Skip to content

ROX-23316: Create ACS-style snapshot for each new operator-bundle #13577

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tommartensen merged 94 commits into from
Jan 8, 2025
Merged

ROX-23316: Create ACS-style snapshot for each new operator-bundle #13577

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
94 commits
Select commit Hold shift + click to select a range
9b039bf
initial commit
tommartensen Dec 11, 2024
7a1b818
fix operator-bundle pipeline/create-snapshot task
tommartensen Dec 11, 2024
50a171e
skip
tommartensen Dec 11, 2024
6093f1d
fix task
tommartensen Dec 11, 2024
4aea587
provide application programmatically
tommartensen Dec 11, 2024
1fb983e
da
tommartensen Dec 11, 2024
a2ce33b
no type
tommartensen Dec 11, 2024
3c02cfe
on build level?
tommartensen Dec 11, 2024
06b3f34
like this
tommartensen Dec 11, 2024
a59fae4
snapshot template
tommartensen Dec 12, 2024
b5ad154
create-snapshot
tommartensen Dec 12, 2024
0adccf3
btter debug
tommartensen Dec 12, 2024
5f11bd1
oi
tommartensen Dec 12, 2024
3601bcb
template
tommartensen Dec 12, 2024
e947eec
stuff
tommartensen Dec 12, 2024
6d46a2c
h
tommartensen Dec 12, 2024
667ca91
lala
tommartensen Dec 12, 2024
4c09367
rewrite in python
tommartensen Dec 12, 2024
c5c2ff0
correctly build snapshot
tommartensen Dec 12, 2024
ec79401
apply the snapshot
tommartensen Dec 12, 2024
fd62ffd
fix comma
tommartensen Dec 12, 2024
cb0f158
fix
tommartensen Dec 12, 2024
1ad2a65
fix formatting
tommartensen Dec 12, 2024
07ed2c1
refactor to script and rolebinding
tommartensen Dec 12, 2024
e2335d4
fix permissions
tommartensen Dec 12, 2024
839e103
read git-ref/scanner from image
tommartensen Dec 13, 2024
b855af2
fix wait-for-image task
tommartensen Dec 13, 2024
bd2072f
fix
tommartensen Dec 13, 2024
27ac9eb
heh
tommartensen Dec 13, 2024
df00660
debug
tommartensen Dec 13, 2024
794e3da
ha
tommartensen Dec 13, 2024
83e4492
full pipeline
tommartensen Dec 13, 2024
e2317a8
fix wrong parameter
tommartensen Dec 16, 2024
ffce1f9
fix
tommartensen Dec 16, 2024
876fcc3
fix
tommartensen Dec 16, 2024
e08a463
expose SNAPSHOT_NAME, run after all other tasks
tommartensen Dec 16, 2024
22fa6b5
remove superfluous files
tommartensen Dec 16, 2024
6138099
include all components in the snapshot
tommartensen Dec 16, 2024
f18ae88
fix UI rendering of snapshot
tommartensen Dec 16, 2024
9e85449
build arm64 instead of s390x temporarily...
tommartensen Dec 17, 2024
aaf944a
revert main changes, add empty line
tommartensen Dec 17, 2024
13820b9
default snapshot name
tommartensen Dec 17, 2024
19a203a
remove superfluous file
tommartensen Dec 17, 2024
a072f2e
sort IMAGE_REFS alphabetically
tommartensen Dec 17, 2024
aa031ef
first iteration on review comments
tommartensen Dec 19, 2024
749ff20
use space as delimiter
tommartensen Dec 19, 2024
f2f62be
attempt to move create-acs-style-snapshot to finally
tommartensen Dec 19, 2024
792d458
Revert "attempt to move create-acs-style-snapshot to finally"
tommartensen Dec 19, 2024
a245624
add a CI job that confirms whether all other tasks are mentioned in t…
tommartensen Dec 19, 2024
