diff --git a/.githooks/commit-msg b/.githooks/commit-msg index 21316e2565..4e06affd4a 100755 --- a/.githooks/commit-msg +++ b/.githooks/commit-msg @@ -1,9 +1,32 @@ #!/bin/bash . $(dirname "$0")/components.sh +. $(dirname "$0")/skipped-files.sh -exceptions=( README.md ) +filenames=$(git diff --name-only --cached) + +# check if we must skip any check +is_skipped_file=false +for filename in $filenames; do + for skipped_file in "${skipped_files[@]}"; do + if [[ "$filename" =~ $skipped_file ]]; then + is_skipped_file=true + break + else + is_skipped_file=false + fi + done + if [ "$is_skipped_file" = false ]; then + break + fi +done +if [ "$is_skipped_file" = true ]; then + echo INFO: skipping commit msg check + exit 0 +fi + +# check format if ! [[ "$(head -1 $1)t sh" == *":"* ]]; then echo ERROR: commit msg subject must include component name exit 4 @@ -16,7 +39,9 @@ if ! [ ${components[$msg_prefix]+exist} ]; then exit 8 fi -for filename in $(git diff --name-only --cached); do +# check prefixes +exceptions=( README.md ) +for filename in $filenames; do if [[ ! " ${exceptions[@]} " =~ " $filename " ]]; then is_prefix_found=false IFS=', ' read -r -a prefixes <<< "${components[$msg_prefix]}" diff --git a/.githooks/skipped-files.sh b/.githooks/skipped-files.sh new file mode 100644 index 0000000000..5f1914675c --- /dev/null +++ b/.githooks/skipped-files.sh @@ -0,0 +1,2 @@ +#!/bin/bash +skipped_files=(".tekton/.*") diff --git a/.tekton/OWNERS b/.tekton/OWNERS new file mode 100644 index 0000000000..3a2950f574 --- /dev/null +++ b/.tekton/OWNERS @@ -0,0 +1,2 @@ +approvers: + - konflux-approvers diff --git a/.tekton/cnf-features-deploy-4-19-pull-request.yaml b/.tekton/cnf-features-deploy-4-19-pull-request.yaml new file mode 100644 index 0000000000..25034684e3 --- /dev/null +++ b/.tekton/cnf-features-deploy-4-19-pull-request.yaml @@ -0,0 +1,618 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/openshift-kni/cnf-features-deploy?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch + == "master" + creationTimestamp: null + labels: + appstudio.openshift.io/application: ztp-site-generate-4-19 + appstudio.openshift.io/component: cnf-features-deploy-4-19 + pipelines.appstudio.openshift.io/type: build + name: cnf-features-deploy-4-19-on-pull-request + namespace: telco-5g-tenant +spec: + params: + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/redhat-user-workloads/telco-5g-tenant/cnf-features-deploy-4-19:on-pr-{{revision}} + - name: image-expires-after + value: 5d + - name: dockerfile + value: ztp/resource-generator/Containerfile + - name: build-args-file + value: build-args-konflux.conf + pipelineSpec: + description: | + This pipeline is ideal for building container images from a Containerfile while reducing network traffic. + + _Uses `buildah` to create a container image. It also optionally creates a source image and runs some build-time tests. EC will flag a violation for [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) if any tasks are added to the pipeline. + This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build?tab=tags)_ + finally: + - name: show-sbom + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + taskRef: + params: + - name: name + value: show-sbom + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 + - name: kind + value: task + resolver: bundles + - name: show-summary + params: + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: git-url + value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) + - name: image-url + value: $(params.output-image) + - name: build-task-status + value: $(tasks.build-image-index.status) + taskRef: + params: + - name: name + value: summary + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:870d9a04d9784840a90b7bf6817cd0d0c4edfcda04b1ba1868cae625a3c3bfcc + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: Path to the source code of an application's component from where + to build image. + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile inside the context specified by parameter + path-context + name: dockerfile + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched by Cachi2 + name: prefetch-input + type: string + - default: "" + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. + name: image-expires-after + - default: "false" + description: Build a source image. + name: build-source-image + type: string + - default: "false" + description: Add built image into an OCI image index + name: build-image-index + type: string + - default: [] + description: Array of --build-arg values ("arg=value" strings) for buildah + name: build-args + type: array + - default: "" + description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file + name: build-args-file + type: string + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + tasks: + - name: init + params: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: skip-checks + value: $(params.skip-checks) + taskRef: + params: + - name: name + value: init + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:63eb4a4c0cfb491276bff86fdad1c96bf238506388848e79001058450a8e843a + - name: kind + value: task + resolver: bundles + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + runAfter: + - init + taskRef: + params: + - name: name + value: git-clone + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:d091a9e19567a4cbdc5acd57903c71ba71dc51d749a4ba7477e689608851e981 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: prefetch-dependencies + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.2@sha256:54d41cb14ef76d73f372a7e4e8aeef4c2a667e937049398a056408916db727ac + - name: kind + value: task + resolver: bundles + when: + - input: $(params.prefetch-input) + operator: notin + values: + - "" + workspaces: + - name: source + workspace: workspace + - name: git-basic-auth + workspace: git-auth + - name: netrc + workspace: netrc + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + runAfter: + - prefetch-dependencies + taskRef: + params: + - name: name + value: buildah + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.4@sha256:8c1927de5164e87bceba44c2cdfcb14a14359a23c4158e631046dd5e50ce1e52 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: build-image-index + params: + - name: IMAGE + value: $(params.output-image) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: ALWAYS_BUILD_INDEX + value: $(params.build-image-index) + - name: IMAGES + value: + - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) + runAfter: + - build-container + taskRef: + params: + - name: name + value: build-image-index + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:0c2270d1b24fcbaa6fe82b6d045b715a5f24f55d099a10f65297671e2ee421e6 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - name: build-source-image + params: + - name: BINARY_IMAGE + value: $(params.output-image) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: source-build + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.2@sha256:50b50ca7dd65e0132769021f8cfbb2db7c799adea7b4e3a8968b425bbde1e8eb + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - input: $(params.build-source-image) + operator: in + values: + - "true" + workspaces: + - name: workspace + workspace: workspace + - name: deprecated-base-image-check + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:ced089bd8d86f95ee70f6ee1a6941d677f1c66c3b8f02fa60f9309c6c32e1929 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clair-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:f636f2cbe91d9d4d9685a38c8bc680a36e17f568ec0e60a93da82d1284b488c5 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: ecosystem-cert-preflight-checks + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: ecosystem-cert-preflight-checks + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:2ad615f9b8141ed2e0b060ebda366ce43cf55a9dd7c98e2d93970ff328dca8b2 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-snyk-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.3@sha256:30cc34ccf6ca34e7f0951fd508fe4436d07388e7244baab77baf4ef9bdcefff4 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clamav-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:0db068e8a59612472a2483f5113893d0c5c9102e9ad7647d9a4789360e5bc2dc + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-coverity-check + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + runAfter: + - coverity-availability-check + taskRef: + params: + - name: name + value: sast-coverity-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.2@sha256:abc3445b50378f0a93f9560f3f93c1593f196c9612570cce0b0be890e48a68cc + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - input: $(tasks.coverity-availability-check.results.STATUS) + operator: in + values: + - success + workspaces: + - name: source + workspace: workspace + - name: coverity-availability-check + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: coverity-availability-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check-oci-ta:0.2@sha256:8653d290298593e4db9457ab00d9160738c31c384b7615ee30626ccab6f96ed8 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-shell-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-shell-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:438d4eecc52a772f7dde54ae274eb5349a207874bd9b1909cdab26e93a51a48c + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: sast-unicode-check + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-unicode-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:b3e7807546635e03487eb61aff64a8e03c2dccb3d08939dcee50cff0f04fb8b0 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: apply-tags + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:5e5f290359fd34ae4cc77cbbba6ef8c9907d752572d6dc2a00f5a4c504eb48bb + - name: kind + value: task + resolver: bundles + - name: push-dockerfile + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: push-dockerfile + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:ba6b3182b8f7e1f9054b67cdafb338140136bb357c8d434cf28f6d569b5cb07f + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace + - name: rpms-signature-scan + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:3bf6d1bcd57af1095b06b4c489f965551364b1f1f72a807de9cab3c23142dca5 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + - name: git-auth + optional: true + - name: netrc + optional: true + taskRunTemplate: {} + workspaces: + - name: workspace + volumeClaimTemplate: + metadata: + creationTimestamp: null + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: {} + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} diff --git a/.tekton/cnf-features-deploy-4-19-push.yaml b/.tekton/cnf-features-deploy-4-19-push.yaml new file mode 100644 index 0000000000..42d55802fc --- /dev/null +++ b/.tekton/cnf-features-deploy-4-19-push.yaml @@ -0,0 +1,615 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/openshift-kni/cnf-features-deploy?