From be05389827327b939ec13531f9810c8641ba7b26 Mon Sep 17 00:00:00 2001 From: Andrea Panattoni Date: Fri, 13 Dec 2024 18:36:00 +0100 Subject: [PATCH 01/43] infra: Build images for `knmstate` Index image `quay.io/openshift-release-dev/ocp-release-nightly` contains operator's nightly builds on Brew, which is not usually available on Prow jobs. These changes modifies the `ci-index` CatalogSource adding the knmstate operator bundle, where the operator's image and operands image comes from promoted images in `registry.ci.openshift.org`. --- .../ci/knmstate/operator_subscription.yaml | 5 ++-- hack/setup-build-index-image.sh | 28 ++++++++----------- 2 files changed, 14 insertions(+), 19 deletions(-) diff --git a/feature-configs/ci/knmstate/operator_subscription.yaml b/feature-configs/ci/knmstate/operator_subscription.yaml index 089a25b02e..da81429b58 100644 --- a/feature-configs/ci/knmstate/operator_subscription.yaml +++ b/feature-configs/ci/knmstate/operator_subscription.yaml @@ -6,8 +6,7 @@ metadata: name: kubernetes-nmstate-operator namespace: openshift-nmstate spec: - channel: stable - installPlanApproval: Automatic name: kubernetes-nmstate-operator - source: art-nightly-operator-catalog + channel: alpha + source: ci-index sourceNamespace: openshift-marketplace diff --git a/hack/setup-build-index-image.sh b/hack/setup-build-index-image.sh index 91c94ac32b..77ffd94edb 100755 --- a/hack/setup-build-index-image.sh +++ b/hack/setup-build-index-image.sh @@ -105,7 +105,18 @@ spec: podman push image-registry.openshift-image-registry.svc:5000/openshift-marketplace/gatekeeper-operator-bundle:latest --tls-verify=false cd .. - ./opm index --skip-tls add --bundles image-registry.openshift-image-registry.svc:5000/openshift-marketplace/sriov-operator-bundle:latest,image-registry.openshift-image-registry.svc:5000/openshift-marketplace/ptp-operator-bundle:latest,image-registry.openshift-image-registry.svc:5000/openshift-marketplace/special-resource-operator-bundle:latest,image-registry.openshift-image-registry.svc:5000/openshift-marketplace/cluster-nfd-operator-bundle:latest,image-registry.openshift-image-registry.svc:5000/openshift-marketplace/metallb-operator-bundle:latest,image-registry.openshift-image-registry.svc:5000/openshift-marketplace/gatekeeper-operator-bundle:latest --tag image-registry.openshift-image-registry.svc:5000/openshift-marketplace/ci-index:latest -p podman --mode semver + git clone --single-branch --branch OPERATOR_RELEASES https://github.com/openshift/kubernetes-nmstate.git + cd kubernetes-nmstate + export KNMSTATE_OPERATOR_IMAGE=registry.ci.openshift.org/ocp/OPERATOR_VERSION:kubernetes-nmstate-operator + export KNMSTATE_HANDLER_IMAGE=registry.ci.openshift.org/ocp/OPERATOR_VERSION:kubernetes-nmstate-handler + rm manifests/stable/manifests/image-references + sed -i "s_quay.io/openshift/origin-kubernetes-nmstate-operator:.*_${KNMSTATE_OPERATOR_IMAGE}_" manifests/stable/manifests/* + sed -i "s_quay.io/openshift/origin-kubernetes-nmstate-handler:.*_${KNMSTATE_HANDLER_IMAGE}_" manifests/stable/manifests/* + podman build -f manifests/stable/bundle.Dockerfile --tag image-registry.openshift-image-registry.svc:5000/openshift-marketplace/kubernetes-nmstate-operator-bundle:latest . + podman push image-registry.openshift-image-registry.svc:5000/openshift-marketplace/kubernetes-nmstate-operator-bundle:latest --tls-verify=false + cd .. + + ./opm index --skip-tls add --bundles image-registry.openshift-image-registry.svc:5000/openshift-marketplace/sriov-operator-bundle:latest,image-registry.openshift-image-registry.svc:5000/openshift-marketplace/ptp-operator-bundle:latest,image-registry.openshift-image-registry.svc:5000/openshift-marketplace/special-resource-operator-bundle:latest,image-registry.openshift-image-registry.svc:5000/openshift-marketplace/cluster-nfd-operator-bundle:latest,image-registry.openshift-image-registry.svc:5000/openshift-marketplace/metallb-operator-bundle:latest,image-registry.openshift-image-registry.svc:5000/openshift-marketplace/gatekeeper-operator-bundle:latest,image-registry.openshift-image-registry.svc:5000/openshift-marketplace/kubernetes-nmstate-operator-bundle:latest --tag image-registry.openshift-image-registry.svc:5000/openshift-marketplace/ci-index:latest -p podman --mode semver podman push image-registry.openshift-image-registry.svc:5000/openshift-marketplace/ci-index:latest --tls-verify=false securityContext: privileged: true @@ -203,18 +214,3 @@ else echo "[ERROR] index image pod failed to run" exit 1 fi - -# This is neede to install latest kubernetes-nmstate nightly -# https://github.com/openshift/kubernetes-nmstate/blob/11482d1f97466dcc3b7c1875fa07560af6b4f152/hack/ocp-install-nightly-art-operators.sh#L82 -cat < Date: Fri, 17 Jan 2025 17:40:28 +0100 Subject: [PATCH 02/43] cnf-tests: validation suite for `knmstate` Signed-off-by: Andrea Panattoni --- cnf-tests/testsuites/pkg/namespaces/namespaces.go | 2 ++ cnf-tests/testsuites/pkg/utils/consts.go | 4 ++++ .../validationsuite/cluster/validation.go | 15 +++++++++++++++ 3 files changed, 21 insertions(+) diff --git a/cnf-tests/testsuites/pkg/namespaces/namespaces.go b/cnf-tests/testsuites/pkg/namespaces/namespaces.go index 230484cd31..f5b3c22e51 100644 --- a/cnf-tests/testsuites/pkg/namespaces/namespaces.go +++ b/cnf-tests/testsuites/pkg/namespaces/namespaces.go @@ -56,6 +56,8 @@ var SCTPTest string // Multus is the namespace where multus and multi-networkpolicy are installed var Multus = "openshift-multus" +var KNMState = "openshift-nmstate" + var OVSQOSTest string var namespaceLabels = map[string]string{ diff --git a/cnf-tests/testsuites/pkg/utils/consts.go b/cnf-tests/testsuites/pkg/utils/consts.go index 2d458a321d..f9f0735233 100644 --- a/cnf-tests/testsuites/pkg/utils/consts.go +++ b/cnf-tests/testsuites/pkg/utils/consts.go @@ -163,6 +163,10 @@ const ( SroOperatorDeploymentName = "special-resource-controller-manager" ) +const ( + KNMStateCRDName = "nmstates.nmstate.io" +) + const ( // MultiNetworkPolicyNamespaceX main namespace used for multi-networkpolicy tests MultiNetworkPolicyNamespaceX = "sriov-conformance-testing-x" diff --git a/cnf-tests/testsuites/validationsuite/cluster/validation.go b/cnf-tests/testsuites/validationsuite/cluster/validation.go index 94ab44e4b2..bc216f0d9c 100644 --- a/cnf-tests/testsuites/validationsuite/cluster/validation.go +++ b/cnf-tests/testsuites/validationsuite/cluster/validation.go @@ -528,6 +528,21 @@ var _ = Describe("validation", func() { Expect(daemonset.Status.DesiredNumberScheduled).To(Equal(daemonset.Status.NumberReady)) }) }) + + Context("[knmstate]", func() { + It("should have NMState CRD available in the cluster", func() { + crd := &apiext.CustomResourceDefinition{} + err := testclient.Client.Get(context.TODO(), goclient.ObjectKey{Name: utils.KNMStateCRDName}, crd) + Expect(err).ToNot(HaveOccurred()) + }) + + It("should have the operator pod in running state", func() { + deployment, err := testclient.Client.Deployments(namespaces.KNMState). + Get(context.Background(), "nmstate-operator", metav1.GetOptions{}) + Expect(err).ToNot(HaveOccurred()) + Expect(deployment.Status.ReadyReplicas).To(Equal(deployment.Status.Replicas)) + }) + }) }) type MCMatcher func(*igntypes.Config, *clientmachineconfigv1.MachineConfig) bool From 2c16963893ba3ccc1918145af47406dd651850a6 Mon Sep 17 00:00:00 2001 From: Andrea Panattoni Date: Tue, 21 Jan 2025 17:15:44 +0100 Subject: [PATCH 03/43] cnf-tests: Interface might be `DOWN` even if enabled It happens when the NIC has not been plugged in. For the sake of the test, having the right IP address and the right number of Virtual Function is enough. Signed-off-by: Andrea Panattoni --- cnf-tests/testsuites/e2esuite/knmstate/knmstate_sriov.go | 1 - 1 file changed, 1 deletion(-) diff --git a/cnf-tests/testsuites/e2esuite/knmstate/knmstate_sriov.go b/cnf-tests/testsuites/e2esuite/knmstate/knmstate_sriov.go index 550186f40c..cfc5ffdb7b 100644 --- a/cnf-tests/testsuites/e2esuite/knmstate/knmstate_sriov.go +++ b/cnf-tests/testsuites/e2esuite/knmstate/knmstate_sriov.go @@ -132,7 +132,6 @@ var _ = Describe("[knmstate] SR-IOV Network Operator Integration", func() { out, err := ipAddrShow(node, testDevice.Name) g.Expect(err).ToNot(HaveOccurred()) g.Expect(out).To(ContainSubstring("192.0.2.2")) - g.Expect(out).To(ContainSubstring("UP")) }). WithPolling(5 * time.Second). WithTimeout(1 * time.Minute). From a65f330d1e2e428a0465d7d50903c93c0a682423 Mon Sep 17 00:00:00 2001 From: Ronny Baturov Date: Wed, 22 Jan 2025 10:51:03 +0200 Subject: [PATCH 04/43] cnf-tests: added ENV vars of cnf-test and dpdk images into Dockerfile. This ensures that the correct images are used, as done in the m/s dockerfile. Users can override this by providing the ENV variable when running the container. This solves https://issues.redhat.com/browse/CNF-16459. Signed-off-by: Ronny Baturov --- cnf-tests/Dockerfile.openshift | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cnf-tests/Dockerfile.openshift b/cnf-tests/Dockerfile.openshift index 4ae489c7dd..d95bd9e858 100644 --- a/cnf-tests/Dockerfile.openshift +++ b/cnf-tests/Dockerfile.openshift @@ -84,6 +84,10 @@ FROM registry.ci.openshift.org/ocp/4.19:oc-rpms AS oc # Final image FROM registry.ci.openshift.org/ocp/4.19:base-rhel9 +ENV IMAGE_REGISTRY=quay.io/openshift-kni/ +ENV CNF_TESTS_IMAGE=cnf-tests:4.19 +ENV DPDK_TESTS_IMAGE=dpdk:4.19 + # python3 is needed for hwlatdetect RUN yum install -y lksctp-tools iproute tmux ethtool iputils numactl-libs iptables kmod linuxptp iperf3 python3 nc iptables && \ yum clean all From 9ded47d45de81e8258473566aa69265556b08e6a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Jan 2025 17:41:54 +0000 Subject: [PATCH 05/43] depbot: bump github.com/golang/glog from 1.2.3 to 1.2.4 Bumps [github.com/golang/glog](https://github.com/golang/glog) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/golang/glog/releases) - [Commits](https://github.com/golang/glog/compare/v1.2.3...v1.2.4) --- updated-dependencies: - dependency-name: github.com/golang/glog dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- vendor/github.com/golang/glog/glog_file.go | 60 ++++++++++++++++------ vendor/modules.txt | 2 +- 4 files changed, 48 insertions(+), 20 deletions(-) diff --git a/go.mod b/go.mod index 89478e134e..d368a5a935 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/coreos/ignition v0.35.0 github.com/gatekeeper/gatekeeper-operator v0.2.1 github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 - github.com/golang/glog v1.2.3 + github.com/golang/glog v1.2.4 github.com/google/go-cmp v0.6.0 github.com/ishidawataru/sctp v0.0.0-20210707070123-9a39160e9062 github.com/k8snetworkplumbingwg/multi-networkpolicy v0.0.0-20220908143610-19b7d2ba63f9 diff --git a/go.sum b/go.sum index 4d78d0af81..d00bdf3480 100644 --- a/go.sum +++ b/go.sum @@ -877,8 +877,8 @@ github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= -github.com/golang/glog v1.2.3 h1:oDTdz9f5VGVVNGu/Q7UXKWYsD0873HXLHdJUNBsSEKM= -github.com/golang/glog v1.2.3/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= +github.com/golang/glog v1.2.4 h1:CNNw5U8lSiiBk7druxtSHHTsRWcxKoac6kZKm2peBBc= +github.com/golang/glog v1.2.4/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= diff --git a/vendor/github.com/golang/glog/glog_file.go b/vendor/github.com/golang/glog/glog_file.go index 2b478ae646..b54bd40525 100644 --- a/vendor/github.com/golang/glog/glog_file.go +++ b/vendor/github.com/golang/glog/glog_file.go @@ -116,32 +116,53 @@ var onceLogDirs sync.Once // contains tag ("INFO", "FATAL", etc.) and t. If the file is created // successfully, create also attempts to update the symlink for that tag, ignoring // errors. -func create(tag string, t time.Time) (f *os.File, filename string, err error) { +func create(tag string, t time.Time, dir string) (f *os.File, filename string, err error) { + if dir != "" { + f, name, err := createInDir(dir, tag, t) + if err == nil { + return f, name, err + } + return nil, "", fmt.Errorf("log: cannot create log: %v", err) + } + onceLogDirs.Do(createLogDirs) if len(logDirs) == 0 { return nil, "", errors.New("log: no log dirs") } - name, link := logName(tag, t) var lastErr error for _, dir := range logDirs { - fname := filepath.Join(dir, name) - f, err := os.Create(fname) + f, name, err := createInDir(dir, tag, t) if err == nil { - symlink := filepath.Join(dir, link) - os.Remove(symlink) // ignore err - os.Symlink(name, symlink) // ignore err - if *logLink != "" { - lsymlink := filepath.Join(*logLink, link) - os.Remove(lsymlink) // ignore err - os.Symlink(fname, lsymlink) // ignore err - } - return f, fname, nil + return f, name, err } lastErr = err } return nil, "", fmt.Errorf("log: cannot create log: %v", lastErr) } +func createInDir(dir, tag string, t time.Time) (f *os.File, name string, err error) { + name, link := logName(tag, t) + fname := filepath.Join(dir, name) + // O_EXCL is important here, as it prevents a vulnerability. The general idea is that logs often + // live in an insecure directory (like /tmp), so an unprivileged attacker could create fname in + // advance as a symlink to a file the logging process can access, but the attacker cannot. O_EXCL + // fails the open if it already exists, thus prevent our this code from opening the existing file + // the attacker points us to. + f, err = os.OpenFile(fname, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0666) + if err == nil { + symlink := filepath.Join(dir, link) + os.Remove(symlink) // ignore err + os.Symlink(name, symlink) // ignore err + if *logLink != "" { + lsymlink := filepath.Join(*logLink, link) + os.Remove(lsymlink) // ignore err + os.Symlink(fname, lsymlink) // ignore err + } + return f, fname, nil + } + return nil, "", err +} + // flushSyncWriter is the interface satisfied by logging destinations. type flushSyncWriter interface { Flush() error @@ -248,6 +269,7 @@ type syncBuffer struct { names []string sev logsink.Severity nbytes uint64 // The number of bytes written to this file + madeAt time.Time } func (sb *syncBuffer) Sync() error { @@ -255,9 +277,14 @@ func (sb *syncBuffer) Sync() error { } func (sb *syncBuffer) Write(p []byte) (n int, err error) { + // Rotate the file if it is too large, but ensure we only do so, + // if rotate doesn't create a conflicting filename. if sb.nbytes+uint64(len(p)) >= MaxSize { - if err := sb.rotateFile(time.Now()); err != nil { - return 0, err + now := timeNow() + if now.After(sb.madeAt.Add(1*time.Second)) || now.Second() != sb.madeAt.Second() { + if err := sb.rotateFile(now); err != nil { + return 0, err + } } } n, err = sb.Writer.Write(p) @@ -275,7 +302,8 @@ const footer = "\nCONTINUED IN NEXT FILE\n" func (sb *syncBuffer) rotateFile(now time.Time) error { var err error pn := "" - file, name, err := create(sb.sev.String(), now) + file, name, err := create(sb.sev.String(), now, "") + sb.madeAt = now if sb.file != nil { // The current log file becomes the previous log at the end of diff --git a/vendor/modules.txt b/vendor/modules.txt index 6ddf8a4e87..6062c6176a 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -151,7 +151,7 @@ github.com/go-task/slim-sprig/v3 ## explicit; go 1.15 github.com/gogo/protobuf/proto github.com/gogo/protobuf/sortkeys -# github.com/golang/glog v1.2.3 +# github.com/golang/glog v1.2.4 ## explicit; go 1.19 github.com/golang/glog github.com/golang/glog/internal/logsink From 44f47b2b30e16c7fa0c3315f41d40583eed77faa Mon Sep 17 00:00:00 2001 From: Abraham Date: Tue, 28 Jan 2025 15:45:13 -0500 Subject: [PATCH 06/43] ztp: ci check to ensure source-cr filenames are within 255 limit --- ztp/Makefile | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/ztp/Makefile b/ztp/Makefile index 42fafdc5bf..c4803faa16 100644 --- a/ztp/Makefile +++ b/ztp/Makefile @@ -1,6 +1,6 @@ -.PHONY: ci-job test-policygen checkExtraManifests checkSourceCRsAnnotation test-policygen-kustomize test-siteconfig test-siteconfig-kustomize test-acm-ztp-generated-policies check-reference +.PHONY: ci-job test-policygen checkExtraManifests checkSourceCRsAnnotation test-policygen-kustomize test-siteconfig test-siteconfig-kustomize test-acm-ztp-generated-policies check-reference checkSourceCRsPath -ci-job: test-policygen checkExtraManifests checkSourceCRsAnnotation test-policygen-kustomize test-siteconfig test-siteconfig-kustomize test-acm-ztp-generated-policies check-reference +ci-job: test-policygen checkExtraManifests checkSourceCRsAnnotation test-policygen-kustomize test-siteconfig test-siteconfig-kustomize test-acm-ztp-generated-policies check-reference checkSourceCRsPath test-policygen: @echo "ZTP: Build policy generator and run test" @@ -19,6 +19,20 @@ checkSourceCRsAnnotation: fi; \ done; \ +source-crs := source-crs +checkSourceCRsPath: + @failures=0; \ + for cr in $(shell find $(source-crs) -type f); do \ + path_length=$$(echo $$cr | wc -c); \ + if [ $$path_length -gt 255 ]; then \ + echo "File path too long: $$cr (length: $$path_length)"; \ + (( failures += 1 )); \ + else \ + echo "File path OK: $$cr (length: $$path_length)"; \ + fi; \ + done; \ + exit $$failures + test-policygen-kustomize: @echo "ZTP: Build policy generator kustomize plugin and run test" $(MAKE) -C ./policygenerator-kustomize-plugin test From d7708556ded34701bd26249ab7912c18762d2fef Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Jan 2025 14:11:20 +0000 Subject: [PATCH 07/43] depbot: bump github.com/k8snetworkplumbingwg/multi-networkpolicy Bumps [github.com/k8snetworkplumbingwg/multi-networkpolicy](https://github.com/k8snetworkplumbingwg/multi-networkpolicy) from 0.0.0-20220908143610-19b7d2ba63f9 to 1.0.1. - [Release notes](https://github.com/k8snetworkplumbingwg/multi-networkpolicy/releases) - [Commits](https://github.com/k8snetworkplumbingwg/multi-networkpolicy/commits/v1.0.1) --- updated-dependencies: - dependency-name: github.com/k8snetworkplumbingwg/multi-networkpolicy dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 6 +++--- .../multi-networkpolicy/NOTICE | 1 + .../pkg/apis/k8s.cni.cncf.io/v1beta1/types.go | 3 +++ .../v1beta1/zz_generated.deepcopy.go | 5 +++++ .../pkg/apis/k8s.cni.cncf.io/v1beta2/types.go | 2 +- .../v1beta2/zz_generated.deepcopy.go | 2 +- .../client/clientset/versioned/scheme/register.go | 14 +++++++------- vendor/modules.txt | 2 +- 9 files changed, 23 insertions(+), 14 deletions(-) create mode 100644 vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/NOTICE diff --git a/go.mod b/go.mod index d368a5a935..d82bf5eee1 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/golang/glog v1.2.4 github.com/google/go-cmp v0.6.0 github.com/ishidawataru/sctp v0.0.0-20210707070123-9a39160e9062 - github.com/k8snetworkplumbingwg/multi-networkpolicy v0.0.0-20220908143610-19b7d2ba63f9 + github.com/k8snetworkplumbingwg/multi-networkpolicy v1.0.1 github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.4.0 github.com/k8snetworkplumbingwg/sriov-network-operator v0.0.0-00010101000000-000000000000 github.com/lack/mcmaker v0.0.7 diff --git a/go.sum b/go.sum index d00bdf3480..55fce01335 100644 --- a/go.sum +++ b/go.sum @@ -756,8 +756,8 @@ github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful v2.10.