diff --git a/hack/build-and-push.sh b/hack/build-and-push.sh index a3086d6112..78e0f10d14 100755 --- a/hack/build-and-push.sh +++ b/hack/build-and-push.sh @@ -484,7 +484,7 @@ build_push_tasks() { attach_migration_file "$task_dir" "$concrete_task_version" "$task_bundle_with_digest" # version placeholder is removed naturally by the substitution. - echo "info: inject task bundle to pielines $task_bundle_with_digest" 1>&2 + echo "info: inject task bundle to pipelines $task_bundle_with_digest" 1>&2 real_task_name=$(yq e '.metadata.name' "$prepared_task_file") inject_bundle_ref_to_pipelines "$real_task_name" "$task_version" "$task_bundle_with_digest" done diff --git a/task/git-clone-oci-ta/0.1/kustomization.yaml b/task/git-clone-oci-ta/0.1/kustomization.yaml new file mode 100644 index 0000000000..841cc244c5 --- /dev/null +++ b/task/git-clone-oci-ta/0.1/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- git-clone-oci-ta.yaml diff --git a/task/pnc-prebuild-git-clone-oci-ta/0.1/README.md b/task/pnc-prebuild-git-clone-oci-ta/0.1/README.md new file mode 100644 index 0000000000..632b8b7797 --- /dev/null +++ b/task/pnc-prebuild-git-clone-oci-ta/0.1/README.md @@ -0,0 +1,48 @@ +# pnc-prebuild-git-clone-oci-ta task + +The pnc-prebuild-git-clone-oci-ta Task will clone a repo from the provided url, apply PNC prebuild modifications from https://github.com/project-ncl/konflux-tooling and store it as a trusted artifact in the provided OCI repository. + +## Parameters +|name|description|default value|required| +|---|---|---|---| +|caTrustConfigMapKey|The name of the key in the ConfigMap that contains the CA bundle data.|ca-bundle.crt|false| +|caTrustConfigMapName|The name of the ConfigMap to read CA bundle data from.|trusted-ca|false| +|depth|Perform a shallow clone, fetching only the most recent N commits.|1|false| +|enableSymlinkCheck|Check symlinks in the repo. If they're pointing outside of the repo, the build will fail. |true|false| +|fetchTags|Fetch all tags for the repo.|false|false| +|httpProxy|HTTP proxy server for non-SSL requests.|""|false| +|httpsProxy|HTTPS proxy server for SSL requests.|""|false| +|noProxy|Opt out of proxying HTTP/HTTPS requests.|""|false| +|ociArtifactExpiresAfter|Expiration date for the trusted artifacts created in the OCI repository. An empty string means the artifacts do not expire.|""|false| +|ociStorage|The OCI repository where the Trusted Artifacts are stored.||true| +|refspec|Refspec to fetch before checking out revision.|""|false| +|revision|Revision to checkout. (branch, tag, sha, ref, etc...)|""|false| +|shortCommitLength|Length of short commit SHA|7|false| +|sparseCheckoutDirectories|Define the directory patterns to match or exclude when performing a sparse checkout.|""|false| +|sslVerify|Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote.|true|false| +|submodules|Initialize and fetch git submodules.|true|false| +|url|Repository URL to clone from.||true| +|userHome|Absolute path to the user's home directory. Set this explicitly if you are running the image as a non-root user. |/tekton/home|false| +|verbose|Log the commands that are executed during `git-clone`'s operation.|false|false| +|BUILD_SCRIPT|The build script to embed with the Containerfile||true| +|BUILD_TOOL|The build tool to use (ant, gradle, maven, sbt).||true| +|BUILD_TOOL_VERSION|The build tool version to use (e.g. 3.9.5)||true| +|JAVA_VERSION|Java version to use (7, 8, 9, 11, 17, 21, 22, 23)||true| +|RECIPE_IMAGE|The image from the build recipe to use||true| + +## Results +|name|description| +|---|---| +|CHAINS-GIT_COMMIT|The precise commit SHA that was fetched by this Task. This result uses Chains type hinting to include in the provenance.