From ea38b8c12c1f80f7616e0830722bf6a44231e133 Mon Sep 17 00:00:00 2001 From: dekiel Date: Fri, 4 Oct 2024 09:05:01 +0200 Subject: [PATCH 1/2] Remove not used pjobs and tools. --- cmd/tools/pjtester/Dockerfile | 27 - cmd/tools/pjtester/README.md | 104 -- cmd/tools/pjtester/main.go | 32 - cmd/tools/rendertemplates/README.md | 196 --- cmd/tools/rendertemplates/main.go | 410 ------ go.mod | 8 +- go.sum | 10 - .../pjconfigtests/pjconfigtests_suite_test.go | 44 - pkg/prow/pjconfigtests/pjconfigtests_test.go | 111 -- pkg/prow/pjconfigtests/validators.go | 22 - .../test-infra/pjconfigtests.yaml | 546 -------- .../kyma-project/test-infra/pjtester.yaml | 1232 ----------------- .../kyma-project/test-infra/validation.yaml | 36 - templates/README.md | 125 -- templates/config.yaml | 303 ---- .../data/test-infra/image-syncer-data.yaml | 44 - templates/data/test-infra/pjconfigtests.yaml | 55 - templates/data/test-infra/pjtester-data.yaml | 82 -- .../data/test-infra/validation-data.yaml | 28 - templates/templates/generic.tmpl | 225 --- 20 files changed, 2 insertions(+), 3638 deletions(-) delete mode 100644 cmd/tools/pjtester/Dockerfile delete mode 100644 cmd/tools/pjtester/README.md delete mode 100644 cmd/tools/pjtester/main.go delete mode 100644 cmd/tools/rendertemplates/README.md delete mode 100644 cmd/tools/rendertemplates/main.go delete mode 100644 pkg/prow/pjconfigtests/pjconfigtests_suite_test.go delete mode 100644 pkg/prow/pjconfigtests/pjconfigtests_test.go delete mode 100644 pkg/prow/pjconfigtests/validators.go delete mode 100644 prow/jobs/kyma-project/test-infra/pjconfigtests.yaml delete mode 100644 prow/jobs/kyma-project/test-infra/pjtester.yaml delete mode 100644 prow/jobs/kyma-project/test-infra/validation.yaml delete mode 100644 templates/README.md delete mode 100644 templates/config.yaml delete mode 100644 templates/data/test-infra/image-syncer-data.yaml delete mode 100644 templates/data/test-infra/pjconfigtests.yaml delete mode 100644 templates/data/test-infra/pjtester-data.yaml delete mode 100644 templates/data/test-infra/validation-data.yaml delete mode 100644 templates/templates/generic.tmpl diff --git a/cmd/tools/pjtester/Dockerfile b/cmd/tools/pjtester/Dockerfile deleted file mode 100644 index 0b73b7db2999..000000000000 --- a/cmd/tools/pjtester/Dockerfile +++ /dev/null @@ -1,27 +0,0 @@ -FROM golang:1.23-alpine as builder - -WORKDIR /app - -COPY go.mod go.sum ./ - -# Download all dependencies. Dependencies will be cached if the go.mod and go.sum files are not changed -RUN go mod download - -# Copy the source to the Working Directory inside the container -COPY . . - -WORKDIR /app/cmd/tools/pjtester - -# Build the Go app with static linking -RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o main . - -FROM alpine:3.20.3 - -LABEL io.kyma-project.source=github.com/kyma-project/test-infra/cmd/tools/pjtester - -# Copy the built Go app from the builder stage -COPY --from=builder /app/cmd/tools/pjtester/main /pjtester - -RUN apk add --no-cache ca-certificates git && \ - chmod +x /pjtester -ENTRYPOINT ["/pjtester"] diff --git a/cmd/tools/pjtester/README.md b/cmd/tools/pjtester/README.md deleted file mode 100644 index 5bb863e6451c..000000000000 --- a/cmd/tools/pjtester/README.md +++ /dev/null @@ -1,104 +0,0 @@ -# Prow Job Tester - -## Overview - -Prow Job tester is a tool for testing changes to the Prow Jobs' definitions and code running in Prow Jobs. It uses the production Prow instance to run chosen Prow Jobs with changes from pull requests (PRs) without going through multiple cycles of new PRs, reviews, and merges. The whole development can be done within one cycle. - -### How It Works - -The workhorse for testing Prow Jobs is a tool written in Go called `pjtester`. It's available in the `prow-tools` Docker image. - -`pjtester` is executed by the presubmit job. This presubmit job is triggered when something changes under the virtual path `vpath/pjtester.yaml`. A PR with the `pjtester.yaml` file is called a pjtester pull request and presubmit running `pjtester` is called pjtester presubmit or pjtester ProwJob. - -`pjtester` expects to find the configuration of Prow Jobs to tests under `vpath/pjtester.yaml`. - -By default, `pjtester` disables Prow Job reporting to Slack. To check the test results, consult the [Prow Status](https://status.build.kyma-project.io/) dashboard. You can enable reporting to Slack by setting a parameter **report** in `pjtester.yaml` to `true`. - -First `pjtester` loads the ProwJob definition. Details from `pjtester.yaml` and from the Prow Job environment variables are used to construct the specification of the Prow Job to test. Prow distinguishes two types of the ProwJob definition sources. Static ProwJobs are stored in the `test-infra` repository and are loaded from local files. Inrepo ProwJobs are stored in other repositories and are loaded through GitHub API. - -If the `pjtester.yaml` file contains the **prConfig** parameter, the provided PR number is used to find and load the test ProwJob definition. It applies to both sources, static and inrepo. - -If **prConfig** is not provided, the Prow Job tester checks if the PR with the `pjtester.yaml` file is against the same repository as the ProwJob to test. `pjtester` uses the environment variables created by Prow for the presubmit job, which contains the PR refs and commit hash. If this condition is true, a pjtester pull request is used to find and load the test ProwJob definition. - -If none of the conditions are met, `pjtester` uses the `heads/main` refs to load the inrepo test ProwJob definition. If the pjtester pull request is open on a repository other than `test-infra`, the static test ProwJob definition is used. If the pjtester pull request is open on the `test-infra` repository, a pjtester pull request is used to find and load the static test ProwJob definition. - -Once the ProwJob definition is found and loaded, `pjtester` generates ProwJob specification. ProwJob name and context reported to GitHub are prefixed with the pjtester prefix. ProwJob refs and extraRefs are set according to the configuration provided in the `pjtester.yaml` file in pjtester ProwJob. - -If the `pjtester.yaml` file contains PR numbers in the **prConfigs** parameter, they are used as ProwJob refs and extraRefs. - -If **prConfigs** doesn't provide a PR number for refs or some extraRefs, but the pjtester pull request is open on the same repository, it is used in the ProwJob specification as refs or extraRefs. - -If some extraRefs are not set in the previous steps, they will be set to values loaded from the source. If ProwJob refs are not set, `pjtester` will set them to match the repository `heads/main` details for postsubmit. Presubmit refs are set to match the latest PR merged to the `main` branch. - -For presubmit jobs, Prow requires the PR's head SHA, PR number and author set in the Prow Job refs. In the `pjtester.yaml` file, you can specify a PR number for a repository against which a tested Prow Job is running. If you don't specify it, `pjtester` finds the latest PR merged to the`main` branch and uses its details for the presubmit refs. - -Finally, `pjtester` creates the ProwJob Kubernetes object on the production Prow instance. The Prow Job name, for which you triggered the test, is prefixed with `{YOUR_GITHUB_USER}_test_of_ProwJob_`. - -Because the `vpath/pjtester.yaml` file is used by `pjtester` only, it must not exist outside the PR. This is why the `pre-vpathgurad` required context is added. It fails whenever the `vpath` directory exists and prevents the PR merge. As soon as the virtual path disappears from the PR, `vpathguard` will allow for the PR merge. - - -## Usage - -Next, you must add the `pjtester.yaml` file to the PR to trigger the `pjtester` execution. `pjtester` is run by `pre--pjtester` Prow Job. - -The `pjtester.yaml` file in the virtual path contains configuration parameters for the `pjtester` tool: - -| Parameter name | Required | Description | -|----------------|----------|---------------------------------------------------------------------------------------------------------| -| **pjConfigs** | Yes | Map containing tests configuration. | Yes | -| **prConfig** | No | Map containing PR number with test Prow Job definition. The map can contain only one prNumber. | Yes | -| **prowJobs** | Yes | Map containing the configuration of Prow Jobs to test. | Yes | -| **pjName** | Yes | Name of the Prow Job to test. | Yes | -| **report** | No | Flag enabling reporting of the Prow Job status to Slack.
The default value is `false`. | No | -| **prConfigs** | No | Map containing the numbers of the pull requests to use in test ProwJobs.
Used as refs or extraRefs. | No | -| **prNumber** | No | PR number to use. | No | - -An example of the complete `pjtester.yaml` file: - -``` -pjConfigs: - prConfig: - kyma-project: - kyma: - prNumber: 1313 - prowJobs: - kyma-project: - kyma: - - pjName: "presubmit-test-job" - report: true - - pjName: "orphaned-disks-cleaner" -prConfigs: # - kyma-project: - kyma: - prNumber: 1212 -``` - -This is the Prow Job tester flow: - -1. Create your feature branch with changes. -2. Create the `vpath/pjtester.yaml` file with the configuration of the Prow Job to test. -3. Create a PR with your changes and the `pjtester.yaml` file. -4. Watch the result of the `{YOUR_GITHUB_USER}_test_of_ProwJob_{TESTED_PROWJOB'S_NAME}` Prow Job. -5. Push new commits to the PR. -6. Redo steps 4 and 5 until you're happy with the test results. -7. Remove the virtual path directory from the PR. -8. Merge your PR. - -### Execution of Any Code Without Review? - -This was the main requirement for this tool. However, we did put some security in place. The `pre-main-test-infra-pjtester` Prow Job is running on the `trusted-workload` cluster, where it has everything it needs for successful execution. Every Prow Job to test is always scheduled on the `untrusted-workload` cluster, where no sensitive data exists. As for any other PR from a non-Kyma-organization member, every test must be triggered manually. - -To prevent overriding existing GitHub contexts results on open PRs with results of execution of test ProwJobs, pjtester adds its prefix to the context defined in the ProwJob definition. This way the test ProwJobs have always their own context name. - -### Things to Remember - -If you need new Secrets on workload clusters, ask the Neighbors team to create them for your tests. - -`pjtester` cannot wait till your new images are build on the PR. This still requires an extra commit after the image is placed in the registry. - -## Development - -The source code of `pjtester` and its tests is located in `test-infra/development/tools/pkg/pjtester`. -The main function used in the binary is located in `test-infra/development/tools/cmd/pjtester`. - -You can't use `pjtester` to test changes to itself. diff --git a/cmd/tools/pjtester/main.go b/cmd/tools/pjtester/main.go deleted file mode 100644 index eccf8d93a2a6..000000000000 --- a/cmd/tools/pjtester/main.go +++ /dev/null @@ -1,32 +0,0 @@ -package main - -import ( - "flag" - "fmt" - "github.com/kyma-project/test-infra/pkg/tools/pjtester" - "os" - - "github.com/sirupsen/logrus" - prowflagutil "k8s.io/test-infra/prow/flagutil" -) - -var ( - log = logrus.New() - ghOptions prowflagutil.GitHubOptions -) - -func main() { - log.SetOutput(os.Stdout) - log.SetLevel(logrus.InfoLevel) - if _, present := os.LookupEnv("IMAGE_COMMIT"); present { - fmt.Printf("IMAGE_COMMIT: %s\n", os.Getenv("IMAGE_COMMIT")) - } - fs := flag.NewFlagSet(os.Args[0], flag.ExitOnError) - ghOptions.AddFlags(fs) - ghOptions.AllowAnonymous = true - _ = fs.Parse(os.Args[1:]) - if err := ghOptions.Validate(false); err != nil { - logrus.WithError(err).Fatalf("github options validation failed") - } - pjtester.SchedulePJ(&ghOptions) -} diff --git a/cmd/tools/rendertemplates/README.md b/cmd/tools/rendertemplates/README.md deleted file mode 100644 index ee4d96f49364..000000000000 --- a/cmd/tools/rendertemplates/README.md +++ /dev/null @@ -1,196 +0,0 @@ -# Render Templates - -## Overview - -The Render Templates is a tool that reads the configuration from a [`config.yaml`](/templates/config.yaml) file and [`data`](/templates/data) files to generate output files, such as Prow component jobs. While the `config.yaml` file can hold configuration for an output file, you can place such data within the data files that hold configuration for related output files. Having separate files with grouped data is cleaner and easier to maintain than one huge config file. - -The `config.yaml` file and the data files specify the following for the Render Templates: -- Templates it must use to generate the output files -- The name and location of the output files -- Values it must use to generate the output files - -### Data for Templates - -The Render Templates passes data in the **$.Values** and **$.Global** variables to the templates to generate files. The values of these variables are created from the `config.yaml` file and data files. The **Global** variable holds data from the **global** key in `config.yaml`. The Render Templates generates the values of the **Values** variable from scratch for each Prow job. The **Values** variable is generated by merging Config Sets. Each Config Set is a map defined in one of three possible places: - -- **Global ConfigSets** defined in the **globalSets** key in the `config.yaml` file: - - ```yaml - globalSets: - image_bootstrap: - image: "eu.gcr.io/kyma-project/test-infra/bootstrap:v20200831-e46c648b" - ``` - - Config Sets defined in **globalSets** hold data used to generate multiple files. A good example of such usage is the `image_bootstrap` global Config Set, which defines a bootstrap image to use in Prow jobs. - - -- **Local ConfigSets** defined under the **localSets** parameter for each **to** key in the `config.yaml` file or in data files in the `templates/data` directory: - - ```yaml - templates: - render: - - to: ../prow/jobs/test-infra/buildpack.yaml - localSets: - default: - skip_report: "false" - max_concurrency: "10" - branches: - - "^main$" - presubmit: - type_presubmit: "true" - labels: - preset-build-pr: "true" - postsubmit: - type_postsubmit: "true" - cluster: "trusted-workload" - ``` - - Config Sets defined in **localSets** have a scope limited to the generated file in which they are defined. Use **localSets** to hold data that is common within the generated file. - - -- **One-job ConfigSets** defined in the **jobConfig** key: - - ```yaml - jobConfigs: - - repoName: "kyma-project/test-infra" - jobs: - - jobConfig: - name: "pre-test-infra-bootstrap" - run_if_changed: "^prow/images/bootstrap/" - args: - - "/home/prow/go/src/github.com/kyma-project/test-infra/prow/images/bootstrap" - ``` - - Config Sets defined in **jobConfig** set data for one job. Use such Config Sets to keep values specific for one job only. - - Every job under the **inheritedConfigs** key specifies which Config Sets are inherited. This key holds a list of Config Sets names from **globalSets** and **localSets**. - - ```yaml - jobConfigs: - - repoName: "kyma-project/test-infra" - jobs: - - jobConfig: - name: "pre-test-infra-bootstrap" - run_if_changed: "^prow/images/bootstrap/" - inheritedConfigs: - global: - - "image_bootstrap" - local: - - "default" - - "presubmit" - ``` - - A component job defined in **jobConfig** can be used to generate multiple job definitions for a single component. It is defined by having a `path` value, and by not having a `name` value. This type of config holds two additional lists of configSets named **preConfigs** and **postConfigs**, which hold lists of global and local Config Sets used for presubmit and postsubmit jobs. - - ```yaml - localSets: - jobConfig_pre: - labels: - preset-build-pr: "true" - jobConfig_post: - labels: - preset-build-main: "true" - jobConfigs: - - repoName: "github.com/kyma-project/kyma" - jobs: - - jobConfig: - path: components/application-gateway - args: - - "/home/prow/go/src/github.com/kyma-project/kyma/components/application-gateway" - run_if_changed: "^components/application-gateway/|^common/makefiles/" - release_since: "1.7" - inheritedConfigs: - global: - - "jobConfig_default" - - "image_buildpack-golang" - - "jobConfig_generic_component" - - "jobConfig_generic_component_kyma" - - "extra_refs_test-infra" - preConfigs: - global: - - "jobConfig_presubmit" - local: - - "jobConfig_pre" - postConfigs: - global: - - "jobConfig_postsubmit" - local: - - "jobConfig_post" - ``` - - The Render Templates tool can generate precommit and postcommit job definitions from a single jobConfig. The job defined in **jobConfigPre** and **jobConfigPost** generates precommit and postcommit job definitions for a single job. This type of config holds two additional lists of values named **jobConfigPre** and **jobConfigPost**, which hold values used for presubmit and postsubmit jobs, as well as two lists of Config Sets named **preConfigs** and **postConfigs**, which hold lists of global and local Config Sets used for presubmit and postsubmit jobs. - - ```yaml - jobConfigs: - - repoName: kyma-project/control-plane - jobs: - - jobConfig: - labels: - preset-common: "true" - jobConfigPre: - name: pre-main-kcp-cli - run_if_changed: "^tools/cli" - jobConfigPost: - name: post-main-kcp-cli - labels: - preset-build-artifacts-main: "true" - inheritedConfigs: - global: - - "jobConfig_default" - local: - - "jobConfig_default_kcp" - preConfigs: - global: - - "jobConfig_presubmit" - postConfigs: - global: - - "jobConfig_postsubmit" - ``` - -The Render Templates tool builds the **Values** variable in the following order: - -1. Config Sets from **globalSets** are merged. If the job inherits the `default` Config Set from **globalSets**, it is merged first and all other Config Sets from **globalSets** are merged afterwards. - -2. The Render Templates merges Config Sets from **localSets**. Again, if the job inherits the `default` Config Set from **localSets**, it's merged first and then all the other Config Sets from **localSets** are merged. - -3. Config Sets from **jobConfig** are merged as the last ones. - -Existing keys in the **Values** variable are overwritten by values from the merged Config Sets. - -> **NOTE:** Config Sets other than default are merged in any order during the **globalSets** and **localSets** phases. - - -## Usage - -To run this tool, use one of these commands: - -```bash -go run development/tools/cmd/rendertemplates/main.go --data path/to/directory/with/data/files -``` -or -```bash -make jobs-definitions -``` - -By default, the Render Templates downloads `config.yaml` and templates files from [GitHub](https://github.com/kyma-project/test-infra). You can specify paths to the `config.yaml` file and templates directory on the command line to override defaults. - -To work with local files only, provide all paths in flags. - -Example for test-infra repository: -```bash -go run development/tools/cmd/rendertemplates/main.go --config templates/config.yaml --templates templates/templates --data templates/data -``` - -### Flags - -This tool uses one flag: - -| Name | Required | Description | -|-------------------------------------|:--------:|---------------------------------------------------------------------------------------------------------------------------------------------------| -| **‑‑config** | No | Path to the Render Templates configuration. file. | -| **‑‑data** | No | Path to directory with data files. Mutual exclusive with `--data-file`. argument | -| **‑‑data-file** | No | Path to the data file. Mutual exclusive with `--data`. argument. | -| **‑‑templates** | No | Path to the directory with templates. files. | -| **‑‑gh-token** | No | GitHub personal access token. Use it to get files from GitHub as an authenticated user. By default the Render Templates accesses GitHub as an anonymous user. | -| **‑‑show-output-dir** | No | Prints out the paths to data files and to the generated files. | -| **‑‑append-slice** | No | Append slices instead of overwriting them when merging. | diff --git a/cmd/tools/rendertemplates/main.go b/cmd/tools/rendertemplates/main.go deleted file mode 100644 index 59f71cc835e0..000000000000 --- a/cmd/tools/rendertemplates/main.go +++ /dev/null @@ -1,410 +0,0 @@ -package main - -import ( - "bytes" - "encoding/gob" - "flag" - "fmt" - "github.com/kyma-project/test-infra/pkg/github/client" - rt "github.com/kyma-project/test-infra/pkg/tools/rendertemplates" - "io/fs" - "log" - "os" - "path" - "path/filepath" - "sort" - "strings" - "text/template" - - "github.com/Masterminds/sprig" - "github.com/google/go-github/v48/github" - "github.com/imdario/mergo" - "golang.org/x/net/context" - "gopkg.in/yaml.v3" - "k8s.io/apimachinery/pkg/util/sets" -) - -const ( - // autogenerationMessage is message added at the beginning of each autogenerated file. - autogenerationMessage = "Code generated by rendertemplates. DO NOT EDIT." - // configGithubOrg is a default organisation name to get rendertemplate from GitHub - configGithubOrg = "kyma-project" - // configGithubRepo is a default repository name to get rendertemplate from GitHub - configGithubRepo = "test-infra" - // configGithubPath is a default path to get rendertemplate from GitHub - configGithubPath = "templates/config.yaml" - // templatesDirGithubPath is a default templates directory path to get templates from GitHub - templatesDirGithubPath = "templates/templates" -) - -var ( - configFilePath = flag.String("config", "", "Path to the config file.") - dataDirPath = flag.String("data", ".", "Path to the data directory.") - dataFilePath = flag.String("data-file", "", "Path to the data file.") - templatesDirPath = flag.String("templates", "", "Path to the templates directory.") - showOutputDir = flag.Bool("show-output-dir", false, "Print generated output file paths to stdout") - ghToken = flag.String("gh-token", "", "GitHub Access Token") - - ghClient *github.Client - configFile []byte - err error - dataFiles []string - - additionalFuncs = map[string]interface{}{ - "matchingReleases": rt.MatchingReleases, - "releaseMatches": rt.ReleaseMatches, - "hasPresubmit": hasPresubmit, - "hasPostsubmit": hasPostsubmit, - "hasPeriodic": hasPeriodic, - "getRunId": getRunID, - } - commentSignByFileExt = map[string]sets.Set[string]{ - "//": sets.New[string](".go"), - "> ": sets.New[string](".md"), - "#": sets.New[string](".yaml", ".yml"), - } -) - -func init() { - gob.Register(rt.ConfigSet{}) - gob.Register(map[string]interface{}{}) - gob.Register(map[interface{}]interface{}{}) - gob.Register([]interface{}{}) -} - -func main() { - mergoConfig := mergo.Config{} - // templatesCache stores already downloaded templates from GitHub to decrease API calls and prevent hit a rate limits. - templatesCache := make(map[string]*template.Template) - ctx := context.Background() - - flag.BoolVar(&mergoConfig.AppendSlice, "append-slice", false, "Rendertemplate will append slices instead overwriting.") - flag.Parse() - - if *ghToken != "" { - ghc, err := client.NewClient(ctx, *ghToken) - if err != nil { - log.Fatalf("Failed create authenticated GitHub Client: error: %s:", err.Error()) - } - ghClient = ghc.Client - } else { - ghClient = github.NewClient(nil) - } - - if *configFilePath == "" { - // read rendertemplate config file from github - // rendertemplate config contains global configsets - configFile, err = getConfigFromGithub(ctx, ghClient) - if err != nil { - log.Fatalf("Failed load rendertemplate config file from github.com/%s/%s/%s, error: %s", configGithubOrg, configGithubRepo, configGithubPath, err.Error()) - } - } else { - // read rendertemplate config file from local filesystem - // rendertemplate config contains global configsets - configFile, err = os.ReadFile(*configFilePath) - if err != nil { - log.Fatalf("Cannot read config file from local filesystem: %s", err.Error()) - } - } - - rtConfig := new(rt.Config) - err = yaml.Unmarshal(configFile, rtConfig) - if err != nil { - log.Fatalf("Cannot parse config yaml: %s\n", err.Error()) - } - - if *dataFilePath != "" { - // read only provided data file - dataFiles = append(dataFiles, *dataFilePath) - *dataDirPath = path.Dir(*dataFilePath) - } else if *dataFilePath == "" && *dataDirPath != "" { - // read all template data from data files - err = filepath.Walk(*dataDirPath, getFileWalkFunc(&dataFiles)) - if err != nil { - log.Fatalf("Cannot read data file directory: %s", err) - } - } else { - log.Fatalf("Cannot read data file directory: %s", err) - } - - // var dataFilesTemplates []*rt.TemplateConfig - for _, dataFile := range dataFiles { - var dataFileConfig rt.Config - var cfg bytes.Buffer - // Load datafile as template. - t, err := loadTemplate(dataFile, templatesCache) - if err != nil { - log.Fatalf("Could not load data file %s: %v", dataFile, err) - } - // Execute rendering the datafile from datafile itself as a template and config as data. - // Store it in-memory. At this point the config has all the global values from config.yaml file. - // We do this in case a datafile to generate prowjobs definitions is itself a template, thus - // it contains golang template actions. We execute a datafile as template with config as datafile to set - // some datafile values from config global values. This is used for generating prowjobs for supported - // releases only. Config global values provide list of supported releases. This is used as data to render - // datafiles containing only supported releases versions as data. - // This rendered datafiles are then used to render prowjobs definitions, by applying prowjob definition - // template to them. - // If datafile doesn't contain any golang templates actions, output will be just a datafile itself. - if err := t.Execute(&cfg, rtConfig); err != nil { - log.Fatalf("Cannot render data template: %v", err) - } - if err := yaml.Unmarshal(cfg.Bytes(), &dataFileConfig); err != nil { - log.Fatalf("Cannot parse data file %s: %s\n", dataFile, err) - } - // append all generated configs from datafile to the list of templates to generate jobs from - rtConfig.TemplatesConfigs = append(rtConfig.TemplatesConfigs, dataFileConfig.TemplatesConfigs...) - } - - rtConfig.Merge(mergoConfig) - - // sort template configs by value of FromTo (see: https://github.com/kyma-project/test-infra/issues/6694) - sort.Slice(rtConfig.TemplatesConfigs, func(i, j int) bool { - return rtConfig.TemplatesConfigs[i].FromTo[0].String() < rtConfig.TemplatesConfigs[j].FromTo[0].String() - }) - - // generate final .yaml files - for _, templateConfig := range rtConfig.TemplatesConfigs { - err = renderTemplate(*dataDirPath, templateConfig, rtConfig, templatesCache) - if err != nil { - log.Fatalf("Cannot render template %s: %s", templateConfig.From, err) - } - } -} - -// getConfigFromGithub downloads rendertemplate config from GitHub. -// It uses default location in test-infra repository. -func getConfigFromGithub(ctx context.Context, ghClient *github.Client) ([]byte, error) { - // ctx := context.Background() - configFileContent, _, resp, err := ghClient.Repositories.GetContents(ctx, configGithubOrg, configGithubRepo, configGithubPath, &github.RepositoryContentGetOptions{Ref: "main"}) - if err != nil { - return nil, err - } - if ok, err := client.IsStatusOK(resp); !ok { - return nil, err - } - file, err := configFileContent.GetContent() - if err != nil { - return nil, err - } - return []byte(file), nil -} - -// getTemplateFromGithub downloads template from GitHub. -// It uses default location in test-infra repository. -// Downloaded template is cached to avoid hitting GitHub API rate limits. -func getTemplateFromGithub(ghClient *github.Client, templateFileName string) (string, error) { - ctx := context.Background() - templateFilePath := path.Join(templatesDirGithubPath, templateFileName) - configFileContent, _, resp, err := ghClient.Repositories.GetContents(ctx, configGithubOrg, configGithubRepo, templateFilePath, &github.RepositoryContentGetOptions{Ref: "main"}) - if err != nil { - return "", err - } - if ok, err := client.IsStatusOK(resp); !ok { - return "", err - } - file, err := configFileContent.GetContent() - if err != nil { - return "", err - } - return file, nil -} - -// getFileWalkFunc returns walk function that will recursively find YAML files and will return list of path to these files -func getFileWalkFunc(dataFiles *[]string) filepath.WalkFunc { - return func(path string, info fs.FileInfo, err error) error { - // pass the error further, this shouldn't ever happen - if err != nil { - return err - } - - // skip directory entries, we just want files - if info.IsDir() { - return nil - } - - // we only want to check .yaml files - if !strings.Contains(info.Name(), ".yaml") { - return nil - } - - // get relative path - // dataFile := strings.Replace(path, dataFilesDir, "", -1) - // add all YAML files to the list - *dataFiles = append(*dataFiles, path) - - return nil - } -} - -// renderTemplate loads the template and calls the function that renders final files -func renderTemplate(dataFilesDir string, templateConfig *rt.TemplateConfig, config *rt.Config, tplCache map[string]*template.Template) error { - for _, fromTo := range templateConfig.FromTo { - var ( - templateInstance *template.Template - err error - ) - if *showOutputDir { - log.Printf("Rendering %s", fromTo) - } - if *templatesDirPath != "" { - templatePath := path.Join(*templatesDirPath, fromTo.From) - templateInstance, err = loadTemplate(templatePath, tplCache) - } else { - templateInstance, err = loadTemplateFromGithub(fromTo.From, tplCache) - } - if err != nil { - return err - } - for _, render := range templateConfig.RenderConfigs { - err = renderFileFromTemplate(dataFilesDir, templateInstance, *render, config, fromTo) - if err != nil { - log.Printf("Failed render %s file", fromTo.To) - return err - } - } - } - - return nil -} - -// renderFileFromTemplate renders template to file, based on the data passed to the template -func renderFileFromTemplate(basePath string, templateInstance *template.Template, renderConfig rt.RenderConfig, config *rt.Config, fromTo rt.FromTo) error { - relativeDestPath := path.Join(basePath, fromTo.To) - - destDir := path.Dir(relativeDestPath) - err := os.MkdirAll(destDir, os.ModePerm) - if err != nil { - return err - } - - destFile, err := os.Create(relativeDestPath) - if err != nil { - return err - } - - if err := addAutogeneratedHeader(destFile); err != nil { - return err - } - - values := map[string]interface{}{"Values": renderConfig.Values, "Global": config.Global} - - return templateInstance.Execute(destFile, values) -} - -// loadTemplate load template read from local file path. -func loadTemplate(templatePath string, tplCache map[string]*template.Template) (*template.Template, error) { - templateInstance := getTemplateFromCache(templatePath, tplCache) - if templateInstance != nil { - return templateInstance, nil - } - templateInstance, err = template. - New(path.Base(templatePath)). - Funcs(sprig.TxtFuncMap()). - Funcs(additionalFuncs). - ParseFiles(templatePath) - if err != nil { - return nil, err - } - addTemplateToCache(templatePath, templateInstance, tplCache) - return templateInstance, nil -} - -// loadTemplateFromGithub load template downloaded from GitHub. -func loadTemplateFromGithub(templateFileName string, tplCache map[string]*template.Template) (*template.Template, error) { - templateInstance := getTemplateFromCache(templateFileName, tplCache) - if templateInstance != nil { - return templateInstance, nil - } - templateString, err := getTemplateFromGithub(ghClient, templateFileName) - if err != nil { - return nil, err - } - templateInstance, err = template. - New(path.Base(templateFileName)). - Funcs(sprig.TxtFuncMap()). - Funcs(additionalFuncs). - Parse(templateString) - if err != nil { - return nil, err - } - addTemplateToCache(templateFileName, templateInstance, tplCache) - return templateInstance, nil -} - -// getTemplateFromCache will return a template from local cache. A template lookup is based on provided cacheKey. -func getTemplateFromCache(cacheKey string, cache map[string]*template.Template) *template.Template { - if tpl, ok := cache[cacheKey]; ok { - return tpl - } - return nil -} - -// addTemplateToCache will add template to the cache. A cacheKey will be used as a map key for template entry. -// This key is used for template lookup when searchin for template in cache. -func addTemplateToCache(cacheKey string, tpl *template.Template, cache map[string]*template.Template) { - cache[cacheKey] = tpl -} - -func addAutogeneratedHeader(destFile *os.File) error { - outputExt := filepath.Ext(destFile.Name()) - sign, err := commentSign(outputExt) - if err != nil { - return err - } - - header := fmt.Sprintf("%s %s\n\n", sign, autogenerationMessage) - if _, err := destFile.WriteString(header); err != nil { - return err - } - - return nil -} - -func commentSign(extension string) (string, error) { - for sign, extFile := range commentSignByFileExt { - if extFile.Has(extension) { - return sign, nil - } - } - return "", fmt.Errorf("cannot add autogenerated header comment: unknow comment sign for %q file extension", extension) -} - -// hasProwjobType check if prowjobtype value is present in prowjob configs. -func hasProwjobType(r []rt.Repo, prowjobtype string) bool { - for _, repo := range r { - for _, job := range repo.Jobs { - if _, ok := job.JobConfig[prowjobtype]; ok { - return ok - } - } - } - return false -} - -// hasPresubmit check if any prowjob is type_presubmit -func hasPresubmit(r []rt.Repo) bool { - return hasProwjobType(r, "type_presubmit") -} - -// hasPresubmit check if any prowjob is type_postsubmit -func hasPostsubmit(r []rt.Repo) bool { - return hasProwjobType(r, "type_postsubmit") -} - -// hasPresubmit check if any prowjob is type_periodic -func hasPeriodic(r []rt.Repo) bool { - return hasProwjobType(r, "type_periodic") -} - -// getRunID trims the prowjob name to 63 characters and makes sure it doesn't end with dash to match pubsub requirements. -func getRunID(name interface{}) string { - jobName := name.(string) - if len(jobName) > 63 { - jobName = jobName[0:63] - for jobName[len(jobName)-1:] == "-" { - jobName = jobName[:len(jobName)-1] - } - } - return "\"" + jobName + "\"" -} diff --git a/go.mod b/go.mod index 297b076b8b91..01b3e19cbc5f 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,7 @@ module github.com/kyma-project/test-infra -go 1.22 +go 1.22.0 + toolchain go1.23.0 require ( @@ -10,7 +11,6 @@ require ( cloud.google.com/go/pubsub v1.43.0 cloud.google.com/go/storage v1.43.0 github.com/Masterminds/semver v1.5.0 - github.com/Masterminds/sprig v2.22.0+incompatible github.com/avast/retry-go/v4 v4.6.0 github.com/cenkalti/backoff/v4 v4.3.0 github.com/cloudevents/sdk-go/v2 v2.15.2 @@ -61,7 +61,6 @@ require ( contrib.go.opencensus.io/exporter/prometheus v0.4.0 // indirect github.com/BobuSumisu/aho-corasick v1.0.3 // indirect github.com/GoogleCloudPlatform/testgrid v0.0.123 // indirect - github.com/Masterminds/goutils v1.1.1 // indirect github.com/andygrunwald/go-jira v1.14.0 // indirect github.com/aws/aws-sdk-go v1.38.49 // indirect github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect @@ -126,7 +125,6 @@ require ( github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/hashicorp/golang-lru v0.5.4 // indirect github.com/hashicorp/hcl v1.0.0 // indirect - github.com/huandu/xstrings v1.4.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect @@ -141,10 +139,8 @@ require ( github.com/mattn/go-runewidth v0.0.14 // indirect github.com/mattn/go-zglob v0.0.2 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect - github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect - github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/muesli/reflow v0.2.1-0.20210115123740-9e1d0d53df68 // indirect diff --git a/go.sum b/go.sum index c20138a5314a..032f5d014032 100644 --- a/go.sum +++ b/go.sum @@ -89,12 +89,8 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= github.com/GoogleCloudPlatform/testgrid v0.0.123 h1:S5LE2LjkPsUlyt7blkIgwajiUfgFzv5s17+TkyKDfnI= github.com/GoogleCloudPlatform/testgrid v0.0.123/go.mod h1:4Ojwl21NNySkM1rG8hT9K2bugPX9fIrc2hC+GHegLR8= -github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= -github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= -github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60= -github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= @@ -425,8 +421,6 @@ github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uG github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU= -github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= @@ -508,15 +502,11 @@ github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zk github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/microsoft/azure-devops-go-api/azuredevops/v7 v7.1.0 h1:mmJCWLe63QvybxhW1iBmQWEaCKdc4SKgALfTNZ+OphU= github.com/microsoft/azure-devops-go-api/azuredevops/v7 v7.1.0/go.mod h1:mDunUZ1IUJdJIRHvFb+LPBUtxe3AYB5MI6BMXNg8194= -github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= -github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= -github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= diff --git a/pkg/prow/pjconfigtests/pjconfigtests_suite_test.go b/pkg/prow/pjconfigtests/pjconfigtests_suite_test.go deleted file mode 100644 index b79a7ed497c5..000000000000 --- a/pkg/prow/pjconfigtests/pjconfigtests_suite_test.go +++ /dev/null @@ -1,44 +0,0 @@ -package pjconfigtests_test - -import ( - kprow "github.com/kyma-project/test-infra/pkg/prow" - "os" - "path" - "testing" - - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - "k8s.io/test-infra/prow/config" -) - -var ( - presubmitFixtures []config.Presubmit - postsubmitFixtures []config.Postsubmit - periodicFixtures []config.Periodic -) - -func TestProwjobsConfig(t *testing.T) { - // Skip tests if not running in CI environment. This is to avoid running tests locally as it will fail due to missing environment variables and wrong default paths. - if os.Getenv("CI") != "true" { - t.Skip() - } - // Skip tests if not running in pull request pjconfigtest prowjob. This is to avoid running tests in golang unit test prowjobs. - if os.Getenv("JOB_NAME") != "pull-"+os.Getenv("REPO_NAME")+"-pjconfigtest" { - t.Skip() - } - RegisterFailHandler(Fail) - - var err error - g := NewGomegaWithT(t) - - orgName := os.Getenv("REPO_OWNER") - repoName := os.Getenv("REPO_NAME") - g.Expect(orgName).ToNot(BeZero(), "Variable orgName is zero value.") - g.Expect(repoName).ToNot(BeZero(), "Variable repoName is zero value.") - inrepoConfigPath := path.Join(kprow.OrgDefaultClonePath, orgName, repoName) - // Load prowjobs config to be tested. - presubmitFixtures, postsubmitFixtures, periodicFixtures, err = kprow.GetProwjobsConfigForProwjob(orgName, repoName, kprow.ProwConfigDefaultClonePath, kprow.JobConfigDefaultClonePath, inrepoConfigPath) - g.Expect(err).To(BeNil()) - - RunSpecs(t, "Prowjobs config suite") -} diff --git a/pkg/prow/pjconfigtests/pjconfigtests_test.go b/pkg/prow/pjconfigtests/pjconfigtests_test.go deleted file mode 100644 index 894ea2f1bc45..000000000000 --- a/pkg/prow/pjconfigtests/pjconfigtests_test.go +++ /dev/null @@ -1,111 +0,0 @@ -package pjconfigtests_test - -import ( - "github.com/kyma-project/test-infra/pkg/opagatekeeper" - kprow "github.com/kyma-project/test-infra/pkg/prow" - "github.com/kyma-project/test-infra/pkg/prow/pjconfigtests" - "os" - "path" - - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - . "github.com/onsi/gomega/gstruct" - "gopkg.in/yaml.v3" -) - -const ( - privilegedContainersConstraintFileOrgPath = "kyma-project/test-infra/prow/cluster/resources/gatekeeper-constraints/workloads/privilegedContainers.yaml" -) - -var privilegedContainersConstraint opagatekeeper.K8sPSPPrivilegedContainer - -var _ = BeforeSuite(func() { - // Reade privileged containers constraint from file. - privilegedContainersConstraintFilePath := path.Join(kprow.OrgDefaultClonePath, privilegedContainersConstraintFileOrgPath) - privilegedContainersConstraint = opagatekeeper.K8sPSPPrivilegedContainer{} - privilegedContainersConstraintYaml, err := os.ReadFile(privilegedContainersConstraintFilePath) - Expect(err).To(BeNil()) - err = yaml.Unmarshal(privilegedContainersConstraintYaml, &privilegedContainersConstraint) - Expect(err).To(BeNil()) -}) - -var _ = Describe("Prowjob,", func() { - Context("of presubmit type,", func() { - for _, pj := range presubmitFixtures { - pj := pj - It("has pubsub config,", func() { - Expect(pj.Labels).To(MatchKeys(IgnoreExtras, Keys{ - "prow.k8s.io/pubsub.project": Equal("sap-kyma-prow"), - "prow.k8s.io/pubsub.runID": Not(BeZero()), - "prow.k8s.io/pubsub.topic": Equal("prowjobs"), - }), "[PJ config test