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch + == "master" + creationTimestamp: null + labels: + appstudio.openshift.io/application: ztp-site-generate-4-19 + appstudio.openshift.io/component: cnf-features-deploy-4-19 + pipelines.appstudio.openshift.io/type: build + name: cnf-features-deploy-4-19-on-push + namespace: telco-5g-tenant +spec: + params: + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/redhat-user-workloads/telco-5g-tenant/cnf-features-deploy-4-19:{{revision}} + - name: dockerfile + value: ztp/resource-generator + - name: build-args-file + value: build-args-konflux.conf + pipelineSpec: + description: | + This pipeline is ideal for building container images from a Containerfile while reducing network traffic. + + _Uses `buildah` to create a container image. It also optionally creates a source image and runs some build-time tests. EC will flag a violation for [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) if any tasks are added to the pipeline. + This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build?tab=tags)_ + finally: + - name: show-sbom + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + taskRef: + params: + - name: name + value: show-sbom + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 + - name: kind + value: task + resolver: bundles + - name: show-summary + params: + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: git-url + value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) + - name: image-url + value: $(params.output-image) + - name: build-task-status + value: $(tasks.build-image-index.status) + taskRef: + params: + - name: name + value: summary + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:870d9a04d9784840a90b7bf6817cd0d0c4edfcda04b1ba1868cae625a3c3bfcc + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: Path to the source code of an application's component from where + to build image. + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile inside the context specified by parameter + path-context + name: dockerfile + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched by Cachi2 + name: prefetch-input + type: string + - default: "" + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. + name: image-expires-after + - default: "false" + description: Build a source image. + name: build-source-image + type: string + - default: "false" + description: Add built image into an OCI image index + name: build-image-index + type: string + - default: [] + description: Array of --build-arg values ("arg=value" strings) for buildah + name: build-args + type: array + - default: "" + description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file + name: build-args-file + type: string + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + tasks: + - name: init + params: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: skip-checks + value: $(params.skip-checks) + taskRef: + params: + - name: name + value: init + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:63eb4a4c0cfb491276bff86fdad1c96bf238506388848e79001058450a8e843a + - name: kind + value: task + resolver: bundles + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + runAfter: + - init + taskRef: + params: + - name: name + value: git-clone + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:d091a9e19567a4cbdc5acd57903c71ba71dc51d749a4ba7477e689608851e981 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: prefetch-dependencies + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.2@sha256:54d41cb14ef76d73f372a7e4e8aeef4c2a667e937049398a056408916db727ac + - name: kind + value: task + resolver: bundles + when: + - input: $(params.prefetch-input) + operator: notin + values: + - "" + workspaces: + - name: source + workspace: workspace + - name: git-basic-auth + workspace: git-auth + - name: netrc + workspace: netrc + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + runAfter: + - prefetch-dependencies + taskRef: + params: + - name: name + value: buildah + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.4@sha256:8c1927de5164e87bceba44c2cdfcb14a14359a23c4158e631046dd5e50ce1e52 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: build-image-index + params: + - name: IMAGE + value: $(params.output-image) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: ALWAYS_BUILD_INDEX + value: $(params.build-image-index) + - name: IMAGES + value: + - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) + runAfter: + - build-container + taskRef: + params: + - name: name + value: build-image-index + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:0c2270d1b24fcbaa6fe82b6d045b715a5f24f55d099a10f65297671e2ee421e6 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - name: build-source-image + params: + - name: BINARY_IMAGE + value: $(params.output-image) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: source-build + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.2@sha256:50b50ca7dd65e0132769021f8cfbb2db7c799adea7b4e3a8968b425bbde1e8eb + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - input: $(params.build-source-image) + operator: in + values: + - "true" + workspaces: + - name: workspace + workspace: workspace + - name: deprecated-base-image-check + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:ced089bd8d86f95ee70f6ee1a6941d677f1c66c3b8f02fa60f9309c6c32e1929 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clair-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:f636f2cbe91d9d4d9685a38c8bc680a36e17f568ec0e60a93da82d1284b488c5 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: ecosystem-cert-preflight-checks + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: ecosystem-cert-preflight-checks + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:2ad615f9b8141ed2e0b060ebda366ce43cf55a9dd7c98e2d93970ff328dca8b2 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-snyk-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.3@sha256:30cc34ccf6ca34e7f0951fd508fe4436d07388e7244baab77baf4ef9bdcefff4 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clamav-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:0db068e8a59612472a2483f5113893d0c5c9102e9ad7647d9a4789360e5bc2dc + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-coverity-check + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + runAfter: + - coverity-availability-check + taskRef: + params: + - name: name + value: sast-coverity-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.2@sha256:abc3445b50378f0a93f9560f3f93c1593f196c9612570cce0b0be890e48a68cc + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - input: $(tasks.coverity-availability-check.results.STATUS) + operator: in + values: + - success + workspaces: + - name: source + workspace: workspace + - name: coverity-availability-check + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: coverity-availability-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check-oci-ta:0.2@sha256:8653d290298593e4db9457ab00d9160738c31c384b7615ee30626ccab6f96ed8 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-shell-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-shell-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:438d4eecc52a772f7dde54ae274eb5349a207874bd9b1909cdab26e93a51a48c + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: sast-unicode-check + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-unicode-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:b3e7807546635e03487eb61aff64a8e03c2dccb3d08939dcee50cff0f04fb8b0 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: apply-tags + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:5e5f290359fd34ae4cc77cbbba6ef8c9907d752572d6dc2a00f5a4c504eb48bb + - name: kind + value: task + resolver: bundles + - name: push-dockerfile + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: push-dockerfile + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:ba6b3182b8f7e1f9054b67cdafb338140136bb357c8d434cf28f6d569b5cb07f + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace + - name: rpms-signature-scan + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:3bf6d1bcd57af1095b06b4c489f965551364b1f1f72a807de9cab3c23142dca5 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + - name: git-auth + optional: true + - name: netrc + optional: true + taskRunTemplate: {} + workspaces: + - name: workspace + volumeClaimTemplate: + metadata: + creationTimestamp: null + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: {} + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} diff --git a/.tekton/cnf-tests-pull-request.yaml b/.tekton/cnf-tests-pull-request.yaml new file mode 100644 index 0000000000..ae89daae23 --- /dev/null +++ b/.tekton/cnf-tests-pull-request.yaml @@ -0,0 +1,620 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/openshift-kni/cnf-features-deploy?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch + == "master" + creationTimestamp: null + labels: + appstudio.openshift.io/application: cnf-tests-4-19 + appstudio.openshift.io/component: cnf-tests-4-19 + pipelines.appstudio.openshift.io/type: build + name: cnf-tests-4-19-on-pull-request + namespace: telco-5g-tenant +spec: + params: + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/redhat-user-workloads/telco-5g-tenant/cnf-tests-4-19:on-pr-{{revision}} + - name: image-expires-after + value: 5d + - name: dockerfile + value: cnf-tests/.konflux/Dockerfile + - name: prefetch-input + value: '{"type": "rpm", "path": "cnf-tests/.konflux"}' + pipelineSpec: + description: | + This pipeline is ideal for building container images from a Containerfile while reducing network traffic. + + _Uses `buildah` to create a container image. It also optionally creates a source image and runs some build-time tests. EC will flag a violation for [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) if any tasks are added to the pipeline. + This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build?tab=tags)_ + finally: + - name: show-sbom + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + taskRef: + params: + - name: name + value: show-sbom + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 + - name: kind + value: task + resolver: bundles + - name: show-summary + params: + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: git-url + value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) + - name: image-url + value: $(params.output-image) + - name: build-task-status + value: $(tasks.build-image-index.status) + taskRef: + params: + - name: name + value: summary + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:870d9a04d9784840a90b7bf6817cd0d0c4edfcda04b1ba1868cae625a3c3bfcc + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: Path to the source code of an application's component from where + to build image. + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile inside the context specified by parameter + path-context + name: dockerfile + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched by Cachi2 + name: prefetch-input + type: string + - default: "" + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. + name: image-expires-after + - default: "false" + description: Build a source image. + name: build-source-image + type: string + - default: "false" + description: Add built image into an OCI image index + name: build-image-index + type: string + - default: [] + description: Array of --build-arg values ("arg=value" strings) for buildah + name: build-args + type: array + - default: "" + description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file + name: build-args-file + type: string + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + tasks: + - name: init + params: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: skip-checks + value: $(params.skip-checks) + taskRef: + params: + - name: name + value: init + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:63eb4a4c0cfb491276bff86fdad1c96bf238506388848e79001058450a8e843a + - name: kind + value: task + resolver: bundles + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + runAfter: + - init + taskRef: + params: + - name: name + value: git-clone + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:fe27845cdba6fa95d9da2bfc7cb744d4df88711e8b867c4f246bdf944d4b00d0 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + - name: dev-package-managers + value: "true" + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: prefetch-dependencies + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.2@sha256:fb126d78a71fa4cef9046d2563832c91ec73e0d1a7c5811b85e9d28132b7c076 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.prefetch-input) + operator: notin + values: + - "" + workspaces: + - name: source + workspace: workspace + - name: git-basic-auth + workspace: git-auth + - name: netrc + workspace: netrc + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + runAfter: + - prefetch-dependencies + taskRef: + params: + - name: name + value: buildah + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.4@sha256:91caef22ccb5bbc694e33eb8706cddb662840e9dc351c7e57a23f7dc50dae2e5 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: build-image-index + params: + - name: IMAGE + value: $(params.output-image) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: ALWAYS_BUILD_INDEX + value: $(params.build-image-index) + - name: IMAGES + value: + - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) + runAfter: + - build-container + taskRef: + params: + - name: name + value: build-image-index + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:0c2270d1b24fcbaa6fe82b6d045b715a5f24f55d099a10f65297671e2ee421e6 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - name: build-source-image + params: + - name: BINARY_IMAGE + value: $(params.output-image) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: source-build + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.2@sha256:6de42f19b1bc021657f0e94fce9995cdd841c9378a732948ae2a347422e0f613 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - input: $(params.build-source-image) + operator: in + values: + - "true" + workspaces: + - name: workspace + workspace: workspace + - name: deprecated-base-image-check + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:ced089bd8d86f95ee70f6ee1a6941d677f1c66c3b8f02fa60f9309c6c32e1929 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clair-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:f636f2cbe91d9d4d9685a38c8bc680a36e17f568ec0e60a93da82d1284b488c5 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: ecosystem-cert-preflight-checks + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: ecosystem-cert-preflight-checks + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:df8a25a3431a70544172ed4844f9d0c6229d39130633960729f825a031a7dea9 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-snyk-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.3@sha256:30cc34ccf6ca34e7f0951fd508fe4436d07388e7244baab77baf4ef9bdcefff4 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clamav-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:0db068e8a59612472a2483f5113893d0c5c9102e9ad7647d9a4789360e5bc2dc + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-coverity-check + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + runAfter: + - coverity-availability-check + taskRef: + params: + - name: name + value: sast-coverity-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.2@sha256:b444457e1cae45671e14c4c8fed97c757cd7a5a6b13cfac100b3d863bbbf4612 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - input: $(tasks.coverity-availability-check.results.STATUS) + operator: in + values: + - success + workspaces: + - name: source + workspace: workspace + - name: coverity-availability-check + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: coverity-availability-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:91ba738df7ec548d4127163e07a88de06568a350fbf581405cc8fc8498f6153c + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-shell-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-shell-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:438d4eecc52a772f7dde54ae274eb5349a207874bd9b1909cdab26e93a51a48c + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: sast-unicode-check + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-unicode-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:b3e7807546635e03487eb61aff64a8e03c2dccb3d08939dcee50cff0f04fb8b0 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: apply-tags + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:5e5f290359fd34ae4cc77cbbba6ef8c9907d752572d6dc2a00f5a4c504eb48bb + - name: kind + value: task + resolver: bundles + - name: push-dockerfile + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: push-dockerfile + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:86ba936a94bfad7a295fbceaa6531e33b9fc1f8fc2d5c44d93fc4e3af760bd1e + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace + - name: rpms-signature-scan + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:e603b3df510aeefeaa12e8778c4642b21743cb0ae68704359dc7ffd2814249d2 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + - name: git-auth + optional: true + - name: netrc + optional: true + taskRunTemplate: {} + workspaces: + - name: workspace + volumeClaimTemplate: + metadata: + creationTimestamp: null + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: {} + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} \ No newline at end of file diff --git a/.tekton/cnf-tests-push.yaml b/.tekton/cnf-tests-push.yaml new file mode 100644 index 0000000000..203f20fdb3 --- /dev/null +++ b/.tekton/cnf-tests-push.yaml @@ -0,0 +1,617 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/openshift-kni/cnf-features-deploy?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch + == "master" + creationTimestamp: null + labels: + appstudio.openshift.io/application: cnf-tests-4-19 + appstudio.openshift.io/component: cnf-tests-4-19 + pipelines.appstudio.openshift.io/type: build + name: cnf-tests-4-19-on-push + namespace: telco-5g-tenant +spec: + params: + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/redhat-user-workloads/telco-5g-tenant/cnf-tests-4-19:{{revision}} + - name: dockerfile + value: cnf-tests/.konflux/Dockerfile + - name: prefetch-input + value: '{"type": "rpm", "path": "cnf-tests/.konflux"}' + pipelineSpec: + description: | + This pipeline is ideal for building container images from a Containerfile while reducing network traffic. + + _Uses `buildah` to create a container image. It also optionally creates a source image and runs some build-time tests. EC will flag a violation for [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) if any tasks are added to the pipeline. + This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build?tab=tags)_ + finally: + - name: show-sbom + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + taskRef: + params: + - name: name + value: show-sbom + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 + - name: kind + value: task + resolver: bundles + - name: show-summary + params: + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: git-url + value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) + - name: image-url + value: $(params.output-image) + - name: build-task-status + value: $(tasks.build-image-index.status) + taskRef: + params: + - name: name + value: summary + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:870d9a04d9784840a90b7bf6817cd0d0c4edfcda04b1ba1868cae625a3c3bfcc + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: Path to the source code of an application's component from where + to build image. + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile inside the context specified by parameter + path-context + name: dockerfile + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched by Cachi2 + name: prefetch-input + type: string + - default: "" + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. + name: image-expires-after + - default: "false" + description: Build a source image. + name: build-source-image + type: string + - default: "false" + description: Add built image into an OCI image index + name: build-image-index + type: string + - default: [] + description: Array of --build-arg values ("arg=value" strings) for buildah + name: build-args + type: array + - default: "" + description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file + name: build-args-file + type: string + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + tasks: + - name: init + params: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: skip-checks + value: $(params.skip-checks) + taskRef: + params: + - name: name + value: init + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:63eb4a4c0cfb491276bff86fdad1c96bf238506388848e79001058450a8e843a + - name: kind + value: task + resolver: bundles + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + runAfter: + - init + taskRef: + params: + - name: name + value: git-clone + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:fe27845cdba6fa95d9da2bfc7cb744d4df88711e8b867c4f246bdf944d4b00d0 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + - name: dev-package-managers + value: "true" + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: prefetch-dependencies + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.2@sha256:fb126d78a71fa4cef9046d2563832c91ec73e0d1a7c5811b85e9d28132b7c076 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.prefetch-input) + operator: notin + values: + - "" + workspaces: + - name: source + workspace: workspace + - name: git-basic-auth + workspace: git-auth + - name: netrc + workspace: netrc + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + runAfter: + - prefetch-dependencies + taskRef: + params: + - name: name + value: buildah + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.4@sha256:91caef22ccb5bbc694e33eb8706cddb662840e9dc351c7e57a23f7dc50dae2e5 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: build-image-index + params: + - name: IMAGE + value: $(params.output-image) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: ALWAYS_BUILD_INDEX + value: $(params.build-image-index) + - name: IMAGES + value: + - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) + runAfter: + - build-container + taskRef: + params: + - name: name + value: build-image-index + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:0c2270d1b24fcbaa6fe82b6d045b715a5f24f55d099a10f65297671e2ee421e6 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - name: build-source-image + params: + - name: BINARY_IMAGE + value: $(params.output-image) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: source-build + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.2@sha256:6de42f19b1bc021657f0e94fce9995cdd841c9378a732948ae2a347422e0f613 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - input: $(params.build-source-image) + operator: in + values: + - "true" + workspaces: + - name: workspace + workspace: workspace + - name: deprecated-base-image-check + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:ced089bd8d86f95ee70f6ee1a6941d677f1c66c3b8f02fa60f9309c6c32e1929 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clair-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:f636f2cbe91d9d4d9685a38c8bc680a36e17f568ec0e60a93da82d1284b488c5 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: ecosystem-cert-preflight-checks + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: ecosystem-cert-preflight-checks + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:df8a25a3431a70544172ed4844f9d0c6229d39130633960729f825a031a7dea9 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-snyk-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.3@sha256:30cc34ccf6ca34e7f0951fd508fe4436d07388e7244baab77baf4ef9bdcefff4 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clamav-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:0db068e8a59612472a2483f5113893d0c5c9102e9ad7647d9a4789360e5bc2dc + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-coverity-check + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + runAfter: + - coverity-availability-check + taskRef: + params: + - name: name + value: sast-coverity-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.2@sha256:b444457e1cae45671e14c4c8fed97c757cd7a5a6b13cfac100b3d863bbbf4612 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - input: $(tasks.coverity-availability-check.results.STATUS) + operator: in + values: + - success + workspaces: + - name: source + workspace: workspace + - name: coverity-availability-check + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: coverity-availability-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:91ba738df7ec548d4127163e07a88de06568a350fbf581405cc8fc8498f6153c + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-shell-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-shell-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:438d4eecc52a772f7dde54ae274eb5349a207874bd9b1909cdab26e93a51a48c + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: sast-unicode-check + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-unicode-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:b3e7807546635e03487eb61aff64a8e03c2dccb3d08939dcee50cff0f04fb8b0 