6d9f48c
debug where i am
tommartensen Dec 19, 2024
42c8117
fix: yq *eval*
tommartensen Dec 19, 2024
9c3bbbb
add namespace to the snapshot
tommartensen Dec 20, 2024
d9202fa
validate component
tommartensen Dec 20, 2024
65fa839
fix: no empty line at end of result
tommartensen Dec 20, 2024
c87fd5f
or->and
tommartensen Dec 20, 2024
a10584c
apply suggestions from code review to the style job
tommartensen Dec 20, 2024
656c970
full speed ahead
tommartensen Dec 20, 2024
65ab0d7
rename and fix speed
tommartensen Dec 20, 2024
dd4262a
fix UTC
tommartensen Dec 20, 2024
acabef6
sanitize tag so the snapshot name is a lowercase RFC 1123 subdomain
tommartensen Dec 20, 2024
6cedc5d
then it was also incorect
tommartensen Dec 20, 2024
e171964
lowercase
tommartensen Dec 20, 2024
7f3b94e
use regex to determine version suffix
tommartensen Dec 20, 2024
cb14abd
prepare step split
tommartensen Dec 20, 2024
6f2c702
fix
tommartensen Dec 20, 2024
14b24d8
provide path
tommartensen Dec 20, 2024
de9f500
add hints for future me
tommartensen Dec 20, 2024
07c045e
apply review comments to check-konflux-pipelines.sh
tommartensen Jan 2, 2025
249cdc9
Merge branch 'master' into tm/konflux-acs-style-snapshot
tommartensen Jan 2, 2025
709e0fa
Add validation for required labels
tommartensen Jan 2, 2025
4a6b67c
attempt to fix pipeline not starting
tommartensen Jan 2, 2025
bb52313
apply code review suggestions, attempt to fix pipeline
tommartensen Jan 2, 2025
ac4cc72
explicitly reference the pipeline definitio
tommartensen Jan 2, 2025
408a92e
fix path
tommartensen Jan 2, 2025
185c25d
fix resolution
tommartensen Jan 2, 2025
f366fe7
remove
tommartensen Jan 2, 2025
adceee4
revert "remove"
tommartensen Jan 2, 2025
8a81a29
add a dot
tommartensen Jan 2, 2025
8d08fbf
reorder functions in script
tommartensen Jan 2, 2025
0a9859a
fix taskref
tommartensen Jan 2, 2025
930f1ec
remove unnecessary annotations
tommartensen Jan 2, 2025
ebb19bc
Fix pipeline and task definitions
tommartensen Jan 2, 2025
86db392
clean up
tommartensen Jan 2, 2025
be2211b
reorder environment variables
tommartensen Jan 2, 2025
adda63c
Apply suggestions from code review
tommartensen Jan 3, 2025
0ca028a
apply remaining review suggestions
tommartensen Jan 3, 2025
1413683
use updated wait-for-image task and refactor script into task (inline)
tommartensen Jan 6, 2025
a514e62
remove wait-for-image task
tommartensen Jan 6, 2025
d4e468d
move create-snapshot task to konflux-tasks repository
tommartensen Jan 6, 2025
c71d200
run full operator-bundle pipeline and snapshot
tommartensen Jan 6, 2025
c0ed4ea
remove source_artifact
tommartensen Jan 6, 2025
1193ed4
update task references and apply suggestions from code review
tommartensen Jan 6, 2025
01227b5
update bundle after merge and add description
tommartensen Jan 7, 2025
adf88ce
Merge branch 'master' into tm/konflux-acs-style-snapshot
tommartensen Jan 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .github/workflows/style.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,9 @@ jobs:
- name: Check Policies
run: scripts/ci/jobs/policy-checks.sh