failed] Presubmit %s is missing pubsub required labels.", pj.Name) - }) - It("has ownership annotation", func() { - missingAnnotations := kprow.CheckRequiredAnnotations(pj.Name, pj.Annotations) - Expect(missingAnnotations).To(BeZero(), "%s\n", missingAnnotations) - }) - When("using privileged container,", func() { - It("use allowed image", func() { - for _, container := range pj.Spec.Containers { - if container.SecurityContext != nil && container.SecurityContext.Privileged != nil && *container.SecurityContext.Privileged { - allowedImage := pjconfigtests.IsPrivilegedAllowedImage(container.Image, privilegedContainersConstraint) - Expect(allowedImage).To(BeTrue(), "[PJ config test failed] Presubmit %s is using privileged container with not allowed image %s.", pj.Name, container.Image) - } - } - }) - }) - } - }) - Context("of postsubmit type,", func() { - for _, pj := range postsubmitFixtures { - pj := pj - It("has pubsub config,", func() { - Expect(pj.Labels).To(MatchKeys(IgnoreExtras, Keys{ - "prow.k8s.io/pubsub.project": Equal("sap-kyma-prow"), - "prow.k8s.io/pubsub.runID": Not(BeZero()), - "prow.k8s.io/pubsub.topic": Equal("prowjobs"), - }), "[PJ config test failed] Postsubmit %s is missing pubsub required labels.", pj.Name) - }) - It("has ownership annotation", func() { - missingAnnotations := kprow.CheckRequiredAnnotations(pj.Name, pj.Annotations) - Expect(missingAnnotations).To(BeZero(), "%s\n", missingAnnotations) - }) - When("using privileged container,", func() { - It("use allowed image", func() { - for _, container := range pj.Spec.Containers { - if container.SecurityContext != nil && container.SecurityContext.Privileged != nil && *container.SecurityContext.Privileged { - allowedImage := pjconfigtests.IsPrivilegedAllowedImage(container.Image, privilegedContainersConstraint) - Expect(allowedImage).To(BeTrue(), "[PJ config test failed] Postsubmit %s is using privileged container with not allowed image %s.", pj.Name, container.Image) - } - } - }) - }) - } - }) - Context("of periodic type,", func() { - for _, pj := range periodicFixtures { - pj := pj - It("has pubsub config,", func() { - Expect(pj.Labels).To(MatchKeys(IgnoreExtras, Keys{ - "prow.k8s.io/pubsub.project": Equal("sap-kyma-prow"), - "prow.k8s.io/pubsub.runID": Not(BeZero()), - "prow.k8s.io/pubsub.topic": Equal("prowjobs"), - }), "[PJ config test failed] Periodic %s is missing pubsub required labels.", pj.Name) - }) - It("has ownership annotation", func() { - missingAnnotations := kprow.CheckRequiredAnnotations(pj.Name, pj.Annotations) - Expect(missingAnnotations).To(BeZero(), "%s\n", missingAnnotations) - }) - When("using privileged container,", func() { - It("use allowed image", func() { - for _, container := range pj.Spec.Containers { - if container.SecurityContext != nil && container.SecurityContext.Privileged != nil && *container.SecurityContext.Privileged { - allowedImage := pjconfigtests.IsPrivilegedAllowedImage(container.Image, privilegedContainersConstraint) - Expect(allowedImage).To(BeTrue(), "[PJ config test failed] Periodic %s is using privileged container with not allowed image %s.", pj.Name, container.Image) - } - } - }) - }) - } - }) -}) diff --git a/pkg/prow/pjconfigtests/validators.go b/pkg/prow/pjconfigtests/validators.go deleted file mode 100644 index b0aab04dc24d..000000000000 --- a/pkg/prow/pjconfigtests/validators.go +++ /dev/null @@ -1,22 +0,0 @@ -package pjconfigtests - -import ( - "github.com/kyma-project/test-infra/pkg/opagatekeeper" - "strings" -) - -func IsPrivilegedAllowedImage(image string, privilegedContainersConstraint opagatekeeper.K8sPSPPrivilegedContainer) bool { - for _, exemptImage := range privilegedContainersConstraint.Spec.Parameters.ExemptImages { - if strings.HasSuffix(exemptImage, "*") { - prefix := strings.TrimSuffix(exemptImage, "*") - if strings.HasPrefix(image, prefix) { - return true - } - } else { - if image == exemptImage { - return true - } - } - } - return false -} diff --git a/prow/jobs/kyma-project/test-infra/pjconfigtests.yaml b/prow/jobs/kyma-project/test-infra/pjconfigtests.yaml deleted file mode 100644 index cac00036ffc1..000000000000 --- a/prow/jobs/kyma-project/test-infra/pjconfigtests.yaml +++ /dev/null @@ -1,546 +0,0 @@ -# Code generated by rendertemplates. DO NOT EDIT. - - -presubmits: # runs on PRs - kyma-project/test-infra: - - name: pull-test-infra-pjconfigtest - annotations: - description: "Run ginkgo suite tests for prowjobs definitions for test-infra" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-test-infra-pjconfigtest" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^prow/jobs/' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/test-infra/ginkgo:v20240909-95731ea6" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/ginkgo" - args: - - "-r" - - "/home/prow/go/src/github.com/kyma-project/test-infra/pkg/prow/pjconfigtests" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/kyma: - - name: pull-kyma-pjconfigtest - annotations: - description: "Run ginkgo suite tests for prowjobs definitions for kyma" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-kyma-pjconfigtest" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^.prow/|^.prow.yaml' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/test-infra/ginkgo:v20240909-95731ea6" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/ginkgo" - args: - - "-r" - - "/home/prow/go/src/github.com/kyma-project/test-infra/pkg/prow/pjconfigtests" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/busola: - - name: pull-busola-pjconfigtest - annotations: - description: "Run ginkgo suite tests for prowjobs definitions for busola" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-busola-pjconfigtest" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^.prow/|^.prow.yaml' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/test-infra/ginkgo:v20240909-95731ea6" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/ginkgo" - args: - - "-r" - - "/home/prow/go/src/github.com/kyma-project/test-infra/pkg/prow/pjconfigtests" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/control-plane: - - name: pull-control-plane-pjconfigtest - annotations: - description: "Run ginkgo suite tests for prowjobs definitions for control-plane" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-control-plane-pjconfigtest" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^.prow/|^.prow.yaml' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/test-infra/ginkgo:v20240909-95731ea6" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/ginkgo" - args: - - "-r" - - "/home/prow/go/src/github.com/kyma-project/test-infra/pkg/prow/pjconfigtests" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/lifecycle-manager: - - name: pull-lifecycle-manager-pjconfigtest - annotations: - description: "Run ginkgo suite tests for prowjobs definitions for lifecycle-manager" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-lifecycle-manager-pjconfigtest" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^.prow/|^.prow.yaml' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/test-infra/ginkgo:v20240909-95731ea6" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/ginkgo" - args: - - "-r" - - "/home/prow/go/src/github.com/kyma-project/test-infra/pkg/prow/pjconfigtests" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/community: - - name: pull-community-pjconfigtest - annotations: - description: "Run ginkgo suite tests for prowjobs definitions for community" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-community-pjconfigtest" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^.prow/|^.prow.yaml' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/test-infra/ginkgo:v20240909-95731ea6" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/ginkgo" - args: - - "-r" - - "/home/prow/go/src/github.com/kyma-project/test-infra/pkg/prow/pjconfigtests" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/examples: - - name: pull-examples-pjconfigtest - annotations: - description: "Run ginkgo suite tests for prowjobs definitions for examples" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-examples-pjconfigtest" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^.prow/|^.prow.yaml' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/test-infra/ginkgo:v20240909-95731ea6" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/ginkgo" - args: - - "-r" - - "/home/prow/go/src/github.com/kyma-project/test-infra/pkg/prow/pjconfigtests" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/api-gateway: - - name: pull-api-gateway-pjconfigtest - annotations: - description: "Run ginkgo suite tests for prowjobs definitions for api-gateway" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-api-gateway-pjconfigtest" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^.prow/|^.prow.yaml' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/test-infra/ginkgo:v20240909-95731ea6" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/ginkgo" - args: - - "-r" - - "/home/prow/go/src/github.com/kyma-project/test-infra/pkg/prow/pjconfigtests" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/istio: - - name: pull-istio-pjconfigtest - annotations: - description: "Run ginkgo suite tests for prowjobs definitions for istio" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-istio-pjconfigtest" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^.prow/|^.prow.yaml' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/test-infra/ginkgo:v20240909-95731ea6" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/ginkgo" - args: - - "-r" - - "/home/prow/go/src/github.com/kyma-project/test-infra/pkg/prow/pjconfigtests" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/runtime-watcher: - - name: pull-runtime-watcher-pjconfigtest - annotations: - description: "Run ginkgo suite tests for prowjobs definitions for runtime-watcher" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-runtime-watcher-pjconfigtest" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^.prow/|^.prow.yaml' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/test-infra/ginkgo:v20240909-95731ea6" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/ginkgo" - args: - - "-r" - - "/home/prow/go/src/github.com/kyma-project/test-infra/pkg/prow/pjconfigtests" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/kyma-dashboard: - - name: pull-kyma-dashboard-pjconfigtest - annotations: - description: "Run ginkgo suite tests for prowjobs definitions for kyma-dashboard" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-kyma-dashboard-pjconfigtest" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^.prow/|^.prow.yaml' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/test-infra/ginkgo:v20240909-95731ea6" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/ginkgo" - args: - - "-r" - - "/home/prow/go/src/github.com/kyma-project/test-infra/pkg/prow/pjconfigtests" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/btp-manager: - - name: pull-btp-manager-pjconfigtest - annotations: - description: "Run ginkgo suite tests for prowjobs definitions for btp-manager" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-btp-manager-pjconfigtest" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^.prow/|^.prow.yaml' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/test-infra/ginkgo:v20240909-95731ea6" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/ginkgo" - args: - - "-r" - - "/home/prow/go/src/github.com/kyma-project/test-infra/pkg/prow/pjconfigtests" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/kyma-environment-broker: - - name: pull-kyma-environment-broker-pjconfigtest - annotations: - description: "Run ginkgo suite tests for prowjobs definitions for kyma-environment-broker" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-kyma-environment-broker-pjconfigtest" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^.prow/|^.prow.yaml' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/test-infra/ginkgo:v20240909-95731ea6" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/ginkgo" - args: - - "-r" - - "/home/prow/go/src/github.com/kyma-project/test-infra/pkg/prow/pjconfigtests" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/compass-manager: - - name: pull-compass-manager-pjconfigtest - annotations: - description: "Run ginkgo suite tests for prowjobs definitions for compass-manager" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-compass-manager-pjconfigtest" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^.prow/|^.prow.yaml' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/test-infra/ginkgo:v20240909-95731ea6" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/ginkgo" - args: - - "-r" - - "/home/prow/go/src/github.com/kyma-project/test-infra/pkg/prow/pjconfigtests" - resources: - requests: - memory: 100M - cpu: 200m - \ No newline at end of file diff --git a/prow/jobs/kyma-project/test-infra/pjtester.yaml b/prow/jobs/kyma-project/test-infra/pjtester.yaml deleted file mode 100644 index de59f8843f63..000000000000 --- a/prow/jobs/kyma-project/test-infra/pjtester.yaml +++ /dev/null @@ -1,1232 +0,0 @@ -# Code generated by rendertemplates. DO NOT EDIT. - - -presubmits: # runs on PRs - kyma-project/test-infra: - - name: pull-test-infra-pjtester - annotations: - description: "Schedule prowjobs tests using pjtester for test-infra" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-test-infra-pjtester" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: trusted-workload - max_concurrency: 10 - branches: - - ^.