From d024b98cd7192597cc4755b8d3dac0dbd3d22114 Mon Sep 17 00:00:00 2001 From: Nick Cross Date: Mon, 23 Dec 2024 08:42:16 +0000 Subject: [PATCH 1/2] Add PNC prebuild task based upon git-clone-oci-ta --- hack/build-and-push.sh | 2 +- task/git-clone-oci-ta/0.1/kustomization.yaml | 5 ++ .../0.1/README.md | 49 ++++++++++++ .../0.1/kustomization.yaml | 10 +++ .../0.1/patch.yaml | 76 +++++++++++++++++++ 5 files changed, 141 insertions(+), 1 deletion(-) create mode 100644 task/git-clone-oci-ta/0.1/kustomization.yaml create mode 100644 task/pnc-prebuild-git-clone-oci-ta/0.1/README.md create mode 100644 task/pnc-prebuild-git-clone-oci-ta/0.1/kustomization.yaml create mode 100644 task/pnc-prebuild-git-clone-oci-ta/0.1/patch.yaml diff --git a/hack/build-and-push.sh b/hack/build-and-push.sh index a3086d6112..78e0f10d14 100755 --- a/hack/build-and-push.sh +++ b/hack/build-and-push.sh @@ -484,7 +484,7 @@ build_push_tasks() { attach_migration_file "$task_dir" "$concrete_task_version" "$task_bundle_with_digest" # version placeholder is removed naturally by the substitution. - echo "info: inject task bundle to pielines $task_bundle_with_digest" 1>&2 + echo "info: inject task bundle to pipelines $task_bundle_with_digest" 1>&2 real_task_name=$(yq e '.metadata.name' "$prepared_task_file") inject_bundle_ref_to_pipelines "$real_task_name" "$task_version" "$task_bundle_with_digest" done diff --git a/task/git-clone-oci-ta/0.1/kustomization.yaml b/task/git-clone-oci-ta/0.1/kustomization.yaml new file mode 100644 index 0000000000..841cc244c5 --- /dev/null +++ b/task/git-clone-oci-ta/0.1/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- git-clone-oci-ta.yaml diff --git a/task/pnc-prebuild-git-clone-oci-ta/0.1/README.md b/task/pnc-prebuild-git-clone-oci-ta/0.1/README.md new file mode 100644 index 0000000000..816f90ec62 --- /dev/null +++ b/task/pnc-prebuild-git-clone-oci-ta/0.1/README.md @@ -0,0 +1,49 @@ +# pnc-prebuild-git-clone-oci-ta task + +The pnc-prebuild-git-clone-oci-ta Task will clone a repo from the provided url, apply PNC prebuild modifications and store it as a trusted artifact in the provided OCI repository. + +## Parameters +|name|description|default value|required| +|---|---|---|---| +|caTrustConfigMapKey|The name of the key in the ConfigMap that contains the CA bundle data.|ca-bundle.crt|false| +|caTrustConfigMapName|The name of the ConfigMap to read CA bundle data from.|trusted-ca|false| +|depth|Perform a shallow clone, fetching only the most recent N commits.|1|false| +|enableSymlinkCheck|Check symlinks in the repo. If they're pointing outside of the repo, the build will fail. |true|false| +|fetchTags|Fetch all tags for the repo.|false|false| +|httpProxy|HTTP proxy server for non-SSL requests.|""|false| +|httpsProxy|HTTPS proxy server for SSL requests.|""|false| +|noProxy|Opt out of proxying HTTP/HTTPS requests.|""|false| +|ociArtifactExpiresAfter|Expiration date for the trusted artifacts created in the OCI repository. An empty string means the artifacts do not expire.|""|false| +|ociStorage|The OCI repository where the Trusted Artifacts are stored.||true| +|refspec|Refspec to fetch before checking out revision.|""|false| +|revision|Revision to checkout. (branch, tag, sha, ref, etc...)|""|false| +|shortCommitLength|Length of short commit SHA|7|false| +|sparseCheckoutDirectories|Define the directory patterns to match or exclude when performing a sparse checkout.|""|false| +|sslVerify|Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote.|true|false| +|submodules|Initialize and fetch git submodules.|true|false| +|url|Repository URL to clone from.||true| +|userHome|Absolute path to the user's home directory. Set this explicitly if you are running the image as a non-root user. |/tekton/home|false| +|verbose|Log the commands that are executed during `git-clone`'s operation.