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: apply-tags + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:5e5f290359fd34ae4cc77cbbba6ef8c9907d752572d6dc2a00f5a4c504eb48bb + - name: kind + value: task + resolver: bundles + - name: push-dockerfile + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: push-dockerfile + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:86ba936a94bfad7a295fbceaa6531e33b9fc1f8fc2d5c44d93fc4e3af760bd1e + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace + - name: rpms-signature-scan + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:e603b3df510aeefeaa12e8778c4642b21743cb0ae68704359dc7ffd2814249d2 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + - name: git-auth + optional: true + - name: netrc + optional: true + taskRunTemplate: {} + workspaces: + - name: workspace + volumeClaimTemplate: + metadata: + creationTimestamp: null + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: {} + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} \ No newline at end of file diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index 81a9c2f3f7..1b3cd4ff2c 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -51,3 +51,6 @@ aliases: - sakhoury - sabbir-47 - irinamihai + konflux-approvers: + - fontivan + - rauhersu diff --git a/build-args-konflux.conf b/build-args-konflux.conf new file mode 100644 index 0000000000..890877356e --- /dev/null +++ b/build-args-konflux.conf @@ -0,0 +1,2 @@ +ZTP_BUILD_IMAGE=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.22.9-202411201508.gd54e8ac.el8 +ZTP_RUNTIME_IMAGE=registry.redhat.io/ubi8/ubi-minimal:8.10-1154 diff --git a/cnf-tests/.konflux/Dockerfile b/cnf-tests/.konflux/Dockerfile new file mode 100644 index 0000000000..2258d22e50 --- /dev/null +++ b/cnf-tests/.konflux/Dockerfile @@ -0,0 +1,77 @@ +ARG RHEL_VERSION=9.4 + +FROM brew.registry.redhat.io/rh-osbs/openshift-ose-cli-rhel9:v4.19 AS oc + +FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.23 AS builder-stresser +ENV PKG_NAME=github.com/openshift-kni/cnf-features-deploy +ENV PKG_PATH=/go/src/$PKG_NAME +ENV TESTER_PATH=$PKG_PATH/cnf-tests/pod-utils/stresser +RUN mkdir -p $PKG_PATH +COPY . $PKG_PATH/ +WORKDIR $TESTER_PATH +RUN go build -mod=vendor -o /stresser + +FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.23 AS builder-sctptester +ENV PKG_NAME=github.com/openshift-kni/cnf-features-deploy +ENV PKG_PATH=/go/src/$PKG_NAME +ENV TESTER_PATH=$PKG_PATH/cnf-tests/pod-utils/sctptester +RUN mkdir -p $PKG_PATH +COPY . $PKG_PATH/ +WORKDIR $TESTER_PATH +RUN go build -mod=vendor -o /sctptest + +FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.23 AS builder-hugepages-allocator +ENV PKG_NAME=github.com/openshift-kni/cnf-features-deploy +ENV PKG_PATH=/go/src/$PKG_NAME +ENV TESTER_PATH=$PKG_PATH/cnf-tests/pod-utils/hugepages-allocator +RUN mkdir -p $PKG_PATH +COPY . $PKG_PATH/ +WORKDIR $TESTER_PATH +RUN go build -mod=vendor -o /hugepages-allocator + +FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.23 AS builder-latency-test-runners +ENV PKG_NAME=github.com/openshift-kni/cnf-features-deploy +ENV PKG_PATH=/go/src/$PKG_NAME +ENV TESTER_PATH=$PKG_PATH/cnf-tests/pod-utils +RUN mkdir -p $PKG_PATH +COPY . $PKG_PATH/ +WORKDIR $TESTER_PATH +RUN go build -mod=vendor -o /oslat-runner oslat-runner/main.go && \ + go build -mod=vendor -o /cyclictest-runner cyclictest-runner/main.go && \ + go build -mod=vendor -o /hwlatdetect-runner hwlatdetect-runner/main.go + + +FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.23 AS gobuilder +WORKDIR /app +COPY . . +RUN make test-bin + +FROM registry.redhat.io/ubi9/ubi-minimal:${RHEL_VERSION} +RUN mkdir -p /usr/local/etc/cnf +RUN microdnf install -y lksctp-tools iproute \ + ethtool iputils procps-ng numactl-libs iptables \ + kmod realtime-tests linuxptp iperf3 nc \ + python3 # python3 is needed for hwlatdetect + +COPY --from=oc /usr/bin/oc /usr/bin/oc +COPY --from=gobuilder /app/cnf-tests/submodules/cluster-node-tuning-operator/build/_output/bin/latency-e2e.test /usr/bin/latency-e2e.test +COPY --from=gobuilder /app/cnf-tests/entrypoint/test-run.sh /usr/bin/test-run.sh +COPY --from=gobuilder /app/cnf-tests/bin/mirror /usr/bin/mirror +COPY --from=gobuilder /app/cnf-tests/mirror/images.json /usr/local/etc/cnf +COPY --from=builder-latency-test-runners /oslat-runner /usr/bin/oslat-runner +COPY --from=builder-latency-test-runners /cyclictest-runner /usr/bin/cyclictest-runner +COPY --from=builder-latency-test-runners /hwlatdetect-runner /usr/bin/hwlatdetect-runner +COPY --from=builder-stresser /stresser /usr/bin/stresser +COPY --from=builder-sctptester /sctptest /usr/bin/sctptest +COPY --from=builder-hugepages-allocator /hugepages-allocator /usr/bin/hugepages-allocator + +RUN sed -i 's/quay.io\/openshift-kni\//registry.redhat.io\/openshift4\//g' /usr/local/etc/cnf/images.json +RUN sed -i 's/cnf-tests:4.19/cnf-tests-rhel9:v4.19/g' /usr/local/etc/cnf/images.json +RUN sed -i 's/dpdk:4.19/dpdk-base-rhel8:v4.19/g' /usr/local/etc/cnf/images.json + +ENV OCP_VERSION=4.19 +ENV IMAGE_REGISTRY=registry.redhat.io/openshift4/ +ENV CNF_TESTS_IMAGE=cnf-tests-rhel9:v${OCP_VERSION} +ENV DPDK_TESTS_IMAGE=dpdk-base-rhel8:v${OCP_VERSION} + +CMD ["/usr/bin/test-run.sh"] \ No newline at end of file diff --git a/cnf-tests/.konflux/rpms.in.yaml b/cnf-tests/.konflux/rpms.in.yaml new file mode 100644 index 0000000000..a9fa118fc6 --- /dev/null +++ b/cnf-tests/.konflux/rpms.in.yaml @@ -0,0 +1,18 @@ +contentOrigin: + # Define at least one source of packages, but you can have as many as you want. + repofiles: + - ./ubi.repo + +packages: + # list of rpm names to resolve + [bc, linuxptp, iperf3, realtime-tests] + +arches: + # The list of architectures can be set in the config file. Any `--arch` option set + # on the command line will override this list. + # - aarch64 + - x86_64 + +context: + containerfile: Dockerfile + diff --git a/cnf-tests/.konflux/rpms.lock.yaml b/cnf-tests/.konflux/rpms.lock.yaml new file mode 100644 index 0000000000..ce2fab1559 --- /dev/null +++ b/cnf-tests/.konflux/rpms.lock.yaml @@ -0,0 +1,50 @@ +--- +lockfileVersion: 1 +lockfileVendor: redhat +arches: +- arch: x86_64 + packages: + - url: https://cdn.redhat.com/content/dist/rhel9/9/x86_64/appstream/os/Packages/i/iperf3-3.9-13.el9_5.1.x86_64.rpm + repoid: rhel-9-for-x86_64-appstream-rpms + size: 113595 + checksum: sha256:f2e88fb1f8817ae0704bb1751441c0d4a0d86328599209543be0af1c3dc44cc7 + name: iperf3 + evr: 3.9-13.el9_5.1 + sourcerpm: iperf3-3.9-13.el9_5.1.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel9/9/x86_64/appstream/os/Packages/l/linuxptp-4.2-3.el9.x86_64.rpm + repoid: rhel-9-for-x86_64-appstream-rpms + size: 281685 + checksum: sha256:ad3f79f0172dbf09aaf83a2d192464f0e43777c6c634413936fcbbe48b04ad58 + name: linuxptp + evr: 4.2-3.el9 + sourcerpm: linuxptp-4.2-3.el9.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel9/9/x86_64/appstream/os/Packages/r/realtime-tests-2.7-2.el9.x86_64.rpm + repoid: rhel-9-for-x86_64-appstream-rpms + size: 203074 + checksum: sha256:6d4313b3f14cc75d62109af427142ab504ddf8d352ed6a3da5211e59ae04859b + name: realtime-tests + evr: 2.7-2.el9 + sourcerpm: realtime-tests-2.7-2.el9.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel9/9/x86_64/baseos/os/Packages/b/bc-1.07.1-14.el9.x86_64.rpm + repoid: rhel-9-for-x86_64-baseos-rpms + size: 127511 + checksum: sha256:9b6d28a6563d4c9f721f031ab0cf146fed097d8c4d186b57eaa8dd9ceb4d0685 + name: bc + evr: 1.07.1-14.el9 + sourcerpm: bc-1.07.1-14.el9.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel9/9/x86_64/baseos/os/Packages/l/lksctp-tools-1.0.19-3.el9_4.x86_64.rpm + repoid: rhel-9-for-x86_64-baseos-rpms + size: 106024 + checksum: sha256:ac2fc5dcba641ec68b03db44c0b644ef10661bc89a060be2aa1eaa9c6a4215db + name: lksctp-tools + evr: 1.0.19-3.el9_4 + sourcerpm: lksctp-tools-1.0.19-3.el9_4.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel9/9/x86_64/baseos/os/Packages/n/numactl-libs-2.0.18-2.el9.x86_64.rpm + repoid: rhel-9-for-x86_64-baseos-rpms + size: 32868 + checksum: sha256:7be06af9f8726616bbfdc899e51821544d55cee201075c7d2aa096dab3bcefe9 + name: numactl-libs + evr: 2.0.18-2.el9 + sourcerpm: numactl-2.0.18-2.el9.src.rpm + source: [] + module_metadata: [] diff --git a/cnf-tests/.konflux/ubi.repo b/cnf-tests/.konflux/ubi.repo new file mode 100644 index 0000000000..aa4f953497 --- /dev/null +++ b/cnf-tests/.konflux/ubi.repo @@ -0,0 +1,62 @@ +[ubi-9-baseos-rpms] +name = Red Hat Universal Base Image 9 (RPMs) - BaseOS +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/baseos/os +enabled = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-9-baseos-debug-rpms] +name = Red Hat Universal Base Image 9 (Debug RPMs) - BaseOS +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/baseos/debug +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-9-baseos-source-rpms] +name = Red Hat Universal Base Image 9 (Source RPMs) - BaseOS +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/baseos/source/SRPMS +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-9-appstream-rpms] +name = Red Hat Universal Base Image 9 (RPMs) - AppStream +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/appstream/os +enabled = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-9-appstream-debug-rpms] +name = Red Hat Universal Base Image 9 (Debug RPMs) - AppStream +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/appstream/debug +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-9-appstream-source-rpms] +name = Red Hat Universal Base Image 9 (Source RPMs) - AppStream +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/appstream/source/SRPMS +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-9-codeready-builder-rpms] +name = Red Hat Universal Base Image 9 (RPMs) - CodeReady Builder +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/codeready-builder/os +enabled = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-9-codeready-builder-debug-rpms] +name = Red Hat Universal Base Image 9 (Debug RPMs) - CodeReady Builder +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/codeready-builder/debug +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-9-codeready-builder-source-rpms] +name = Red Hat Universal Base Image 9 (Source RPMs) - CodeReady Builder +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/codeready-builder/source/SRPMS +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 diff --git a/cnf-tests/Dockerfile.openshift b/cnf-tests/Dockerfile.openshift index 4ae489c7dd..7dd19900e1 100644 --- a/cnf-tests/Dockerfile.openshift +++ b/cnf-tests/Dockerfile.openshift @@ -84,6 +84,11 @@ FROM registry.ci.openshift.org/ocp/4.19:oc-rpms AS oc # Final image FROM registry.ci.openshift.org/ocp/4.19:base-rhel9 +ENV OCP_VERSION=4.19 +ENV IMAGE_REGISTRY=quay.io/openshift-kni/ +ENV CNF_TESTS_IMAGE=cnf-tests:${OCP_VERSION} +ENV DPDK_TESTS_IMAGE=dpdk:${OCP_VERSION} + # python3 is needed for hwlatdetect RUN yum install -y lksctp-tools iproute tmux ethtool iputils numactl-libs iptables kmod linuxptp iperf3 python3 nc iptables && \ yum clean all diff --git a/cnf-tests/submodules/cluster-node-tuning-operator b/cnf-tests/submodules/cluster-node-tuning-operator index 4b9ac5204a..3b77fb55b8 160000 --- a/cnf-tests/submodules/cluster-node-tuning-operator +++ b/cnf-tests/submodules/cluster-node-tuning-operator @@ -1 +1 @@ -Subproject commit 4b9ac5204aa237e70519806a19c1000678b2ebc9 +Subproject commit 3b77fb55b83553b95f69a63c9515a5ce8e65249a diff --git a/cnf-tests/submodules/metallb-operator b/cnf-tests/submodules/metallb-operator index b8450e6048..6a0699093b 160000 --- a/cnf-tests/submodules/metallb-operator +++ b/cnf-tests/submodules/metallb-operator @@ -1 +1 @@ -Subproject commit b8450e60482b62cd214646b7a295d5ab7392181e +Subproject commit 6a0699093bab584c1d83f69954f4d57ef89d9926 diff --git a/cnf-tests/submodules/sriov-network-operator b/cnf-tests/submodules/sriov-network-operator index 2bcb0d11ae..79cb3c6ae7 160000 --- a/cnf-tests/submodules/sriov-network-operator +++ b/cnf-tests/submodules/sriov-network-operator @@ -1 +1 @@ -Subproject commit 2bcb0d11ae8231b1e7a4e508eb8ea2667909f1c5 +Subproject commit 79cb3c6ae721220754189300539a38c63e38e66c diff --git a/cnf-tests/testsuites/e2esuite/knmstate/knmstate_sriov.go b/cnf-tests/testsuites/e2esuite/knmstate/knmstate_sriov.go index 550186f40c..cfc5ffdb7b 100644 --- a/cnf-tests/testsuites/e2esuite/knmstate/knmstate_sriov.go +++ b/cnf-tests/testsuites/e2esuite/knmstate/knmstate_sriov.go @@ -132,7 +132,6 @@ var _ = Describe("[knmstate] SR-IOV Network Operator Integration", func() { out, err := ipAddrShow(node, testDevice.Name) g.Expect(err).ToNot(HaveOccurred()) g.Expect(out).To(ContainSubstring("192.0.2.2")) - g.Expect(out).To(ContainSubstring("UP")) }). WithPolling(5 * time.Second). WithTimeout(1 * time.Minute). diff --git a/cnf-tests/testsuites/pkg/namespaces/namespaces.go b/cnf-tests/testsuites/pkg/namespaces/namespaces.go index 230484cd31..f5b3c22e51 100644 --- a/cnf-tests/testsuites/pkg/namespaces/namespaces.go +++ b/cnf-tests/testsuites/pkg/namespaces/namespaces.go @@ -56,6 +56,8 @@ var SCTPTest string // Multus is the namespace where multus and multi-networkpolicy are installed var Multus = "openshift-multus" +var KNMState = "openshift-nmstate" + var OVSQOSTest string var namespaceLabels = map[string]string{ diff --git a/cnf-tests/testsuites/pkg/utils/consts.go b/cnf-tests/testsuites/pkg/utils/consts.go index 2d458a321d..f9f0735233 100644 --- a/cnf-tests/testsuites/pkg/utils/consts.go +++ b/cnf-tests/testsuites/pkg/utils/consts.go @@ -163,6 +163,10 @@ const ( SroOperatorDeploymentName = "special-resource-controller-manager" ) +const ( + KNMStateCRDName = "nmstates.nmstate.io" +) + const ( // MultiNetworkPolicyNamespaceX main namespace used for multi-networkpolicy tests MultiNetworkPolicyNamespaceX = "sriov-conformance-testing-x" diff --git a/cnf-tests/testsuites/pkg/utils/reporter.go b/cnf-tests/testsuites/pkg/utils/reporter.go index 8201aa374f..1ce80b1f0e 100644 --- a/cnf-tests/testsuites/pkg/utils/reporter.go +++ b/cnf-tests/testsuites/pkg/utils/reporter.go @@ -115,6 +115,7 @@ func NewReporter(reportPath string) (*k8sreporter.KubernetesReporter, error) { namespaces.BondTestNamespace: "bondcni", namespaces.MetalLBOperator: "metallb", namespaces.TuningTest: "tuningcni", + namespaces.Multus: "multus", } crds := []k8sreporter.CRData{ diff --git a/cnf-tests/testsuites/validationsuite/cluster/validation.go b/cnf-tests/testsuites/validationsuite/cluster/validation.go index 94ab44e4b2..bc216f0d9c 100644 --- a/cnf-tests/testsuites/validationsuite/cluster/validation.go +++ b/cnf-tests/testsuites/validationsuite/cluster/validation.go @@ -528,6 +528,21 @@ var _ = Describe("validation", func() { Expect(daemonset.Status.DesiredNumberScheduled).To(Equal(daemonset.Status.NumberReady)) }) }) + + Context("[knmstate]", func() { + It("should have NMState CRD available in the cluster", func() { + crd := &apiext.CustomResourceDefinition{} + err := testclient.Client.Get(context.TODO(), goclient.ObjectKey{Name: utils.KNMStateCRDName}, crd) + Expect(err).ToNot(HaveOccurred()) + }) + + It("should have the operator pod in running state", func() { + deployment, err := testclient.Client.Deployments(namespaces.KNMState). + Get(context.Background(), "nmstate-operator", metav1.GetOptions{}) + Expect(err).ToNot(HaveOccurred()) + Expect(deployment.Status.ReadyReplicas).To(Equal(deployment.Status.Replicas)) + }) + }) }) type MCMatcher func(*igntypes.Config, *clientmachineconfigv1.MachineConfig) bool diff --git a/feature-configs/ci/knmstate/operator_subscription.yaml b/feature-configs/ci/knmstate/operator_subscription.yaml index 089a25b02e..da81429b58 100644 --- a/feature-configs/ci/knmstate/operator_subscription.yaml +++ b/feature-configs/ci/knmstate/operator_subscription.yaml @@ -6,8 +6,7 @@ metadata: name: kubernetes-nmstate-operator namespace: openshift-nmstate spec: - channel: stable - installPlanApproval: Automatic name: kubernetes-nmstate-operator - source: art-nightly-operator-catalog + channel: alpha + source: ci-index sourceNamespace: openshift-marketplace diff --git a/go.mod b/go.mod index 89478e134e..d82bf5eee1 100644 --- a/go.mod +++ b/go.mod @@ -15,10 +15,10 @@ require ( github.com/coreos/ignition v0.35.0 github.com/gatekeeper/gatekeeper-operator v0.2.1 github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 - github.com/golang/glog v1.2.3 + github.com/golang/glog v1.2.4 github.com/google/go-cmp v0.6.0 github.com/ishidawataru/sctp v0.0.0-20210707070123-9a39160e9062 - github.com/k8snetworkplumbingwg/multi-networkpolicy v0.0.0-20220908143610-19b7d2ba63f9 + github.com/k8snetworkplumbingwg/multi-networkpolicy v1.0.1 github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.4.0 github.com/k8snetworkplumbingwg/sriov-network-operator v0.0.0-00010101000000-000000000000 github.com/lack/mcmaker v0.0.7 diff --git a/go.sum b/go.sum index 4d78d0af81..55fce01335 100644 --- a/go.sum +++ b/go.sum @@ -756,8 +756,8 @@ github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful v2.10.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.15.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/emicklei/go-restful v2.16.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= @@ -877,8 +877,8 @@ github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= -github.com/golang/glog v1.2.3 h1:oDTdz9f5VGVVNGu/Q7UXKWYsD0873HXLHdJUNBsSEKM= -github.com/golang/glog v1.2.3/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= +github.com/golang/glog v1.2.4 h1:CNNw5U8lSiiBk7druxtSHHTsRWcxKoac6kZKm2peBBc= +github.com/golang/glog v1.2.4/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -1069,8 +1069,8 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= -github.com/k8snetworkplumbingwg/multi-networkpolicy v0.0.0-20220908143610-19b7d2ba63f9 h1:oNTOs8n0FihH6HOSJvI1zh8t712KVc4432uLZ3jfEUw= -github.com/k8snetworkplumbingwg/multi-networkpolicy v0.0.0-20220908143610-19b7d2ba63f9/go.mod h1:HuHy9LL+LaLL5DIysczJsS86MygueDGC6PBvM1GP2EQ= +github.com/k8snetworkplumbingwg/multi-networkpolicy v1.0.1 h1:Egj1hEVYNXWFlKpgzAXxe/2o8VNiVcAJLrKzlinILQo= +github.com/k8snetworkplumbingwg/multi-networkpolicy v1.0.1/go.mod h1:kEJ4WM849yNmXekuSXLRwb+LaZ9usC06O8JgoAIq+f4= github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.4.0 h1:VzM3TYHDgqPkettiP6I6q2jOeQFL4nrJM+UcAc4f6Fs= github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.4.0/go.mod h1:nqCI7aelBJU61wiBeeZWJ6oi4bJy5nrjkM6lWIMA4j0= github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= diff --git a/hack/common.sh b/hack/common.sh index 3778e42031..adf3f09dd1 100644 --- a/hack/common.sh +++ b/hack/common.sh @@ -22,6 +22,7 @@ export SRO_VERSION="${SRO_VERSION:-4.11}" # the metallb-operator deployment and test namespace export OO_INSTALL_NAMESPACE="${OO_INSTALL_NAMESPACE:-openshift-metallb-system}" +export FRRK8S_EXTERNAL_NAMESPACE="${FRRK8S_EXTERNAL_NAMESPACE:-openshift-frr-k8s}" export TESTS_REPORTS_PATH="${TESTS_REPORTS_PATH:-/logs/artifacts/}" export JUNIT_TO_HTML="${JUNIT_TO_HTML:-false}" diff --git a/hack/run-functests.sh b/hack/run-functests.sh index 6960297b5a..5f4444b74b 100755 --- a/hack/run-functests.sh +++ b/hack/run-functests.sh @@ -10,8 +10,8 @@ export GINKGO_PARAMS=${GINKGO_PARAMS:-'-vv --show-node-events -timeout 6h'} #env variables needed for the containerized version export TEST_POD_IMAGES_REGISTRY="${TEST_POD_IMAGES_REGISTRY:-quay.io/openshift-kni/}" -export TEST_POD_CNF_TEST_IMAGE="${TEST_POD_CNF_TEST_IMAGE:-cnf-tests:4.12}" -export TEST_POD_DPDK_TEST_IMAGE="${TEST_POD_DPDK_TEST_IMAGE:-dpdk:4.12}" +export TEST_POD_CNF_TEST_IMAGE="${TEST_POD_CNF_TEST_IMAGE:-cnf-tests:${OCP_VERSION}}" +export TEST_POD_DPDK_TEST_IMAGE="${TEST_POD_DPDK_TEST_IMAGE:-dpdk:${OCP_VERSION}}" export TEST_EXECUTION_IMAGE=$TEST_POD_IMAGES_REGISTRY$TEST_POD_CNF_TEST_IMAGE export SCTPTEST_HAS_NON_CNF_WORKERS="${SCTPTEST_HAS_NON_CNF_WORKERS:-true}" @@ -24,6 +24,10 @@ export LATENCY_TEST_RUN=${LATENCY_TEST_RUN:-false} export IS_OPENSHIFT="${IS_OPENSHIFT:-true}" +# Read by sriov-network-operator confomrance test suite when dumping resource, on test failures. +# https://github.com/k8snetworkplumbingwg/sriov-network-operator/pull/636 +export MULTUS_NAMESPACE=openshift-multus + # The metallb tests cover both frr and frr-k8s, and we don't # currently deploy frr-k8s mode export BLACKLISTED_TESTS="frr-k8s" diff --git a/hack/setup-build-index-image.sh b/hack/setup-build-index-image.sh index 91c94ac32b..77ffd94edb 100755 --- a/hack/setup-build-index-image.sh +++ b/hack/setup-build-index-image.sh @@ -105,7 +105,18 @@ spec: podman push image-registry.openshift-image-registry.svc:5000/openshift-marketplace/gatekeeper-operator-bundle:latest --tls-verify=false cd .. - ./opm index --skip-tls add --bundles image-registry.openshift-image-registry.svc:5000/openshift-marketplace/sriov-operator-bundle:latest,image-registry.openshift-image-registry.svc:5000/openshift-marketplace/ptp-operator-bundle:latest,image-registry.openshift-image-registry.svc:5000/openshift-marketplace/special-resource-operator-bundle:latest,image-registry.openshift-image-registry.svc:5000/openshift-marketplace/cluster-nfd-operator-bundle:latest,image-registry.openshift-image-registry.svc:5000/openshift-marketplace/metallb-operator-bundle:latest,image-registry.openshift-image-registry.svc:5000/openshift-marketplace/gatekeeper-operator-bundle:latest --tag image-registry.openshift-image-registry.svc:5000/openshift-marketplace/ci-index:latest -p podman --mode semver + git clone --single-branch --branch OPERATOR_RELEASES https://github.com/openshift/kubernetes-nmstate.git + cd kubernetes-nmstate + export KNMSTATE_OPERATOR_IMAGE=registry.ci.openshift.org/ocp/OPERATOR_VERSION:kubernetes-nmstate-operator + export KNMSTATE_HANDLER_IMAGE=registry.ci.openshift.org/ocp/OPERATOR_VERSION:kubernetes-nmstate-handler + rm manifests/stable/manifests/image-references + sed -i "s_quay.io/openshift/origin-kubernetes-nmstate-operator:.*_${KNMSTATE_OPERATOR_IMAGE}_" manifests/stable/manifests/* + sed -i "s_quay.io/openshift/origin-kubernetes-nmstate-handler:.*_${KNMSTATE_HANDLER_IMAGE}_" manifests/stable/manifests/* + podman build -f manifests/stable/bundle.Dockerfile --tag image-registry.openshift-image-registry.svc:5000/openshift-marketplace/kubernetes-nmstate-operator-bundle:latest . + podman push image-registry.openshift-image-registry.svc:5000/openshift-marketplace/kubernetes-nmstate-operator-bundle:latest --tls-verify=false + cd .. + + ./opm index --skip-tls add --bundles image-registry.openshift-image-registry.svc:5000/openshift-marketplace/sriov-operator-bundle:latest,image-registry.openshift-image-registry.svc:5000/openshift-marketplace/ptp-operator-bundle:latest,image-registry.openshift-image-registry.svc:5000/openshift-marketplace/special-resource-operator-bundle:latest,image-registry.openshift-image-registry.svc:5000/openshift-marketplace/cluster-nfd-operator-bundle:latest,image-registry.openshift-image-registry.svc:5000/openshift-marketplace/metallb-operator-bundle:latest,image-registry.openshift-image-registry.svc:5000/openshift-marketplace/gatekeeper-operator-bundle:latest,image-registry.openshift-image-registry.svc:5000/openshift-marketplace/kubernetes-nmstate-operator-bundle:latest --tag image-registry.openshift-image-registry.svc:5000/openshift-marketplace/ci-index:latest -p podman --mode semver podman push image-registry.openshift-image-registry.svc:5000/openshift-marketplace/ci-index:latest --tls-verify=false securityContext: privileged: true @@ -203,18 +214,3 @@ else echo "[ERROR] index image pod failed to run" exit 1 fi - -# This is neede to install latest kubernetes-nmstate nightly -# https://github.com/openshift/kubernetes-nmstate/blob/11482d1f97466dcc3b7c1875fa07560af6b4f152/hack/ocp-install-nightly-art-operators.sh#L82 -cat <= MaxSize { - if err := sb.rotateFile(time.Now()); err != nil { - return 0, err + now := timeNow() + if now.After(sb.madeAt.Add(1*time.Second)) || now.Second() != sb.madeAt.Second() { + if err := sb.rotateFile(now); err != nil { + return 0, err + } } } n, err = sb.Writer.Write(p) @@ -275,7 +302,8 @@ const footer = "\nCONTINUED IN NEXT FILE\n" func (sb *syncBuffer) rotateFile(now time.Time) error { var err error pn := "" - file, name, err := create(sb.sev.String(), now) + file, name, err := create(sb.sev.String(), now, "") + sb.madeAt = now if sb.file != nil { // The current log file becomes the previous log at the end of diff --git a/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/NOTICE b/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/NOTICE new file mode 100644 index 0000000000..dd3fc395fa --- /dev/null +++ b/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/NOTICE @@ -0,0 +1 @@ +Copyright 2020 Kubernetes Network Plumbing Working Group diff --git a/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta1/types.go b/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta1/types.go index 14f65b4d41..29d0d335a1 100644 --- a/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta1/types.go +++ b/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta1/types.go @@ -98,6 +98,9 @@ type MultiNetworkPolicyPort struct { // +optional Port *intstr.IntOrString `json:"port,omitempty"` + + // +optional + EndPort *int32 `json:"endPort,omitempty"` } // IPBlock ... diff --git a/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta1/zz_generated.deepcopy.go b/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta1/zz_generated.deepcopy.go index 91b464a8de..12ed1c7cc3 100644 --- a/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta1/zz_generated.deepcopy.go +++ b/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta1/zz_generated.deepcopy.go @@ -213,6 +213,11 @@ func (in *MultiNetworkPolicyPort) DeepCopyInto(out *MultiNetworkPolicyPort) { *out = new(intstr.IntOrString) **out = **in } + if in.EndPort != nil { + in, out := &in.EndPort, &out.EndPort + *out = new(int32) + **out = **in + } return } diff --git a/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta2/types.go b/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta2/types.go index da2eae3765..a4a257776d 100644 --- a/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta2/types.go +++ b/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta2/types.go @@ -100,7 +100,7 @@ type MultiNetworkPolicyPort struct { Port *intstr.IntOrString `json:"port,omitempty"` // +optional - EndPort *int `json:"endPort,omitempty"` + EndPort *int32 `json:"endPort,omitempty"` } // IPBlock ... diff --git a/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta2/zz_generated.deepcopy.go b/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta2/zz_generated.deepcopy.go index 0fd34949aa..b36f850d04 100644 --- a/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta2/zz_generated.deepcopy.go +++ b/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta2/zz_generated.deepcopy.go @@ -215,7 +215,7 @@ func (in *MultiNetworkPolicyPort) DeepCopyInto(out *MultiNetworkPolicyPort) { } if in.EndPort != nil { in, out := &in.EndPort, &out.EndPort - *out = new(int) + *out = new(int32) **out = **in } return diff --git a/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/client/clientset/versioned/scheme/register.go b/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/client/clientset/versioned/scheme/register.go index 1ddd30410b..ca9dbcb9d2 100644 --- a/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/client/clientset/versioned/scheme/register.go +++ b/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/client/clientset/versioned/scheme/register.go @@ -39,14 +39,14 @@ var localSchemeBuilder = runtime.SchemeBuilder{ // AddToScheme adds all types of this clientset into the given scheme. This allows composition // of clientsets, like in: // -// import ( -// "k8s.io/client-go/kubernetes" -// clientsetscheme "k8s.io/client-go/kubernetes/scheme" -// aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme" -// ) +// import ( +// "k8s.io/client-go/kubernetes" +// clientsetscheme "k8s.io/client-go/kubernetes/scheme" +// aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme" +// ) // -// kclientset, _ := kubernetes.NewForConfig(c) -// _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme) +// kclientset, _ := kubernetes.NewForConfig(c) +// _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme) // // After this, RawExtensions in Kubernetes types will serialize kube-aggregator types // correctly. diff --git a/vendor/modules.txt b/vendor/modules.txt index 6ddf8a4e87..cbfcca6632 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -151,7 +151,7 @@ github.com/go-task/slim-sprig/v3 ## explicit; go 1.15 github.com/gogo/protobuf/proto github.com/gogo/protobuf/sortkeys -# github.com/golang/glog v1.2.3 +# github.com/golang/glog v1.2.4 ## explicit; go 1.19 github.com/golang/glog github.com/golang/glog/internal/logsink @@ -228,7 +228,7 @@ github.com/josharian/intern # github.com/json-iterator/go v1.1.12 ## explicit; go 1.12 github.com/json-iterator/go -# github.com/k8snetworkplumbingwg/multi-networkpolicy v0.0.0-20220908143610-19b7d2ba63f9 +# github.com/k8snetworkplumbingwg/multi-networkpolicy v1.0.1 ## explicit; go 1.13 github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta1 diff --git a/ztp/Makefile b/ztp/Makefile index 42fafdc5bf..097fe00bbf 100644 --- a/ztp/Makefile +++ b/ztp/Makefile @@ -1,6 +1,6 @@ -.PHONY: ci-job test-policygen checkExtraManifests checkSourceCRsAnnotation test-policygen-kustomize test-siteconfig test-siteconfig-kustomize test-acm-ztp-generated-policies check-reference +.PHONY: ci-job test-policygen checkExtraManifests checkSourceCRsAnnotation test-policygen-kustomize test-siteconfig test-siteconfig-kustomize test-acm-ztp-generated-policies check-reference checkZtpPaths -ci-job: test-policygen checkExtraManifests checkSourceCRsAnnotation test-policygen-kustomize test-siteconfig test-siteconfig-kustomize test-acm-ztp-generated-policies check-reference +ci-job: test-policygen checkExtraManifests checkSourceCRsAnnotation test-policygen-kustomize test-siteconfig test-siteconfig-kustomize test-acm-ztp-generated-policies check-reference checkZtpPaths test-policygen: @echo "ZTP: Build policy generator and run test" @@ -19,6 +19,30 @@ checkSourceCRsAnnotation: fi; \ done; \ +# ZTP_HOME is a temporary hard-coded path to site-generate container's ztp folder +# Should remain consistent across upstream, midstream and CI script +ZTP_HOME=/home/ztp/ +checkFilePath: + @failures=0; \ + for cr in $(shell find $(CUSTOM_RESOURCE) -type f); do \ + path_length=$$(echo -n ${ZTP_HOME}$$cr | wc -c); \ + if [ $$path_length -gt 255 ]; then \ + echo "File path too long: ${ZTP_HOME}$$cr (length: $$path_length)"; \ + (( failures += 1 )); \ + else \ + echo "File path OK: ${ZTP_HOME}$$cr (length: $$path_length)"; \ + fi; \ + done; \ + exit $$failures + +# checkZtpPaths ci job ensures that filenames in this repo are not greater than 255. +# This limitation comes from the ISO9660 standard with Rock Ridge extensions. +# Related Issue: https://issues.redhat.com/browse/OCPBUGS-48244 +checkZtpPaths: + $(MAKE) CUSTOM_RESOURCE=source-crs checkFilePath + $(MAKE) CUSTOM_RESOURCE=gitops-subscriptions/argocd checkFilePath + $(MAKE) CUSTOM_RESOURCE=kube-compare-reference checkFilePath + test-policygen-kustomize: @echo "ZTP: Build policy generator kustomize plugin and run test" $(MAKE) -C ./policygenerator-kustomize-plugin test diff --git a/ztp/README.md b/ztp/README.md index 305976d06a..3006d31f71 100644 --- a/ztp/README.md +++ b/ztp/README.md @@ -25,3 +25,7 @@ We suggest breaking down the site plan into components that are common, relevant * Site: IP addresses, SRIOV configuration We look forward to user feedback and will gladly accept pull requests and issues for consideration. + +## ZTP Guidelines + +To avoid issues due to filename length limitations (ISO 9660 with the Rock Ridge extension - not greater than 255 characters), please ensure files in the source-crs folder are within this limit. This includes the length of the full path as per ZTP_HOME set in the ztp-site-generate container. \ No newline at end of file diff --git a/ztp/gitops-subscriptions/argocd/example/acmpolicygenerator/acm-example-sno-site.yaml b/ztp/gitops-subscriptions/argocd/example/acmpolicygenerator/acm-example-sno-site.yaml index e2292045a6..d89607915c 100644 --- a/ztp/gitops-subscriptions/argocd/example/acmpolicygenerator/acm-example-sno-site.yaml +++ b/ztp/gitops-subscriptions/argocd/example/acmpolicygenerator/acm-example-sno-site.yaml @@ -98,5 +98,9 @@ policies: # objectStorage: # bucket: ibu # prefix: '{{hub .ManagedClusterName hub}}' +# # If there are more than one backupLocation defined in the OadpDataProtectionApplication CR above, +# # then each backupLocation should have a corresponding OadpBackupStorageLocation CR added below +# # for status tracking. Ensure that the name of each additional OadpBackupStorageLocation CR is +# # overridden with the correct index as described in the source CR comment. # - path: source-crs/OadpBackupStorageLocationStatus.yaml # --- END of source CRs needed for configuring OADP operator for SNO Image Based Upgrade --- diff --git a/ztp/gitops-subscriptions/argocd/example/policygentemplates/example-sno-site.yaml b/ztp/gitops-subscriptions/argocd/example/policygentemplates/example-sno-site.yaml index 0987756476..0502ddc276 100644 --- a/ztp/gitops-subscriptions/argocd/example/policygentemplates/example-sno-site.yaml +++ b/ztp/gitops-subscriptions/argocd/example/policygentemplates/example-sno-site.yaml @@ -72,6 +72,10 @@ spec: # objectStorage: # bucket: ibu # prefix: '{{hub .ManagedClusterName hub}}' +# # If there are more than one backupLocation defined in the OadpDataProtectionApplication CR above, +# # then each backupLocation should have a corresponding OadpBackupStorageLocation CR added below +# # for status tracking. Ensure that the name of each additional OadpBackupStorageLocation CR is +# # overridden with the correct index as described in the source CR comment. # - fileName: OadpBackupStorageLocationStatus.yaml # policyName: "config-policy" # --- END of source CRs needed for configuring OADP operator for SNO Image Based Upgrade --- diff --git a/ztp/kube-compare-reference/default_value.yaml b/ztp/kube-compare-reference/default_value.yaml index e132e482a8..6158e223a2 100644 --- a/ztp/kube-compare-reference/default_value.yaml +++ b/ztp/kube-compare-reference/default_value.yaml @@ -8,6 +8,7 @@ optional_image_registry_ImageRegistryConfig: optional_local_storage_operator_StorageClass: - metadata: name: example-storage-class + provisioner: kubernetes.io/no-provisioner optional_local_storage_operator_StorageLV: - metadata: name: local-disks @@ -23,19 +24,36 @@ optional_local_storage_operator_StorageSubscription: source: redhat-operators-disconnected optional_ptp_config_PtpConfigBoundary: - spec: + profile: + - placeholder: true recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" + captureGroup_defaults: + priority2: 128 + domainNumber: 24 optional_ptp_config_PtpConfigBoundaryForEvent: - spec: + profile: + - ptpClockThreshold: + holdOverTimeout: 5 + maxOffsetThreshold: 100 + minOffsetThreshold: -100 recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" + captureGroup_defaults: + priority2: 128 + domainNumber: 24 optional_ptp_config_PtpConfigDualCardGmWpc: - spec: profile: - plugins: e810: + settings: + LocalMaxHoldoverOffSet: 1500 + LocalHoldoverTimeout: 14400 + MaxInSpecOffset: 1500 pins: $iface_timeTx1: SMA1: 2 1 @@ -47,19 +65,37 @@ optional_ptp_config_PtpConfigDualCardGmWpc: SMA2: 0 2 U.FL1: 0 1 U.FL2: 0 2 + ptpClockThreshold: + holdOverTimeout: 5 + maxOffsetThreshold: 100 + minOffsetThreshold: -100 recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" + captureGroup_defaults: + priority2: 128 + domainNumber: 24 optional_ptp_config_PtpConfigForHA: - spec: + profile: + - placeholder: true recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" + captureGroup_defaults: + domainNumber: 24 optional_ptp_config_PtpConfigForHAForEvent: - spec: + profile: + - ptpClockThreshold: + holdOverTimeout: 5 + maxOffsetThreshold: 