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.15.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/emicklei/go-restful v2.16.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= @@ -1069,8 +1069,8 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= -github.com/k8snetworkplumbingwg/multi-networkpolicy v0.0.0-20220908143610-19b7d2ba63f9 h1:oNTOs8n0FihH6HOSJvI1zh8t712KVc4432uLZ3jfEUw= -github.com/k8snetworkplumbingwg/multi-networkpolicy v0.0.0-20220908143610-19b7d2ba63f9/go.mod h1:HuHy9LL+LaLL5DIysczJsS86MygueDGC6PBvM1GP2EQ= +github.com/k8snetworkplumbingwg/multi-networkpolicy v1.0.1 h1:Egj1hEVYNXWFlKpgzAXxe/2o8VNiVcAJLrKzlinILQo= +github.com/k8snetworkplumbingwg/multi-networkpolicy v1.0.1/go.mod h1:kEJ4WM849yNmXekuSXLRwb+LaZ9usC06O8JgoAIq+f4= github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.4.0 h1:VzM3TYHDgqPkettiP6I6q2jOeQFL4nrJM+UcAc4f6Fs= github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.4.0/go.mod h1:nqCI7aelBJU61wiBeeZWJ6oi4bJy5nrjkM6lWIMA4j0= github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= diff --git a/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/NOTICE b/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/NOTICE new file mode 100644 index 0000000000..dd3fc395fa --- /dev/null +++ b/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/NOTICE @@ -0,0 +1 @@ +Copyright 2020 Kubernetes Network Plumbing Working Group diff --git a/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta1/types.go b/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta1/types.go index 14f65b4d41..29d0d335a1 100644 --- a/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta1/types.go +++ b/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta1/types.go @@ -98,6 +98,9 @@ type MultiNetworkPolicyPort struct { // +optional Port *intstr.IntOrString `json:"port,omitempty"` + + // +optional + EndPort *int32 `json:"endPort,omitempty"` } // IPBlock ... diff --git a/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta1/zz_generated.deepcopy.go b/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta1/zz_generated.deepcopy.go index 91b464a8de..12ed1c7cc3 100644 --- a/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta1/zz_generated.deepcopy.go +++ b/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta1/zz_generated.deepcopy.go @@ -213,6 +213,11 @@ func (in *MultiNetworkPolicyPort) DeepCopyInto(out *MultiNetworkPolicyPort) { *out = new(intstr.IntOrString) **out = **in } + if in.EndPort != nil { + in, out := &in.EndPort, &out.EndPort + *out = new(int32) + **out = **in + } return } diff --git a/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta2/types.go b/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta2/types.go index da2eae3765..a4a257776d 100644 --- a/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta2/types.go +++ b/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta2/types.go @@ -100,7 +100,7 @@ type MultiNetworkPolicyPort struct { Port *intstr.IntOrString `json:"port,omitempty"` // +optional - EndPort *int `json:"endPort,omitempty"` + EndPort *int32 `json:"endPort,omitempty"` } // IPBlock ... diff --git a/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta2/zz_generated.deepcopy.go b/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta2/zz_generated.deepcopy.go index 0fd34949aa..b36f850d04 100644 --- a/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta2/zz_generated.deepcopy.go +++ b/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta2/zz_generated.deepcopy.go @@ -215,7 +215,7 @@ func (in *MultiNetworkPolicyPort) DeepCopyInto(out *MultiNetworkPolicyPort) { } if in.EndPort != nil { in, out := &in.EndPort, &out.EndPort - *out = new(int) + *out = new(int32) **out = **in } return diff --git a/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/client/clientset/versioned/scheme/register.go b/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/client/clientset/versioned/scheme/register.go index 1ddd30410b..ca9dbcb9d2 100644 --- a/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/client/clientset/versioned/scheme/register.go +++ b/vendor/github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/client/clientset/versioned/scheme/register.go @@ -39,14 +39,14 @@ var localSchemeBuilder = runtime.SchemeBuilder{ // AddToScheme adds all types of this clientset into the given scheme. This allows composition // of clientsets, like in: // -// import ( -// "k8s.io/client-go/kubernetes" -// clientsetscheme "k8s.io/client-go/kubernetes/scheme" -// aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme" -// ) +// import ( +// "k8s.io/client-go/kubernetes" +// clientsetscheme "k8s.io/client-go/kubernetes/scheme" +// aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme" +// ) // -// kclientset, _ := kubernetes.NewForConfig(c) -// _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme) +// kclientset, _ := kubernetes.NewForConfig(c) +// _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme) // // After this, RawExtensions in Kubernetes types will serialize kube-aggregator types // correctly. diff --git a/vendor/modules.txt b/vendor/modules.txt index 6062c6176a..cbfcca6632 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -228,7 +228,7 @@ github.com/josharian/intern # github.com/json-iterator/go v1.1.12 ## explicit; go 1.12 github.com/json-iterator/go -# github.com/k8snetworkplumbingwg/multi-networkpolicy v0.0.0-20220908143610-19b7d2ba63f9 +# github.com/k8snetworkplumbingwg/multi-networkpolicy v1.0.1 ## explicit; go 1.13 github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io github.com/k8snetworkplumbingwg/multi-networkpolicy/pkg/apis/k8s.cni.cncf.io/v1beta1 From adfd55a9067a5cf6e575e309a7996601916690c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ra=C3=BAl=20Hern=C3=A1ndez?= Date: Wed, 29 Jan 2025 16:40:51 +0100 Subject: [PATCH 08/43] ztp: modify ztp Containerfile for Konflux migration... The value of ZTP_BUILD_IMAGE and ZTP_RUNTIME_IMAGE will be overriden by Konflux, sharing this Containerfile with upstream --- ztp/resource-generator/Containerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ztp/resource-generator/Containerfile b/ztp/resource-generator/Containerfile index 6585e68c1c..850f407b27 100644 --- a/ztp/resource-generator/Containerfile +++ b/ztp/resource-generator/Containerfile @@ -1,5 +1,7 @@ +ARG ZTP_BUILD_IMAGE=registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.22-openshift-4.18 +ARG ZTP_RUNTIME_IMAGE=ubi8-minimal # Builder -FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.22-openshift-4.18 as builder +FROM ${ZTP_BUILD_IMAGE} as builder ARG IMAGE_REF USER root ENV PKG_ROOT=cnf-features-deploy @@ -22,7 +24,7 @@ RUN make build RUN make build-pgt-plugin # Container image -FROM ubi8-minimal +FROM ${ZTP_RUNTIME_IMAGE} USER root ENV BUILDER_ZTP=/go/src/cnf-features-deploy/ztp ENV ZTP_HOME=/home/ztp From ffbad9c6e284f628c4f46df2b28f394093e2eb66 Mon Sep 17 00:00:00 2001 From: Ronny Baturov Date: Wed, 29 Jan 2025 14:42:21 +0200 Subject: [PATCH 09/43] infra: dynamically select test image versions Since the OCP_VERSION environment variable is defined in common.sh, we can use it to dynamically determine the versions of the cnf-tests and dpdk images instead of hardcoding them. Signed-off-by: Ronny Baturov --- cnf-tests/Dockerfile.openshift | 5 +++-- hack/run-functests.sh | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/cnf-tests/Dockerfile.openshift b/cnf-tests/Dockerfile.openshift index d95bd9e858..7dd19900e1 100644 --- a/cnf-tests/Dockerfile.openshift +++ b/cnf-tests/Dockerfile.openshift @@ -84,9 +84,10 @@ FROM registry.ci.openshift.org/ocp/4.19:oc-rpms AS oc # Final image FROM registry.ci.openshift.org/ocp/4.19:base-rhel9 +ENV OCP_VERSION=4.19 ENV IMAGE_REGISTRY=quay.io/openshift-kni/ -ENV CNF_TESTS_IMAGE=cnf-tests:4.19 -ENV DPDK_TESTS_IMAGE=dpdk:4.19 +ENV CNF_TESTS_IMAGE=cnf-tests:${OCP_VERSION} +ENV DPDK_TESTS_IMAGE=dpdk:${OCP_VERSION} # python3 is needed for hwlatdetect RUN yum install -y lksctp-tools iproute tmux ethtool iputils numactl-libs iptables kmod linuxptp iperf3 python3 nc iptables && \ diff --git a/hack/run-functests.sh b/hack/run-functests.sh index 6960297b5a..7a390b23c6 100755 --- a/hack/run-functests.sh +++ b/hack/run-functests.sh @@ -10,8 +10,8 @@ export GINKGO_PARAMS=${GINKGO_PARAMS:-'-vv --show-node-events -timeout 6h'} #env variables needed for the containerized version export TEST_POD_IMAGES_REGISTRY="${TEST_POD_IMAGES_REGISTRY:-quay.io/openshift-kni/}" -export TEST_POD_CNF_TEST_IMAGE="${TEST_POD_CNF_TEST_IMAGE:-cnf-tests:4.12}" -export TEST_POD_DPDK_TEST_IMAGE="${TEST_POD_DPDK_TEST_IMAGE:-dpdk:4.12}" +export TEST_POD_CNF_TEST_IMAGE="${TEST_POD_CNF_TEST_IMAGE:-cnf-tests:${OCP_VERSION}}" +export TEST_POD_DPDK_TEST_IMAGE="${TEST_POD_DPDK_TEST_IMAGE:-dpdk:${OCP_VERSION}}" export TEST_EXECUTION_IMAGE=$TEST_POD_IMAGES_REGISTRY$TEST_POD_CNF_TEST_IMAGE export SCTPTEST_HAS_NON_CNF_WORKERS="${SCTPTEST_HAS_NON_CNF_WORKERS:-true}" From bf5563e27271c3797703278f103692c8938b48db Mon Sep 17 00:00:00 2001 From: red-hat-konflux Date: Thu, 30 Jan 2025 14:38:25 +0000 Subject: [PATCH 10/43] Red Hat Konflux update cnf-features-deploy-4-19 Signed-off-by: red-hat-konflux --- ...cnf-features-deploy-4-19-pull-request.yaml | 616 ++++++++++++++++++ .tekton/cnf-features-deploy-4-19-push.yaml | 613 +++++++++++++++++ 2 files changed, 1229 insertions(+) create mode 100644 .tekton/cnf-features-deploy-4-19-pull-request.yaml create mode 100644 .tekton/cnf-features-deploy-4-19-push.yaml diff --git a/.tekton/cnf-features-deploy-4-19-pull-request.yaml b/.tekton/cnf-features-deploy-4-19-pull-request.yaml new file mode 100644 index 0000000000..e48a610714 --- /dev/null +++ b/.tekton/cnf-features-deploy-4-19-pull-request.yaml @@ -0,0 +1,616 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/openshift-kni/cnf-features-deploy?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch + == "master" + creationTimestamp: null + labels: + appstudio.openshift.io/application: ztp-site-generate-4-19 + appstudio.openshift.io/component: cnf-features-deploy-4-19 + pipelines.appstudio.openshift.io/type: build + name: cnf-features-deploy-4-19-on-pull-request + namespace: telco-5g-tenant +spec: + params: + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/redhat-user-workloads/telco-5g-tenant/cnf-features-deploy-4-19:on-pr-{{revision}} + - name: image-expires-after + value: 5d + - name: dockerfile + value: ztp/resource-generator + pipelineSpec: + description: | + This pipeline is ideal for building container images from a Containerfile while reducing network traffic. + + _Uses `buildah` to create a container image. It also optionally creates a source image and runs some build-time tests. EC will flag a violation for [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) if any tasks are added to the pipeline. + This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build?tab=tags)_ + finally: + - name: show-sbom + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + taskRef: + params: + - name: name + value: show-sbom + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 + - name: kind + value: task + resolver: bundles + - name: show-summary + params: + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: git-url + value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) + - name: image-url + value: $(params.output-image) + - name: build-task-status + value: $(tasks.build-image-index.status) + taskRef: + params: + - name: name + value: summary + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:870d9a04d9784840a90b7bf6817cd0d0c4edfcda04b1ba1868cae625a3c3bfcc + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: Path to the source code of an application's component from where + to build image. + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile inside the context specified by parameter + path-context + name: dockerfile + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched by Cachi2 + name: prefetch-input + type: string + - default: "" + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. + name: image-expires-after + - default: "false" + description: Build a source image. + name: build-source-image + type: string + - default: "false" + description: Add built image into an OCI image index + name: build-image-index + type: string + - default: [] + description: Array of --build-arg values ("arg=value" strings) for buildah + name: build-args + type: array + - default: "" + description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file + name: build-args-file + type: string + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + tasks: + - name: init + params: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: skip-checks + value: $(params.skip-checks) + taskRef: + params: + - name: name + value: init + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:4c6712db9419461b8c8a39523c012cb0dc061fb58563bb9170b3777d74f54659 + - name: kind + value: task + resolver: bundles + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + runAfter: + - init + taskRef: + params: + - name: name + value: git-clone + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:d091a9e19567a4cbdc5acd57903c71ba71dc51d749a4ba7477e689608851e981 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: prefetch-dependencies + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:20f76c14b756c745e315334dd0437cf4f6004763e2d23b27cf0f8e896fe2207c + - name: kind + value: task + resolver: bundles + when: + - input: $(params.prefetch-input) + operator: notin + values: + - "" + workspaces: + - name: source + workspace: workspace + - name: git-basic-auth + workspace: git-auth + - name: netrc + workspace: netrc + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + runAfter: + - prefetch-dependencies + taskRef: + params: + - name: name + value: buildah + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.3@sha256:9362d1e20b74c946c6c787ee2c82f202d7d131f06fccf55436b70feed295a757 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: build-image-index + params: + - name: IMAGE + value: $(params.output-image) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: ALWAYS_BUILD_INDEX + value: $(params.build-image-index) + - name: IMAGES + value: + - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) + runAfter: + - build-container + taskRef: + params: + - name: name + value: build-image-index + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:09344e6bda708f48ef759bbe84bce99515549f4cfdcbe89e417f695c19463260 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - name: build-source-image + params: + - name: BINARY_IMAGE + value: $(params.output-image) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: source-build + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:9d8f146d0474440165db38a3efdf55da73856de332ebf8d598197f92156ee44e + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - input: $(params.build-source-image) + operator: in + values: + - "true" + workspaces: + - name: workspace + workspace: workspace + - name: deprecated-base-image-check + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:241f87f75a6e4303fbd64b32ba1715d76fe3805c48a6c21829e6a564bcc3a576 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clair-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:4584647138af3efe5f1c523d0f56103c3b9647325634d17f04e2198a2c3c0c26 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: ecosystem-cert-preflight-checks + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: ecosystem-cert-preflight-checks + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:df8a25a3431a70544172ed4844f9d0c6229d39130633960729f825a031a7dea9 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-snyk-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.3@sha256:30cc34ccf6ca34e7f0951fd508fe4436d07388e7244baab77baf4ef9bdcefff4 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clamav-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:525ad6081d7d38082db057482bd9ecc59c38954656b1a4e33a28de9c19e71006 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-coverity-check + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + runAfter: + - coverity-availability-check + taskRef: + params: + - name: name + value: sast-coverity-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.2@sha256:97e4ba1ff49288194c74ddc1a42a9c4512c93d1f9e446a08b20aa90cfe4266ac + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - input: $(tasks.coverity-availability-check.results.STATUS) + operator: in + values: + - success + workspaces: + - name: source + workspace: workspace + - name: coverity-availability-check + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: coverity-availability-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check-oci-ta:0.2@sha256:8653d290298593e4db9457ab00d9160738c31c384b7615ee30626ccab6f96ed8 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-shell-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-shell-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:cb18cca3a211392e7f06dc7867bbb5bb269db7cb645d93c51585ff2954ef0a3a + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: sast-unicode-check + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-unicode-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:a1336d6f089eb4c05d09442a26836ccbd894bb5341e0275fa7d424ada4133d7d + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: apply-tags + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:fa7aa88ffe01eeeaa07c8720b27e50e27f6f136ef33595efaa16a0eb4598ea02 + - name: kind + value: task + resolver: bundles + - name: push-dockerfile + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: push-dockerfile + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:389dc0f7bb175b9ca04e79ee67352fedd62fff8b1d196029534cd5638c73a0fc + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace + - name: rpms-signature-scan + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:39cd56ffa26ff5edfd5bf9b61e902cae35a345c078cd9dcbc0737d30f3ce5ef1 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + - name: git-auth + optional: true + - name: netrc + optional: true + taskRunTemplate: {} + workspaces: + - name: workspace + volumeClaimTemplate: + metadata: + creationTimestamp: null + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: {} + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} diff --git a/.tekton/cnf-features-deploy-4-19-push.yaml b/.tekton/cnf-features-deploy-4-19-push.yaml new file mode 100644 index 0000000000..b0c5e8d17f --- /dev/null +++ b/.tekton/cnf-features-deploy-4-19-push.yaml @@ -0,0 +1,613 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/openshift-kni/cnf-features-deploy?