*$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/pjtester:v20241002-aac0cb23" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/pjtester" - args: - - "--github-token-path=/etc/github/oauth" - env: - - name: KUBECONFIG_PATH - value: "/etc/kubeconfig/pjtester/config" - resources: - requests: - memory: 100M - cpu: 200m - volumeMounts: - - name: oauth - mountPath: /etc/github - readOnly: true - - name: pjtester-kubeconfig - mountPath: /etc/kubeconfig/pjtester - readOnly: true - volumes: - - name: oauth - secret: - secretName: pjtester-github-oauth-token - - name: pjtester-kubeconfig - secret: - secretName: pjtester-kubeconfig - - name: pull-test-infra-vpathguard - annotations: - description: "Run pjtester vpathguard for test-infra" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-test-infra-vpathguard" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/alpine:v20241001-f0fc4ad0" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/bin/ash" - args: - - "-c" - - "if [ -d /home/prow/go/src/github.com/kyma-project/test-infra/vpath ]; then (echo \"Directory vpath is present. Remove it to merge PR\"; exit 1); else (echo \"Directory vpath is not present\"; exit 0); fi" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/kyma: - - name: pull-kyma-pjtester - annotations: - description: "Schedule prowjobs tests using pjtester for kyma" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-kyma-pjtester" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: trusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/pjtester:v20241002-aac0cb23" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/pjtester" - args: - - "--github-token-path=/etc/github/oauth" - env: - - name: KUBECONFIG_PATH - value: "/etc/kubeconfig/pjtester/config" - resources: - requests: - memory: 100M - cpu: 200m - volumeMounts: - - name: oauth - mountPath: /etc/github - readOnly: true - - name: pjtester-kubeconfig - mountPath: /etc/kubeconfig/pjtester - readOnly: true - volumes: - - name: oauth - secret: - secretName: pjtester-github-oauth-token - - name: pjtester-kubeconfig - secret: - secretName: pjtester-kubeconfig - - name: pull-kyma-vpathguard - annotations: - description: "Run pjtester vpathguard for kyma" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-kyma-vpathguard" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/alpine:v20241001-f0fc4ad0" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/bin/ash" - args: - - "-c" - - "if [ -d /home/prow/go/src/github.com/kyma-project/test-infra/vpath ]; then (echo \"Directory vpath is present. Remove it to merge PR\"; exit 1); else (echo \"Directory vpath is not present\"; exit 0); fi" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/busola: - - name: pull-busola-pjtester - annotations: - description: "Schedule prowjobs tests using pjtester for busola" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-busola-pjtester" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: trusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/pjtester:v20241002-aac0cb23" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/pjtester" - args: - - "--github-token-path=/etc/github/oauth" - env: - - name: KUBECONFIG_PATH - value: "/etc/kubeconfig/pjtester/config" - resources: - requests: - memory: 100M - cpu: 200m - volumeMounts: - - name: oauth - mountPath: /etc/github - readOnly: true - - name: pjtester-kubeconfig - mountPath: /etc/kubeconfig/pjtester - readOnly: true - volumes: - - name: oauth - secret: - secretName: pjtester-github-oauth-token - - name: pjtester-kubeconfig - secret: - secretName: pjtester-kubeconfig - - name: pull-busola-vpathguard - annotations: - description: "Run pjtester vpathguard for busola" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-busola-vpathguard" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/alpine:v20241001-f0fc4ad0" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/bin/ash" - args: - - "-c" - - "if [ -d /home/prow/go/src/github.com/kyma-project/test-infra/vpath ]; then (echo \"Directory vpath is present. Remove it to merge PR\"; exit 1); else (echo \"Directory vpath is not present\"; exit 0); fi" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/control-plane: - - name: pull-control-plane-pjtester - annotations: - description: "Schedule prowjobs tests using pjtester for control-plane" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-control-plane-pjtester" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: trusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/pjtester:v20241002-aac0cb23" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/pjtester" - args: - - "--github-token-path=/etc/github/oauth" - env: - - name: KUBECONFIG_PATH - value: "/etc/kubeconfig/pjtester/config" - resources: - requests: - memory: 100M - cpu: 200m - volumeMounts: - - name: oauth - mountPath: /etc/github - readOnly: true - - name: pjtester-kubeconfig - mountPath: /etc/kubeconfig/pjtester - readOnly: true - volumes: - - name: oauth - secret: - secretName: pjtester-github-oauth-token - - name: pjtester-kubeconfig - secret: - secretName: pjtester-kubeconfig - - name: pull-control-plane-vpathguard - annotations: - description: "Run pjtester vpathguard for control-plane" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-control-plane-vpathguard" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/alpine:v20241001-f0fc4ad0" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/bin/ash" - args: - - "-c" - - "if [ -d /home/prow/go/src/github.com/kyma-project/test-infra/vpath ]; then (echo \"Directory vpath is present. Remove it to merge PR\"; exit 1); else (echo \"Directory vpath is not present\"; exit 0); fi" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/lifecycle-manager: - - name: pull-lifecycle-manager-pjtester - annotations: - description: "Schedule prowjobs tests using pjtester for lifecycle-manager" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-lifecycle-manager-pjtester" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: trusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/pjtester:v20241002-aac0cb23" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/pjtester" - args: - - "--github-token-path=/etc/github/oauth" - env: - - name: KUBECONFIG_PATH - value: "/etc/kubeconfig/pjtester/config" - resources: - requests: - memory: 100M - cpu: 200m - volumeMounts: - - name: oauth - mountPath: /etc/github - readOnly: true - - name: pjtester-kubeconfig - mountPath: /etc/kubeconfig/pjtester - readOnly: true - volumes: - - name: oauth - secret: - secretName: pjtester-github-oauth-token - - name: pjtester-kubeconfig - secret: - secretName: pjtester-kubeconfig - - name: pull-lifecycle-manager-vpathguard - annotations: - description: "Run pjtester vpathguard for lifecycle-manager" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-lifecycle-manager-vpathguard" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/alpine:v20241001-f0fc4ad0" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/bin/ash" - args: - - "-c" - - "if [ -d /home/prow/go/src/github.com/kyma-project/test-infra/vpath ]; then (echo \"Directory vpath is present. Remove it to merge PR\"; exit 1); else (echo \"Directory vpath is not present\"; exit 0); fi" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/community: - - name: pull-community-pjtester - annotations: - description: "Schedule prowjobs tests using pjtester for community" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-community-pjtester" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: trusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/pjtester:v20241002-aac0cb23" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/pjtester" - args: - - "--github-token-path=/etc/github/oauth" - env: - - name: KUBECONFIG_PATH - value: "/etc/kubeconfig/pjtester/config" - resources: - requests: - memory: 100M - cpu: 200m - volumeMounts: - - name: oauth - mountPath: /etc/github - readOnly: true - - name: pjtester-kubeconfig - mountPath: /etc/kubeconfig/pjtester - readOnly: true - volumes: - - name: oauth - secret: - secretName: pjtester-github-oauth-token - - name: pjtester-kubeconfig - secret: - secretName: pjtester-kubeconfig - - name: pull-community-vpathguard - annotations: - description: "Run pjtester vpathguard for community" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-community-vpathguard" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/alpine:v20241001-f0fc4ad0" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/bin/ash" - args: - - "-c" - - "if [ -d /home/prow/go/src/github.com/kyma-project/test-infra/vpath ]; then (echo \"Directory vpath is present. Remove it to merge PR\"; exit 1); else (echo \"Directory vpath is not present\"; exit 0); fi" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/examples: - - name: pull-examples-pjtester - annotations: - description: "Schedule prowjobs tests using pjtester for examples" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-examples-pjtester" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: trusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/pjtester:v20241002-aac0cb23" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/pjtester" - args: - - "--github-token-path=/etc/github/oauth" - env: - - name: KUBECONFIG_PATH - value: "/etc/kubeconfig/pjtester/config" - resources: - requests: - memory: 100M - cpu: 200m - volumeMounts: - - name: oauth - mountPath: /etc/github - readOnly: true - - name: pjtester-kubeconfig - mountPath: /etc/kubeconfig/pjtester - readOnly: true - volumes: - - name: oauth - secret: - secretName: pjtester-github-oauth-token - - name: pjtester-kubeconfig - secret: - secretName: pjtester-kubeconfig - - name: pull-examples-vpathguard - annotations: - description: "Run pjtester vpathguard for examples" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-examples-vpathguard" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/alpine:v20241001-f0fc4ad0" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/bin/ash" - args: - - "-c" - - "if [ -d /home/prow/go/src/github.com/kyma-project/test-infra/vpath ]; then (echo \"Directory vpath is present. Remove it to merge PR\"; exit 1); else (echo \"Directory vpath is not present\"; exit 0); fi" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/api-gateway: - - name: pull-api-gateway-pjtester - annotations: - description: "Schedule prowjobs tests using pjtester for api-gateway" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-api-gateway-pjtester" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: trusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/pjtester:v20241002-aac0cb23" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/pjtester" - args: - - "--github-token-path=/etc/github/oauth" - env: - - name: KUBECONFIG_PATH - value: "/etc/kubeconfig/pjtester/config" - resources: - requests: - memory: 100M - cpu: 200m - volumeMounts: - - name: oauth - mountPath: /etc/github - readOnly: true - - name: pjtester-kubeconfig - mountPath: /etc/kubeconfig/pjtester - readOnly: true - volumes: - - name: oauth - secret: - secretName: pjtester-github-oauth-token - - name: pjtester-kubeconfig - secret: - secretName: pjtester-kubeconfig - - name: pull-api-gateway-vpathguard - annotations: - description: "Run pjtester vpathguard for api-gateway" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-api-gateway-vpathguard" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/alpine:v20241001-f0fc4ad0" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/bin/ash" - args: - - "-c" - - "if [ -d /home/prow/go/src/github.com/kyma-project/test-infra/vpath ]; then (echo \"Directory vpath is present. Remove it to merge PR\"; exit 1); else (echo \"Directory vpath is not present\"; exit 0); fi" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/istio: - - name: pull-istio-pjtester - annotations: - description: "Schedule prowjobs tests using pjtester for istio" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-istio-pjtester" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: trusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/pjtester:v20241002-aac0cb23" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/pjtester" - args: - - "--github-token-path=/etc/github/oauth" - env: - - name: KUBECONFIG_PATH - value: "/etc/kubeconfig/pjtester/config" - resources: - requests: - memory: 100M - cpu: 200m - volumeMounts: - - name: oauth - mountPath: /etc/github - readOnly: true - - name: pjtester-kubeconfig - mountPath: /etc/kubeconfig/pjtester - readOnly: true - volumes: - - name: oauth - secret: - secretName: pjtester-github-oauth-token - - name: pjtester-kubeconfig - secret: - secretName: pjtester-kubeconfig - - name: pull-istio-vpathguard - annotations: - description: "Run pjtester vpathguard for istio" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-istio-vpathguard" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/alpine:v20241001-f0fc4ad0" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/bin/ash" - args: - - "-c" - - "if [ -d /home/prow/go/src/github.com/kyma-project/test-infra/vpath ]; then (echo \"Directory vpath is present. Remove it to merge PR\"; exit 1); else (echo \"Directory vpath is not present\"; exit 0); fi" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/runtime-watcher: - - name: pull-runtime-watcher-pjtester - annotations: - description: "Schedule prowjobs tests using pjtester for runtime-watcher" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-runtime-watcher-pjtester" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: trusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/pjtester:v20241002-aac0cb23" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/pjtester" - args: - - "--github-token-path=/etc/github/oauth" - env: - - name: KUBECONFIG_PATH - value: "/etc/kubeconfig/pjtester/config" - resources: - requests: - memory: 100M - cpu: 200m - volumeMounts: - - name: oauth - mountPath: /etc/github - readOnly: true - - name: pjtester-kubeconfig - mountPath: /etc/kubeconfig/pjtester - readOnly: true - volumes: - - name: oauth - secret: - secretName: pjtester-github-oauth-token - - name: pjtester-kubeconfig - secret: - secretName: pjtester-kubeconfig - - name: pull-runtime-watcher-vpathguard - annotations: - description: "Run pjtester vpathguard for runtime-watcher" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-runtime-watcher-vpathguard" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/alpine:v20241001-f0fc4ad0" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/bin/ash" - args: - - "-c" - - "if [ -d /home/prow/go/src/github.com/kyma-project/test-infra/vpath ]; then (echo \"Directory vpath is present. Remove it to merge PR\"; exit 1); else (echo \"Directory vpath is not present\"; exit 0); fi" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/kyma-dashboard: - - name: pull-kyma-dashboard-pjtester - annotations: - description: "Schedule prowjobs tests using pjtester for kyma-dashboard" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-kyma-dashboard-pjtester" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: trusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/pjtester:v20241002-aac0cb23" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/pjtester" - args: - - "--github-token-path=/etc/github/oauth" - env: - - name: KUBECONFIG_PATH - value: "/etc/kubeconfig/pjtester/config" - resources: - requests: - memory: 100M - cpu: 200m - volumeMounts: - - name: oauth - mountPath: /etc/github - readOnly: true - - name: pjtester-kubeconfig - mountPath: /etc/kubeconfig/pjtester - readOnly: true - volumes: - - name: oauth - secret: - secretName: pjtester-github-oauth-token - - name: pjtester-kubeconfig - secret: - secretName: pjtester-kubeconfig - - name: pull-kyma-dashboard-vpathguard - annotations: - description: "Run pjtester vpathguard for kyma-dashboard" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-kyma-dashboard-vpathguard" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/alpine:v20241001-f0fc4ad0" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/bin/ash" - args: - - "-c" - - "if [ -d /home/prow/go/src/github.com/kyma-project/test-infra/vpath ]; then (echo \"Directory vpath is present. Remove it to merge PR\"; exit 1); else (echo \"Directory vpath is not present\"; exit 0); fi" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/btp-manager: - - name: pull-btp-manager-pjtester - annotations: - description: "Schedule prowjobs tests using pjtester for btp-manager" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-btp-manager-pjtester" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: trusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/pjtester:v20241002-aac0cb23" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/pjtester" - args: - - "--github-token-path=/etc/github/oauth" - env: - - name: KUBECONFIG_PATH - value: "/etc/kubeconfig/pjtester/config" - resources: - requests: - memory: 100M - cpu: 200m - volumeMounts: - - name: oauth - mountPath: /etc/github - readOnly: true - - name: pjtester-kubeconfig - mountPath: /etc/kubeconfig/pjtester - readOnly: true - volumes: - - name: oauth - secret: - secretName: pjtester-github-oauth-token - - name: pjtester-kubeconfig - secret: - secretName: pjtester-kubeconfig - - name: pull-btp-manager-vpathguard - annotations: - description: "Run pjtester vpathguard for btp-manager" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-btp-manager-vpathguard" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/alpine:v20241001-f0fc4ad0" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/bin/ash" - args: - - "-c" - - "if [ -d /home/prow/go/src/github.com/kyma-project/test-infra/vpath ]; then (echo \"Directory vpath is present. Remove it to merge PR\"; exit 1); else (echo \"Directory vpath is not present\"; exit 0); fi" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/kyma-environment-broker: - - name: pull-kyma-environment-broker-pjtester - annotations: - description: "Schedule prowjobs tests using pjtester for kyma-environment-broker" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-kyma-environment-broker-pjtester" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: trusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/pjtester:v20241002-aac0cb23" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/pjtester" - args: - - "--github-token-path=/etc/github/oauth" - env: - - name: KUBECONFIG_PATH - value: "/etc/kubeconfig/pjtester/config" - resources: - requests: - memory: 100M - cpu: 200m - volumeMounts: - - name: oauth - mountPath: /etc/github - readOnly: true - - name: pjtester-kubeconfig - mountPath: /etc/kubeconfig/pjtester - readOnly: true - volumes: - - name: oauth - secret: - secretName: pjtester-github-oauth-token - - name: pjtester-kubeconfig - secret: - secretName: pjtester-kubeconfig - - name: pull-kyma-environment-broker-vpathguard - annotations: - description: "Run pjtester vpathguard for kyma-environment-broker" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-kyma-environment-broker-vpathguard" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/alpine:v20241001-f0fc4ad0" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/bin/ash" - args: - - "-c" - - "if [ -d /home/prow/go/src/github.com/kyma-project/test-infra/vpath ]; then (echo \"Directory vpath is present. Remove it to merge PR\"; exit 1); else (echo \"Directory vpath is not present\"; exit 0); fi" - resources: - requests: - memory: 100M - cpu: 200m - - kyma-project/compass-manager: - - name: pull-compass-manager-pjtester - annotations: - description: "Schedule prowjobs tests using pjtester for compass-manager" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-compass-manager-pjtester" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: trusted-workload - max_concurrency: 10 - branches: - - ^.*$ - extra_refs: - - org: kyma-project - repo: test-infra - base_ref: main - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/pjtester:v20241002-aac0cb23" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/pjtester" - args: - - "--github-token-path=/etc/github/oauth" - env: - - name: KUBECONFIG_PATH - value: "/etc/kubeconfig/pjtester/config" - resources: - requests: - memory: 100M - cpu: 200m - volumeMounts: - - name: oauth - mountPath: /etc/github - readOnly: true - - name: pjtester-kubeconfig - mountPath: /etc/kubeconfig/pjtester - readOnly: true - volumes: - - name: oauth - secret: - secretName: pjtester-github-oauth-token - - name: pjtester-kubeconfig - secret: - secretName: pjtester-kubeconfig - - name: pull-compass-manager-vpathguard - annotations: - description: "Run pjtester vpathguard for compass-manager" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-compass-manager-vpathguard" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^(vpath/pjtester.yaml)' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^.*$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/alpine:v20241001-f0fc4ad0" - imagePullPolicy: Always - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/bin/ash" - args: - - "-c" - - "if [ -d /home/prow/go/src/github.com/kyma-project/test-infra/vpath ]; then (echo \"Directory vpath is present. Remove it to merge PR\"; exit 1); else (echo \"Directory vpath is not present\"; exit 0); fi" - resources: - requests: - memory: 100M - cpu: 200m - \ No newline at end of file diff --git a/prow/jobs/kyma-project/test-infra/validation.yaml b/prow/jobs/kyma-project/test-infra/validation.yaml deleted file mode 100644 index d08c19075383..000000000000 --- a/prow/jobs/kyma-project/test-infra/validation.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# Code generated by rendertemplates. DO NOT EDIT. - - -presubmits: # runs on PRs - kyma-project/test-infra: - - name: pre-main-test-infra-validate-generated-files - annotations: - description: "Validate rendertemplate generated files" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pre-main-test-infra-validate-generated-files" - prow.k8s.io/pubsub.topic: "prowjobs" - run_if_changed: '^.github/dependabot.yml$|^templates/|^prow/jobs/|^prow/config.yaml|^prow/scripts/|^development/tools/(cmd/rendertemplates/|pkg/rendertemplates/|jobs/releases/releases.go)|^prow/branchprotector-config.yaml' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^master$ - - ^main$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/buildpack-go:v20241003-acbac287" - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/home/prow/go/src/github.com/kyma-project/test-infra/prow/scripts/validate-generated.sh" - resources: - requests: - memory: 3Gi - cpu: 2 - \ No newline at end of file diff --git a/templates/README.md b/templates/README.md deleted file mode 100644 index 63e72c5a54e6..000000000000 --- a/templates/README.md +++ /dev/null @@ -1,125 +0,0 @@ -# Templates - -## Overview - -Jobs and Prow configuration are generated from templates by the Render Templates tool. Check -the [Render Templates documentation](../cmd/tools/rendertemplates/README.md) for details about usage. - -The `templates` directory has the following structure: - -- `data`, which is the subdirectory with files that describe jobs that - the [Render Templates](../cmd/tools/rendertemplates) tool should generate using job definitions from templates. -- `templates` which is the subdirectory with all template files that supply the definition of [Prow jobs](../prow/jobs) used in Kyma. -- `config.yaml`, which is the configuration file that describes configuration and jobs that - the [Render Templates](../cmd/tools/rendertemplates) tool should generate using job definitions from templates. - -The template list includes: - -- `generic.tmpl`, which is used to create most of the job definitions. -- `kyma-github-release.yaml` that is used for creating the GitHub release after merging the release branch to the `main` branch. -- `prow-config.yaml` that serves to create the main Prow configuration without job definitions. -- `releases.go.tmpl` that contains a set of functions for the release which provide the list of currently supported releases and all supported Kyma release branches. -- `whitesource-periodics.tmpl`, which defines a set of periodic jobs that run a Whitesource scan. - -### Configuration File - -The `config.yaml` file has two keys: - -- **global** with a map of values available for all templates. -- **templates** with a list of files to generate. - -The `.yaml` files in the `data` directory have one key: - -- **templates** with a list of files to generate. - -The `config.yaml` and `.yaml` files in the `data` directory serve as the input files for the Render Templates. The program generates the jobs based on the definition and templates which are specified in the files. These files define the names of the template file and output file, their location, and configuration referred to in **values**. - -See the example of `application-gateway`, in which the `generic.taml` template is used to create the component and test-related YAML files using values defined by the **kyma_generic_component** parameter. - -```yaml -templates: - - from: templates/generic.tmpl - render: - - to: ../prow/jobs/kyma/components/application-gateway/application-gateway-generic.yaml - jobConfigs: - - repoName: "github.com/kyma-project/kyma" - jobs: - - jobConfig: - path: components/application-gateway - args: - - "/home/prow/go/src/github.com/kyma-project/kyma/components/application-gateway" - run_if_changed: "^components/application-gateway/|^common/makefiles/" - release_since: "1.7" - inheritedConfigs: - global: - - "jobConfig_default" - - "image_buildpack-golang" - - "jobConfig_generic_component" - - "jobConfig_generic_component_kyma" - - "extra_refs_test-infra" - preConfigs: - global: - - "jobConfig_presubmit" - postConfigs: - global: - - "jobConfig_postsubmit" - - to: ../prow/jobs/kyma/tests/application-gateway-tests/application-gateway-tests-generic.yaml - localSets: - jobConfig_pre: - labels: - preset-build-pr: "true" - jobConfig_post: - labels: - preset-build-main: "true" - jobConfigs: - - repoName: "github.com/kyma-project/kyma" - jobs: - - jobConfig: - path: tests/application-gateway-tests - args: - - "/home/prow/go/src/github.com/kyma-project/kyma/tests/application-gateway-tests" - run_if_changed: "^tests/application-gateway-tests/|^common/makefiles/" - release_since: "1.7" - inheritedConfigs: - global: - - "jobConfig_default" - - "image_buildpack-golang" - - "jobConfig_generic_component" - - "jobConfig_generic_component_kyma" - - "extra_refs_test-infra" - preConfigs: - global: - - "jobConfig_presubmit" - local: - - "jobConfig_pre" - postConfigs: - global: - - "jobConfig_postsubmit" - local: - - "jobConfig_post" -``` - -### Component Templates - -Component jobs are defined similarly to a regular job, with the exception that the **name** field must be empty (because the name is generated by the Render Templates tool), and the **path** value must be set. - -The component job generates presubmit and postsubmit jobs for the next release, and by default, it also generates these jobs for supported releases. -The rest of the values is copied from the main jobConfig to the generated ones. - -A template receives two objects as input: -- **Values** which