100 + minOffsetThreshold: -100 recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" + captureGroup_defaults: + domainNumber: 24 optional_ptp_config_PtpConfigMaster: - spec: profile: @@ -67,13 +103,23 @@ optional_ptp_config_PtpConfigMaster: recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" + captureGroup_defaults: + priority2: 128 + domainNumber: 24 optional_ptp_config_PtpConfigMasterForEvent: - spec: profile: - interface: $interface + ptpClockThreshold: + holdOverTimeout: 5 + maxOffsetThreshold: 100 + minOffsetThreshold: -100 recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" + captureGroup_defaults: + priority2: 128 + domainNumber: 24 optional_ptp_config_PtpConfigSlave: - spec: profile: @@ -81,27 +127,48 @@ optional_ptp_config_PtpConfigSlave: recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" + captureGroup_defaults: + priority2: 128 + domainNumber: 24 optional_ptp_config_PtpConfigGmWpc: - spec: profile: - plugins: e810: + settings: + LocalMaxHoldoverOffSet: 1500 + LocalHoldoverTimeout: 14400 + MaxInSpecOffset: 1500 pins: $iface_timeTx: SMA1: 0 1 SMA2: 0 2 U.FL1: 0 1 U.FL2: 0 2 + ptpClockThreshold: + holdOverTimeout: 5 + maxOffsetThreshold: 100 + minOffsetThreshold: -100 recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" + captureGroup_defaults: + priority2: 128 + domainNumber: 24 optional_ptp_config_PtpConfigSlaveForEvent: - spec: profile: - interface: $interface + ptpClockThreshold: + holdOverTimeout: 5 + maxOffsetThreshold: 100 + minOffsetThreshold: -100 recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" + captureGroup_defaults: + priority2: 128 + domainNumber: 24 optional_ptp_config_PtpOperatorConfig: - spec: daemonNodeSelector: @@ -237,10 +304,16 @@ required_sriov_operator_SriovOperatorConfig: - spec: configDaemonNodeSelector: "node-role.kubernetes.io/$mcp": "" + enableInjector: false + enableOperatorWebhook: false + logLevel: 0 required_sriov_operator_SriovOperatorConfigForSNO: - spec: configDaemonNodeSelector: "node-role.kubernetes.io/$mcp": "" + enableInjector: false + enableOperatorWebhook: false + logLevel: 0 required_sriov_operator_SriovSubscription: - spec: source: redhat-operators-disconnected diff --git a/ztp/kube-compare-reference/metadata.yaml b/ztp/kube-compare-reference/metadata.yaml index 7a85d59dff..4b8bb603a0 100644 --- a/ztp/kube-compare-reference/metadata.yaml +++ b/ztp/kube-compare-reference/metadata.yaml @@ -208,6 +208,8 @@ parts: - path: optional/ptp-config/PtpConfigBoundary.yaml config: perField: + - pathToKey: spec.profile.0.phc2sysOpts + inlineDiffFunc: capturegroups - pathToKey: spec.profile.0.ptp4lConf inlineDiffFunc: capturegroups - path: optional/ptp-config/PtpConfigGmWpc.yaml @@ -229,15 +231,49 @@ parts: - pathToKey: spec.profile.0.ptp4lConf inlineDiffFunc: capturegroups - path: optional/ptp-config/PtpConfigForHA.yaml + config: + perField: + - pathToKey: spec.profile.0.phc2sysOpts + inlineDiffFunc: capturegroups - path: optional/ptp-config/PtpConfigMaster.yaml + config: + perField: + - pathToKey: spec.profile.0.phc2sysOpts + inlineDiffFunc: capturegroups + - pathToKey: spec.profile.0.ptp4lConf + inlineDiffFunc: capturegroups - path: optional/ptp-config/PtpConfigSlave.yaml + config: + perField: + - pathToKey: spec.profile.0.phc2sysOpts + inlineDiffFunc: capturegroups + - pathToKey: spec.profile.0.ptp4lConf + inlineDiffFunc: capturegroups # TODO: If one of these 4 is selected, they should be paired with 'PtpOperatorConfigForEvent.yaml' above - path: optional/ptp-config/PtpConfigSlaveForEvent.yaml + config: + perField: + - pathToKey: spec.profile.0.phc2sysOpts + inlineDiffFunc: capturegroups + - pathToKey: spec.profile.0.ptp4lConf + inlineDiffFunc: capturegroups - path: optional/ptp-config/PtpConfigForHAForEvent.yaml + config: + perField: + - pathToKey: spec.profile.0.phc2sysOpts + inlineDiffFunc: capturegroups - path: optional/ptp-config/PtpConfigMasterForEvent.yaml + config: + perField: + - pathToKey: spec.profile.0.phc2sysOpts + inlineDiffFunc: capturegroups + - pathToKey: spec.profile.0.ptp4lConf + inlineDiffFunc: capturegroups - path: optional/ptp-config/PtpConfigBoundaryForEvent.yaml config: perField: + - pathToKey: spec.profile.0.phc2sysOpts + inlineDiffFunc: capturegroups - pathToKey: spec.profile.0.ptp4lConf inlineDiffFunc: capturegroups - name: optional-console-disable @@ -252,6 +288,7 @@ templateFunctionFiles: - validate_node_selector.tmpl - unordered_list.tmpl - version_match.tmpl + - must_match_one_of.tmpl fieldsToOmit: defaultOmitRef: all diff --git a/ztp/kube-compare-reference/must_match_one_of.tmpl b/ztp/kube-compare-reference/must_match_one_of.tmpl new file mode 100644 index 0000000000..c24ef020da --- /dev/null +++ b/ztp/kube-compare-reference/must_match_one_of.tmpl @@ -0,0 +1,11 @@ +{{- define "mustMatchOneOf" }} + {{- $currentValue := index . 0 | default "--empty--" }} + {{- $allowedValues := slice . 1 }} + {{- $result := print $currentValue " not in " $allowedValues }} + {{- range $allowed := $allowedValues }} + {{- if eq $currentValue $allowed }} + {{- $result = $currentValue }} + {{- end }} + {{- end }} + {{- $result }} +{{- end }} diff --git a/ztp/kube-compare-reference/optional/local-storage-operator/StorageClass.yaml b/ztp/kube-compare-reference/optional/local-storage-operator/StorageClass.yaml index a27a237f38..899fc2e5b0 100644 --- a/ztp/kube-compare-reference/optional/local-storage-operator/StorageClass.yaml +++ b/ztp/kube-compare-reference/optional/local-storage-operator/StorageClass.yaml @@ -4,5 +4,5 @@ metadata: annotations: ran.openshift.io/ztp-deploy-wave: "10" name: {{ .metadata.name }} -provisioner: kubernetes.io/no-provisioner +provisioner: {{ template "mustMatchOneOf" (list .provisioner "kubernetes.io/no-provisioner" "topolvm.io") }} reclaimPolicy: Delete diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundary.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundary.yaml index 2913c9b571..e2da60087d 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundary.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundary.yaml @@ -7,9 +7,10 @@ metadata: ran.openshift.io/ztp-deploy-wave: "10" spec: profile: + {{- range .spec.profile }} - name: "boundary" ptp4lOpts: "-2" - phc2sysOpts: "-a -r -n 24" + phc2sysOpts: "-a -r -n (?[0-9]+)" ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: @@ -31,8 +32,8 @@ spec: twoStepFlag 1 slaveOnly 0 priority1 128 - priority2 128 - domainNumber 24 + priority2 (?[0-9]+) + domainNumber (?[0-9]+) #utc_offset 37 clockClass 248 clockAccuracy 0xFE @@ -125,6 +126,11 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0xA0 + {{- if .ptpClockThreshold }} + ptpClockThreshold: + {{- .ptpClockThreshold | toYaml | nindent 6 }} + {{- end }} + {{- end }} recommend: {{- range .spec.recommend }} - profile: "boundary" diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundaryForEvent.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundaryForEvent.yaml index b305e4aa63..eea6e585a8 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundaryForEvent.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundaryForEvent.yaml @@ -7,9 +7,10 @@ metadata: ran.openshift.io/ztp-deploy-wave: "10" spec: profile: + {{- range .spec.profile }} - name: "boundary" ptp4lOpts: "-2 --summary_interval -4" - phc2sysOpts: "-a -r -m -n 24 -N 8 -R 16" + phc2sysOpts: "-a -r -m -n (?[0-9]+) -N 8 -R 16" ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: @@ -31,8 +32,8 @@ spec: twoStepFlag 1 slaveOnly 0 priority1 128 - priority2 128 - domainNumber 24 + priority2 (?[0-9]+) + domainNumber (?[0-9]+) #utc_offset 37 clockClass 248 clockAccuracy 0xFE @@ -125,6 +126,11 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0xA0 + {{- if .ptpClockThreshold }} + ptpClockThreshold: + {{- .ptpClockThreshold | toYaml | nindent 6 }} + {{- end }} + {{- end }} recommend: {{- range .spec.recommend }} - profile: "boundary" diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml index e4941d3b7a..91e68f13da 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml @@ -14,7 +14,7 @@ spec: {{- range .spec.profile }} - name: "grandmaster" ptp4lOpts: "-2 --summary_interval -4" - phc2sysOpts: -r -u 0 -m -w -N 8 -R 16 -s (?[[:alnum:]]+) -n 24 + phc2sysOpts: -r -u 0 -m -N 8 -R 16 -s (?[[:alnum:]]+) -n (?[0-9]+) ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: @@ -23,9 +23,7 @@ spec: e810: enableDefaultConfig: false settings: - LocalMaxHoldoverOffSet: 1500 - LocalHoldoverTimeout: 14400 - MaxInSpecOffset: 100 + {{- .plugins.e810.settings | toYaml | nindent 10 }} pins: # Syntax guide: # - The 1st number in each pair must be one of: @@ -138,8 +136,8 @@ spec: # twoStepFlag 1 priority1 128 - priority2 128 - domainNumber 24 + priority2 (?[0-9]+) + domainNumber (?[0-9]+) #utc_offset 37 clockClass 6 clockAccuracy 0x27 @@ -231,6 +229,10 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0x20 + {{- if .ptpClockThreshold }} + ptpClockThreshold: + {{- .ptpClockThreshold | toYaml | nindent 6 }} + {{- end }} {{- end }} recommend: {{- range .spec.recommend }} diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigForHA.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigForHA.yaml index 4dd9d88014..641052d604 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigForHA.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigForHA.yaml @@ -7,14 +7,20 @@ metadata: ran.openshift.io/ztp-deploy-wave: "10" spec: profile: + {{- range .spec.profile }} - name: "boundary-ha" ptp4lOpts: "" - phc2sysOpts: "-a -r -n 24" + phc2sysOpts: "-a -r -n (?[0-9]+)" ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: logReduce: "true" haProfiles: "$profile1,$profile2" + {{- if .ptpClockThreshold }} + ptpClockThreshold: + {{- .ptpClockThreshold | toYaml | nindent 8 }} + {{- end }} + {{- end }} recommend: {{- range .spec.recommend }} - profile: "boundary-ha" diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigForHAForEvent.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigForHAForEvent.yaml index 72f156f6aa..a8714d371e 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigForHAForEvent.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigForHAForEvent.yaml @@ -7,14 +7,20 @@ metadata: ran.openshift.io/ztp-deploy-wave: "10" spec: profile: + {{- range .spec.profile }} - name: "boundary-ha" ptp4lOpts: "" - phc2sysOpts: "-a -r -m -n 24 -N 8 -R 16" + phc2sysOpts: "-a -r -m -n (?[0-9]+) -N 8 -R 16" ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: logReduce: "true" haProfiles: "$profile1,$profile2" + {{- if .ptpClockThreshold }} + ptpClockThreshold: + {{- .ptpClockThreshold | toYaml | nindent 8 }} + {{- end }} + {{- end }} recommend: {{- range .spec.recommend }} - profile: "boundary-ha" diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml index 554122f7f6..5256e94899 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml @@ -12,7 +12,7 @@ spec: {{- range .spec.profile }} - name: "grandmaster" ptp4lOpts: "-2 --summary_interval -4" - phc2sysOpts: -r -u 0 -m -w -N 8 -R 16 -s (?[[:alnum:]]+) -n 24 + phc2sysOpts: -r -u 0 -m -N 8 -R 16 -s (?[[:alnum:]]+) -n (?[0-9]+) ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: @@ -21,9 +21,7 @@ spec: e810: enableDefaultConfig: false settings: - LocalMaxHoldoverOffSet: 1500 - LocalHoldoverTimeout: 14400 - MaxInSpecOffset: 100 + {{- .plugins.e810.settings | toYaml | nindent 10 }} pins: # Syntax guide: # - The 1st number in each pair must be one of: @@ -123,8 +121,8 @@ spec: # twoStepFlag 1 priority1 128 - priority2 128 - domainNumber 24 + priority2 (?[0-9]+) + domainNumber (?[0-9]+) #utc_offset 37 clockClass 6 clockAccuracy 0x27 @@ -216,6 +214,10 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0x20 + {{- if .ptpClockThreshold }} + ptpClockThreshold: + {{- .ptpClockThreshold | toYaml | nindent 6 }} + {{- end }} {{- end }} recommend: {{- range .spec.recommend }} diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMaster.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMaster.yaml index ed0fbf1e53..509eda2813 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMaster.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMaster.yaml @@ -14,7 +14,7 @@ spec: # The interface name is hardware-specific interface: {{ .interface }} ptp4lOpts: "-2" - phc2sysOpts: "-a -r -r -n 24" + phc2sysOpts: "-a -r -r -n (?[0-9]+)" ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: @@ -27,8 +27,8 @@ spec: twoStepFlag 1 slaveOnly 0 priority1 128 - priority2 128 - domainNumber 24 + priority2 (?[0-9]+) + domainNumber (?[0-9]+) #utc_offset 37 clockClass 255 clockAccuracy 0xFE @@ -121,6 +121,10 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0xA0 + {{- if .ptpClockThreshold }} + ptpClockThreshold: + {{- .ptpClockThreshold | toYaml | nindent 6 }} + {{- end }} {{- end }} recommend: {{- range .spec.recommend }} diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMasterForEvent.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMasterForEvent.yaml index 375c05f13b..d35394389c 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMasterForEvent.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMasterForEvent.yaml @@ -14,7 +14,7 @@ spec: # The interface name is hardware-specific interface: {{ .interface }} ptp4lOpts: "-2 --summary_interval -4" - phc2sysOpts: "-a -r -m -n 24 -N 8 -R 16" + phc2sysOpts: "-a -r -m -n (?[0-9]+) -N 8 -R 16" ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: @@ -27,8 +27,8 @@ spec: twoStepFlag 1 slaveOnly 0 priority1 128 - priority2 128 - domainNumber 24 + priority2 (?[0-9]+) + domainNumber (?[0-9]+) #utc_offset 37 clockClass 255 clockAccuracy 0xFE @@ -121,6 +121,10 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0xA0 + {{- if .ptpClockThreshold }} + ptpClockThreshold: + {{- .ptpClockThreshold | toYaml | nindent 6 }} + {{- end }} {{- end }} recommend: {{- range .spec.recommend }} diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlave.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlave.yaml index 63af2d6a50..17166a96f8 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlave.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlave.yaml @@ -12,7 +12,7 @@ spec: # The interface name is hardware-specific interface: {{ .interface }} ptp4lOpts: "-2 -s" - phc2sysOpts: "-a -r -n 24" + phc2sysOpts: "-a -r -n (?[0-9]+)" ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: @@ -25,8 +25,8 @@ spec: twoStepFlag 1 slaveOnly 1 priority1 128 - priority2 128 - domainNumber 24 + priority2 (?[0-9]+) + domainNumber (?[0-9]+) #utc_offset 37 clockClass 255 clockAccuracy 0xFE @@ -119,6 +119,10 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0xA0 + {{- if .ptpClockThreshold }} + ptpClockThreshold: + {{- .ptpClockThreshold | toYaml | nindent 6 }} + {{- end }} {{- end }} recommend: {{- range .spec.recommend }} diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlaveForEvent.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlaveForEvent.yaml index 5d02f8732b..ded885a685 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlaveForEvent.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlaveForEvent.yaml @@ -12,7 +12,7 @@ spec: # The interface name is hardware-specific interface: {{ .interface }} ptp4lOpts: "-2 -s --summary_interval -4" - phc2sysOpts: "-a -r -m -n 24 -N 8 -R 16" + phc2sysOpts: "-a -r -m -n (?[0-9]+) -N 8 -R 16" ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: @@ -25,8 +25,8 @@ spec: twoStepFlag 1 slaveOnly 1 priority1 128 - priority2 128 - domainNumber 24 + priority2 (?[0-9]+) + domainNumber (?[0-9]+) #utc_offset 37 clockClass 255 clockAccuracy 0xFE @@ -119,6 +119,10 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0xA0 + {{- if .ptpClockThreshold }} + ptpClockThreshold: + {{- .ptpClockThreshold | toYaml | nindent 6 }} + {{- end }} {{- end }} recommend: {{- range .spec.recommend }} diff --git a/ztp/kube-compare-reference/required/cluster-logging/ClusterLogNS.yaml b/ztp/kube-compare-reference/required/cluster-logging/ClusterLogNS.yaml index 70e00a4d10..8115b96c18 100644 --- a/ztp/kube-compare-reference/required/cluster-logging/ClusterLogNS.yaml +++ b/ztp/kube-compare-reference/required/cluster-logging/ClusterLogNS.yaml @@ -5,3 +5,5 @@ metadata: annotations: workload.openshift.io/allowed: management ran.openshift.io/ztp-deploy-wave: "2" + labels: + openshift.io/cluster-monitoring: "true" diff --git a/ztp/kube-compare-reference/required/sriov-operator/SriovOperatorConfig.yaml b/ztp/kube-compare-reference/required/sriov-operator/SriovOperatorConfig.yaml index ebcb917cc7..c831693162 100644 --- a/ztp/kube-compare-reference/required/sriov-operator/SriovOperatorConfig.yaml +++ b/ztp/kube-compare-reference/required/sriov-operator/SriovOperatorConfig.yaml @@ -23,6 +23,12 @@ spec: # openshift.io/: "1" # requests: # openshift.io/: "1" + {{- if hasKey .spec "enableInjector" }} enableInjector: false + {{- end }} + {{- if hasKey .spec "enableOperatorWebhook" }} enableOperatorWebhook: false + {{- end }} + {{- if hasKey .spec "logLevel" }} logLevel: 0 + {{- end }} diff --git a/ztp/kube-compare-reference/required/sriov-operator/SriovOperatorConfigForSNO.yaml b/ztp/kube-compare-reference/required/sriov-operator/SriovOperatorConfigForSNO.yaml index 05209f4775..fa275254de 100644 --- a/ztp/kube-compare-reference/required/sriov-operator/SriovOperatorConfigForSNO.yaml +++ b/ztp/kube-compare-reference/required/sriov-operator/SriovOperatorConfigForSNO.yaml @@ -23,8 +23,14 @@ spec: # openshift.io/: "1" # requests: # openshift.io/: "1" - enableInjector: false - enableOperatorWebhook: false # Disable drain is needed for Single Node Openshift disableDrain: true + {{- if hasKey .spec "enableInjector" }} + enableInjector: false + {{- end }} + {{- if hasKey .spec "enableOperatorWebhook" }} + enableOperatorWebhook: false + {{- end }} + {{- if hasKey .spec "logLevel" }} logLevel: 0 + {{- end }} diff --git a/ztp/resource-generator/Containerfile b/ztp/resource-generator/Containerfile index 6585e68c1c..850f407b27 100644 --- a/ztp/resource-generator/Containerfile +++ b/ztp/resource-generator/Containerfile @@ -1,5 +1,7 @@ +ARG ZTP_BUILD_IMAGE=registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.22-openshift-4.18 +ARG ZTP_RUNTIME_IMAGE=ubi8-minimal # Builder -FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.22-openshift-4.18 as builder +FROM ${ZTP_BUILD_IMAGE} as builder ARG IMAGE_REF USER root ENV PKG_ROOT=cnf-features-deploy @@ -22,7 +24,7 @@ RUN make build RUN make build-pgt-plugin # Container image -FROM ubi8-minimal +FROM ${ZTP_RUNTIME_IMAGE} USER root ENV BUILDER_ZTP=/go/src/cnf-features-deploy/ztp ENV ZTP_HOME=/home/ztp diff --git a/ztp/source-crs/ClusterLogNS.yaml b/ztp/source-crs/ClusterLogNS.yaml index 70e00a4d10..8115b96c18 100644 --- a/ztp/source-crs/ClusterLogNS.yaml +++ b/ztp/source-crs/ClusterLogNS.yaml @@ -5,3 +5,5 @@ metadata: annotations: workload.openshift.io/allowed: management ran.openshift.io/ztp-deploy-wave: "2" + labels: + openshift.io/cluster-monitoring: "true" diff --git a/ztp/source-crs/OadpBackupStorageLocationStatus.yaml b/ztp/source-crs/OadpBackupStorageLocationStatus.yaml index 9515eb46df..fd06d4cb93 100644 --- a/ztp/source-crs/OadpBackupStorageLocationStatus.yaml +++ b/ztp/source-crs/OadpBackupStorageLocationStatus.yaml @@ -2,6 +2,14 @@ apiVersion: velero.io/v1 kind: BackupStorageLocation metadata: + # The BackupStorageLocation name follows this pattern: + # - + # Where represents the position of the corresponding backupLocation + # in DataProtectionApplication.spec.backupLocations, starting from 1. + # + # If the DataProtectionApplication name is changed in OadpDataProtectionApplication.yaml, + # be sure to override the BackupStorageLocation name accordingly. + name: dataprotectionapplication-1 namespace: openshift-adp annotations: ran.openshift.io/ztp-deploy-wave: "100" diff --git a/ztp/source-crs/PtpConfigBoundaryForEvent.yaml b/ztp/source-crs/PtpConfigBoundaryForEvent.yaml index 1596fb25d0..d393b8d4ef 100644 --- a/ztp/source-crs/PtpConfigBoundaryForEvent.yaml +++ b/ztp/source-crs/PtpConfigBoundaryForEvent.yaml @@ -125,6 +125,10 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0xA0 + ptpClockThreshold: + holdOverTimeout: 5 + maxOffsetThreshold: 100 + minOffsetThreshold: -100 recommend: - profile: "boundary" priority: 4 diff --git a/ztp/source-crs/PtpConfigDualCardGmWpc.yaml b/ztp/source-crs/PtpConfigDualCardGmWpc.yaml index 60d87723d2..9d36e8731c 100644 --- a/ztp/source-crs/PtpConfigDualCardGmWpc.yaml +++ b/ztp/source-crs/PtpConfigDualCardGmWpc.yaml @@ -13,7 +13,7 @@ spec: profile: - name: "grandmaster" ptp4lOpts: "-2 --summary_interval -4" - phc2sysOpts: -r -u 0 -m -w -N 8 -R 16 -s (?[[:alnum:]]+) -n 24 + phc2sysOpts: -r -u 0 -m -N 8 -R 16 -s (?[[:alnum:]]+) -n 24 ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: @@ -22,9 +22,9 @@ spec: e810: enableDefaultConfig: false settings: - LocalMaxHoldoverOffSet: 1500 LocalHoldoverTimeout: 14400 - MaxInSpecOffset: 100 + LocalMaxHoldoverOffSet: 1500 + MaxInSpecOffset: 1500 pins: # Syntax guide: # - The 1st number in each pair must be one of: @@ -239,6 +239,10 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0x20 + ptpClockThreshold: + holdOverTimeout: 5 + maxOffsetThreshold: 100 + minOffsetThreshold: -100 recommend: - profile: "grandmaster" priority: 4 diff --git a/ztp/source-crs/PtpConfigForHAForEvent.yaml b/ztp/source-crs/PtpConfigForHAForEvent.yaml index 21cdab9a52..2babafc34c 100644 --- a/ztp/source-crs/PtpConfigForHAForEvent.yaml +++ b/ztp/source-crs/PtpConfigForHAForEvent.yaml @@ -15,6 +15,10 @@ spec: ptpSettings: logReduce: "true" haProfiles: "$profile1,$profile2" + ptpClockThreshold: + holdOverTimeout: 5 + maxOffsetThreshold: 100 + minOffsetThreshold: -100 recommend: - profile: "boundary-ha" priority: 4 diff --git a/ztp/source-crs/PtpConfigGmWpc.yaml b/ztp/source-crs/PtpConfigGmWpc.yaml index 92cb78dc39..b38184407c 100644 --- a/ztp/source-crs/PtpConfigGmWpc.yaml +++ b/ztp/source-crs/PtpConfigGmWpc.yaml @@ -11,7 +11,7 @@ spec: profile: - name: "grandmaster" ptp4lOpts: "-2 --summary_interval -4" - phc2sysOpts: -r -u 0 -m -w -N 8 -R 16 -s (?[[:alnum:]]+) -n 24 + phc2sysOpts: -r -u 0 -m -N 8 -R 16 -s (?[[:alnum:]]+) -n 24 ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: @@ -20,9 +20,9 @@ spec: e810: enableDefaultConfig: false settings: - LocalMaxHoldoverOffSet: 1500 LocalHoldoverTimeout: 14400 - MaxInSpecOffset: 100 + LocalMaxHoldoverOffSet: 1500 + MaxInSpecOffset: 1500 pins: # Syntax guide: # - The 1st number in each pair must be one of: @@ -219,6 +219,10 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0x20 + ptpClockThreshold: + holdOverTimeout: 5 + maxOffsetThreshold: 100 + minOffsetThreshold: -100 recommend: - profile: "grandmaster" priority: 4 diff --git a/ztp/source-crs/PtpConfigMasterForEvent.yaml b/ztp/source-crs/PtpConfigMasterForEvent.yaml index 3ca627f9be..24ee6d80b7 100644 --- a/ztp/source-crs/PtpConfigMasterForEvent.yaml +++ b/ztp/source-crs/PtpConfigMasterForEvent.yaml @@ -120,6 +120,10 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0xA0 + ptpClockThreshold: + holdOverTimeout: 5 + maxOffsetThreshold: 100 + minOffsetThreshold: -100 recommend: - profile: "grandmaster" priority: 4 diff --git a/ztp/source-crs/PtpConfigSlaveForEvent.yaml b/ztp/source-crs/PtpConfigSlaveForEvent.yaml index abec5b80fe..f4be095276 100644 --- a/ztp/source-crs/PtpConfigSlaveForEvent.yaml +++ b/ztp/source-crs/PtpConfigSlaveForEvent.yaml @@ -118,6 +118,10 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0xA0 + ptpClockThreshold: + holdOverTimeout: 5 + maxOffsetThreshold: 100 + minOffsetThreshold: -100 recommend: - profile: "slave" priority: 4 diff --git a/ztp/source-crs/SriovOperatorConfigForSNO.yaml b/ztp/source-crs/SriovOperatorConfigForSNO.yaml index 04d8c242dc..80b35f6743 100644 --- a/ztp/source-crs/SriovOperatorConfigForSNO.yaml +++ b/ztp/source-crs/SriovOperatorConfigForSNO.yaml @@ -21,8 +21,8 @@ spec: # openshift.io/: "1" # requests: # openshift.io/: "1" - enableInjector: false - enableOperatorWebhook: false # Disable drain is needed for Single Node Openshift disableDrain: true + enableInjector: false + enableOperatorWebhook: false logLevel: 0