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch + == "master" + creationTimestamp: null + labels: + appstudio.openshift.io/application: ztp-site-generate-4-19 + appstudio.openshift.io/component: cnf-features-deploy-4-19 + pipelines.appstudio.openshift.io/type: build + name: cnf-features-deploy-4-19-on-push + namespace: telco-5g-tenant +spec: + params: + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/redhat-user-workloads/telco-5g-tenant/cnf-features-deploy-4-19:{{revision}} + - name: dockerfile + value: ztp/resource-generator + pipelineSpec: + description: | + This pipeline is ideal for building container images from a Containerfile while reducing network traffic. + + _Uses `buildah` to create a container image. It also optionally creates a source image and runs some build-time tests. EC will flag a violation for [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) if any tasks are added to the pipeline. + This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build?tab=tags)_ + finally: + - name: show-sbom + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + taskRef: + params: + - name: name + value: show-sbom + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 + - name: kind + value: task + resolver: bundles + - name: show-summary + params: + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: git-url + value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) + - name: image-url + value: $(params.output-image) + - name: build-task-status + value: $(tasks.build-image-index.status) + taskRef: + params: + - name: name + value: summary + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:870d9a04d9784840a90b7bf6817cd0d0c4edfcda04b1ba1868cae625a3c3bfcc + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: Path to the source code of an application's component from where + to build image. + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile inside the context specified by parameter + path-context + name: dockerfile + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched by Cachi2 + name: prefetch-input + type: string + - default: "" + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. + name: image-expires-after + - default: "false" + description: Build a source image. + name: build-source-image + type: string + - default: "false" + description: Add built image into an OCI image index + name: build-image-index + type: string + - default: [] + description: Array of --build-arg values ("arg=value" strings) for buildah + name: build-args + type: array + - default: "" + description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file + name: build-args-file + type: string + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + tasks: + - name: init + params: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: skip-checks + value: $(params.skip-checks) + taskRef: + params: + - name: name + value: init + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:4c6712db9419461b8c8a39523c012cb0dc061fb58563bb9170b3777d74f54659 + - name: kind + value: task + resolver: bundles + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + runAfter: + - init + taskRef: + params: + - name: name + value: git-clone + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:d091a9e19567a4cbdc5acd57903c71ba71dc51d749a4ba7477e689608851e981 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: prefetch-dependencies + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:20f76c14b756c745e315334dd0437cf4f6004763e2d23b27cf0f8e896fe2207c + - name: kind + value: task + resolver: bundles + when: + - input: $(params.prefetch-input) + operator: notin + values: + - "" + workspaces: + - name: source + workspace: workspace + - name: git-basic-auth + workspace: git-auth + - name: netrc + workspace: netrc + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + runAfter: + - prefetch-dependencies + taskRef: + params: + - name: name + value: buildah + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.3@sha256:9362d1e20b74c946c6c787ee2c82f202d7d131f06fccf55436b70feed295a757 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: build-image-index + params: + - name: IMAGE + value: $(params.output-image) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: ALWAYS_BUILD_INDEX + value: $(params.build-image-index) + - name: IMAGES + value: + - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) + runAfter: + - build-container + taskRef: + params: + - name: name + value: build-image-index + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:09344e6bda708f48ef759bbe84bce99515549f4cfdcbe89e417f695c19463260 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - name: build-source-image + params: + - name: BINARY_IMAGE + value: $(params.output-image) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: source-build + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:9d8f146d0474440165db38a3efdf55da73856de332ebf8d598197f92156ee44e + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - input: $(params.build-source-image) + operator: in + values: + - "true" + workspaces: + - name: workspace + workspace: workspace + - name: deprecated-base-image-check + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:241f87f75a6e4303fbd64b32ba1715d76fe3805c48a6c21829e6a564bcc3a576 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clair-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:4584647138af3efe5f1c523d0f56103c3b9647325634d17f04e2198a2c3c0c26 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: ecosystem-cert-preflight-checks + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: ecosystem-cert-preflight-checks + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:df8a25a3431a70544172ed4844f9d0c6229d39130633960729f825a031a7dea9 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-snyk-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.3@sha256:30cc34ccf6ca34e7f0951fd508fe4436d07388e7244baab77baf4ef9bdcefff4 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clamav-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:525ad6081d7d38082db057482bd9ecc59c38954656b1a4e33a28de9c19e71006 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-coverity-check + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + runAfter: + - coverity-availability-check + taskRef: + params: + - name: name + value: sast-coverity-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.2@sha256:97e4ba1ff49288194c74ddc1a42a9c4512c93d1f9e446a08b20aa90cfe4266ac + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - input: $(tasks.coverity-availability-check.results.STATUS) + operator: in + values: + - success + workspaces: + - name: source + workspace: workspace + - name: coverity-availability-check + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: coverity-availability-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check-oci-ta:0.2@sha256:8653d290298593e4db9457ab00d9160738c31c384b7615ee30626ccab6f96ed8 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-shell-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-shell-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:cb18cca3a211392e7f06dc7867bbb5bb269db7cb645d93c51585ff2954ef0a3a + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: sast-unicode-check + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-unicode-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:a1336d6f089eb4c05d09442a26836ccbd894bb5341e0275fa7d424ada4133d7d + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: apply-tags + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:fa7aa88ffe01eeeaa07c8720b27e50e27f6f136ef33595efaa16a0eb4598ea02 + - name: kind + value: task + resolver: bundles + - name: push-dockerfile + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: push-dockerfile + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:389dc0f7bb175b9ca04e79ee67352fedd62fff8b1d196029534cd5638c73a0fc + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace + - name: rpms-signature-scan + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:39cd56ffa26ff5edfd5bf9b61e902cae35a345c078cd9dcbc0737d30f3ce5ef1 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + - name: git-auth + optional: true + - name: netrc + optional: true + taskRunTemplate: {} + workspaces: + - name: workspace + volumeClaimTemplate: + metadata: + creationTimestamp: null + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: {} + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} From edfe184d91f8cc4fd1840d841c3c68bcf29e2ffa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ra=C3=BAl=20Hern=C3=A1ndez?= Date: Thu, 30 Jan 2025 16:20:35 +0100 Subject: [PATCH 11/43] fix dockerfile input --- .tekton/cnf-features-deploy-4-19-pull-request.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.tekton/cnf-features-deploy-4-19-pull-request.yaml b/.tekton/cnf-features-deploy-4-19-pull-request.yaml index e48a610714..a81358e5c4 100644 --- a/.tekton/cnf-features-deploy-4-19-pull-request.yaml +++ b/.tekton/cnf-features-deploy-4-19-pull-request.yaml @@ -27,7 +27,7 @@ spec: - name: image-expires-after value: 5d - name: dockerfile - value: ztp/resource-generator + value: ztp/resource-generator/Containerfile pipelineSpec: description: | This pipeline is ideal for building container images from a Containerfile while reducing network traffic. From 8c97f4f35f529d1d5084c0b08db2b0c5878e1078 Mon Sep 17 00:00:00 2001 From: Abraham Date: Thu, 30 Jan 2025 11:52:16 -0500 Subject: [PATCH 12/43] ztp: Comments, hard-coded path to ZTP_HOME from container --- ztp/Makefile | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/ztp/Makefile b/ztp/Makefile index c4803faa16..3bc66430e2 100644 --- a/ztp/Makefile +++ b/ztp/Makefile @@ -19,16 +19,24 @@ checkSourceCRsAnnotation: fi; \ done; \ -source-crs := source-crs + + +# ZTP_HOME is a temporary hard-coded path to site-generate container's ztp folder +# Should remain consistent across upstream, midstream and CI script +# https://github.com/openshift-kni/cnf-features-deploy/blob/master/ztp/resource-generator/Containerfile#L28C1-L28C23 +ZTP_HOME=/home/ztp/ +SOURCE_CRS := source-crs +# checkSourceCRsPath CI Job is to ensure source crs path length do not exceed 255 characters +# Related Issue: https://issues.redhat.com/browse/OCPBUGS-48244 checkSourceCRsPath: @failures=0; \ - for cr in $(shell find $(source-crs) -type f); do \ - path_length=$$(echo $$cr | wc -c); \ + for cr in $(shell find $(SOURCE_CRS) -type f); do \ + path_length=$$(echo -n ${ZTP_HOME}$$cr | wc -c); \ if [ $$path_length -gt 255 ]; then \ echo "File path too long: $$cr (length: $$path_length)"; \ (( failures += 1 )); \ else \ - echo "File path OK: $$cr (length: $$path_length)"; \ + echo "File path OK: ${ZTP_HOME}$$cr (length: $$path_length)"; \ fi; \ done; \ exit $$failures From 69bbdb21de410bca6c2cbb643559d5f3aa1a5707 Mon Sep 17 00:00:00 2001 From: Abraham Date: Thu, 30 Jan 2025 12:02:40 -0500 Subject: [PATCH 13/43] ztp: Note in readme file --- ztp/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ztp/README.md b/ztp/README.md index 305976d06a..d2341aaf6c 100644 --- a/ztp/README.md +++ b/ztp/README.md @@ -25,3 +25,7 @@ We suggest breaking down the site plan into components that are common, relevant * Site: IP addresses, SRIOV configuration We look forward to user feedback and will gladly accept pull requests and issues for consideration. + +## ZTP Guidelines + +To avoid issues due to filename length limitations (ISO standard: not greater than 255), please ensure files in the source-crs folder are within this limit. This includes the length of the full path as per ZTP_HOME set in the ztp-site-generate container. \ No newline at end of file From 70fe28cbbbfc3d9f1dfa072b5d9872c2b4871cac Mon Sep 17 00:00:00 2001 From: Abraham Date: Thu, 30 Jan 2025 12:05:42 -0500 Subject: [PATCH 14/43] ztp: ZTP_HOME variable --- ztp/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ztp/Makefile b/ztp/Makefile index 3bc66430e2..7c2eb0b22d 100644 --- a/ztp/Makefile +++ b/ztp/Makefile @@ -33,7 +33,7 @@ checkSourceCRsPath: for cr in $(shell find $(SOURCE_CRS) -type f); do \ path_length=$$(echo -n ${ZTP_HOME}$$cr | wc -c); \ if [ $$path_length -gt 255 ]; then \ - echo "File path too long: $$cr (length: $$path_length)"; \ + echo "File path too long: ${ZTP_HOME}$$cr (length: $$path_length)"; \ (( failures += 1 )); \ else \ echo "File path OK: ${ZTP_HOME}$$cr (length: $$path_length)"; \ From c77d6cfed49b97e0c8627ca253d8f6a55e044b9e Mon Sep 17 00:00:00 2001 From: Abraham Date: Thu, 30 Jan 2025 13:01:02 -0500 Subject: [PATCH 15/43] ztp: update readme --- ztp/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ztp/README.md b/ztp/README.md index d2341aaf6c..3006d31f71 100644 --- a/ztp/README.md +++ b/ztp/README.md @@ -28,4 +28,4 @@ We look forward to user feedback and will gladly accept pull requests and issues ## ZTP Guidelines -To avoid issues due to filename length limitations (ISO standard: not greater than 255), please ensure files in the source-crs folder are within this limit. This includes the length of the full path as per ZTP_HOME set in the ztp-site-generate container. \ No newline at end of file +To avoid issues due to filename length limitations (ISO 9660 with the Rock Ridge extension - not greater than 255 characters), please ensure files in the source-crs folder are within this limit. This includes the length of the full path as per ZTP_HOME set in the ztp-site-generate container. \ No newline at end of file From 178cc5224ac011088b2859fd122c0b3f863cc3be Mon Sep 17 00:00:00 2001 From: Irina Mihai Date: Thu, 30 Jan 2025 15:18:03 -0500 Subject: [PATCH 16/43] ztp: OCPBUGS-48088: Add monitoring label for openshift-logging ns --- .../required/cluster-logging/ClusterLogNS.yaml | 2 ++ ztp/source-crs/ClusterLogNS.yaml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/ztp/kube-compare-reference/required/cluster-logging/ClusterLogNS.yaml b/ztp/kube-compare-reference/required/cluster-logging/ClusterLogNS.yaml index 70e00a4d10..8115b96c18 100644 --- a/ztp/kube-compare-reference/required/cluster-logging/ClusterLogNS.yaml +++ b/ztp/kube-compare-reference/required/cluster-logging/ClusterLogNS.yaml @@ -5,3 +5,5 @@ metadata: annotations: workload.openshift.io/allowed: management ran.openshift.io/ztp-deploy-wave: "2" + labels: + openshift.io/cluster-monitoring: "true" diff --git a/ztp/source-crs/ClusterLogNS.yaml b/ztp/source-crs/ClusterLogNS.yaml index 70e00a4d10..8115b96c18 100644 --- a/ztp/source-crs/ClusterLogNS.yaml +++ b/ztp/source-crs/ClusterLogNS.yaml @@ -5,3 +5,5 @@ metadata: annotations: workload.openshift.io/allowed: management ran.openshift.io/ztp-deploy-wave: "2" + labels: + openshift.io/cluster-monitoring: "true" From 9f6519bcad582a3bf9ad61370cf229e4af6f4c9c Mon Sep 17 00:00:00 2001 From: Jim Ramsay Date: Thu, 30 Jan 2025 15:51:46 -0500 Subject: [PATCH 17/43] ztp: reference: Enable user customization of PTP priority1, priority2, and domainNumber fields Signed-off-by: Jim Ramsay --- ztp/kube-compare-reference/default_value.yaml | 16 ++++++++++++++++ .../optional/ptp-config/PtpConfigBoundary.yaml | 6 +++--- .../ptp-config/PtpConfigBoundaryForEvent.yaml | 6 +++--- .../ptp-config/PtpConfigDualCardGmWpc.yaml | 6 +++--- .../optional/ptp-config/PtpConfigGmWpc.yaml | 6 +++--- 5 files changed, 28 insertions(+), 12 deletions(-) diff --git a/ztp/kube-compare-reference/default_value.yaml b/ztp/kube-compare-reference/default_value.yaml index e132e482a8..87e8b8aac0 100644 --- a/ztp/kube-compare-reference/default_value.yaml +++ b/ztp/kube-compare-reference/default_value.yaml @@ -26,11 +26,19 @@ optional_ptp_config_PtpConfigBoundary: recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" + captureGroup_defaults: + priority1: 128 + priority2: 128 + domainNumber: 24 optional_ptp_config_PtpConfigBoundaryForEvent: - spec: recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" + captureGroup_defaults: + priority1: 128 + priority2: 128 + domainNumber: 24 optional_ptp_config_PtpConfigDualCardGmWpc: - spec: profile: @@ -50,6 +58,10 @@ optional_ptp_config_PtpConfigDualCardGmWpc: recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" + captureGroup_defaults: + priority1: 128 + priority2: 128 + domainNumber: 24 optional_ptp_config_PtpConfigForHA: - spec: recommend: @@ -95,6 +107,10 @@ optional_ptp_config_PtpConfigGmWpc: recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" + captureGroup_defaults: + priority1: 128 + priority2: 128 + domainNumber: 24 optional_ptp_config_PtpConfigSlaveForEvent: - spec: profile: diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundary.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundary.yaml index 2913c9b571..682b8ac153 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundary.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundary.yaml @@ -30,9 +30,9 @@ spec: # twoStepFlag 1 slaveOnly 0 - priority1 128 - priority2 128 - domainNumber 24 + priority1 (?[0-9]+) + priority2 (?[0-9]+) + domainNumber (?[0-9]+) #utc_offset 37 clockClass 248 clockAccuracy 0xFE diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundaryForEvent.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundaryForEvent.yaml index b305e4aa63..9598d033bd 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundaryForEvent.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundaryForEvent.yaml @@ -30,9 +30,9 @@ spec: # twoStepFlag 1 slaveOnly 0 - priority1 128 - priority2 128 - domainNumber 24 + priority1 (?[0-9]+) + priority2 (?[0-9]+) + domainNumber (?[0-9]+) #utc_offset 37 clockClass 248 clockAccuracy 0xFE diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml index e4941d3b7a..e664e22f86 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml @@ -137,9 +137,9 @@ spec: # Default Data Set # twoStepFlag 1 - priority1 128 - priority2 128 - domainNumber 24 + priority1 (?[0-9]+) + priority2 (?[0-9]+) + domainNumber (?[0-9]+) #utc_offset 37 clockClass 6 clockAccuracy 0x27 diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml index 554122f7f6..dc8f12a3e6 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml @@ -122,9 +122,9 @@ spec: # Default Data Set # twoStepFlag 1 - priority1 128 - priority2 128 - domainNumber 24 + priority1 (?[0-9]+) + priority2 (?[0-9]+) + domainNumber (?[0-9]+) #utc_offset 37 clockClass 6 clockAccuracy 0x27 From baec77550392256fdc9afa6874dee41fddd3a531 Mon Sep 17 00:00:00 2001 From: Vitaly Grinberg Date: Sun, 2 Feb 2025 12:27:15 +0200 Subject: [PATCH 18/43] ztp: remove phc2sys -w option This commit removes the `-w` option from T-GM ptp configuration. The option became obsolete in this configuration after the following upstream patches were introduced to the linuxptp project: https://lists.nwtime.org/sympa/arc/linuxptp-devel/2024-11/msg00026.html Signed-off-by: Vitaly Grinberg --- .../optional/ptp-config/PtpConfigDualCardGmWpc.yaml | 2 +- .../optional/ptp-config/PtpConfigGmWpc.yaml | 2 +- ztp/source-crs/PtpConfigDualCardGmWpc.yaml | 2 +- ztp/source-crs/PtpConfigGmWpc.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml index e4941d3b7a..ba6780dcd8 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml @@ -14,7 +14,7 @@ spec: {{- range .spec.profile }} - name: "grandmaster" ptp4lOpts: "-2 --summary_interval -4" - phc2sysOpts: -r -u 0 -m -w -N 8 -R 16 -s (?[[:alnum:]]+) -n 24 + phc2sysOpts: -r -u 0 -m -N 8 -R 16 -s (?[[:alnum:]]+) -n 24 ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml index 554122f7f6..d75ff494c2 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml @@ -12,7 +12,7 @@ spec: {{- range .spec.profile }} - name: "grandmaster" ptp4lOpts: "-2 --summary_interval -4" - phc2sysOpts: -r -u 0 -m -w -N 8 -R 16 -s (?[[:alnum:]]+) -n 24 + phc2sysOpts: -r -u 0 -m -N 8 -R 16 -s (?[[:alnum:]]+) -n 24 ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: diff --git a/ztp/source-crs/PtpConfigDualCardGmWpc.yaml b/ztp/source-crs/PtpConfigDualCardGmWpc.yaml index 60d87723d2..d455c3aa1c 100644 --- a/ztp/source-crs/PtpConfigDualCardGmWpc.yaml +++ b/ztp/source-crs/PtpConfigDualCardGmWpc.yaml @@ -13,7 +13,7 @@ spec: profile: - name: "grandmaster" ptp4lOpts: "-2 --summary_interval -4" - phc2sysOpts: -r -u 0 -m -w -N 8 -R 16 -s (?[[:alnum:]]+) -n 24 + phc2sysOpts: -r -u 0 -m -N 8 -R 16 -s (?[[:alnum:]]+) -n 24 ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: diff --git a/ztp/source-crs/PtpConfigGmWpc.yaml b/ztp/source-crs/PtpConfigGmWpc.yaml index 92cb78dc39..51c8bcf3cd 100644 --- a/ztp/source-crs/PtpConfigGmWpc.yaml +++ b/ztp/source-crs/PtpConfigGmWpc.yaml @@ -11,7 +11,7 @@ spec: profile: - name: "grandmaster" ptp4lOpts: "-2 --summary_interval -4" - phc2sysOpts: -r -u 0 -m -w -N 8 -R 16 -s (?[[:alnum:]]+) -n 24 + phc2sysOpts: -r -u 0 -m -N 8 -R 16 -s (?[[:alnum:]]+) -n 24 ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: From c1fce3fc6c0adf1550252dcf813cab924c2ff0cd Mon Sep 17 00:00:00 2001 From: Jim Ramsay Date: Thu, 30 Jan 2025 15:51:46 -0500 Subject: [PATCH 19/43] ztp: reference: Enable user customization of PTP priority1, priority2, and domainNumber fields Part 2: Include the phc2sys '-n' option for domainNumber, as well as all configs missed in the 1st commit. Signed-off-by: Jim Ramsay --- ztp/kube-compare-reference/default_value.yaml | 20 +++++++++++ ztp/kube-compare-reference/metadata.yaml | 36 +++++++++++++++++++ .../ptp-config/PtpConfigBoundary.yaml | 2 +- .../ptp-config/PtpConfigBoundaryForEvent.yaml | 2 +- .../ptp-config/PtpConfigDualCardGmWpc.yaml | 2 +- .../optional/ptp-config/PtpConfigForHA.yaml | 2 +- .../ptp-config/PtpConfigForHAForEvent.yaml | 2 +- .../optional/ptp-config/PtpConfigGmWpc.yaml | 2 +- .../optional/ptp-config/PtpConfigMaster.yaml | 8 ++--- .../ptp-config/PtpConfigMasterForEvent.yaml | 8 ++--- .../optional/ptp-config/PtpConfigSlave.yaml | 8 ++--- .../ptp-config/PtpConfigSlaveForEvent.yaml | 8 ++--- 12 files changed, 78 insertions(+), 22 deletions(-) diff --git a/ztp/kube-compare-reference/default_value.yaml b/ztp/kube-compare-reference/default_value.yaml index 87e8b8aac0..37c85a9276 100644 --- a/ztp/kube-compare-reference/default_value.yaml +++ b/ztp/kube-compare-reference/default_value.yaml @@ -67,11 +67,15 @@ optional_ptp_config_PtpConfigForHA: recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" + captureGroup_defaults: + domainNumber: 24 optional_ptp_config_PtpConfigForHAForEvent: - spec: recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" + captureGroup_defaults: + domainNumber: 24 optional_ptp_config_PtpConfigMaster: - spec: profile: @@ -79,6 +83,10 @@ optional_ptp_config_PtpConfigMaster: recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" + captureGroup_defaults: + priority1: 128 + priority2: 128 + domainNumber: 24 optional_ptp_config_PtpConfigMasterForEvent: - spec: profile: @@ -86,6 +94,10 @@ optional_ptp_config_PtpConfigMasterForEvent: recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" + captureGroup_defaults: + priority1: 128 + priority2: 128 + domainNumber: 24 optional_ptp_config_PtpConfigSlave: - spec: profile: @@ -93,6 +105,10 @@ optional_ptp_config_PtpConfigSlave: recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" + captureGroup_defaults: + priority1: 128 + priority2: 128 + domainNumber: 24 optional_ptp_config_PtpConfigGmWpc: - spec: profile: @@ -118,6 +134,10 @@ optional_ptp_config_PtpConfigSlaveForEvent: recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" + captureGroup_defaults: + priority1: 128 + priority2: 128 + domainNumber: 24 optional_ptp_config_PtpOperatorConfig: - spec: daemonNodeSelector: diff --git a/ztp/kube-compare-reference/metadata.yaml b/ztp/kube-compare-reference/metadata.yaml index 7a85d59dff..b4ca32b95b 100644 --- a/ztp/kube-compare-reference/metadata.yaml +++ b/ztp/kube-compare-reference/metadata.yaml @@ -208,6 +208,8 @@ parts: - path: optional/ptp-config/PtpConfigBoundary.yaml config: perField: + - pathToKey: spec.profile.0.phc2sysOpts + inlineDiffFunc: capturegroups - pathToKey: spec.profile.0.ptp4lConf inlineDiffFunc: capturegroups - path: optional/ptp-config/PtpConfigGmWpc.yaml @@ -229,15 +231,49 @@ parts: - pathToKey: spec.profile.0.ptp4lConf inlineDiffFunc: capturegroups - path: optional/ptp-config/PtpConfigForHA.yaml + config: + perField: + - pathToKey: spec.profile.0.phc2sysOpts + inlineDiffFunc: capturegroups - path: optional/ptp-config/PtpConfigMaster.yaml + config: + perField: + - pathToKey: spec.profile.0.phc2sysOpts + inlineDiffFunc: capturegroups + - pathToKey: spec.profile.0.ptp4lConf + inlineDiffFunc: capturegroups - path: optional/ptp-config/PtpConfigSlave.yaml + config: + perField: + - pathToKey: spec.profile.0.phc2sysOpts + inlineDiffFunc: capturegroups + - pathToKey: spec.profile.0.ptp4lConf + inlineDiffFunc: capturegroups # TODO: If one of these 4 is selected, they should be paired with 'PtpOperatorConfigForEvent.yaml' above - path: optional/ptp-config/PtpConfigSlaveForEvent.yaml + config: + perField: + - pathToKey: spec.profile.0.phc2sysOpts + inlineDiffFunc: capturegroups + - pathToKey: spec.profile.0.ptp4lConf + inlineDiffFunc: capturegroups - path: optional/ptp-config/PtpConfigForHAForEvent.yaml + config: + perField: + - pathToKey: spec.profile.0.phc2sysOpts + inlineDiffFunc: capturegroups - path: optional/ptp-config/PtpConfigMasterForEvent.yaml + config: + perField: + - pathToKey: spec.profile.0.phc2sysOpts + inlineDiffFunc: capturegroups + - pathToKey: spec.profile.0.ptp4lConf + inlineDiffFunc: capturegroups - path: optional/ptp-config/PtpConfigBoundaryForEvent.yaml config: perField: + - pathToKey: spec.profile.0.phc2sysOpts + inlineDiffFunc: capturegroups - pathToKey: spec.profile.0.ptp4lConf inlineDiffFunc: capturegroups - name: optional-console-disable diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundary.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundary.yaml index 682b8ac153..2af3a45f7b 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundary.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundary.yaml @@ -9,7 +9,7 @@ spec: profile: - name: "boundary" ptp4lOpts: "-2" - phc2sysOpts: "-a -r -n 24" + phc2sysOpts: "-a -r -n (?[0-9]+)" ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundaryForEvent.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundaryForEvent.yaml index 9598d033bd..cb960b08a6 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundaryForEvent.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundaryForEvent.yaml @@ -9,7 +9,7 @@ spec: profile: - name: "boundary" ptp4lOpts: "-2 --summary_interval -4" - phc2sysOpts: "-a -r -m -n 24 -N 8 -R 16" + phc2sysOpts: "-a -r -m -n (?[0-9]+) -N 8 -R 16" ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml index 76eb7011f1..ed01600b16 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml @@ -14,7 +14,7 @@ spec: {{- range .spec.profile }} - name: "grandmaster" ptp4lOpts: "-2 --summary_interval -4" - phc2sysOpts: -r -u 0 -m -N 8 -R 16 -s (?[[:alnum:]]+) -n 24 + phc2sysOpts: -r -u 0 -m -N 8 -R 16 -s (?[[:alnum:]]+) -n (?[0-9]+) ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigForHA.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigForHA.yaml index 4dd9d88014..6d09dfa658 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigForHA.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigForHA.yaml @@ -9,7 +9,7 @@ spec: profile: - name: "boundary-ha" ptp4lOpts: "" - phc2sysOpts: "-a -r -n 24" + phc2sysOpts: "-a -r -n (?[0-9]+)" ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigForHAForEvent.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigForHAForEvent.yaml index 72f156f6aa..77459bff4b 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigForHAForEvent.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigForHAForEvent.yaml @@ -9,7 +9,7 @@ spec: profile: - name: "boundary-ha" ptp4lOpts: "" - phc2sysOpts: "-a -r -m -n 24 -N 8 -R 16" + phc2sysOpts: "-a -r -m -n (?[0-9]+) -N 8 -R 16" ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml index b8c5387df5..a445e9ee70 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml @@ -12,7 +12,7 @@ spec: {{- range .spec.profile }} - name: "grandmaster" ptp4lOpts: "-2 --summary_interval -4" - phc2sysOpts: -r -u 0 -m -N 8 -R 16 -s (?[[:alnum:]]+) -n 24 + phc2sysOpts: -r -u 0 -m -N 8 -R 16 -s (?[[:alnum:]]+) -n (?[0-9]+) ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMaster.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMaster.yaml index ed0fbf1e53..b500ea0808 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMaster.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMaster.yaml @@ -14,7 +14,7 @@ spec: # The interface name is hardware-specific interface: {{ .interface }} ptp4lOpts: "-2" - phc2sysOpts: "-a -r -r -n 24" + phc2sysOpts: "-a -r -r -n (?[0-9]+)" ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: @@ -26,9 +26,9 @@ spec: # twoStepFlag 1 slaveOnly 0 - priority1 128 - priority2 128 - domainNumber 24 + priority1 (?[0-9]+) + priority2 (?[0-9]+) + domainNumber (?[0-9]+) #utc_offset 37 clockClass 255 clockAccuracy 0xFE diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMasterForEvent.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMasterForEvent.yaml index 375c05f13b..73b67e856d 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMasterForEvent.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMasterForEvent.yaml @@ -14,7 +14,7 @@ spec: # The interface name is hardware-specific interface: {{ .interface }} ptp4lOpts: "-2 --summary_interval -4" - phc2sysOpts: "-a -r -m -n 24 -N 8 -R 16" + phc2sysOpts: "-a -r -m -n (?[0-9]+) -N 8 -R 16" ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: @@ -26,9 +26,9 @@ spec: # twoStepFlag 1 slaveOnly 0 - priority1 128 - priority2 128 - domainNumber 24 + priority1 (?[0-9]+) + priority2 (?[0-9]+) + domainNumber (?[0-9]+) #utc_offset 37 clockClass 255 clockAccuracy 0xFE diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlave.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlave.yaml index 63af2d6a50..3ca06ad5fa 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlave.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlave.yaml @@ -12,7 +12,7 @@ spec: # The interface name is hardware-specific interface: {{ .interface }} ptp4lOpts: "-2 -s" - phc2sysOpts: "-a -r -n 24" + phc2sysOpts: "-a -r -n (?[0-9]+)" ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: @@ -24,9 +24,9 @@ spec: # twoStepFlag 1 slaveOnly 1 - priority1 128 - priority2 128 - domainNumber 24 + priority1 (?[0-9]+) + priority2 (?[0-9]+) + domainNumber (?[0-9]+) #utc_offset 37 clockClass 255 clockAccuracy 0xFE diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlaveForEvent.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlaveForEvent.yaml index 5d02f8732b..82c6936b8d 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlaveForEvent.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlaveForEvent.yaml @@ -12,7 +12,7 @@ spec: # The interface name is hardware-specific interface: {{ .interface }} ptp4lOpts: "-2 -s --summary_interval -4" - phc2sysOpts: "-a -r -m -n 24 -N 8 -R 16" + phc2sysOpts: "-a -r -m -n (?[0-9]+) -N 8 -R 16" ptpSchedulingPolicy: SCHED_FIFO ptpSchedulingPriority: 10 ptpSettings: @@ -24,9 +24,9 @@ spec: # twoStepFlag 1 slaveOnly 1 - priority1 128 - priority2 128 - domainNumber 24 + priority1 (?[0-9]+) + priority2 (?[0-9]+) + domainNumber (?[0-9]+) #utc_offset 37 clockClass 255 clockAccuracy 0xFE From 9fcd83e75559eaed5676125dde35424ca5a35a8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ra=C3=BAl=20Hern=C3=A1ndez?= Date: Mon, 3 Feb 2025 11:16:17 +0100 Subject: [PATCH 20/43] create OWNERS_ALIASES (konflux approvers) --- OWNERS_ALIASES | 3 +++ 1 file changed, 3 insertions(+) diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index 81a9c2f3f7..d45349557f 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -51,3 +51,6 @@ aliases: - sakhoury - sabbir-47 - irinamihai + KONFLUX-approvers: + - fontivan + - rauhersu From d7f7040bc41bb4e237f83d070d4817e7206a7d01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ra=C3=BAl=20Hern=C3=A1ndez?= Date: Mon, 3 Feb 2025 19:08:04 +0100 Subject: [PATCH 21/43] tekton owners + misc infra --- .tekton/OWNERS | 2 ++ .tekton/cnf-features-deploy-4-19-pull-request.yaml | 2 ++ .tekton/cnf-features-deploy-4-19-push.yaml | 2 ++ build-args-konflux.conf | 2 ++ 4 files changed, 8 insertions(+) create mode 100644 .tekton/OWNERS create mode 100644 build-args-konflux.conf diff --git a/.tekton/OWNERS b/.tekton/OWNERS new file mode 100644 index 0000000000..e4c42a57c3 --- /dev/null +++ b/.tekton/OWNERS @@ -0,0 +1,2 @@ +approvers: + - KONFLUX-approvers diff --git a/.tekton/cnf-features-deploy-4-19-pull-request.yaml b/.tekton/cnf-features-deploy-4-19-pull-request.yaml index a81358e5c4..1f422fcdb0 100644 --- a/.tekton/cnf-features-deploy-4-19-pull-request.yaml +++ b/.tekton/cnf-features-deploy-4-19-pull-request.yaml @@ -28,6 +28,8 @@ spec: value: 5d - name: dockerfile value: ztp/resource-generator/Containerfile + - name: build-args-file + value: build-args-konflux.conf pipelineSpec: description: | This pipeline is ideal for building container images from a Containerfile while reducing network traffic. diff --git a/.tekton/cnf-features-deploy-4-19-push.yaml b/.tekton/cnf-features-deploy-4-19-push.yaml index b0c5e8d17f..8b14057808 100644 --- a/.tekton/cnf-features-deploy-4-19-push.yaml +++ b/.tekton/cnf-features-deploy-4-19-push.yaml @@ -25,6 +25,8 @@ spec: value: quay.io/redhat-user-workloads/telco-5g-tenant/cnf-features-deploy-4-19:{{revision}} - name: dockerfile value: ztp/resource-generator + - name: build-args-file + value: build-args-konflux.conf pipelineSpec: description: | This pipeline is ideal for building container images from a Containerfile while reducing network traffic. diff --git a/build-args-konflux.conf b/build-args-konflux.conf new file mode 100644 index 0000000000..890877356e --- /dev/null +++ b/build-args-konflux.conf @@ -0,0 +1,2 @@ +ZTP_BUILD_IMAGE=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.22.9-202411201508.gd54e8ac.el8 +ZTP_RUNTIME_IMAGE=registry.redhat.io/ubi8/ubi-minimal:8.10-1154 From 48ba15b8189ccad9da6e033e0a2fda93ed14101a Mon Sep 17 00:00:00 2001 From: red-hat-konflux Date: Thu, 30 Jan 2025 14:38:25 +0000 Subject: [PATCH 22/43] Red Hat Konflux update cnf-features-deploy-4-19 Signed-off-by: red-hat-konflux --- ...cnf-features-deploy-4-19-pull-request.yaml | 616 ++++++++++++++++++ .tekton/cnf-features-deploy-4-19-push.yaml | 613 +++++++++++++++++ 2 files changed, 1229 insertions(+) create mode 100644 .tekton/cnf-features-deploy-4-19-pull-request.yaml create mode 100644 .tekton/cnf-features-deploy-4-19-push.yaml diff --git a/.tekton/cnf-features-deploy-4-19-pull-request.yaml b/.tekton/cnf-features-deploy-4-19-pull-request.yaml new file mode 100644 index 0000000000..e48a610714 --- /dev/null +++ b/.tekton/cnf-features-deploy-4-19-pull-request.yaml @@ -0,0 +1,616 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/openshift-kni/cnf-features-deploy?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch + == "master" + creationTimestamp: null + labels: + appstudio.openshift.io/application: ztp-site-generate-4-19 + appstudio.openshift.io/component: cnf-features-deploy-4-19 + pipelines.appstudio.openshift.io/type: build + name: cnf-features-deploy-4-19-on-pull-request + namespace: telco-5g-tenant +spec: + params: + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/redhat-user-workloads/telco-5g-tenant/cnf-features-deploy-4-19:on-pr-{{revision}} + - name: image-expires-after + value: 5d + - name: dockerfile + value: ztp/resource-generator + pipelineSpec: + description: | + This pipeline is ideal for building container images from a Containerfile while reducing network traffic. + + _Uses `buildah` to create a container image. It also optionally creates a source image and runs some build-time tests. EC will flag a violation for [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) if any tasks are added to the pipeline. + This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build?tab=tags)_ + finally: + - name: show-sbom + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + taskRef: + params: + - name: name + value: show-sbom + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 + - name: kind + value: task + resolver: bundles + - name: show-summary + params: + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: git-url + value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) + - name: image-url + value: $(params.output-image) + - name: build-task-status + value: $(tasks.build-image-index.status) + taskRef: + params: + - name: name + value: summary + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:870d9a04d9784840a90b7bf6817cd0d0c4edfcda04b1ba1868cae625a3c3bfcc + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: Path to the source code of an application's component from where + to build image. + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile inside the context specified by parameter + path-context + name: dockerfile + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched by Cachi2 + name: prefetch-input + type: string + - default: "" + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. + name: image-expires-after + - default: "false" + description: Build a source image. + name: build-source-image + type: string + - default: "false" + description: Add built image into an OCI image index + name: build-image-index + type: string + - default: [] + description: Array of --build-arg values ("arg=value" strings) for buildah + name: build-args + type: array + - default: "" + description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file + name: build-args-file + type: string + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + tasks: + - name: init + params: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: skip-checks + value: $(params.skip-checks) + taskRef: + params: + - name: name + value: init + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:4c6712db9419461b8c8a39523c012cb0dc061fb58563bb9170b3777d74f54659 + - name: kind + value: task + resolver: bundles + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + runAfter: + - init + taskRef: + params: + - name: name + value: git-clone + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:d091a9e19567a4cbdc5acd57903c71ba71dc51d749a4ba7477e689608851e981 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: prefetch-dependencies + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:20f76c14b756c745e315334dd0437cf4f6004763e2d23b27cf0f8e896fe2207c + - name: kind + value: task + resolver: bundles + when: + - input: $(params.prefetch-input) + operator: notin + values: + - "" + workspaces: + - name: source + workspace: workspace + - name: git-basic-auth + workspace: git-auth + - name: netrc + workspace: netrc + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + runAfter: + - prefetch-dependencies + taskRef: + params: + - name: name + value: buildah + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.3@sha256:9362d1e20b74c946c6c787ee2c82f202d7d131f06fccf55436b70feed295a757 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: build-image-index + params: + - name: IMAGE + value: $(params.output-image) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: ALWAYS_BUILD_INDEX + value: $(params.build-image-index) + - name: IMAGES + value: + - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) + runAfter: + - build-container + taskRef: + params: + - name: name + value: build-image-index + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:09344e6bda708f48ef759bbe84bce99515549f4cfdcbe89e417f695c19463260 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - name: build-source-image + params: + - name: BINARY_IMAGE + value: $(params.output-image) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: source-build + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:9d8f146d0474440165db38a3efdf55da73856de332ebf8d598197f92156ee44e + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - input: $(params.build-source-image) + operator: in + values: + - "true" + workspaces: + - name: workspace + workspace: workspace + - name: deprecated-base-image-check + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:241f87f75a6e4303fbd64b32ba1715d76fe3805c48a6c21829e6a564bcc3a576 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clair-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:4584647138af3efe5f1c523d0f56103c3b9647325634d17f04e2198a2c3c0c26 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: ecosystem-cert-preflight-checks + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: ecosystem-cert-preflight-checks + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:df8a25a3431a70544172ed4844f9d0c6229d39130633960729f825a031a7dea9 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-snyk-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.3@sha256:30cc34ccf6ca34e7f0951fd508fe4436d07388e7244baab77baf4ef9bdcefff4 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clamav-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:525ad6081d7d38082db057482bd9ecc59c38954656b1a4e33a28de9c19e71006 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-coverity-check + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + runAfter: + - coverity-availability-check + taskRef: + params: + - name: name + value: sast-coverity-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.2@sha256:97e4ba1ff49288194c74ddc1a42a9c4512c93d1f9e446a08b20aa90cfe4266ac + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - input: $(tasks.coverity-availability-check.results.STATUS) + operator: in + values: + - success + workspaces: + - name: source + workspace: workspace + - name: coverity-availability-check + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: coverity-availability-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check-oci-ta:0.2@sha256:8653d290298593e4db9457ab00d9160738c31c384b7615ee30626ccab6f96ed8 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-shell-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-shell-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:cb18cca3a211392e7f06dc7867bbb5bb269db7cb645d93c51585ff2954ef0a3a + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: sast-unicode-check + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-unicode-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:a1336d6f089eb4c05d09442a26836ccbd894bb5341e0275fa7d424ada4133d7d + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: apply-tags + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:fa7aa88ffe01eeeaa07c8720b27e50e27f6f136ef33595efaa16a0eb4598ea02 + - name: kind + value: task + resolver: bundles + - name: push-dockerfile + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: push-dockerfile + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:389dc0f7bb175b9ca04e79ee67352fedd62fff8b1d196029534cd5638c73a0fc + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace + - name: rpms-signature-scan + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:39cd56ffa26ff5edfd5bf9b61e902cae35a345c078cd9dcbc0737d30f3ce5ef1 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + - name: git-auth + optional: true + - name: netrc + optional: true + taskRunTemplate: {} + workspaces: + - name: workspace + volumeClaimTemplate: + metadata: + creationTimestamp: null + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: {} + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} diff --git a/.tekton/cnf-features-deploy-4-19-push.yaml b/.tekton/cnf-features-deploy-4-19-push.yaml new file mode 100644 index 0000000000..b0c5e8d17f --- /dev/null +++ b/.tekton/cnf-features-deploy-4-19-push.yaml @@ -0,0 +1,613 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/openshift-kni/cnf-features-deploy?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch + == "master" + creationTimestamp: null + labels: + appstudio.openshift.io/application: ztp-site-generate-4-19 + appstudio.openshift.io/component: cnf-features-deploy-4-19 + pipelines.appstudio.openshift.io/type: build + name: cnf-features-deploy-4-19-on-push + namespace: telco-5g-tenant +spec: + params: + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/redhat-user-workloads/telco-5g-tenant/cnf-features-deploy-4-19:{{revision}} + - name: dockerfile + value: ztp/resource-generator + pipelineSpec: + description: | + This pipeline is ideal for building container images from a Containerfile while reducing network traffic. + + _Uses `buildah` to create a container image. It also optionally creates a source image and runs some build-time tests. EC will flag a violation for [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) if any tasks are added to the pipeline. + This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build?tab=tags)_ + finally: + - name: show-sbom + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + taskRef: + params: + - name: name + value: show-sbom + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 + - name: kind + value: task + resolver: bundles + - name: show-summary + params: + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: git-url + value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) + - name: image-url + value: $(params.output-image) + - name: build-task-status + value: $(tasks.build-image-index.status) + taskRef: + params: + - name: name + value: summary + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:870d9a04d9784840a90b7bf6817cd0d0c4edfcda04b1ba1868cae625a3c3bfcc + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: Path to the source code of an application's component from where + to build image. + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile inside the context specified by parameter + path-context + name: dockerfile + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched by Cachi2 + name: prefetch-input + type: string + - default: "" + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. + name: image-expires-after + - default: "false" + description: Build a source image. + name: build-source-image + type: string + - default: "false" + description: Add built image into an OCI image index + name: build-image-index + type: string + - default: [] + description: Array of --build-arg values ("arg=value" strings) for buildah + name: build-args + type: array + - default: "" + description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file + name: build-args-file + type: string + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + tasks: + - name: init + params: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: skip-checks + value: $(params.skip-checks) + taskRef: + params: + - name: name + value: init + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:4c6712db9419461b8c8a39523c012cb0dc061fb58563bb9170b3777d74f54659 + - name: kind + value: task + resolver: bundles + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + runAfter: + - init + taskRef: + params: + - name: name + value: git-clone + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:d091a9e19567a4cbdc5acd57903c71ba71dc51d749a4ba7477e689608851e981 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: prefetch-dependencies + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:20f76c14b756c745e315334dd0437cf4f6004763e2d23b27cf0f8e896fe2207c + - name: kind + value: task + resolver: bundles + when: + - input: $(params.prefetch-input) + operator: notin + values: + - "" + workspaces: + - name: source + workspace: workspace + - name: git-basic-auth + workspace: git-auth + - name: netrc + workspace: netrc + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + runAfter: + - prefetch-dependencies + taskRef: + params: + - name: name + value: buildah + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.3@sha256:9362d1e20b74c946c6c787ee2c82f202d7d131f06fccf55436b70feed295a757 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: build-image-index + params: + - name: IMAGE + value: $(params.output-image) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: ALWAYS_BUILD_INDEX + value: $(params.build-image-index) + - name: IMAGES + value: + - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) + runAfter: + - build-container + taskRef: + params: + - name: name + value: build-image-index + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:09344e6bda708f48ef759bbe84bce99515549f4cfdcbe89e417f695c19463260 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - name: build-source-image + params: + - name: BINARY_IMAGE + value: $(params.output-image) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: source-build + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:9d8f146d0474440165db38a3efdf55da73856de332ebf8d598197f92156ee44e + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - input: $(params.build-source-image) + operator: in + values: + - "true" + workspaces: + - name: workspace + workspace: workspace + - name: deprecated-base-image-check + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:241f87f75a6e4303fbd64b32ba1715d76fe3805c48a6c21829e6a564bcc3a576 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clair-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:4584647138af3efe5f1c523d0f56103c3b9647325634d17f04e2198a2c3c0c26 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: ecosystem-cert-preflight-checks + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: ecosystem-cert-preflight-checks + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:df8a25a3431a70544172ed4844f9d0c6229d39130633960729f825a031a7dea9 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-snyk-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.3@sha256:30cc34ccf6ca34e7f0951fd508fe4436d07388e7244baab77baf4ef9bdcefff4 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clamav-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:525ad6081d7d38082db057482bd9ecc59c38954656b1a4e33a28de9c19e71006 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-coverity-check + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + runAfter: + - coverity-availability-check + taskRef: + params: + - name: name + value: sast-coverity-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.2@sha256:97e4ba1ff49288194c74ddc1a42a9c4512c93d1f9e446a08b20aa90cfe4266ac + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - input: $(tasks.coverity-availability-check.results.STATUS) + operator: in + values: + - success + workspaces: + - name: source + workspace: workspace + - name: coverity-availability-check + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: coverity-availability-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check-oci-ta:0.2@sha256:8653d290298593e4db9457ab00d9160738c31c384b7615ee30626ccab6f96ed8 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-shell-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-shell-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:cb18cca3a211392e7f06dc7867bbb5bb269db7cb645d93c51585ff2954ef0a3a + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: sast-unicode-check + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-unicode-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:a1336d6f089eb4c05d09442a26836ccbd894bb5341e0275fa7d424ada4133d7d + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: apply-tags + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:fa7aa88ffe01eeeaa07c8720b27e50e27f6f136ef33595efaa16a0eb4598ea02 + - name: kind + value: task + resolver: bundles + - name: push-dockerfile + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: push-dockerfile + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:389dc0f7bb175b9ca04e79ee67352fedd62fff8b1d196029534cd5638c73a0fc + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace + - name: rpms-signature-scan + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:39cd56ffa26ff5edfd5bf9b61e902cae35a345c078cd9dcbc0737d30f3ce5ef1 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + - name: git-auth + optional: true + - name: netrc + optional: true + taskRunTemplate: {} + workspaces: + - name: workspace + volumeClaimTemplate: + metadata: + creationTimestamp: null + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: {} + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} From 73f19b30214165668f73fdb2dbecdc69b92d9dfc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ra=C3=BAl=20Hern=C3=A1ndez?