contains all the values specified under **values** in the `config.yaml` file. -- **Global** which contains values specified under **global** in the `config.yaml` file. - -See the description of values used by component job templates: - -| Name | Required | Description | -|------| :-------------: |------| -| **name** | No | Name must not be set. It is generated for each job. | -| **path** | Yes | Path in a repository to the component files. | -| **release_since** | No | Specifies the release from which this component version applies. | -| **release_since** | No | Specifies the release till which this component version applies. | -| **skipReleaseJobs** | No | Specifies if the Render Templates tools should omit generating job definitions for currently supported releases. | - -All the functions from the [`sprig`](https://github.com/Masterminds/sprig) library are available in the templates. It is the same library that is used by Helm, so if you know Helm, you are already familiar with them. Also, a few additional functions are available: -- `releaseMatches {release} {since} {until}` returns a boolean value indicating whether `release` fits in the range. Use `nil` to remove one of the bounds. For example, `releaseMatches {{ $rel }} '1.2' '1.5'` checks if the release `$rel` is not earlier than `1.2` and not later than `1.5`. -- `matchingReleases {all-releases} {since} {until}` returns a list of releases filtered to only those that fit in the range. diff --git a/templates/config.yaml b/templates/config.yaml deleted file mode 100644 index dc2328b4c3ff..000000000000 --- a/templates/config.yaml +++ /dev/null @@ -1,303 +0,0 @@ -global: - nextRelease: "2.21" - releases: - - "2.20" - - "2.19" - - "2.18" - orgs: - - name: "kyma-project" - repos: - - name: "test-infra" - - name: "kyma" - - name: "busola" - - name: "control-plane" - - name: "lifecycle-manager" - - name: "community" - - name: "examples" - - name: "api-gateway" - - name: "istio" - - name: "runtime-watcher" - - name: "kyma-dashboard" - - name: "template-repository" - - name: "btp-manager" - - name: "kyma-environment-broker" - - name: "compass-manager" - -# global configSet variables -pubsub_config: &pubsub_config - pubsub_project: "sap-kyma-prow" - pubsub_topic: "prowjobs" - -globalSets: - kaniko_buildpack_no_signify_secret: - skip_report: "false" - max_concurrency: "10" - decorate: "true" - pubsub_project: "sap-kyma-prow" - pubsub_topic: "prowjobs" - image: europe-docker.pkg.dev/kyma-project/prod/image-builder:v20241002-aac0cb23 - command: /image-builder - request_memory: "1.5Gi" - request_cpu: "1" - securityContext: - privileged: "false" - seccompProfile: - type: RuntimeDefault - labels: - preset-sa-kyma-push-images: "true" - volumes: - - name: config - configMapName: kaniko-build-config - volumeMounts: - - name: config - mountPath: /config - readOnly: true - kaniko_buildpack: - skip_report: "false" - max_concurrency: "10" - decorate: "true" - pubsub_project: "sap-kyma-prow" - pubsub_topic: "prowjobs" - image: europe-docker.pkg.dev/kyma-project/prod/image-builder:v20241002-aac0cb23 - command: /image-builder - request_memory: "1.5Gi" - request_cpu: "1" - securityContext: - privileged: "false" - seccompProfile: - type: RuntimeDefault - labels: - preset-sa-kyma-push-images: "true" - volumes: - - name: config - configMapName: kaniko-build-config - - name: signify-secret - secretName: signify-dev-secret - volumeMounts: - - name: config - mountPath: /config - readOnly: true - - name: signify-secret - mountPath: /secret - readOnly: true - image-builder-buildkit: - skip_report: "false" - max_concurrency: 10 - decorate: "true" - pubsub_project: "sap-kyma-prow" - pubsub_topic: "prowjobs" - image: europe-docker.pkg.dev/kyma-project/prod/buildkit-image-builder:v20240523-63efdb74 - command: "/image-builder" - request_memory: "1.5Gi" - request_cpu: "1" - labels: - preset-sa-kyma-push-images: "true" - securityContext: - privileged: "true" - seccompProfile: - # fork/exec is required - type: Unconfined - # annotations: - # container.apparmor.security.beta.kubernetes.io/test: unconfined - env: - BUILDKITD_FLAGS: "--oci-worker-no-process-sandbox" - volumes: - - name: share - emptyDir: true - - name: config - configMapName: kaniko-build-config - - name: signify-secret - secretName: signify-dev-secret - volumeMounts: - - mountPath: /home/user/.local/share/buildkit - name: share - - name: config - mountPath: /config - readOnly: true - - name: signify-secret - mountPath: /secret - readOnly: true - testing: - skip_report: "false" - max_concurrency: "10" - optional: "true" - decorate: "true" - image: "europe-docker.pkg.dev/kyma-project/prod/buildpack-go:v20241003-acbac287" - pubsub_project: "sap-kyma-prow" - pubsub_topic: "prowjobs" - request_memory: 1Gi - request_cpu: 100m - # Kyma major version sets - kyma_major_upgrade: - env: - KYMA_MAJOR_UPGRADE: "true" - kyma_minor_upgrade: - env: - PREVIOUS_MINOR_VERSION_COUNT: 1 - # Directory sets - kyma_project_dir: - env: - KYMA_PROJECT_DIR: "/home/prow/go/src/github.com/kyma-project" - # Image sets - image_buildpack-golang: - image: "europe-docker.pkg.dev/kyma-project/prod/buildpack-go:v20241003-acbac287" - # JobConfig sets - jobConfig_default: - skip_report: "false" - max_concurrency: "10" - decorate: "true" - branches: - - "^master$" - - "^main$" - securityContext: - privileged: "false" - seccompProfile: - type: "RuntimeDefault" - request_memory: "3Gi" - request_cpu: "2" - cluster_presubmit: "untrusted-workload" - cluster_postsubmit: "trusted-workload" - <<: *pubsub_config - jobConfig_buildpack_node: - skip_report: "false" - max_concurrency: "10" - decorate: "true" - branches: - - "^master$" - - "^main$" - securityContext: - privileged: "false" - seccompProfile: - type: "RuntimeDefault" - request_memory: "3Gi" - request_cpu: "2" - cluster_presubmit: "untrusted-workload" - cluster_postsubmit: "trusted-workload" - <<: *pubsub_config - jobConfig_kyma20_docu: - skip_report: "false" - max_concurrency: "10" - decorate: "true" - optional: "true" - branches: - - "^kyma-2.0-docu$" - securityContext: - privileged: "false" - seccompProfile: - type: "RuntimeDefault" - request_memory: "1.5Gi" - request_cpu: "0.8" - cluster_presubmit: "untrusted-workload" - cluster_postsubmit: "trusted-workload" - <<: *pubsub_config - jobConfig_presubmit: - type_presubmit: "true" - cluster: "untrusted-workload" - jobConfig_postsubmit: - type_postsubmit: "true" - cluster: "trusted-workload" - jobConfig_periodic: - type_periodic: "true" - cluster: "untrusted-workload" - unprivileged: - securityContext: - privileged: "false" - seccompProfile: - type: "RuntimeDefault" - privileged: - securityContext: - privileged: "true" - seccompProfile: - type: "Unconfined" - jobConfig_slack_dev_null: - slack_channel: "kyma-prow-dev-null" - jobConfig_slack_jellyfish: - slack_channel: "jellyfish-notifications" - jobConfig_slack_goat: - slack_channel: "goat-int" - jobConfig_buildpack_incubator: - labels: - preset-docker-push-repository-incubator: "true" - # generic component jobConfigs - jobConfig_generic_component: - securityContext: - privileged: "true" - seccompProfile: - type: Unconfined - labels: - preset-dind-enabled: "true" - preset-sa-kyma-push-images: "true" - command: "/home/prow/go/src/github.com/kyma-project/test-infra/prow/scripts/build-generic.sh" - jobConfig_generic_component_kyma: - labels: - preset-docker-push-repository-kyma: "true" - jobConfig_generic_component_control-plane: - labels: - preset-docker-push-repository-control-plane: "true" - jobConfig_generic_component_api-gateway: - labels: - preset-docker-push-repository-kyma: "true" - jobConfig_generic_component_busola: - labels: - preset-docker-push-repository-kyma: "true" - jobConfig_generic_component_kyma-dashboard: - labels: - preset-docker-push-repository-kyma: "true" - jobConfig_generic_component_compass: - labels: - preset-docker-push-repository-incubator: "true" - disable_report: - skip_report: "true" - # globalSet for prowjobs which doesn't inherit jobConfig_default globalSet - pubsub_labels: - <<: *pubsub_config - trusted_cluster: - cluster: "trusted-workload" - untrusted_cluster: - cluster: "untrusted-workload" - privileged_job: - securityContext: - privileged: "true" - seccompProfile: - type: Unconfined - # extra_refs sets - extra_refs_test-infra: - extra_refs: - test-infra: - - org: "kyma-project" - repo: "test-infra" - base_ref: "main" - extra_refs_kyma: - extra_refs: - kyma: - - org: "kyma-project" - repo: "kyma" - base_ref: "main" - extra_refs_control-plane: - extra_refs: - control-plane: - - org: "kyma-project" - repo: "control-plane" - base_ref: "main" - extra_refs_btp-manager: - extra_refs: - btp-manager: - - org: "kyma-project" - repo: "btp-manager" - base_ref: "main" - extra_refs_kyma-environment-broker: - extra_refs: - kyma-environment-broker: - - org: "kyma-project" - repo: "kyma-environment-broker" - base_ref: "main" - # labels sets - build_labels: - securityContext: - privileged: "true" - seccompProfile: - type: "Unconfined" - labels: - preset-dind-enabled: "true" - preset-sa-kyma-push-images: "true" - preset-docker-push-repository-kyma: "true" diff --git a/templates/data/test-infra/image-syncer-data.yaml b/templates/data/test-infra/image-syncer-data.yaml deleted file mode 100644 index d3029c389719..000000000000 --- a/templates/data/test-infra/image-syncer-data.yaml +++ /dev/null @@ -1,44 +0,0 @@ -templates: - - from: generic.tmpl - render: - - to: ../../prow/jobs/kyma-project/test-infra/image-syncer.yaml - jobConfigs: - - repoName: "github.com/kyma-project/test-infra" - jobs: - - jobConfig: - name: "pre-main-test-infra-image-syncer-dry-run" - annotations: - owner: neighbors - description: "Dry-run of sync images from external sources to Kyma owned registry" - labels: - preset-sa-kyma-push-images: "true" - run_if_changed: "^(cmd/image-syncer/external-images.yaml)" - image: europe-docker.pkg.dev/kyma-project/prod/image-syncer:v20240918-20d00fb8 - command: "/image-syncer" - args: - - --dry-run - - --debug - - --images-file=cmd/image-syncer/external-images.yaml - - --target-repo-auth-key=$(GOOGLE_APPLICATION_CREDENTIALS) - inheritedConfigs: - global: - - "jobConfig_default" - - "jobConfig_presubmit" - - "unprivileged" - - jobConfig: - name: "post-main-test-infra-image-syncer-run" - annotations: - owner: neighbors - description: "Sync images from external sources to Kyma owned registry" - labels: - preset-sa-kyma-push-images: "true" - run_if_changed: "^(cmd/image-syncer/external-images.yaml)" - image: europe-docker.pkg.dev/kyma-project/prod/image-syncer:v20240918-20d00fb8 - command: "/image-syncer" - args: - - --images-file=cmd/image-syncer/external-images.yaml - - --target-repo-auth-key=$(GOOGLE_APPLICATION_CREDENTIALS) - inheritedConfigs: - global: - - "jobConfig_default" - - "jobConfig_postsubmit" diff --git a/templates/data/test-infra/pjconfigtests.yaml b/templates/data/test-infra/pjconfigtests.yaml deleted file mode 100644 index 92e875fa6e0d..000000000000 --- a/templates/data/test-infra/pjconfigtests.yaml +++ /dev/null @@ -1,55 +0,0 @@ - {{$exclude := list "template-repository"}} - templates: - - from: generic.tmpl - render: - - to: ../../prow/jobs/kyma-project/test-infra/pjconfigtests.yaml - localSets: - jobConfig_default: - imagePullPolicy: "Always" - securityContext: - privileged: "false" - type_presubmit: "true" - branches: - - ^.*$ - skip_report: "false" - decorate: "true" - request_memory: "100M" - request_cpu: "200m" - #request_memory: 1Gi - jobConfig_pjconfigtest: - run_if_changed: '^.prow/|^.prow.yaml' - image: "europe-docker.pkg.dev/kyma-project/prod/test-infra/ginkgo:v20240909-95731ea6" - command: "/ginkgo" - args: - - "-r" - - "/home/prow/go/src/github.com/kyma-project/test-infra/pkg/prow/pjconfigtests" - jobConfigs: - {{/* Iterate over orgs and repos in config.yaml global field. */}} - {{- range $org := .Global.orgs }} - {{- range $repo := .repos }} - {{/* Don't generate prowjobs for repository names in exclude list. */}} - {{- if has $repo.name $exclude | not }} - - repoName: "{{$org.name}}/{{$repo.name}}" - jobs: - - jobConfig: - annotations: - owner: neighbors - description: "Run ginkgo suite tests for prowjobs definitions for {{$repo.name}}" - {{- if eq $repo.name "test-infra"}} - run_if_changed: '^prow/jobs/' - {{- end}} - name: "pull-{{$repo.name}}-pjconfigtest" - inheritedConfigs: - local: - - "jobConfig_default" - - "jobConfig_pjconfigtest" - global: - - "jobConfig_default" - - "untrusted_cluster" - {{/* For test-infra repository test-infra as extra refs is not needed. */}} - {{- if ne $repo.name "test-infra"}} - - "extra_refs_test-infra" - {{- end}} - {{- end}} - {{- end }} - {{- end }} diff --git a/templates/data/test-infra/pjtester-data.yaml b/templates/data/test-infra/pjtester-data.yaml deleted file mode 100644 index e2f92ed2a900..000000000000 --- a/templates/data/test-infra/pjtester-data.yaml +++ /dev/null @@ -1,82 +0,0 @@ - {{$exclude := list "template-repository"}} - templates: - - from: generic.tmpl - render: - - to: ../../prow/jobs/kyma-project/test-infra/pjtester.yaml - localSets: - jobConfig_default: - imagePullPolicy: "Always" - securityContext: - privileged: "false" - run_if_changed: "^(vpath/pjtester.yaml)" - type_presubmit: "true" - branches: - - ^.