|false|false| +|BUILD_SCRIPT|The build script to embed with the Containerfile||true| +|BUILD_TOOL|The build tool to use (ant, gradle, maven, sbt).||true| +|BUILD_TOOL_VERSION|The build tool version to use (e.g. 3.9.5)||true| +|JAVA_VERSION|Java version to use (7, 8, 9, 11, 17, 21, 22, 23)||true| +|PNC_KONFLUX_TOOLING_IMAGE|Name of the tooling image.||true| +|RECIPE_IMAGE|The image from the build recipe to use||true| + +## Results +|name|description| +|---|---| +|CHAINS-GIT_COMMIT|The precise commit SHA that was fetched by this Task. This result uses Chains type hinting to include in the provenance.| +|CHAINS-GIT_URL|The precise URL that was fetched by this Task. This result uses Chains type hinting to include in the provenance.| +|SOURCE_ARTIFACT|The Trusted Artifact URI pointing to the artifact with the application source code.| +|commit|The precise commit SHA that was fetched by this Task.| +|commit-timestamp|The commit timestamp of the checkout| +|short-commit|The commit SHA that was fetched by this Task limited to params.shortCommitLength number of characters| +|url|The precise URL that was fetched by this Task.| + +## Workspaces +|name|description|optional| +|---|---|---| +|basic-auth|A Workspace containing a .gitconfig and .git-credentials file or username and password. These will be copied to the user's home before any git commands are run. Any other files in this Workspace are ignored. It is strongly recommended to use ssh-directory over basic-auth whenever possible and to bind a Secret to this Workspace over other volume types. |true| +|ssh-directory|A .ssh directory with private key, known_hosts, config, etc. Copied to the user's home before git commands are executed. Used to authenticate with the git remote when performing the clone. Binding a Secret to this Workspace is strongly recommended over other volume types. |true| diff --git a/task/pnc-prebuild-git-clone-oci-ta/0.1/kustomization.yaml b/task/pnc-prebuild-git-clone-oci-ta/0.1/kustomization.yaml new file mode 100644 index 0000000000..8025d5ad7b --- /dev/null +++ b/task/pnc-prebuild-git-clone-oci-ta/0.1/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../git-clone-oci-ta/0.1 + +patches: +- path: patch.yaml + target: + kind: Task diff --git a/task/pnc-prebuild-git-clone-oci-ta/0.1/patch.yaml b/task/pnc-prebuild-git-clone-oci-ta/0.1/patch.yaml new file mode 100644 index 0000000000..fb5db42e4a --- /dev/null +++ b/task/pnc-prebuild-git-clone-oci-ta/0.1/patch.yaml @@ -0,0 +1,76 @@ +- op: replace + path: /metadata/name + value: pnc-prebuild-git-clone-oci-ta +- op: replace + path: /metadata/annotations/tekton.dev~1displayName + value: pnc prebuild git clone oci trusted artifacts +- op: replace + path: /spec/description + value: The pnc-prebuild-git-clone-oci-ta Task will clone a repo from the provided url, apply + PNC prebuild modifications and store it as a trusted artifact in the provided OCI repository. + +- op: add + path: /spec/params/- + value: + name: BUILD_SCRIPT + description: The build script to embed with the Containerfile + type: string +- op: add + path: /spec/params/- + value: + name: BUILD_TOOL + description: The build tool to use (ant, gradle, maven, sbt). + type: string +- op: add + path: /spec/params/- + value: + name: BUILD_TOOL_VERSION + description: The build tool version to use (e.g. 3.9.5) + type: string +- op: add + path: /spec/params/- + value: + name: JAVA_VERSION + description: Java version to use (7, 8, 9, 11, 17, 21, 22, 23) + type: string +- op: add + path: /spec/params/- + value: + name: PNC_KONFLUX_TOOLING_IMAGE + description: Name of the tooling image. + type: string +- op: add + path: /spec/params/- + value: + name: RECIPE_IMAGE + description: The image from the build recipe to use + type: string + +- op: add + path: /spec/steps/2 + value: + name: preprocessor + image: $(params.PNC_KONFLUX_TOOLING_IMAGE) + securityContext: + runAsUser: 0 + computeResources: + limits: + cpu: 300m + memory: 512Mi + requests: + cpu: 10m + memory: 512Mi + args: + - prepare + - --build-tool-version=$(params.BUILD_TOOL_VERSION) + - --java-version=$(params.JAVA_VERSION) + - --recipe-image=$(params.RECIPE_IMAGE) + - --tooling-image=$(params.PNC_KONFLUX_TOOLING_IMAGE) + - --type=$(params.BUILD_TOOL) + - /var/workdir/source + volumeMounts: + - mountPath: /var/workdir + name: workdir + env: + - name: BUILD_SCRIPT + value: $(params.BUILD_SCRIPT) From 714344cf953e8b57b15f61775a19355b86440def Mon Sep 17 00:00:00 2001 From: Nick Cross Date: Fri, 17 Jan 2025 15:03:19 +0000 Subject: [PATCH 2/2] Remove tooling image parameter --- task/pnc-prebuild-git-clone-oci-ta/0.1/README.md | 3 +-- task/pnc-prebuild-git-clone-oci-ta/0.1/patch.yaml | 13 ++++--------- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/task/pnc-prebuild-git-clone-oci-ta/0.1/README.md b/task/pnc-prebuild-git-clone-oci-ta/0.1/README.md index 816f90ec62..632b8b7797 100644 --- a/task/pnc-prebuild-git-clone-oci-ta/0.1/README.md +++ b/task/pnc-prebuild-git-clone-oci-ta/0.1/README.md @@ -1,6 +1,6 @@ # pnc-prebuild-git-clone-oci-ta task -The pnc-prebuild-git-clone-oci-ta Task will clone a repo from the provided url, apply PNC prebuild modifications and store it as a trusted artifact in the provided OCI repository. +The pnc-prebuild-git-clone-oci-ta Task will clone a repo from the provided url, apply PNC prebuild modifications from https://github.com/project-ncl/konflux-tooling and store it as a trusted artifact in the provided OCI repository. ## Parameters |name|description|default value|required| @@ -28,7 +28,6 @@ The pnc-prebuild-git-clone-oci-ta Task will clone a repo from the provided url, |BUILD_TOOL|The build tool to use (ant, gradle, maven, sbt).||true| |BUILD_TOOL_VERSION|The build tool version to use (e.g. 3.9.5)||true| |JAVA_VERSION|Java version to use (7, 8, 9, 11, 17, 21, 22, 23)||true| -|PNC_KONFLUX_TOOLING_IMAGE|Name of the tooling image.||true| |RECIPE_IMAGE|The image from the build recipe to use||true| ## Results diff --git a/task/pnc-prebuild-git-clone-oci-ta/0.1/patch.yaml b/task/pnc-prebuild-git-clone-oci-ta/0.1/patch.yaml index fb5db42e4a..2d1e411a6d 100644 --- a/task/pnc-prebuild-git-clone-oci-ta/0.1/patch.yaml +++ b/task/pnc-prebuild-git-clone-oci-ta/0.1/patch.yaml @@ -7,7 +7,8 @@ - op: replace path: /spec/description value: The pnc-prebuild-git-clone-oci-ta Task will clone a repo from the provided url, apply - PNC prebuild modifications and store it as a trusted artifact in the provided OCI repository. + PNC prebuild modifications from https://github.com/project-ncl/konflux-tooling and store + it as a trusted artifact in the provided OCI repository. - op: add path: /spec/params/- @@ -33,12 +34,6 @@ name: JAVA_VERSION description: Java version to use (7, 8, 9, 11, 17, 21, 22, 23) type: string -- op: add - path: /spec/params/- - value: - name: PNC_KONFLUX_TOOLING_IMAGE - description: Name of the tooling image. - type: string - op: add path: /spec/params/- value: @@ -50,7 +45,7 @@ path: /spec/steps/2 value: name: preprocessor - image: $(params.PNC_KONFLUX_TOOLING_IMAGE) + image: quay.io/redhat-user-workloads/konflux-jbs-pnc-tenant/konflux-tooling:latest securityContext: runAsUser: 0 computeResources: @@ -65,7 +60,7 @@ - --build-tool-version=$(params.BUILD_TOOL_VERSION) - --java-version=$(params.JAVA_VERSION) - --recipe-image=$(params.RECIPE_IMAGE) - - --tooling-image=$(params.PNC_KONFLUX_TOOLING_IMAGE) + - --tooling-image=quay.io/redhat-user-workloads/konflux-jbs-pnc-tenant/konflux-tooling:latest - --type=$(params.BUILD_TOOL) - /var/workdir/source volumeMounts: