" - value: "list-source-workspace" + value: "sast-snyk-check" - name: "kind" value: "task" resolver: "bundles" - - name: "pack-builder" + workspaces: + - name: "workspace" + workspace: "workspace" + - name: "clamav-scan" params: - - name: "PACK_SOURCE_DIR" - value: "$(params.source-dir)" - - name: "PACK_CLI_IMAGE" - value: "$(params.imageUrl)" - - name: "PACK_CLI_IMAGE_VERSION" - value: "$(params.imageTag)" - - name: "BUILDER_IMAGE_NAME" - value: "$(params.output-image)" - - name: "PACK_BUILDER_TOML" - value: "ubi-builder.toml" - - name: "PACK_CMD_FLAGS" - value: - - "$(params.packCmdBuilderFlags)" + - name: "image-digest" + value: "$(tasks.build-container.results.IMAGE_DIGEST)" + - name: "image-url" + value: "$(tasks.build-container.results.IMAGE_URL)" runAfter: - - "list-source-workspace" + - "build-container" taskRef: params: - name: "bundle" - value: "quay.io/ch007m/tekton-bundle:latest@sha256:42f0acaefdfbb345fb76c34910f4f7f358908602d3e8f83e4616218685e34b25" + value: "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1" - name: "name" - value: "pack-builder" + value: "clamav-scan" - name: "kind" value: "task" resolver: "bundles" timeouts: - pipeline: "300000000000ns" + pipeline: "900000000000ns" workspaces: - - name: "pack-workspace" - volumeClaimTemplate: - apiVersion: "v1" - kind: "PersistentVolumeClaim" - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "1Gi" - - name: "source-dir" + - name: "workspace" volumeClaimTemplate: apiVersion: "v1" kind: "PersistentVolumeClaim" @@ -2906,205 +3103,8 @@ spec: resources: requests: storage: "1Gi" - - name: "data-store" - projected: - sources: - - secret: - name: "pack-config-toml" - - secret: - name: "gitea-creds" - -``` -## tekton - -### Demo - -#### Such a job will not work as the [*] "notation" with array param is not supported in a task's script - -Command to be executed: -```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/basic3-issue-cfg.yaml -``` -using as configuration: -```yaml -# configurations/tekton/basic3-issue-cfg.yaml - -provider: tekton -resourceType: PipelineRun -domain: demo -# Such a job will not work as the [*] "notation" -# with array param is not supported in a task's script -job: - name: basic-job-3 - description: Such a job will not work as the [*] "notation" with array param is not supported in a task's script - actions: - - name: say-hello - params: - - name: team - value: Aurea - script: | - #!/usr/bin/env bash - - members=($(params.team[*])) - - for member in "${members[@]}"; do - echo "Say hello to: $member" - done -``` -Generated file: -```yaml -# generated/tekton/demo/pipelinerun-basic-job-3.yaml - -apiVersion: "tekton.dev/v1" -kind: "PipelineRun" -metadata: - annotations: - tekton.dev/pipelines.minVersion: "0.60.x" - tekton.dev/displayName: "Such a job will not work as the [*] \"notation\" with\ - \ array param is not supported in a task's script" - tekton.dev/platforms: "linux/amd64" - labels: - app.kubernetes.io/version: "0.1" - name: "basic-job-3" -spec: - pipelineSpec: - tasks: - - name: "say-hello" - params: - - name: "name" - value: "team" - - name: "value" - value: "Aurea" - taskSpec: - stepTemplate: {} - steps: - - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" - name: "run-script" - script: |- - #!/usr/bin/env bash - - members=($(params.team[*])) - - for member in "${members[@]}"; do - echo "Say hello to: $member" - done - timeouts: - pipeline: "300000000000ns" - -``` -#### Basic job echoing a message - -Command to be executed: -```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/basic1-cfg.yaml -``` -using as configuration: -```yaml -# configurations/tekton/basic1-cfg.yaml - -provider: tekton -resourceType: PipelineRun -domain: demo -job: - name: basic-job-1 - description: Basic job echoing a message - actions: - - name: say-hello - script: | - #!/usr/bin/env bash - - echo "Say hello to the team" -``` -Generated file: -```yaml -# generated/tekton/demo/pipelinerun-basic-job-1.yaml - -apiVersion: "tekton.dev/v1" -kind: "PipelineRun" -metadata: - annotations: - tekton.dev/pipelines.minVersion: "0.60.x" - tekton.dev/displayName: "Basic job echoing a message" - tekton.dev/platforms: "linux/amd64" - labels: - app.kubernetes.io/version: "0.1" - name: "basic-job-1" -spec: - pipelineSpec: - tasks: - - name: "say-hello" - taskSpec: - stepTemplate: {} - steps: - - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" - name: "run-script" - script: |- - #!/usr/bin/env bash - - echo "Say hello to the team" - timeouts: - pipeline: "300000000000ns" - -``` -#### Basic job echoing a message using the param teamMember - -Command to be executed: -```bash -java -jar target/quarkus-app/quarkus-run.jar builder -o out/flows -c configurations/tekton/basic2-cfg.yaml -``` -using as configuration: -```yaml -# configurations/tekton/basic2-cfg.yaml - -provider: tekton -resourceType: PipelineRun -domain: demo -job: - name: basic-job-2 - description: Basic job echoing a message using the param teamMember - actions: - - name: say-hello - params: - - name: teamMember - value: Aurea - script: | - #!/usr/bin/env bash - - echo $(params.teamMember) -``` -Generated file: -```yaml -# generated/tekton/demo/pipelinerun-basic-job-2.yaml - -apiVersion: "tekton.dev/v1" -kind: "PipelineRun" -metadata: - annotations: - tekton.dev/pipelines.minVersion: "0.60.x" - tekton.dev/displayName: "Basic job echoing a message using the param teamMember" - tekton.dev/platforms: "linux/amd64" - labels: - app.kubernetes.io/version: "0.1" - name: "basic-job-2" -spec: - pipelineSpec: - tasks: - - name: "say-hello" - params: - - name: "name" - value: "teamMember" - - name: "value" - value: "Aurea" - taskSpec: - stepTemplate: {} - steps: - - image: "registry.access.redhat.com/ubi9@sha256:1ee4d8c50d14d9c9e9229d9a039d793fcbc9aa803806d194c957a397cf1d2b17" - name: "run-script" - script: |- - #!/usr/bin/env bash - - echo $(params.teamMember) - timeouts: - pipeline: "300000000000ns" + - name: "git-auth" + secret: + secretName: "{{ git_auth_secret }}" ```