*$ - skip_report: "false" - decorate: "true" - request_memory: "100M" - request_cpu: "200m" - jobConfig_vpathguard: - command: "/bin/ash" - args: - - "-c" - - 'if [ -d /home/prow/go/src/github.com/kyma-project/test-infra/vpath ]; then (echo \"Directory vpath is present. Remove it to merge PR\"; exit 1); else (echo \"Directory vpath is not present\"; exit 0); fi' - jobConfig_pjtester: - command: "/pjtester" - image: europe-docker.pkg.dev/kyma-project/prod/pjtester:v20241002-aac0cb23 - env: - KUBECONFIG_PATH: /etc/kubeconfig/pjtester/config - volumeMounts: - - name: oauth - mountPath: /etc/github - readOnly: true - - name: pjtester-kubeconfig - mountPath: /etc/kubeconfig/pjtester - readOnly: true - volumes: - - name: oauth - secretName: pjtester-github-oauth-token - - name: pjtester-kubeconfig - secretName: pjtester-kubeconfig - args: - - "--github-token-path=/etc/github/oauth" - jobConfigs: - {{/* Iterate over orgs and repos in config.yaml global field. */}} - {{- range $org := .Global.orgs }} - {{- range $repo := .repos }} - {{/* Don't generate prowjobs for repository names in exclude list. */}} - {{- if has $repo.name $exclude | not }} - - repoName: "github.com/{{$org.name}}/{{$repo.name}}" - jobs: - - jobConfig: - name: "pull-{{$repo.name}}-pjtester" - annotations: - description: "Schedule prowjobs tests using pjtester for {{$repo.name}}" - owner: "neighbors" - inheritedConfigs: - local: - - "jobConfig_default" - - "jobConfig_pjtester" - global: - - "jobConfig_default" - - "trusted_cluster" - {{/* For test-infra repository test-infra as extra refs is not needed. */}} - {{- if ne $repo.name "test-infra"}} - - "extra_refs_test-infra" - {{- end}} - - jobConfig: - name: "pull-{{$repo.name}}-vpathguard" - image: europe-docker.pkg.dev/kyma-project/prod/alpine:v20241001-f0fc4ad0 - annotations: - description: "Run pjtester vpathguard for {{$repo.name}}" - owner: "neighbors" - inheritedConfigs: - local: - - "jobConfig_default" - - "jobConfig_vpathguard" - global: - - "jobConfig_default" - - "untrusted_cluster" - {{- end}} - {{- end }} - {{- end }} diff --git a/templates/data/test-infra/validation-data.yaml b/templates/data/test-infra/validation-data.yaml deleted file mode 100644 index e861f6015368..000000000000 --- a/templates/data/test-infra/validation-data.yaml +++ /dev/null @@ -1,28 +0,0 @@ -templates: - - from: generic.tmpl - render: - - to: ../../prow/jobs/kyma-project/test-infra/validation.yaml - localSets: - jobConfig_allBranches: - skip_report: "false" - max_concurrency: "10" - decorate: "true" - request_memory: "1.5Gi" - request_cpu: "0.8" - jobConfigs: - - repoName: "github.com/kyma-project/test-infra" - jobs: - - jobConfig: - name: "pre-main-test-infra-validate-generated-files" - annotations: - owner: neighbors - description: "Validate rendertemplate generated files" - run_if_changed: "^.github/dependabot.yml$|^templates/|^prow/jobs/|^prow/config.yaml|^prow/scripts/|^development/tools/(cmd/rendertemplates/|pkg/rendertemplates/|jobs/releases/releases.go)|^prow/branchprotector-config.yaml" - command: "/home/prow/go/src/github.com/kyma-project/test-infra/prow/scripts/validate-generated.sh" - inheritedConfigs: - global: - - "jobConfig_default" - - "image_buildpack-golang" - - "jobConfig_presubmit" - - "pubsub_labels" - - "unprivileged" diff --git a/templates/templates/generic.tmpl b/templates/templates/generic.tmpl deleted file mode 100644 index d03e29ae4741..000000000000 --- a/templates/templates/generic.tmpl +++ /dev/null @@ -1,225 +0,0 @@ -{{- define "commonProwJob" }} - - name: {{if .JobConfig.name}}{{.JobConfig.name}}{{else}}{{fail ".JobConfig.name is not defined"}}{{end}} - {{- if .JobConfig.annotations}} - annotations: - {{- range $key, $value := .JobConfig.annotations}} - {{$key}}: {{quote $value}} - {{- end}} - {{- end}} - labels: - prow.k8s.io/pubsub.project: {{if .JobConfig.pubsub_project}}{{quote .JobConfig.pubsub_project}}{{else}}{{fail "mandatory .JobConfig.pubsub_project is not defined, probably globalSet jobConfig_default not inherited"}}{{end}} - prow.k8s.io/pubsub.runID: {{ getRunId .JobConfig.name }} - prow.k8s.io/pubsub.topic: {{if .JobConfig.pubsub_topic}}{{quote .JobConfig.pubsub_topic}}{{else}}{{fail "mandatory .JobConfig.pubsub_topic is not defined, probably globalSet jobConfig_default not inherited"}}{{end}} - {{- if .JobConfig.labels}} - {{- range $key, $value := .JobConfig.labels}} - {{$key}}: {{quote $value}} - {{- end}} - {{- end}} - {{- if .JobConfig.type_periodic }} - {{- if .JobConfig.cron}} - cron: {{quote .JobConfig.cron}} - {{- else if .JobConfig.interval}} - interval: {{.JobConfig.interval}} - {{- else}}{{fail ".JobConfig.cron and .JobConfig.interval are not defined"}}{{end}} - {{- else if .JobConfig.run_if_changed}} - run_if_changed: {{squote .JobConfig.run_if_changed}} - {{- else if .JobConfig.skip_if_only_changed}} - skip_if_only_changed: {{squote .JobConfig.skip_if_only_changed}} - {{- else if .JobConfig.always_run}} - always_run: {{.JobConfig.always_run}} - {{- end}} - {{- if .JobConfig.optional}} - optional: {{.JobConfig.optional}} - {{- end}} - skip_report: {{if .JobConfig.skip_report}}{{.JobConfig.skip_report}}{{else}}{{fail ".JobConfig.skip_report is not defined"}}{{end}} - {{- if .JobConfig.decorate}} - decorate: {{.JobConfig.decorate}} - {{- end}} - {{- if .JobConfig.decoration_config }} - decoration_config: - {{- range $key, $value := .JobConfig.decoration_config}} - {{$key}}: {{$value}} - {{- end}} - {{- end}} - {{- if .JobConfig.path_alias }} - path_alias: {{ .JobConfig.path_alias }} - {{- end }} - {{- if .JobConfig.cluster}} - cluster: {{.JobConfig.cluster }} - {{- else}}{{ fail ".JobConfig.cluster is not defined"}}{{end}} - {{- if not .JobConfig.type_periodic}} - max_concurrency: {{if .JobConfig.max_concurrency}}{{.JobConfig.max_concurrency}}{{else}}{{fail ".JobConfig.max_concurrency is not defined"}}{{end}} - {{- if .JobConfig.branches}} - branches: - {{- range .JobConfig.branches}} - - {{ . }} - {{- end}} - {{- end}} - {{- end}} - {{- if .JobConfig.extra_refs}} - extra_refs: - {{- range $key, $value := .JobConfig.extra_refs}} - {{- range $value}} - - org: {{ .org }} - repo: {{ .repo }} - {{- if .path_alias }} - path_alias: {{ .path_alias }} - {{- end }} - base_ref: {{ .base_ref}} - {{- if .base_sha}} - base_sha: {{ .base_sha}} - {{- end}} - {{- end}} - {{- end}} - {{- end}} - {{- if .JobConfig.slack_channel}} - reporter_config: - slack: - channel: {{ .JobConfig.slack_channel }} - {{- end}} - spec: - {{- if .JobConfig.serviceAccountName}} - serviceAccountName: {{.JobConfig.serviceAccountName}} - {{- end}} - {{- if .JobConfig.automountServiceAccountToken}} - automountServiceAccountToken: {{.JobConfig.automountServiceAccountToken}} - {{- end}} - containers: - - image: {{ if .JobConfig.image }}{{quote .JobConfig.image}}{{else}}{{ fail ".JobConfig.image is not defined" }}{{end}} - {{- if .JobConfig.imagePullPolicy }} - imagePullPolicy: {{ .JobConfig.imagePullPolicy }} - {{- end }} - {{- if .JobConfig.automountServiceAccountToken}} - automountServiceAccountToken: {{.JobConfig.automountServiceAccountToken}} - {{- end}} - securityContext: - {{- /* if privileged is set to true then seccomp must be unconfined */}} - {{- if and .JobConfig.securityContext.privileged (eq .JobConfig.securityContext.privileged "true") (ne .JobConfig.securityContext.seccompProfile.type "Unconfined")}} - {{- fail (printf ".JobConfig.securityContext.privileged=true and .JobConfig.securityContext.seccompProfile!=Unconfied are mutually exclusive: %s %v" .JobConfig.securityContext.privileged .JobConfig.securityContext.seccompProfile.type)}} - {{- end}} - privileged: {{ default "false" .JobConfig.securityContext.privileged }} - {{- if .JobConfig.securityContext.seccompProfile}} - seccompProfile: - {{- range $key, $value := .JobConfig.securityContext.seccompProfile}} - {{$key}}: {{$value}} - {{- end}} - allowPrivilegeEscalation: {{ default "false" .JobConfig.securityContext.privileged }} - {{- end}} - {{- if .JobConfig.securityContext.runAsRoot}} - runAsUser: 0 - {{- end}} - {{- if .JobConfig.workingDir}} - workingDir: {{quote .JobConfig.workingDir}} - {{- end}} - command: - {{- if .JobConfig.command }} - - {{ quote .JobConfig.command }} - {{- else}} {{fail ".JobConfig.command is not defined"}} - {{- end }} - {{- with .JobConfig.args}} - args: - {{- range . }} - - "{{ . }}" - {{- end}} - {{- end}} - {{- with .JobConfig.env}} - env: - {{- range $key, $value := . }} - - name: {{$key}} - value: "{{$value}}" - {{- end}} - {{- end}} - {{- if or .JobConfig.request_memory .JobConfig.request_cpu .JobConfig.limits_memory .JobConfig.limits_cpu false}} - resources: - {{- if or .JobConfig.request_memory .JobConfig.request_cpu false}} - requests: - {{- if .JobConfig.request_memory}} - memory: {{.JobConfig.request_memory}} - {{- end}} - {{- if .JobConfig.request_cpu}} - cpu: {{.JobConfig.request_cpu}} - {{- end}} - {{- end}} - {{- if or .JobConfig.limits_memory .JobConfig.limits_cpu false}} - limits: - {{- if .JobConfig.limits_memory}} - memory: {{.JobConfig.limits_memory}} - {{- end}} - {{- if .JobConfig.limits_cpu}} - cpu: {{.JobConfig.limits_cpu}} - {{- end}} - {{- end}} - {{- end}} - {{- if .JobConfig.volumeMounts}} - volumeMounts: - {{- range .JobConfig.volumeMounts}} - - name: {{ .name }} - mountPath: {{ .mountPath }} - {{- if .readOnly }} - readOnly: {{ .readOnly}} - {{- end }} - {{- end}} - {{- end}} - {{- with .JobConfig.tolerations }} - tolerations: - {{- range . }} - - key: {{ .key }} - operator: {{ .operator }} - value: {{ .value }} - effect: {{ .effect }} - {{- end }} - {{- end }} - {{- with .JobConfig.nodeSelector }} - nodeSelector: - {{- range $key, $value := .}} - {{$key}}: {{quote $value}} - {{- end}} - {{- end}} - {{- if .JobConfig.volumes}} - volumes: - {{- range .JobConfig.volumes}} - - name: {{ .name }} - {{- if and .secretName .configMapName }}{{fail "secretName and configMapName are mutually exclusive. Use only one of them."}}{{end}} - {{- if .secretName }} - secret: - secretName: {{ .secretName }} - {{- end }} - {{- if .configMapName }} - configMap: - name: {{ .configMapName }} - {{- end }} - {{- end}} - {{- end}} -{{- end -}} -{{- if hasPresubmit .Values.JobConfigs}} -presubmits: # runs on PRs - {{- range .Values.JobConfigs }} - {{ replace "github.com/" "" .RepoName -}}: - {{- range .Jobs -}} - {{- if .JobConfig.type_presubmit }} - {{- template "commonProwJob" . }} - {{- end}} - {{- end}} - {{end}} -{{- end}} -{{- if hasPostsubmit .Values.JobConfigs}} -postsubmits: # runs on main - {{- range .Values.JobConfigs }} - {{ replace "github.com/" "" .RepoName -}}: - {{- range .Jobs -}} - {{- if .JobConfig.type_postsubmit }} - {{- template "commonProwJob" . }} - {{- end}} - {{- end}} - {{end}} -{{- end}} -{{- if hasPeriodic .Values.JobConfigs}} -periodics: # runs on schedule - {{- range .Values.JobConfigs }} - {{- range .Jobs -}} - {{- if .JobConfig.type_periodic }} - {{- template "commonProwJob" . }} - {{- end}} - {{- end}} - {{end}} -{{- end -}} From c345835709f5165461f0d5d807e6753a8728f67d Mon Sep 17 00:00:00 2001 From: dekiel Date: Fri, 4 Oct 2024 09:08:29 +0200 Subject: [PATCH 2/2] Ginkgo will be removed soon. No need to build it --- .../kyma-project/test-infra/buildpack.yaml | 109 ------------------ 1 file changed, 109 deletions(-) delete mode 100644 prow/jobs/kyma-project/test-infra/buildpack.yaml diff --git a/prow/jobs/kyma-project/test-infra/buildpack.yaml b/prow/jobs/kyma-project/test-infra/buildpack.yaml deleted file mode 100644 index 111e00c2d932..000000000000 --- a/prow/jobs/kyma-project/test-infra/buildpack.yaml +++ /dev/null @@ -1,109 +0,0 @@ -presubmits: # runs on PRs - kyma-project/test-infra: - - name: pull-build-ginkgo - annotations: - description: "Building ginkgo image" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "pull-build-ginkgo" - prow.k8s.io/pubsub.topic: "prowjobs" - preset-sa-kyma-push-images: "true" - run_if_changed: '^prow/images/ginkgo/' - skip_report: false - decorate: true - cluster: untrusted-workload - max_concurrency: 10 - branches: - - ^main$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20241002-aac0cb23" - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - env: - - name: "ADO_PAT" - valueFrom: - secretKeyRef: - name: "image-builder-ado-token" - key: "token" - command: - - "/image-builder" - args: - - "--name=test-infra/ginkgo" - - "--config=/config/kaniko-build-config.yaml" - - "--context=." - - "--dockerfile=prow/images/ginkgo/Dockerfile" - - "--env-file=envs" - - "--build-in-ado=false" - resources: - requests: - memory: 1.5Gi - cpu: 1 - volumeMounts: - - name: config - mountPath: /config - readOnly: true - volumes: - - name: config - configMap: - name: kaniko-build-config - -postsubmits: # runs on main - kyma-project/test-infra: - - name: post-build-ginkgo - annotations: - description: "Building ginkgo image" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "post-build-ginkgo" - prow.k8s.io/pubsub.topic: "prowjobs" - preset-sa-kyma-push-images: "true" - preset-signify-prod-secret: "true" - run_if_changed: '^prow/images/ginkgo/' - skip_report: false - decorate: true - cluster: trusted-workload - max_concurrency: 10 - branches: - - ^main$ - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20241002-aac0cb23" - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - env: - - name: "ADO_PAT" - valueFrom: - secretKeyRef: - name: "image-builder-ado-token" - key: "token" - command: - - "/image-builder" - args: - - "--name=test-infra/ginkgo" - - "--config=/config/kaniko-build-config.yaml" - - "--context=." - - "--dockerfile=prow/images/ginkgo/Dockerfile" - - "--env-file=envs" - - "--build-in-ado=false" - - "--tag={{ .Env \"GOLANG_VERSION\" }}-{{ .ShortSHA }}" - resources: - requests: - memory: 1.5Gi - cpu: 1 - volumeMounts: - - name: config - mountPath: /config - readOnly: true - volumes: - - name: config - configMap: - name: kaniko-build-config