From 020d97a631cde4c5408cc25673302780fed7b306 Mon Sep 17 00:00:00 2001 From: Alejandro Visiedo Date: Thu, 5 Dec 2024 19:24:02 +0100 Subject: [PATCH] refactor(HMS-4895): use -oci-tag wherever possible Prepare the change for adding the unit test task, by migrating the tasks to -oci-ta which does not require PVC and the ephemeral information is trusted. This change apply to the pullrequest tekton pipeline. https://issues.redhat.com/browse/HMS-4556 Signed-off-by: Alejandro Visiedo --- .tekton/idmsvc-backend-pull-request.yaml | 99 +++++++++++++++--------- 1 file changed, 64 insertions(+), 35 deletions(-) diff --git a/.tekton/idmsvc-backend-pull-request.yaml b/.tekton/idmsvc-backend-pull-request.yaml index 5295f2df..e49ac87f 100644 --- a/.tekton/idmsvc-backend-pull-request.yaml +++ b/.tekton/idmsvc-backend-pull-request.yaml @@ -30,6 +30,12 @@ spec: value: build/package/Dockerfile - name: path-context value: . + - name: build-platforms + value: + - linux/x86_64 + - linux/arm64 + - linux/ppc64le + - linux/s390x pipelineSpec: description: | This pipeline is ideal for building container images from a Containerfile while reducing network traffic. @@ -129,6 +135,12 @@ spec: description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file name: build-args-file type: string + - default: + - linux/x86_64 + description: List of platforms to build the container images on. The available + set of values is determined by the configuration of the multi-platform-controller. + name: build-platforms + type: array results: - description: "" name: IMAGE_URL @@ -166,14 +178,18 @@ spec: value: $(params.git-url) - name: revision value: $(params.revision) + - name: ociStorage + value: $(params.output-image).git + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) runAfter: - init taskRef: params: - name: name - value: git-clone + value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:d091a9e19567a4cbdc5acd57903c71ba71dc51d749a4ba7477e689608851e981 + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:4bf48d038ff12d25bdeb5ab3e98dc2271818056f454c83d7393ebbd413028147 - name: kind value: task resolver: bundles @@ -183,38 +199,42 @@ spec: values: - "true" workspaces: - - name: output - workspace: workspace - name: basic-auth workspace: git-auth - name: prefetch-dependencies params: + - name: dev-package-managers + value: "true" - name: input value: $(params.prefetch-input) + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image).prefetch + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) runAfter: - clone-repository taskRef: params: - name: name - value: prefetch-dependencies + value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:d3d8a8bfee292afee3c683692fdd70c031ef430446124285f6abc73365839a6f + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:4072f732119864d12ec8e2ff075f01487aaee9df4440166dbe85fdd447865161 - name: kind value: task resolver: bundles - when: - - input: $(params.prefetch-input) - operator: notin - values: - - "" workspaces: - - name: source - workspace: workspace - name: git-basic-auth workspace: git-auth - name: netrc workspace: netrc - - name: build-container + - name: build-images + matrix: + params: + - name: PLATFORM + value: + - $(params.build-platforms) params: - name: IMAGE value: $(params.output-image) @@ -235,14 +255,20 @@ spec: - $(params.build-args[*]) - name: BUILD_ARGS_FILE value: $(params.build-args-file) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + - name: IMAGE_APPEND_PLATFORM + value: "true" runAfter: - prefetch-dependencies taskRef: params: - name: name - value: buildah + value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.2@sha256:7d3f090943ecb839cc505b3a5e5305c0203dfc6dbc0096713c0add9ef1e45d90 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.2@sha256:2a3e27910c933d39ec1580dde6c48c61763ba28311a36f38bc2d58ec8b87eece - name: kind value: task resolver: bundles @@ -251,9 +277,6 @@ spec: operator: in values: - "true" - workspaces: - - name: source - workspace: workspace - name: build-image-index params: - name: IMAGE @@ -266,9 +289,9 @@ spec: value: $(params.build-image-index) - name: IMAGES value: - - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) + - $(tasks.build-images.results.IMAGE_REF[*]) runAfter: - - build-container + - build-images taskRef: params: - name: name @@ -287,14 +310,18 @@ spec: params: - name: BINARY_IMAGE value: $(params.output-image) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - build-image-index taskRef: params: - name: name - value: source-build + value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:957f765b9d7ea9e69f26cd56b11412699574d8543dc99eaf7f3c04cb713d6ac4 + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:24dba7b4eb207592e4a24710a24a01b57e9477bc37bdb2f2d04bff5d4fb7ccec - name: kind value: task resolver: bundles @@ -307,9 +334,6 @@ spec: operator: in values: - "true" - workspaces: - - name: workspace - workspace: workspace - name: deprecated-base-image-check params: - name: IMAGE_URL @@ -380,14 +404,18 @@ spec: value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.build-image-index.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - build-image-index taskRef: params: - name: name - value: sast-snyk-check + value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.3@sha256:9fa8acbd4331e5f7c7ba39c6283a219b084e8b2332996e0988a7907a4a75feb4 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:65a213322ea7c64159e37071d369d74b6378b23403150e29537865cada90f022 - name: kind value: task resolver: bundles @@ -396,9 +424,6 @@ spec: operator: in values: - "false" - workspaces: - - name: workspace - workspace: workspace - name: clamav-scan params: - name: image-digest @@ -446,20 +471,24 @@ spec: value: $(params.dockerfile) - name: CONTEXT value: $(params.path-context) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) runAfter: - build-image-index taskRef: params: - name: name - value: push-dockerfile + value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:48bb2ee92ea528b28c0814c9cc126021e499a081b69431987a774561e9ac8047 + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:80d48a1b9d2707490309941ec9f79338533938f959ca9a207b481b0e8a5e7a93 - name: kind value: task resolver: bundles workspaces: - - name: workspace - workspace: workspace + - name: git-auth + optional: true + - name: netrc + optional: true - name: rpms-signature-scan params: - name: image-url