= Date: Thu, 30 Jan 2025 16:20:35 +0100 Subject: [PATCH 23/43] fix dockerfile input --- .tekton/cnf-features-deploy-4-19-pull-request.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.tekton/cnf-features-deploy-4-19-pull-request.yaml b/.tekton/cnf-features-deploy-4-19-pull-request.yaml index e48a610714..a81358e5c4 100644 --- a/.tekton/cnf-features-deploy-4-19-pull-request.yaml +++ b/.tekton/cnf-features-deploy-4-19-pull-request.yaml @@ -27,7 +27,7 @@ spec: - name: image-expires-after value: 5d - name: dockerfile - value: ztp/resource-generator + value: ztp/resource-generator/Containerfile pipelineSpec: description: | This pipeline is ideal for building container images from a Containerfile while reducing network traffic. From e0a84457a4bd9a8078e2c73e6896732c3559da98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ra=C3=BAl=20Hern=C3=A1ndez?= Date: Mon, 3 Feb 2025 11:16:17 +0100 Subject: [PATCH 24/43] create OWNERS_ALIASES (konflux approvers) --- OWNERS_ALIASES | 3 +++ 1 file changed, 3 insertions(+) diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index 81a9c2f3f7..d45349557f 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -51,3 +51,6 @@ aliases: - sakhoury - sabbir-47 - irinamihai + KONFLUX-approvers: + - fontivan + - rauhersu From adf0e5166f88bf3c2ffbf9ac0cfb8cd0dc4d79e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ra=C3=BAl=20Hern=C3=A1ndez?= Date: Mon, 3 Feb 2025 19:08:04 +0100 Subject: [PATCH 25/43] tekton owners + misc infra --- .tekton/OWNERS | 2 ++ .tekton/cnf-features-deploy-4-19-pull-request.yaml | 2 ++ .tekton/cnf-features-deploy-4-19-push.yaml | 2 ++ build-args-konflux.conf | 2 ++ 4 files changed, 8 insertions(+) create mode 100644 .tekton/OWNERS create mode 100644 build-args-konflux.conf diff --git a/.tekton/OWNERS b/.tekton/OWNERS new file mode 100644 index 0000000000..e4c42a57c3 --- /dev/null +++ b/.tekton/OWNERS @@ -0,0 +1,2 @@ +approvers: + - KONFLUX-approvers diff --git a/.tekton/cnf-features-deploy-4-19-pull-request.yaml b/.tekton/cnf-features-deploy-4-19-pull-request.yaml index a81358e5c4..1f422fcdb0 100644 --- a/.tekton/cnf-features-deploy-4-19-pull-request.yaml +++ b/.tekton/cnf-features-deploy-4-19-pull-request.yaml @@ -28,6 +28,8 @@ spec: value: 5d - name: dockerfile value: ztp/resource-generator/Containerfile + - name: build-args-file + value: build-args-konflux.conf pipelineSpec: description: | This pipeline is ideal for building container images from a Containerfile while reducing network traffic. diff --git a/.tekton/cnf-features-deploy-4-19-push.yaml b/.tekton/cnf-features-deploy-4-19-push.yaml index b0c5e8d17f..8b14057808 100644 --- a/.tekton/cnf-features-deploy-4-19-push.yaml +++ b/.tekton/cnf-features-deploy-4-19-push.yaml @@ -25,6 +25,8 @@ spec: value: quay.io/redhat-user-workloads/telco-5g-tenant/cnf-features-deploy-4-19:{{revision}} - name: dockerfile value: ztp/resource-generator + - name: build-args-file + value: build-args-konflux.conf pipelineSpec: description: | This pipeline is ideal for building container images from a Containerfile while reducing network traffic. diff --git a/build-args-konflux.conf b/build-args-konflux.conf new file mode 100644 index 0000000000..890877356e --- /dev/null +++ b/build-args-konflux.conf @@ -0,0 +1,2 @@ +ZTP_BUILD_IMAGE=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.22.9-202411201508.gd54e8ac.el8 +ZTP_RUNTIME_IMAGE=registry.redhat.io/ubi8/ubi-minimal:8.10-1154 From e6029cdb54b2084b55a8db1c66ca87f54c36a78e Mon Sep 17 00:00:00 2001 From: Jim Ramsay Date: Fri, 31 Jan 2025 09:21:13 -0500 Subject: [PATCH 26/43] ztp: reference: Make SriovOperatorConfig optional fields truly optional Signed-off-by: Jim Ramsay --- ztp/kube-compare-reference/default_value.yaml | 6 ++++++ .../required/sriov-operator/SriovOperatorConfig.yaml | 6 ++++++ .../sriov-operator/SriovOperatorConfigForSNO.yaml | 10 ++++++++-- ztp/source-crs/SriovOperatorConfigForSNO.yaml | 4 ++-- 4 files changed, 22 insertions(+), 4 deletions(-) diff --git a/ztp/kube-compare-reference/default_value.yaml b/ztp/kube-compare-reference/default_value.yaml index 37c85a9276..798c6f0939 100644 --- a/ztp/kube-compare-reference/default_value.yaml +++ b/ztp/kube-compare-reference/default_value.yaml @@ -273,10 +273,16 @@ required_sriov_operator_SriovOperatorConfig: - spec: configDaemonNodeSelector: "node-role.kubernetes.io/$mcp": "" + enableInjector: false + enableOperatorWebhook: false + logLevel: 0 required_sriov_operator_SriovOperatorConfigForSNO: - spec: configDaemonNodeSelector: "node-role.kubernetes.io/$mcp": "" + enableInjector: false + enableOperatorWebhook: false + logLevel: 0 required_sriov_operator_SriovSubscription: - spec: source: redhat-operators-disconnected diff --git a/ztp/kube-compare-reference/required/sriov-operator/SriovOperatorConfig.yaml b/ztp/kube-compare-reference/required/sriov-operator/SriovOperatorConfig.yaml index ebcb917cc7..c831693162 100644 --- a/ztp/kube-compare-reference/required/sriov-operator/SriovOperatorConfig.yaml +++ b/ztp/kube-compare-reference/required/sriov-operator/SriovOperatorConfig.yaml @@ -23,6 +23,12 @@ spec: # openshift.io/: "1" # requests: # openshift.io/: "1" + {{- if hasKey .spec "enableInjector" }} enableInjector: false + {{- end }} + {{- if hasKey .spec "enableOperatorWebhook" }} enableOperatorWebhook: false + {{- end }} + {{- if hasKey .spec "logLevel" }} logLevel: 0 + {{- end }} diff --git a/ztp/kube-compare-reference/required/sriov-operator/SriovOperatorConfigForSNO.yaml b/ztp/kube-compare-reference/required/sriov-operator/SriovOperatorConfigForSNO.yaml index 05209f4775..fa275254de 100644 --- a/ztp/kube-compare-reference/required/sriov-operator/SriovOperatorConfigForSNO.yaml +++ b/ztp/kube-compare-reference/required/sriov-operator/SriovOperatorConfigForSNO.yaml @@ -23,8 +23,14 @@ spec: # openshift.io/: "1" # requests: # openshift.io/: "1" - enableInjector: false - enableOperatorWebhook: false # Disable drain is needed for Single Node Openshift disableDrain: true + {{- if hasKey .spec "enableInjector" }} + enableInjector: false + {{- end }} + {{- if hasKey .spec "enableOperatorWebhook" }} + enableOperatorWebhook: false + {{- end }} + {{- if hasKey .spec "logLevel" }} logLevel: 0 + {{- end }} diff --git a/ztp/source-crs/SriovOperatorConfigForSNO.yaml b/ztp/source-crs/SriovOperatorConfigForSNO.yaml index 04d8c242dc..80b35f6743 100644 --- a/ztp/source-crs/SriovOperatorConfigForSNO.yaml +++ b/ztp/source-crs/SriovOperatorConfigForSNO.yaml @@ -21,8 +21,8 @@ spec: # openshift.io/: "1" # requests: # openshift.io/: "1" - enableInjector: false - enableOperatorWebhook: false # Disable drain is needed for Single Node Openshift disableDrain: true + enableInjector: false + enableOperatorWebhook: false logLevel: 0 From c50c3ca17dc34ece9a65c84074e052f83915d648 Mon Sep 17 00:00:00 2001 From: Abraham Date: Tue, 4 Feb 2025 11:28:58 -0500 Subject: [PATCH 27/43] ztp: ci check for source-crs,extra-manifests,argocd subscriptions and kube-compare references --- ztp/Makefile | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/ztp/Makefile b/ztp/Makefile index 7c2eb0b22d..1c27cb5af7 100644 --- a/ztp/Makefile +++ b/ztp/Makefile @@ -1,6 +1,6 @@ -.PHONY: ci-job test-policygen checkExtraManifests checkSourceCRsAnnotation test-policygen-kustomize test-siteconfig test-siteconfig-kustomize test-acm-ztp-generated-policies check-reference checkSourceCRsPath +.PHONY: ci-job test-policygen checkExtraManifests checkSourceCRsAnnotation test-policygen-kustomize test-siteconfig test-siteconfig-kustomize test-acm-ztp-generated-policies check-reference checkSourceCRsPath checkArgoCDPath checkKubeCompareRefPath -ci-job: test-policygen checkExtraManifests checkSourceCRsAnnotation test-policygen-kustomize test-siteconfig test-siteconfig-kustomize test-acm-ztp-generated-policies check-reference checkSourceCRsPath +ci-job: test-policygen checkExtraManifests checkSourceCRsAnnotation test-policygen-kustomize test-siteconfig test-siteconfig-kustomize test-acm-ztp-generated-policies check-reference checkSourceCRsPath checkArgoCDPath checkKubeCompareRefPath test-policygen: @echo "ZTP: Build policy generator and run test" @@ -19,18 +19,15 @@ checkSourceCRsAnnotation: fi; \ done; \ - - # ZTP_HOME is a temporary hard-coded path to site-generate container's ztp folder # Should remain consistent across upstream, midstream and CI script # https://github.com/openshift-kni/cnf-features-deploy/blob/master/ztp/resource-generator/Containerfile#L28C1-L28C23 ZTP_HOME=/home/ztp/ -SOURCE_CRS := source-crs -# checkSourceCRsPath CI Job is to ensure source crs path length do not exceed 255 characters -# Related Issue: https://issues.redhat.com/browse/OCPBUGS-48244 -checkSourceCRsPath: + +# checkFilePath function ensures that filenames in this repo are not greater than 255. +checkFilePath: @failures=0; \ - for cr in $(shell find $(SOURCE_CRS) -type f); do \ + for cr in $(shell find $(CUSTOM_RESOURCE) -type f); do \ path_length=$$(echo -n ${ZTP_HOME}$$cr | wc -c); \ if [ $$path_length -gt 255 ]; then \ echo "File path too long: ${ZTP_HOME}$$cr (length: $$path_length)"; \ @@ -41,6 +38,15 @@ checkSourceCRsPath: done; \ exit $$failures +# CI jobs defined below ensure source crs path length do not exceed 255 characters +# Related Issue: https://issues.redhat.com/browse/OCPBUGS-48244 +checkSourceCRsPath: + $(MAKE) CUSTOM_RESOURCE=source-crs checkFilePath +checkArgoCDPath: + $(MAKE) CUSTOM_RESOURCE=gitops-subscriptions/argocd checkFilePath +checkKubeCompareRefPath: + $(MAKE) CUSTOM_RESOURCE=kube-compare-reference checkFilePath + test-policygen-kustomize: @echo "ZTP: Build policy generator kustomize plugin and run test" $(MAKE) -C ./policygenerator-kustomize-plugin test From fc63f9bc250bc8c10113887955ec7745c7d19d8a Mon Sep 17 00:00:00 2001 From: Jim Ramsay Date: Tue, 4 Feb 2025 12:14:56 -0500 Subject: [PATCH 28/43] ztp: Set up ptpClockThreshold in source-crs and reference templates This change allows ptpClockThreshold to be set in all PtpConfig scenarios, and also provides default values for the *ForEvent examples in source-crs. Signed-off-by: Jim Ramsay --- ztp/kube-compare-reference/default_value.yaml | 30 +++++++++++++++++++ .../ptp-config/PtpConfigBoundary.yaml | 6 ++++ .../ptp-config/PtpConfigBoundaryForEvent.yaml | 6 ++++ .../ptp-config/PtpConfigDualCardGmWpc.yaml | 4 +++ .../optional/ptp-config/PtpConfigForHA.yaml | 6 ++++ .../ptp-config/PtpConfigForHAForEvent.yaml | 6 ++++ .../optional/ptp-config/PtpConfigGmWpc.yaml | 4 +++ .../optional/ptp-config/PtpConfigMaster.yaml | 4 +++ .../ptp-config/PtpConfigMasterForEvent.yaml | 4 +++ .../optional/ptp-config/PtpConfigSlave.yaml | 4 +++ .../ptp-config/PtpConfigSlaveForEvent.yaml | 4 +++ ztp/source-crs/PtpConfigBoundaryForEvent.yaml | 4 +++ ztp/source-crs/PtpConfigDualCardGmWpc.yaml | 4 +++ ztp/source-crs/PtpConfigForHAForEvent.yaml | 4 +++ ztp/source-crs/PtpConfigGmWpc.yaml | 4 +++ ztp/source-crs/PtpConfigMasterForEvent.yaml | 4 +++ ztp/source-crs/PtpConfigSlaveForEvent.yaml | 4 +++ 17 files changed, 102 insertions(+) diff --git a/ztp/kube-compare-reference/default_value.yaml b/ztp/kube-compare-reference/default_value.yaml index 37c85a9276..558ace0ee2 100644 --- a/ztp/kube-compare-reference/default_value.yaml +++ b/ztp/kube-compare-reference/default_value.yaml @@ -23,6 +23,8 @@ optional_local_storage_operator_StorageSubscription: source: redhat-operators-disconnected optional_ptp_config_PtpConfigBoundary: - spec: + profile: + - placeholder: true recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" @@ -32,6 +34,11 @@ optional_ptp_config_PtpConfigBoundary: domainNumber: 24 optional_ptp_config_PtpConfigBoundaryForEvent: - spec: + profile: + - ptpClockThreshold: + holdOverTimeout: 5 + maxOffsetThreshold: 100 + minOffsetThreshold: -100 recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" @@ -55,6 +62,10 @@ optional_ptp_config_PtpConfigDualCardGmWpc: SMA2: 0 2 U.FL1: 0 1 U.FL2: 0 2 + ptpClockThreshold: + holdOverTimeout: 5 + maxOffsetThreshold: 100 + minOffsetThreshold: -100 recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" @@ -64,6 +75,8 @@ optional_ptp_config_PtpConfigDualCardGmWpc: domainNumber: 24 optional_ptp_config_PtpConfigForHA: - spec: + profile: + - placeholder: true recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" @@ -71,6 +84,11 @@ optional_ptp_config_PtpConfigForHA: domainNumber: 24 optional_ptp_config_PtpConfigForHAForEvent: - spec: + profile: + - ptpClockThreshold: + holdOverTimeout: 5 + maxOffsetThreshold: 100 + minOffsetThreshold: -100 recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" @@ -91,6 +109,10 @@ optional_ptp_config_PtpConfigMasterForEvent: - spec: profile: - interface: $interface + ptpClockThreshold: + holdOverTimeout: 5 + maxOffsetThreshold: 100 + minOffsetThreshold: -100 recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" @@ -120,6 +142,10 @@ optional_ptp_config_PtpConfigGmWpc: SMA2: 0 2 U.FL1: 0 1 U.FL2: 0 2 + ptpClockThreshold: + holdOverTimeout: 5 + maxOffsetThreshold: 100 + minOffsetThreshold: -100 recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" @@ -131,6 +157,10 @@ optional_ptp_config_PtpConfigSlaveForEvent: - spec: profile: - interface: $interface + ptpClockThreshold: + holdOverTimeout: 5 + maxOffsetThreshold: 100 + minOffsetThreshold: -100 recommend: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundary.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundary.yaml index 2af3a45f7b..5165db9352 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundary.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundary.yaml @@ -7,6 +7,7 @@ metadata: ran.openshift.io/ztp-deploy-wave: "10" spec: profile: + {{- range .spec.profile }} - name: "boundary" ptp4lOpts: "-2" phc2sysOpts: "-a -r -n (?[0-9]+)" @@ -125,6 +126,11 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0xA0 + {{- if .ptpClockThreshold }} + ptpClockThreshold: + {{- .ptpClockThreshold | toYaml | nindent 6 }} + {{- end }} + {{- end }} recommend: {{- range .spec.recommend }} - profile: "boundary" diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundaryForEvent.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundaryForEvent.yaml index cb960b08a6..cf06e9c6d3 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundaryForEvent.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundaryForEvent.yaml @@ -7,6 +7,7 @@ metadata: ran.openshift.io/ztp-deploy-wave: "10" spec: profile: + {{- range .spec.profile }} - name: "boundary" ptp4lOpts: "-2 --summary_interval -4" phc2sysOpts: "-a -r -m -n (?[0-9]+) -N 8 -R 16" @@ -125,6 +126,11 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0xA0 + {{- if .ptpClockThreshold }} + ptpClockThreshold: + {{- .ptpClockThreshold | toYaml | nindent 6 }} + {{- end }} + {{- end }} recommend: {{- range .spec.recommend }} - profile: "boundary" diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml index ed01600b16..893b1b65b4 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml @@ -231,6 +231,10 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0x20 + {{- if .ptpClockThreshold }} + ptpClockThreshold: + {{- .ptpClockThreshold | toYaml | nindent 6 }} + {{- end }} {{- end }} recommend: {{- range .spec.recommend }} diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigForHA.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigForHA.yaml index 6d09dfa658..641052d604 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigForHA.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigForHA.yaml @@ -7,6 +7,7 @@ metadata: ran.openshift.io/ztp-deploy-wave: "10" spec: profile: + {{- range .spec.profile }} - name: "boundary-ha" ptp4lOpts: "" phc2sysOpts: "-a -r -n (?[0-9]+)" @@ -15,6 +16,11 @@ spec: ptpSettings: logReduce: "true" haProfiles: "$profile1,$profile2" + {{- if .ptpClockThreshold }} + ptpClockThreshold: + {{- .ptpClockThreshold | toYaml | nindent 8 }} + {{- end }} + {{- end }} recommend: {{- range .spec.recommend }} - profile: "boundary-ha" diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigForHAForEvent.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigForHAForEvent.yaml index 77459bff4b..a8714d371e 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigForHAForEvent.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigForHAForEvent.yaml @@ -7,6 +7,7 @@ metadata: ran.openshift.io/ztp-deploy-wave: "10" spec: profile: + {{- range .spec.profile }} - name: "boundary-ha" ptp4lOpts: "" phc2sysOpts: "-a -r -m -n (?[0-9]+) -N 8 -R 16" @@ -15,6 +16,11 @@ spec: ptpSettings: logReduce: "true" haProfiles: "$profile1,$profile2" + {{- if .ptpClockThreshold }} + ptpClockThreshold: + {{- .ptpClockThreshold | toYaml | nindent 8 }} + {{- end }} + {{- end }} recommend: {{- range .spec.recommend }} - profile: "boundary-ha" diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml index a445e9ee70..1839287fdf 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml @@ -216,6 +216,10 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0x20 + {{- if .ptpClockThreshold }} + ptpClockThreshold: + {{- .ptpClockThreshold | toYaml | nindent 6 }} + {{- end }} {{- end }} recommend: {{- range .spec.recommend }} diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMaster.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMaster.yaml index b500ea0808..0385de9441 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMaster.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMaster.yaml @@ -121,6 +121,10 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0xA0 + {{- if .ptpClockThreshold }} + ptpClockThreshold: + {{- .ptpClockThreshold | toYaml | nindent 6 }} + {{- end }} {{- end }} recommend: {{- range .spec.recommend }} diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMasterForEvent.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMasterForEvent.yaml index 73b67e856d..b5da6cba56 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMasterForEvent.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMasterForEvent.yaml @@ -121,6 +121,10 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0xA0 + {{- if .ptpClockThreshold }} + ptpClockThreshold: + {{- .ptpClockThreshold | toYaml | nindent 6 }} + {{- end }} {{- end }} recommend: {{- range .spec.recommend }} diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlave.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlave.yaml index 3ca06ad5fa..0336445d14 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlave.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlave.yaml @@ -119,6 +119,10 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0xA0 + {{- if .ptpClockThreshold }} + ptpClockThreshold: + {{- .ptpClockThreshold | toYaml | nindent 6 }} + {{- end }} {{- end }} recommend: {{- range .spec.recommend }} diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlaveForEvent.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlaveForEvent.yaml index 82c6936b8d..0b601d3929 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlaveForEvent.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlaveForEvent.yaml @@ -119,6 +119,10 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0xA0 + {{- if .ptpClockThreshold }} + ptpClockThreshold: + {{- .ptpClockThreshold | toYaml | nindent 6 }} + {{- end }} {{- end }} recommend: {{- range .spec.recommend }} diff --git a/ztp/source-crs/PtpConfigBoundaryForEvent.yaml b/ztp/source-crs/PtpConfigBoundaryForEvent.yaml index 1596fb25d0..d393b8d4ef 100644 --- a/ztp/source-crs/PtpConfigBoundaryForEvent.yaml +++ b/ztp/source-crs/PtpConfigBoundaryForEvent.yaml @@ -125,6 +125,10 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0xA0 + ptpClockThreshold: + holdOverTimeout: 5 + maxOffsetThreshold: 100 + minOffsetThreshold: -100 recommend: - profile: "boundary" priority: 4 diff --git a/ztp/source-crs/PtpConfigDualCardGmWpc.yaml b/ztp/source-crs/PtpConfigDualCardGmWpc.yaml index d455c3aa1c..52e020db49 100644 --- a/ztp/source-crs/PtpConfigDualCardGmWpc.yaml +++ b/ztp/source-crs/PtpConfigDualCardGmWpc.yaml @@ -239,6 +239,10 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0x20 + ptpClockThreshold: + holdOverTimeout: 5 + maxOffsetThreshold: 100 + minOffsetThreshold: -100 recommend: - profile: "grandmaster" priority: 4 diff --git a/ztp/source-crs/PtpConfigForHAForEvent.yaml b/ztp/source-crs/PtpConfigForHAForEvent.yaml index 21cdab9a52..2babafc34c 100644 --- a/ztp/source-crs/PtpConfigForHAForEvent.yaml +++ b/ztp/source-crs/PtpConfigForHAForEvent.yaml @@ -15,6 +15,10 @@ spec: ptpSettings: logReduce: "true" haProfiles: "$profile1,$profile2" + ptpClockThreshold: + holdOverTimeout: 5 + maxOffsetThreshold: 100 + minOffsetThreshold: -100 recommend: - profile: "boundary-ha" priority: 4 diff --git a/ztp/source-crs/PtpConfigGmWpc.yaml b/ztp/source-crs/PtpConfigGmWpc.yaml index 51c8bcf3cd..1cd95c4485 100644 --- a/ztp/source-crs/PtpConfigGmWpc.yaml +++ b/ztp/source-crs/PtpConfigGmWpc.yaml @@ -219,6 +219,10 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0x20 + ptpClockThreshold: + holdOverTimeout: 5 + maxOffsetThreshold: 100 + minOffsetThreshold: -100 recommend: - profile: "grandmaster" priority: 4 diff --git a/ztp/source-crs/PtpConfigMasterForEvent.yaml b/ztp/source-crs/PtpConfigMasterForEvent.yaml index 3ca627f9be..24ee6d80b7 100644 --- a/ztp/source-crs/PtpConfigMasterForEvent.yaml +++ b/ztp/source-crs/PtpConfigMasterForEvent.yaml @@ -120,6 +120,10 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0xA0 + ptpClockThreshold: + holdOverTimeout: 5 + maxOffsetThreshold: 100 + minOffsetThreshold: -100 recommend: - profile: "grandmaster" priority: 4 diff --git a/ztp/source-crs/PtpConfigSlaveForEvent.yaml b/ztp/source-crs/PtpConfigSlaveForEvent.yaml index abec5b80fe..f4be095276 100644 --- a/ztp/source-crs/PtpConfigSlaveForEvent.yaml +++ b/ztp/source-crs/PtpConfigSlaveForEvent.yaml @@ -118,6 +118,10 @@ spec: manufacturerIdentity 00:00:00 userDescription ; timeSource 0xA0 + ptpClockThreshold: + holdOverTimeout: 5 + maxOffsetThreshold: 100 + minOffsetThreshold: -100 recommend: - profile: "slave" priority: 4 From ef9008348817a2c075e0aefe1f480c9107b3bf5a Mon Sep 17 00:00:00 2001 From: Jim Ramsay Date: Tue, 4 Feb 2025 17:22:30 -0500 Subject: [PATCH 29/43] ztp: Default WPC-GM MaxInSpecOffset to 1500 and allow user configuration of all settings values Signed-off-by: Jim Ramsay --- ztp/kube-compare-reference/default_value.yaml | 8 ++++++++ .../optional/ptp-config/PtpConfigDualCardGmWpc.yaml | 4 +--- .../optional/ptp-config/PtpConfigGmWpc.yaml | 4 +--- ztp/source-crs/PtpConfigDualCardGmWpc.yaml | 4 ++-- ztp/source-crs/PtpConfigGmWpc.yaml | 4 ++-- 5 files changed, 14 insertions(+), 10 deletions(-) diff --git a/ztp/kube-compare-reference/default_value.yaml b/ztp/kube-compare-reference/default_value.yaml index 37c85a9276..5a65aad144 100644 --- a/ztp/kube-compare-reference/default_value.yaml +++ b/ztp/kube-compare-reference/default_value.yaml @@ -44,6 +44,10 @@ optional_ptp_config_PtpConfigDualCardGmWpc: profile: - plugins: e810: + settings: + LocalMaxHoldoverOffSet: 1500 + LocalHoldoverTimeout: 14400 + MaxInSpecOffset: 1500 pins: $iface_timeTx1: SMA1: 2 1 @@ -114,6 +118,10 @@ optional_ptp_config_PtpConfigGmWpc: profile: - plugins: e810: + settings: + LocalMaxHoldoverOffSet: 1500 + LocalHoldoverTimeout: 14400 + MaxInSpecOffset: 1500 pins: $iface_timeTx: SMA1: 0 1 diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml index ed01600b16..523e8c5601 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml @@ -23,9 +23,7 @@ spec: e810: enableDefaultConfig: false settings: - LocalMaxHoldoverOffSet: 1500 - LocalHoldoverTimeout: 14400 - MaxInSpecOffset: 100 + {{- .plugins.e810.settings | toYaml | nindent 10 }} pins: # Syntax guide: # - The 1st number in each pair must be one of: diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml index a445e9ee70..2beecadf4b 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml @@ -21,9 +21,7 @@ spec: e810: enableDefaultConfig: false settings: - LocalMaxHoldoverOffSet: 1500 - LocalHoldoverTimeout: 14400 - MaxInSpecOffset: 100 + {{- .plugins.e810.settings | toYaml | nindent 10 }} pins: # Syntax guide: # - The 1st number in each pair must be one of: diff --git a/ztp/source-crs/PtpConfigDualCardGmWpc.yaml b/ztp/source-crs/PtpConfigDualCardGmWpc.yaml index d455c3aa1c..ec38ccea66 100644 --- a/ztp/source-crs/PtpConfigDualCardGmWpc.yaml +++ b/ztp/source-crs/PtpConfigDualCardGmWpc.yaml @@ -22,9 +22,9 @@ spec: e810: enableDefaultConfig: false settings: - LocalMaxHoldoverOffSet: 1500 LocalHoldoverTimeout: 14400 - MaxInSpecOffset: 100 + LocalMaxHoldoverOffSet: 1500 + MaxInSpecOffset: 1500 pins: # Syntax guide: # - The 1st number in each pair must be one of: diff --git a/ztp/source-crs/PtpConfigGmWpc.yaml b/ztp/source-crs/PtpConfigGmWpc.yaml index 51c8bcf3cd..a0a63ad193 100644 --- a/ztp/source-crs/PtpConfigGmWpc.yaml +++ b/ztp/source-crs/PtpConfigGmWpc.yaml @@ -20,9 +20,9 @@ spec: e810: enableDefaultConfig: false settings: - LocalMaxHoldoverOffSet: 1500 LocalHoldoverTimeout: 14400 - MaxInSpecOffset: 100 + LocalMaxHoldoverOffSet: 1500 + MaxInSpecOffset: 1500 pins: # Syntax guide: # - The 1st number in each pair must be one of: From c3ae4c28bd23ea085ff0072be4ca08228f1c0476 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ra=C3=BAl=20Hern=C3=A1ndez?= Date: Wed, 5 Feb 2025 13:57:26 +0100 Subject: [PATCH 30/43] fix ownership (needs lowercase references) --- .tekton/OWNERS | 2 +- OWNERS_ALIASES | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.tekton/OWNERS b/.tekton/OWNERS index e4c42a57c3..3a2950f574 100644 --- a/.tekton/OWNERS +++ b/.tekton/OWNERS @@ -1,2 +1,2 @@ approvers: - - KONFLUX-approvers + - konflux-approvers diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index d45349557f..1b3cd4ff2c 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -51,6 +51,6 @@ aliases: - sakhoury - sabbir-47 - irinamihai - KONFLUX-approvers: + konflux-approvers: - fontivan - rauhersu From c5136599b8352551477da9fb2ac605f70fa8323b Mon Sep 17 00:00:00 2001 From: Jim Ramsay Date: Thu, 6 Feb 2025 10:29:58 -0500 Subject: [PATCH 31/43] ztp: Enforce PTP priority1 field must be 128 for telco ABMCA For now we are supporting the G.8275.1 PTP profile for telco. The priority1 field must be set to 128 for this profile and should not be user-customizeable. Signed-off-by: Jim Ramsay --- ztp/kube-compare-reference/default_value.yaml | 8 -------- .../optional/ptp-config/PtpConfigBoundary.yaml | 2 +- .../optional/ptp-config/PtpConfigBoundaryForEvent.yaml | 2 +- .../optional/ptp-config/PtpConfigDualCardGmWpc.yaml | 2 +- .../optional/ptp-config/PtpConfigGmWpc.yaml | 2 +- .../optional/ptp-config/PtpConfigMaster.yaml | 2 +- .../optional/ptp-config/PtpConfigMasterForEvent.yaml | 2 +- .../optional/ptp-config/PtpConfigSlave.yaml | 2 +- .../optional/ptp-config/PtpConfigSlaveForEvent.yaml | 2 +- 9 files changed, 8 insertions(+), 16 deletions(-) diff --git a/ztp/kube-compare-reference/default_value.yaml b/ztp/kube-compare-reference/default_value.yaml index c3a5921874..5c97b6acae 100644 --- a/ztp/kube-compare-reference/default_value.yaml +++ b/ztp/kube-compare-reference/default_value.yaml @@ -29,7 +29,6 @@ optional_ptp_config_PtpConfigBoundary: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" captureGroup_defaults: - priority1: 128 priority2: 128 domainNumber: 24 optional_ptp_config_PtpConfigBoundaryForEvent: @@ -43,7 +42,6 @@ optional_ptp_config_PtpConfigBoundaryForEvent: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" captureGroup_defaults: - priority1: 128 priority2: 128 domainNumber: 24 optional_ptp_config_PtpConfigDualCardGmWpc: @@ -74,7 +72,6 @@ optional_ptp_config_PtpConfigDualCardGmWpc: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" captureGroup_defaults: - priority1: 128 priority2: 128 domainNumber: 24 optional_ptp_config_PtpConfigForHA: @@ -106,7 +103,6 @@ optional_ptp_config_PtpConfigMaster: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" captureGroup_defaults: - priority1: 128 priority2: 128 domainNumber: 24 optional_ptp_config_PtpConfigMasterForEvent: @@ -121,7 +117,6 @@ optional_ptp_config_PtpConfigMasterForEvent: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" captureGroup_defaults: - priority1: 128 priority2: 128 domainNumber: 24 optional_ptp_config_PtpConfigSlave: @@ -132,7 +127,6 @@ optional_ptp_config_PtpConfigSlave: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" captureGroup_defaults: - priority1: 128 priority2: 128 domainNumber: 24 optional_ptp_config_PtpConfigGmWpc: @@ -158,7 +152,6 @@ optional_ptp_config_PtpConfigGmWpc: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" captureGroup_defaults: - priority1: 128 priority2: 128 domainNumber: 24 optional_ptp_config_PtpConfigSlaveForEvent: @@ -173,7 +166,6 @@ optional_ptp_config_PtpConfigSlaveForEvent: - match: - nodeLabel: "node-role.kubernetes.io/$mcp" captureGroup_defaults: - priority1: 128 priority2: 128 domainNumber: 24 optional_ptp_config_PtpOperatorConfig: diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundary.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundary.yaml index 5165db9352..e2da60087d 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundary.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundary.yaml @@ -31,7 +31,7 @@ spec: # twoStepFlag 1 slaveOnly 0 - priority1 (?[0-9]+) + priority1 128 priority2 (?[0-9]+) domainNumber (?[0-9]+) #utc_offset 37 diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundaryForEvent.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundaryForEvent.yaml index cf06e9c6d3..eea6e585a8 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundaryForEvent.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigBoundaryForEvent.yaml @@ -31,7 +31,7 @@ spec: # twoStepFlag 1 slaveOnly 0 - priority1 (?[0-9]+) + priority1 128 priority2 (?[0-9]+) domainNumber (?[0-9]+) #utc_offset 37 diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml index 509055a5d9..91e68f13da 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigDualCardGmWpc.yaml @@ -135,7 +135,7 @@ spec: # Default Data Set # twoStepFlag 1 - priority1 (?[0-9]+) + priority1 128 priority2 (?[0-9]+) domainNumber (?[0-9]+) #utc_offset 37 diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml index 1d83afb7c9..5256e94899 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigGmWpc.yaml @@ -120,7 +120,7 @@ spec: # Default Data Set # twoStepFlag 1 - priority1 (?[0-9]+) + priority1 128 priority2 (?[0-9]+) domainNumber (?[0-9]+) #utc_offset 37 diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMaster.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMaster.yaml index 0385de9441..509eda2813 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMaster.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMaster.yaml @@ -26,7 +26,7 @@ spec: # twoStepFlag 1 slaveOnly 0 - priority1 (?[0-9]+) + priority1 128 priority2 (?[0-9]+) domainNumber (?[0-9]+) #utc_offset 37 diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMasterForEvent.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMasterForEvent.yaml index b5da6cba56..d35394389c 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMasterForEvent.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigMasterForEvent.yaml @@ -26,7 +26,7 @@ spec: # twoStepFlag 1 slaveOnly 0 - priority1 (?[0-9]+) + priority1 128 priority2 (?[0-9]+) domainNumber (?[0-9]+) #utc_offset 37 diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlave.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlave.yaml index 0336445d14..17166a96f8 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlave.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlave.yaml @@ -24,7 +24,7 @@ spec: # twoStepFlag 1 slaveOnly 1 - priority1 (?[0-9]+) + priority1 128 priority2 (?[0-9]+) domainNumber (?[0-9]+) #utc_offset 37 diff --git a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlaveForEvent.yaml b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlaveForEvent.yaml index 0b601d3929..ded885a685 100644 --- a/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlaveForEvent.yaml +++ b/ztp/kube-compare-reference/optional/ptp-config/PtpConfigSlaveForEvent.yaml @@ -24,7 +24,7 @@ spec: # twoStepFlag 1 slaveOnly 1 - priority1 (?[0-9]+) + priority1 128 priority2 (?[0-9]+) domainNumber (?