diff --git a/pipelines/internal/update-fbc-catalog/README.md b/pipelines/internal/update-fbc-catalog/README.md index 7cc666620..ab2d6e300 100644 --- a/pipelines/internal/update-fbc-catalog/README.md +++ b/pipelines/internal/update-fbc-catalog/README.md @@ -4,17 +4,17 @@ Tekton pipeline add/update FBC fragments to the FBC catalog by interacting with ## Parameters -| Name | Description | Optional | Default value | -|-------------------------|-----------------------------------------------------------------------------|----------|---------------------| -| iibServiceAccountSecret | Secret containing the credentials for IIB service | yes | iib-service-account | -| publishingCredentials | Publishing credentials used to fetch the image config | yes | catalog-publishing-credentials | -| fbcFragment | FBC fragment built by HACBS | no | - | -| fromIndex | Index image (catalog of catalogs) the FBC fragment will be added to | no | - | -| buildTags | List of additional tags the internal index image copy should be tagged with | yes | '[]' | -| addArches | List of arches the index image should be built for | yes | '[]' | -| hotfix | Whether this build is a hotfix build | yes | false | -| stagedIndex | Whether this build is a staged index build | yes | false | -| buildTimeoutSeconds | IIB Build Service timeout seconds | no | - | +| Name | Description | Optional | Default value | +|-------------------------|-----------------------------------------------------------------------------|----------|---------------------------| +| iibServiceAccountSecret | Secret containing the credentials for IIB service | yes | iib-service-account | +| publishingCredentials | Secret containing the publishing credentials used to fetch the image config | yes | catalog-publishing-secret | +| fbcFragment | FBC fragment built by HACBS | no | - | +| fromIndex | Index image (catalog of catalogs) the FBC fragment will be added to | no | - | +| buildTags | List of additional tags the internal index image copy should be tagged with | yes | '[]' | +| addArches | List of arches the index image should be built for | yes | '[]' | +| hotfix | Whether this build is a hotfix build | yes | false | +| stagedIndex | Whether this build is a staged index build | yes | false | +| buildTimeoutSeconds | IIB Build Service timeout seconds | no | - | ## Changes in 1.1.0 * adds `publishingCredentials` parameter diff --git a/pipelines/internal/update-fbc-catalog/update-fbc-catalog-pipeline.yaml b/pipelines/internal/update-fbc-catalog/update-fbc-catalog-pipeline.yaml index e9a4b39d2..8b0493b33 100644 --- a/pipelines/internal/update-fbc-catalog/update-fbc-catalog-pipeline.yaml +++ b/pipelines/internal/update-fbc-catalog/update-fbc-catalog-pipeline.yaml @@ -19,7 +19,7 @@ spec: - name: publishingCredentials type: string default: "catalog-publishing-secret" - description: Publishing credential used to fetch the image config + description: Secret containing the publishing credentials used to fetch the image config - name: fbcFragment type: string description: FBC fragment built by HACBS diff --git a/tasks/internal/update-fbc-catalog-task/README.md b/tasks/internal/update-fbc-catalog-task/README.md index af58e27a8..855a88c55 100644 --- a/tasks/internal/update-fbc-catalog-task/README.md +++ b/tasks/internal/update-fbc-catalog-task/README.md @@ -10,7 +10,7 @@ Tekton task to submit a IIB build request to add/update a fbc-fragment to an ind | addArches | List of arches the index image should be built for. | No | - | | buildTimeoutSeconds | Timeout seconds to receive the build state | Yes | "300" | | iibServiceAccountSecret | Secret with IIB credentials to be used | No | - | -| publishingCredentials | Publishing credentials used to fetch the image config | No | | +| publishingCredentials | Secret containing the publishing credentials used to fetch the image config | No | - | | hotfix | Whether this build is a hotfix build | Yes | "false" | | stagedIndex | Whether this build is for a staged index build | Yes | "false" | diff --git a/tasks/internal/update-fbc-catalog-task/update-fbc-catalog-task.yaml b/tasks/internal/update-fbc-catalog-task/update-fbc-catalog-task.yaml index 42e0ca9f2..544431b0f 100644 --- a/tasks/internal/update-fbc-catalog-task/update-fbc-catalog-task.yaml +++ b/tasks/internal/update-fbc-catalog-task/update-fbc-catalog-task.yaml @@ -40,7 +40,7 @@ spec: description: Secret with IIB credentials to be used - name: publishingCredentials type: string - description: Publishing credentials used to fetch the image config + description: Secret containing the publishing credentials used to fetch the image config - name: hotfix type: string default: "false" @@ -134,9 +134,10 @@ spec: # authentication is only required for the targetIndex create_auth_file targetIndexCreated="$(skopeo inspect --config "docker://$(params.targetIndex)" | jq -r .created)" - # an empty targetdIndexCreated will cause `date` to use an arbitrary date that could allow - # resuming of a image that requires a new build. + if [ -z "${targetIndexCreated}" ]; then + # we cannot determine the target index created date, stop here. This causes the task to trigger + # a new build. return 0 fi @@ -159,9 +160,9 @@ spec: # disabling debug to not leak the token set +x - jq --arg authName "${authName}" \ - --arg token "$(base64 -w 0 < <(printf %s "${TARGET_INDEX_CREDENTIAL}"))" \ - '.auths[$authName].auth = $token' <<< '{}' > "${HOME}/.config/containers/auth.json" + jq -n --arg authName "${authName}" \ + --arg token "$(base64 -w 0 < <(printf %s "${TARGET_INDEX_CREDENTIAL}"))" \ + '.auths[$authName].auth = $token' > "${HOME}/.config/containers/auth.json" set -x } diff --git a/tasks/managed/add-fbc-contribution/add-fbc-contribution.yaml b/tasks/managed/add-fbc-contribution/add-fbc-contribution.yaml index dd380fa0f..fb222618b 100644 --- a/tasks/managed/add-fbc-contribution/add-fbc-contribution.yaml +++ b/tasks/managed/add-fbc-contribution/add-fbc-contribution.yaml @@ -91,7 +91,7 @@ spec: else iib_service_account_secret="iib-service-account-prod" fi - publishing_credentials=$(jq -r '.fbc.publishingCredentials' "$DATA_FILE") + publishing_credentials=$(jq -r '.fbc.publishingCredentials' // "catalog-publishing-secret" "$DATA_FILE") timestamp_format=$(jq -r '.fbc.timestampFormat // "%s"' "${DATA_FILE}") timestamp=$(date "+${timestamp_format}")