- name: Check Konflux pipelines
run: scripts/ci/jobs/check-konflux-pipelines.sh

style-check:
runs-on: ubuntu-latest
container:
Expand Down
133 changes: 132 additions & 1 deletion .tekton/operator-bundle-pipeline.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -230,6 +230,9 @@ spec:
- description: ""
name: JAVA_COMMUNITY_DEPENDENCIES
value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES)
- description: ""
name: SNAPSHOT_NAME
value: $(tasks.create-acs-style-snapshot.results.SNAPSHOT_NAME)

workspaces:
- name: git-auth
Expand Down Expand Up @@ -348,7 +351,7 @@ spec:
- name: name
value: wait-for-image
- name: bundle
value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:886e1482c717078d11ba7c5d6fc4e8013e3740b4d1282ebe5534db62c9f19428
value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:3811d015320129588caf7629533a5b51b8c405b3b92e8d37165384f6750f9b66
- name: kind
value: task
resolver: bundles
Expand Down Expand Up @@ -660,3 +663,131 @@ spec:
- name: kind
value: task
resolver: bundles

- name: create-acs-style-snapshot
description: Creates a Snapshot representing a valid set of ACS containers unlike the Snapshots created by Konflux automatically
# Explicitly running after all other tasks to ensure that
# - there are no failures that should prevent a release of the operator-bundle image (missing RPMs signatures, deprecated base images, ...)
# - the source image is present as it is required by EC
# Use scripts/ci/jobs/check-konflux-pipelines.sh to validate and update the list.
runAfter:
- apply-tags
- build-container
- build-source-image
- clair-scan
- clamav-scan
- clone-repository
- deprecated-base-image-check
- determine-main-image-tag
- determine-operator-image-tag
- init
- prefetch-dependencies
- push-dockerfile
- rpms-signature-scan
- sast-snyk-check
- wait-for-central-db-image
- wait-for-collector-full-image
- wait-for-collector-slim-image
- wait-for-main-image
- wait-for-operator-image
- wait-for-roxctl-image
- wait-for-scanner-db-image
- wait-for-scanner-db-slim-image
- wait-for-scanner-image
- wait-for-scanner-slim-image
- wait-for-scanner-v4-db-image
- wait-for-scanner-v4-image
params:
- name: PRODUCT_VERSION
value: $(tasks.determine-main-image-tag.results.IMAGE_TAG)
- name: COMPONENTS
value: |
[
{
"name": "central-db",
"containerImage": "$(params.central-db-image-build-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST)",
"repository": "$(tasks.wait-for-central-db-image.results.GIT_REPO)",
"revision": "$(tasks.wait-for-central-db-image.results.GIT_REF)"
},
{
"name": "collector",
"containerImage": "$(params.collector-full-image-build-repo)@$(tasks.wait-for-collector-full-image.results.IMAGE_DIGEST)",
"repository": "$(tasks.wait-for-collector-full-image.results.GIT_REPO)",
"revision": "$(tasks.wait-for-collector-full-image.results.GIT_REF)"
},
{
"name": "collector-slim",
"containerImage": "$(params.collector-slim-image-build-repo)@$(tasks.wait-for-collector-slim-image.results.IMAGE_DIGEST)",
"repository": "$(tasks.wait-for-collector-slim-image.results.GIT_REPO)",
"revision": "$(tasks.wait-for-collector-slim-image.results.GIT_REF)"
},
{
"name": "main",
"containerImage": "$(params.main-image-build-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST)",
"repository": "$(tasks.wait-for-main-image.results.GIT_REPO)",
"revision": "$(tasks.wait-for-main-image.results.GIT_REF)"
},
{
"name": "operator",
"containerImage": "$(params.operator-image-build-repo)@$(tasks.wait-for-operator-image.results.IMAGE_DIGEST)",
"repository": "$(tasks.wait-for-operator-image.results.GIT_REPO)",
"revision": "$(tasks.wait-for-operator-image.results.GIT_REF)"
},
{
"name": "operator-bundle",
"containerImage": "$(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)",
"repository": "$(params.git-url)",
"revision": "$(params.revision)"
},
{
"name": "roxctl",
"containerImage": "$(params.roxctl-image-build-repo)@$(tasks.wait-for-roxctl-image.results.IMAGE_DIGEST)",
"repository": "$(tasks.wait-for-roxctl-image.results.GIT_REPO)",
"revision": "$(tasks.wait-for-roxctl-image.results.GIT_REF)"
},
{
"name": "scanner-db",
"containerImage": "$(params.scanner-db-image-build-repo)@$(tasks.wait-for-scanner-db-image.results.IMAGE_DIGEST)",
"repository": "$(tasks.wait-for-scanner-db-image.results.GIT_REPO)",
"revision": "$(tasks.wait-for-scanner-db-image.results.GIT_REF)"
},
{
"name": "scanner-db-slim",
"containerImage": "$(params.scanner-db-slim-image-build-repo)@$(tasks.wait-for-scanner-db-slim-image.results.IMAGE_DIGEST)",
"repository": "$(tasks.wait-for-scanner-db-slim-image.results.GIT_REPO)",
"revision": "$(tasks.wait-for-scanner-db-slim-image.results.GIT_REF)"
},
{
"name": "scanner",
"containerImage": "$(params.scanner-image-build-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST)",
"repository": "$(tasks.wait-for-scanner-image.results.GIT_REPO)",
"revision": "$(tasks.wait-for-scanner-image.results.GIT_REF)"
},
{
"name": "scanner-slim",
"containerImage": "$(params.scanner-slim-image-build-repo)@$(tasks.wait-for-scanner-slim-image.results.IMAGE_DIGEST)",
"repository": "$(tasks.wait-for-scanner-slim-image.results.GIT_REPO)",
"revision": "$(tasks.wait-for-scanner-slim-image.results.GIT_REF)"
},
{
"name": "scanner-v4-db",
"containerImage": "$(params.scanner-v4-db-image-build-repo)@$(tasks.wait-for-scanner-v4-db-image.results.IMAGE_DIGEST)",
"repository": "$(tasks.wait-for-scanner-v4-db-image.results.GIT_REPO)",
"revision": "$(tasks.wait-for-scanner-v4-db-image.results.GIT_REF)"
},
{
"name": "scanner-v4",
"containerImage": "$(params.scanner-v4-image-build-repo)@$(tasks.wait-for-scanner-v4-image.results.IMAGE_DIGEST)",
"repository": "$(tasks.wait-for-scanner-v4-image.results.GIT_REPO)",
"revision": "$(tasks.wait-for-scanner-v4-image.results.GIT_REF)"
}
]
taskRef:
params:
- name: name
value: create-snapshot
- name: bundle
value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:3811d015320129588caf7629533a5b51b8c405b3b92e8d37165384f6750f9b66
- name: kind
value: task
resolver: bundles
34 changes: 34 additions & 0 deletions scripts/ci/jobs/check-konflux-pipelines.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
#!/usr/bin/env bash

