Skip to content

Commit

Permalink
create bundle repos automatically if missing
Browse files Browse the repository at this point in the history
- A check is currently ran checking that every task bundle has its own
  Quay repository
- If the task bundle does not have its own repository, the check will
  fail and the repository has to be created manually
- Automate the repository creation via a task, but only in the on-push
  pipelinerun (once a PR is approved and merged) for security reasons
  • Loading branch information
tnevrlka committed Dec 6, 2024
1 parent b670a9e commit 6091d21
Show file tree
Hide file tree
Showing 4 changed files with 120 additions and 94 deletions.
20 changes: 0 additions & 20 deletions .tekton/pull-request.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -229,26 +229,6 @@ spec:
name: e2e-test
# Added a timeout due to https://issues.redhat.com/browse/STONEBLD-2265
timeout: "2h"
- name: check-task-pipeline-repo-existence
when:
- input: "tasks_pipelines"
operator: "in"
values: ["$(tasks.task-switchboard.results.bindings[*])"]
runAfter:
- build-bundles
taskSpec:
steps:
- name: fail-when-repo-is-missed
image: quay.io/konflux-ci/pull-request-builds:appstudio-utils-{{revision}}
workingDir: $(workspaces.source.path)/source
script: |
#!/usr/bin/env bash
.tekton/scripts/check-task-pipeline-bundle-repos.sh
workspaces:
- name: source
workspaces:
- name: source
workspace: workspace
- name: ec-task-checks
when:
- input: "tasks_pipelines"
Expand Down
23 changes: 23 additions & 0 deletions .tekton/push.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,29 @@ spec:
workspaces:
- name: source

- name: create-repositories-if-missing
runAfter:
- build-bundles
taskSpec:
steps:
- name: run-create-bundle-repos
image: quay.io/konflux-ci/pull-request-builds:appstudio-utils-{{revision}}
workingDir: $(workspaces.source.path)/source
script: |
#!/usr/bin/env bash
.tekton/scripts/create-task-pipeline-bundle-repos.sh
env:
- name: QUAY_TOKEN
valueFrom:
secretKeyRef:
name: konflux-ci-repo-creator
key: quaytoken
workspaces:
- name: source
workspaces:
- name: source
workspace: workspace

- name: update-infra-repo
runAfter:
- build-bundles
Expand Down
74 changes: 0 additions & 74 deletions .tekton/scripts/check-task-pipeline-bundle-repos.sh

This file was deleted.

97 changes: 97 additions & 0 deletions .tekton/scripts/create-task-pipeline-bundle-repos.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
#!/usr/bin/bash

set -o errexit
set -o pipefail
set -o nounset

SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
cd "$SCRIPTDIR/../.."

CATALOG_NAMESPACES=(
konflux-ci/tekton-catalog
)

locate_bundle_repo() {
local -r quay_namespace="$1"
local -r type="$2"
local -r object="$3"

curl -I -s -L -w "%{http_code}\n" -o /dev/null "https://quay.io/v2/${quay_namespace}/${type}-${object}/tags/list"
}

locate_in_all_namespaces() {
local -r type="$1"
local -r object="$2"

for quay_namespace in "${CATALOG_NAMESPACES[@]}"; do
found=$(locate_bundle_repo "$quay_namespace" "$type" "$object")

# konflux-ci/tekton-catalog
if [[ $quay_namespace = */* ]]; then
# tekton-catalog/
quay_repo_prefix="${quay_namespace#*/}/"
# konflux-ci
quay_namespace=${quay_namespace%%/*}
else
quay_repo_prefix=""
fi

echo "Checking ${quay_namespace}/${quay_repo_prefix}${object}, http code: ${found}"
if [ "$found" != "200" ]; then
echo "Missing $type bundle repo: ${quay_repo_prefix}${object} in ${quay_namespace}, creating..."
payload=$(
jq -n \
--arg namespace "$quay_namespace" \
--arg repository "$quay_repo_prefix$object" \
--arg visibility "public" \
--arg description "" \
'$ARGS.named'
)
if ! err_msg=$(curl --oauth2-bearer "${QUAY_TOKEN}" "https://quay.io/api/v1/repository" --json "$payload" | jq '.error_message // empty');
then
echo "curl returned an error when creating the repository. See the error above."
exit 1
fi

if [ -n "$err_msg" ]; then
echo "Quay returned an error when creating the repository: ${err_msg}"
exit 1
fi
fi
done
}

echo "Checking existence of task bundle repositories..."
echo

# tasks
while IFS= read -r -d '' task_dir
do
if [ ! -f "$task_dir"/kustomization.yaml ]; then
# expected structure: task/${name}/${version}/${name}.yaml
task_name=$(basename "$(dirname "$task_dir")")
task_name=$(yq < "$task_dir/$task_name.yaml" .metadata.name)
else
task_name=$(oc kustomize "$task_dir" | yq .metadata.name)
fi

locate_in_all_namespaces task "$task_name"
done < <(find task/*/*/ -maxdepth 0 -type d -print0)

echo
echo "Checking existence of pipeline bundle repositories..."
echo

# pipelines
pl_names=()
# Split by newlines into an array
while IFS=$'\n' read -r line;
do pl_names+=("$line");
done <<<"$(oc kustomize pipelines/ | yq -o json '.metadata.name' | jq -r)"

# Currently, only one pipeline for core services CI
pl_names+=("$(oc kustomize pipelines/core-services/ | yq -o json '"core-services-" + .metadata.name' | jq -r)")
for pl_name in "${pl_names[@]}"; do
echo "Checking pipeline: ${pl_name}"
locate_in_all_namespaces pipeline "$pl_name"
done

0 comments on commit 6091d21

Please sign in to comment.