| +|CHAINS-GIT_URL|The precise URL that was fetched by this Task. This result uses Chains type hinting to include in the provenance.| +|SOURCE_ARTIFACT|The Trusted Artifact URI pointing to the artifact with the application source code.| +|commit|The precise commit SHA that was fetched by this Task.| +|commit-timestamp|The commit timestamp of the checkout| +|short-commit|The commit SHA that was fetched by this Task limited to params.shortCommitLength number of characters| +|url|The precise URL that was fetched by this Task.| + +## Workspaces +|name|description|optional| +|---|---|---| +|basic-auth|A Workspace containing a .gitconfig and .git-credentials file or username and password. These will be copied to the user's home before any git commands are run. Any other files in this Workspace are ignored. It is strongly recommended to use ssh-directory over basic-auth whenever possible and to bind a Secret to this Workspace over other volume types. |true| +|ssh-directory|A .ssh directory with private key, known_hosts, config, etc. Copied to the user's home before git commands are executed. Used to authenticate with the git remote when performing the clone. Binding a Secret to this Workspace is strongly recommended over other volume types. |true| diff --git a/task/pnc-prebuild-git-clone-oci-ta/0.1/kustomization.yaml b/task/pnc-prebuild-git-clone-oci-ta/0.1/kustomization.yaml new file mode 100644 index 0000000000..8025d5ad7b --- /dev/null +++ b/task/pnc-prebuild-git-clone-oci-ta/0.1/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../git-clone-oci-ta/0.1 + +patches: +- path: patch.yaml + target: + kind: Task diff --git a/task/pnc-prebuild-git-clone-oci-ta/0.1/patch.yaml b/task/pnc-prebuild-git-clone-oci-ta/0.1/patch.yaml new file mode 100644 index 0000000000..2d1e411a6d --- /dev/null +++ b/task/pnc-prebuild-git-clone-oci-ta/0.1/patch.yaml @@ -0,0 +1,71 @@ +- op: replace + path: /metadata/name + value: pnc-prebuild-git-clone-oci-ta +- op: replace + path: /metadata/annotations/tekton.dev~1displayName + value: pnc prebuild git clone oci trusted artifacts +- op: replace + path: /spec/description + value: The pnc-prebuild-git-clone-oci-ta Task will clone a repo from the provided url, apply + PNC prebuild modifications from https://github.com/project-ncl/konflux-tooling and store + it as a trusted artifact in the provided OCI repository. + +- op: add + path: /spec/params/- + value: + name: BUILD_SCRIPT + description: The build script to embed with the Containerfile + type: string +- op: add + path: /spec/params/- + value: + name: BUILD_TOOL + description: The build tool to use (ant, gradle, maven, sbt). + type: string +- op: add + path: /spec/params/- + value: + name: BUILD_TOOL_VERSION + description: The build tool version to use (e.g. 3.9.5) + type: string +- op: add + path: /spec/params/- + value: + name: JAVA_VERSION + description: Java version to use (7, 8, 9, 11, 17, 21, 22, 23) + type: string +- op: add + path: /spec/params/- + value: + name: RECIPE_IMAGE + description: The image from the build recipe to use + type: string + +- op: add + path: /spec/steps/2 + value: + name: preprocessor + image: quay.io/redhat-user-workloads/konflux-jbs-pnc-tenant/konflux-tooling:latest + securityContext: + runAsUser: 0 + computeResources: + limits: + cpu: 300m + memory: 512Mi + requests: + cpu: 10m + memory: 512Mi + args: + - prepare + - --build-tool-version=$(params.BUILD_TOOL_VERSION) + - --java-version=$(params.JAVA_VERSION) + - --recipe-image=$(params.RECIPE_IMAGE) + - --tooling-image=quay.io/redhat-user-workloads/konflux-jbs-pnc-tenant/konflux-tooling:latest + - --type=$(params.BUILD_TOOL) + - /var/workdir/source + volumeMounts: + - mountPath: /var/workdir + name: workdir + env: + - name: BUILD_SCRIPT + value: $(params.BUILD_SCRIPT)