# This script is to ensure that modifications to our Konflux pipelines follow our expectations and conventions.
# This script is intended to be run in CI

set -euo pipefail

ensure_create_snapshot_runs_last() {
local pipeline_path=".tekton/operator-bundle-pipeline.yaml"
local task_name="create-acs-style-snapshot"
expected_runafter="$(yq eval '.spec.tasks[] | select(.name != '\"${task_name}\"') | .name' "${pipeline_path}" | sort)"
actual_runafter="$(yq eval '.spec.tasks[] | select(.name == '\"${task_name}\"') | .runAfter[]' "${pipeline_path}")"

echo "➤ ${pipeline_path} // checking ${task_name}: task's runAfter contents shall match the expected ones (left - expected, right - actual)."
if ! diff --side-by-side <(echo "${expected_runafter}") <(echo "${actual_runafter}"); then
echo >&2 -e "
✗ ERROR:

The actual runAfter contents do not match the expectations.
To resolve:

1. Open ${pipeline_path} and locate the ${task_name} task
2. Update the runAfter attribute of this task to this list of all previous tasks in the pipeline (sorted alphabetically):

${expected_runafter}
"
exit 1
else
echo "✓ No diff detected."
fi
}

echo "Ensure consistency of our Konflux pipelines."
ensure_create_snapshot_runs_last