[0-9]+) #utc_offset 37 From 486350ac091d267dde5130bf679bf25ffd5e8c46 Mon Sep 17 00:00:00 2001 From: Shereen Haj Date: Fri, 7 Feb 2025 10:00:12 +0200 Subject: [PATCH 32/43] cnf-tests: update submodules run: `git submodule update --remote`. Signed-off-by: Shereen Haj --- cnf-tests/submodules/cluster-node-tuning-operator | 2 +- cnf-tests/submodules/metallb-operator | 2 +- cnf-tests/submodules/sriov-network-operator | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cnf-tests/submodules/cluster-node-tuning-operator b/cnf-tests/submodules/cluster-node-tuning-operator index 4b9ac5204a..3b77fb55b8 160000 --- a/cnf-tests/submodules/cluster-node-tuning-operator +++ b/cnf-tests/submodules/cluster-node-tuning-operator @@ -1 +1 @@ -Subproject commit 4b9ac5204aa237e70519806a19c1000678b2ebc9 +Subproject commit 3b77fb55b83553b95f69a63c9515a5ce8e65249a diff --git a/cnf-tests/submodules/metallb-operator b/cnf-tests/submodules/metallb-operator index b8450e6048..6a0699093b 160000 --- a/cnf-tests/submodules/metallb-operator +++ b/cnf-tests/submodules/metallb-operator @@ -1 +1 @@ -Subproject commit b8450e60482b62cd214646b7a295d5ab7392181e +Subproject commit 6a0699093bab584c1d83f69954f4d57ef89d9926 diff --git a/cnf-tests/submodules/sriov-network-operator b/cnf-tests/submodules/sriov-network-operator index 2bcb0d11ae..79cb3c6ae7 160000 --- a/cnf-tests/submodules/sriov-network-operator +++ b/cnf-tests/submodules/sriov-network-operator @@ -1 +1 @@ -Subproject commit 2bcb0d11ae8231b1e7a4e508eb8ea2667909f1c5 +Subproject commit 79cb3c6ae721220754189300539a38c63e38e66c From 10adc9c02fc11447eeba5c82f493311a2b256244 Mon Sep 17 00:00:00 2001 From: Andrea Panattoni Date: Fri, 7 Feb 2025 15:57:29 +0100 Subject: [PATCH 33/43] cnf-tests: Dump `openshift-multus` namespace on failure Multus pod logs contains log entries from CNI instances, which might be critical when debugging test failures. Dump multus logs either on the SR-IOV conformance test suite and the integration test suite. Signed-off-by: Andrea Panattoni --- cnf-tests/testsuites/pkg/utils/reporter.go | 1 + hack/run-functests.sh | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/cnf-tests/testsuites/pkg/utils/reporter.go b/cnf-tests/testsuites/pkg/utils/reporter.go index 8201aa374f..1ce80b1f0e 100644 --- a/cnf-tests/testsuites/pkg/utils/reporter.go +++ b/cnf-tests/testsuites/pkg/utils/reporter.go @@ -115,6 +115,7 @@ func NewReporter(reportPath string) (*k8sreporter.KubernetesReporter, error) { namespaces.BondTestNamespace: "bondcni", namespaces.MetalLBOperator: "metallb", namespaces.TuningTest: "tuningcni", + namespaces.Multus: "multus", } crds := []k8sreporter.CRData{ diff --git a/hack/run-functests.sh b/hack/run-functests.sh index 7a390b23c6..5f4444b74b 100755 --- a/hack/run-functests.sh +++ b/hack/run-functests.sh @@ -24,6 +24,10 @@ export LATENCY_TEST_RUN=${LATENCY_TEST_RUN:-false} export IS_OPENSHIFT="${IS_OPENSHIFT:-true}" +# Read by sriov-network-operator confomrance test suite when dumping resource, on test failures. +# https://github.com/k8snetworkplumbingwg/sriov-network-operator/pull/636 +export MULTUS_NAMESPACE=openshift-multus + # The metallb tests cover both frr and frr-k8s, and we don't # currently deploy frr-k8s mode export BLACKLISTED_TESTS="frr-k8s" From 5d40bdea2594bf2b3d029b28b08d0a0cc0b91b20 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Sat, 8 Feb 2025 08:23:55 +0000 Subject: [PATCH 34/43] chore(deps): update konflux references Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- ...cnf-features-deploy-4-19-pull-request.yaml | 30 +++++++++---------- .tekton/cnf-features-deploy-4-19-push.yaml | 30 +++++++++---------- 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/.tekton/cnf-features-deploy-4-19-pull-request.yaml b/.tekton/cnf-features-deploy-4-19-pull-request.yaml index 1f422fcdb0..25034684e3 100644 --- a/.tekton/cnf-features-deploy-4-19-pull-request.yaml +++ b/.tekton/cnf-features-deploy-4-19-pull-request.yaml @@ -156,7 +156,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:4c6712db9419461b8c8a39523c012cb0dc061fb58563bb9170b3777d74f54659 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:63eb4a4c0cfb491276bff86fdad1c96bf238506388848e79001058450a8e843a - name: kind value: task resolver: bundles @@ -198,7 +198,7 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:20f76c14b756c745e315334dd0437cf4f6004763e2d23b27cf0f8e896fe2207c + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.2@sha256:54d41cb14ef76d73f372a7e4e8aeef4c2a667e937049398a056408916db727ac - name: kind value: task resolver: bundles @@ -242,7 +242,7 @@ spec: - name: name value: buildah - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.3@sha256:9362d1e20b74c946c6c787ee2c82f202d7d131f06fccf55436b70feed295a757 + value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.4@sha256:8c1927de5164e87bceba44c2cdfcb14a14359a23c4158e631046dd5e50ce1e52 - name: kind value: task resolver: bundles @@ -274,7 +274,7 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:09344e6bda708f48ef759bbe84bce99515549f4cfdcbe89e417f695c19463260 + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:0c2270d1b24fcbaa6fe82b6d045b715a5f24f55d099a10f65297671e2ee421e6 - name: kind value: task resolver: bundles @@ -294,7 +294,7 @@ spec: - name: name value: source-build - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:9d8f146d0474440165db38a3efdf55da73856de332ebf8d598197f92156ee44e + value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.2@sha256:50b50ca7dd65e0132769021f8cfbb2db7c799adea7b4e3a8968b425bbde1e8eb - name: kind value: task resolver: bundles @@ -323,7 +323,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:241f87f75a6e4303fbd64b32ba1715d76fe3805c48a6c21829e6a564bcc3a576 + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:ced089bd8d86f95ee70f6ee1a6941d677f1c66c3b8f02fa60f9309c6c32e1929 - name: kind value: task resolver: bundles @@ -345,7 +345,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:4584647138af3efe5f1c523d0f56103c3b9647325634d17f04e2198a2c3c0c26 + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:f636f2cbe91d9d4d9685a38c8bc680a36e17f568ec0e60a93da82d1284b488c5 - name: kind value: task resolver: bundles @@ -365,7 +365,7 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:df8a25a3431a70544172ed4844f9d0c6229d39130633960729f825a031a7dea9 + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:2ad615f9b8141ed2e0b060ebda366ce43cf55a9dd7c98e2d93970ff328dca8b2 - name: kind value: task resolver: bundles @@ -412,7 +412,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:525ad6081d7d38082db057482bd9ecc59c38954656b1a4e33a28de9c19e71006 + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:0db068e8a59612472a2483f5113893d0c5c9102e9ad7647d9a4789360e5bc2dc - name: kind value: task resolver: bundles @@ -451,7 +451,7 @@ spec: - name: name value: sast-coverity-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.2@sha256:97e4ba1ff49288194c74ddc1a42a9c4512c93d1f9e446a08b20aa90cfe4266ac + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.2@sha256:abc3445b50378f0a93f9560f3f93c1593f196c9612570cce0b0be890e48a68cc - name: kind value: task resolver: bundles @@ -497,7 +497,7 @@ spec: - name: name value: sast-shell-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:cb18cca3a211392e7f06dc7867bbb5bb269db7cb645d93c51585ff2954ef0a3a + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:438d4eecc52a772f7dde54ae274eb5349a207874bd9b1909cdab26e93a51a48c - name: kind value: task resolver: bundles @@ -520,7 +520,7 @@ spec: - name: name value: sast-unicode-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:a1336d6f089eb4c05d09442a26836ccbd894bb5341e0275fa7d424ada4133d7d + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:b3e7807546635e03487eb61aff64a8e03c2dccb3d08939dcee50cff0f04fb8b0 - name: kind value: task resolver: bundles @@ -543,7 +543,7 @@ spec: - name: name value: apply-tags - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:fa7aa88ffe01eeeaa07c8720b27e50e27f6f136ef33595efaa16a0eb4598ea02 + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:5e5f290359fd34ae4cc77cbbba6ef8c9907d752572d6dc2a00f5a4c504eb48bb - name: kind value: task resolver: bundles @@ -564,7 +564,7 @@ spec: - name: name value: push-dockerfile - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:389dc0f7bb175b9ca04e79ee67352fedd62fff8b1d196029534cd5638c73a0fc + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:ba6b3182b8f7e1f9054b67cdafb338140136bb357c8d434cf28f6d569b5cb07f - name: kind value: task resolver: bundles @@ -584,7 +584,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:39cd56ffa26ff5edfd5bf9b61e902cae35a345c078cd9dcbc0737d30f3ce5ef1 + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:3bf6d1bcd57af1095b06b4c489f965551364b1f1f72a807de9cab3c23142dca5 - name: kind value: task resolver: bundles diff --git a/.tekton/cnf-features-deploy-4-19-push.yaml b/.tekton/cnf-features-deploy-4-19-push.yaml index 8b14057808..42d55802fc 100644 --- a/.tekton/cnf-features-deploy-4-19-push.yaml +++ b/.tekton/cnf-features-deploy-4-19-push.yaml @@ -153,7 +153,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:4c6712db9419461b8c8a39523c012cb0dc061fb58563bb9170b3777d74f54659 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:63eb4a4c0cfb491276bff86fdad1c96bf238506388848e79001058450a8e843a - name: kind value: task resolver: bundles @@ -195,7 +195,7 @@ spec: - name: name value: prefetch-dependencies - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:20f76c14b756c745e315334dd0437cf4f6004763e2d23b27cf0f8e896fe2207c + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.2@sha256:54d41cb14ef76d73f372a7e4e8aeef4c2a667e937049398a056408916db727ac - name: kind value: task resolver: bundles @@ -239,7 +239,7 @@ spec: - name: name value: buildah - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.3@sha256:9362d1e20b74c946c6c787ee2c82f202d7d131f06fccf55436b70feed295a757 + value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.4@sha256:8c1927de5164e87bceba44c2cdfcb14a14359a23c4158e631046dd5e50ce1e52 - name: kind value: task resolver: bundles @@ -271,7 +271,7 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:09344e6bda708f48ef759bbe84bce99515549f4cfdcbe89e417f695c19463260 + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:0c2270d1b24fcbaa6fe82b6d045b715a5f24f55d099a10f65297671e2ee421e6 - name: kind value: task resolver: bundles @@ -291,7 +291,7 @@ spec: - name: name value: source-build - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:9d8f146d0474440165db38a3efdf55da73856de332ebf8d598197f92156ee44e + value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.2@sha256:50b50ca7dd65e0132769021f8cfbb2db7c799adea7b4e3a8968b425bbde1e8eb - name: kind value: task resolver: bundles @@ -320,7 +320,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:241f87f75a6e4303fbd64b32ba1715d76fe3805c48a6c21829e6a564bcc3a576 + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:ced089bd8d86f95ee70f6ee1a6941d677f1c66c3b8f02fa60f9309c6c32e1929 - name: kind value: task resolver: bundles @@ -342,7 +342,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:4584647138af3efe5f1c523d0f56103c3b9647325634d17f04e2198a2c3c0c26 + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:f636f2cbe91d9d4d9685a38c8bc680a36e17f568ec0e60a93da82d1284b488c5 - name: kind value: task resolver: bundles @@ -362,7 +362,7 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:df8a25a3431a70544172ed4844f9d0c6229d39130633960729f825a031a7dea9 + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:2ad615f9b8141ed2e0b060ebda366ce43cf55a9dd7c98e2d93970ff328dca8b2 - name: kind value: task resolver: bundles @@ -409,7 +409,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:525ad6081d7d38082db057482bd9ecc59c38954656b1a4e33a28de9c19e71006 + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:0db068e8a59612472a2483f5113893d0c5c9102e9ad7647d9a4789360e5bc2dc - name: kind value: task resolver: bundles @@ -448,7 +448,7 @@ spec: - name: name value: sast-coverity-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.2@sha256:97e4ba1ff49288194c74ddc1a42a9c4512c93d1f9e446a08b20aa90cfe4266ac + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.2@sha256:abc3445b50378f0a93f9560f3f93c1593f196c9612570cce0b0be890e48a68cc - name: kind value: task resolver: bundles @@ -494,7 +494,7 @@ spec: - name: name value: sast-shell-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:cb18cca3a211392e7f06dc7867bbb5bb269db7cb645d93c51585ff2954ef0a3a + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:438d4eecc52a772f7dde54ae274eb5349a207874bd9b1909cdab26e93a51a48c - name: kind value: task resolver: bundles @@ -517,7 +517,7 @@ spec: - name: name value: sast-unicode-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:a1336d6f089eb4c05d09442a26836ccbd894bb5341e0275fa7d424ada4133d7d + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:b3e7807546635e03487eb61aff64a8e03c2dccb3d08939dcee50cff0f04fb8b0 - name: kind value: task resolver: bundles @@ -540,7 +540,7 @@ spec: - name: name value: apply-tags - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:fa7aa88ffe01eeeaa07c8720b27e50e27f6f136ef33595efaa16a0eb4598ea02 + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:5e5f290359fd34ae4cc77cbbba6ef8c9907d752572d6dc2a00f5a4c504eb48bb - name: kind value: task resolver: bundles @@ -561,7 +561,7 @@ spec: - name: name value: push-dockerfile - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:389dc0f7bb175b9ca04e79ee67352fedd62fff8b1d196029534cd5638c73a0fc + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:ba6b3182b8f7e1f9054b67cdafb338140136bb357c8d434cf28f6d569b5cb07f - name: kind value: task resolver: bundles @@ -581,7 +581,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:39cd56ffa26ff5edfd5bf9b61e902cae35a345c078cd9dcbc0737d30f3ce5ef1 + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:3bf6d1bcd57af1095b06b4c489f965551364b1f1f72a807de9cab3c23142dca5 - name: kind value: task resolver: bundles From 46c0fc99321febca671e0b73d90b2edb5da38df6 Mon Sep 17 00:00:00 2001 From: Abraham Date: Tue, 11 Feb 2025 11:37:14 -0500 Subject: [PATCH 35/43] ztp: updated comments and unified ci-job --- ztp/Makefile | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/ztp/Makefile b/ztp/Makefile index 1c27cb5af7..5d80463092 100644 --- a/ztp/Makefile +++ b/ztp/Makefile @@ -21,10 +21,7 @@ checkSourceCRsAnnotation: # ZTP_HOME is a temporary hard-coded path to site-generate container's ztp folder # Should remain consistent across upstream, midstream and CI script -# https://github.com/openshift-kni/cnf-features-deploy/blob/master/ztp/resource-generator/Containerfile#L28C1-L28C23 ZTP_HOME=/home/ztp/ - -# checkFilePath function ensures that filenames in this repo are not greater than 255. checkFilePath: @failures=0; \ for cr in $(shell find $(CUSTOM_RESOURCE) -type f); do \ @@ -38,13 +35,12 @@ checkFilePath: done; \ exit $$failures -# CI jobs defined below ensure source crs path length do not exceed 255 characters +# checkZtpPaths ci job ensures that filenames in this repo are not greater than 255. +# This limitation comes from the ISO9660 standard with Rock Ridge extensions. # Related Issue: https://issues.redhat.com/browse/OCPBUGS-48244 -checkSourceCRsPath: +checkZtpPaths: $(MAKE) CUSTOM_RESOURCE=source-crs checkFilePath -checkArgoCDPath: $(MAKE) CUSTOM_RESOURCE=gitops-subscriptions/argocd checkFilePath -checkKubeCompareRefPath: $(MAKE) CUSTOM_RESOURCE=kube-compare-reference checkFilePath test-policygen-kustomize: From 4860209415e94656de03323e4214a4239631d889 Mon Sep 17 00:00:00 2001 From: Abraham Date: Tue, 11 Feb 2025 11:40:26 -0500 Subject: [PATCH 36/43] ztp: checkZtpPaths make target --- ztp/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ztp/Makefile b/ztp/Makefile index 5d80463092..097fe00bbf 100644 --- a/ztp/Makefile +++ b/ztp/Makefile @@ -1,6 +1,6 @@ -.PHONY: ci-job test-policygen checkExtraManifests checkSourceCRsAnnotation test-policygen-kustomize test-siteconfig test-siteconfig-kustomize test-acm-ztp-generated-policies check-reference checkSourceCRsPath checkArgoCDPath checkKubeCompareRefPath +.PHONY: ci-job test-policygen checkExtraManifests checkSourceCRsAnnotation test-policygen-kustomize test-siteconfig test-siteconfig-kustomize test-acm-ztp-generated-policies check-reference checkZtpPaths -ci-job: test-policygen checkExtraManifests checkSourceCRsAnnotation test-policygen-kustomize test-siteconfig test-siteconfig-kustomize test-acm-ztp-generated-policies check-reference checkSourceCRsPath checkArgoCDPath checkKubeCompareRefPath +ci-job: test-policygen checkExtraManifests checkSourceCRsAnnotation test-policygen-kustomize test-siteconfig test-siteconfig-kustomize test-acm-ztp-generated-policies check-reference checkZtpPaths test-policygen: @echo "ZTP: Build policy generator and run test" From 9f59d5b5d84d6274057236aaad2adf8af0ae5480 Mon Sep 17 00:00:00 2001 From: Ori Braunshtein Date: Wed, 12 Feb 2025 15:09:10 +0200 Subject: [PATCH 37/43] cnf-tests: set external frr-k8s namespace for MetalLB suite Signed-off-by: Ori Braunshtein --- hack/common.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/hack/common.sh b/hack/common.sh index 3778e42031..adf3f09dd1 100644 --- a/hack/common.sh +++ b/hack/common.sh @@ -22,6 +22,7 @@ export SRO_VERSION="${SRO_VERSION:-4.11}" # the metallb-operator deployment and test namespace export OO_INSTALL_NAMESPACE="${OO_INSTALL_NAMESPACE:-openshift-metallb-system}" +export FRRK8S_EXTERNAL_NAMESPACE="${FRRK8S_EXTERNAL_NAMESPACE:-openshift-frr-k8s}" export TESTS_REPORTS_PATH="${TESTS_REPORTS_PATH:-/logs/artifacts/}" export JUNIT_TO_HTML="${JUNIT_TO_HTML:-false}" From b1ca385475d452c206274cdf8ee6f8b95a2dbeff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ra=C3=BAl=20Hern=C3=A1ndez?= Date: Wed, 12 Feb 2025 18:29:05 +0100 Subject: [PATCH 38/43] infra: skip Tekton checks (.tekton dir) These PRs are authored by a konflux application automatically, not an upstream developer. --- .githooks/commit-msg | 29 +++++++++++++++++++++++++++-- .githooks/skipped-files.sh | 2 ++ 2 files changed, 29 insertions(+), 2 deletions(-) create mode 100644 .githooks/skipped-files.sh diff --git a/.githooks/commit-msg b/.githooks/commit-msg index 21316e2565..4e06affd4a 100755 --- a/.githooks/commit-msg +++ b/.githooks/commit-msg @@ -1,9 +1,32 @@ #!/bin/bash . $(dirname "$0")/components.sh +. $(dirname "$0")/skipped-files.sh -exceptions=( README.md ) +filenames=$(git diff --name-only --cached) + +# check if we must skip any check +is_skipped_file=false +for filename in $filenames; do + for skipped_file in "${skipped_files[@]}"; do + if [[ "$filename" =~ $skipped_file ]]; then + is_skipped_file=true + break + else + is_skipped_file=false + fi + done + if [ "$is_skipped_file" = false ]; then + break + fi +done +if [ "$is_skipped_file" = true ]; then + echo INFO: skipping commit msg check + exit 0 +fi + +# check format if ! [[ "$(head -1 $1)t sh" == *":"* ]]; then echo ERROR: commit msg subject must include component name exit 4 @@ -16,7 +39,9 @@ if ! [ ${components[$msg_prefix]+exist} ]; then exit 8 fi -for filename in $(git diff --name-only --cached); do +# check prefixes +exceptions=( README.md ) +for filename in $filenames; do if [[ ! " ${exceptions[@]} " =~ " $filename " ]]; then is_prefix_found=false IFS=', ' read -r -a prefixes <<< "${components[$msg_prefix]}" diff --git a/.githooks/skipped-files.sh b/.githooks/skipped-files.sh new file mode 100644 index 0000000000..5f1914675c --- /dev/null +++ b/.githooks/skipped-files.sh @@ -0,0 +1,2 @@ +#!/bin/bash +skipped_files=(".tekton/.*") From fe517e71cd1ca396d97270a54f2c93b57f641c63 Mon Sep 17 00:00:00 2001 From: Jim Ramsay Date: Wed, 12 Feb 2025 16:21:50 -0500 Subject: [PATCH 39/43] ztp: reference: Allow topolvm.io or kubernetes.io/no-provisioner for StorageClass provisioner Signed-off-by: Jim Ramsay --- ztp/kube-compare-reference/default_value.yaml | 1 + ztp/kube-compare-reference/metadata.yaml | 1 + ztp/kube-compare-reference/must_match_one_of.tmpl | 11 +++++++++++ .../optional/local-storage-operator/StorageClass.yaml | 2 +- 4 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 ztp/kube-compare-reference/must_match_one_of.tmpl diff --git a/ztp/kube-compare-reference/default_value.yaml b/ztp/kube-compare-reference/default_value.yaml index 5c97b6acae..6158e223a2 100644 --- a/ztp/kube-compare-reference/default_value.yaml +++ b/ztp/kube-compare-reference/default_value.yaml @@ -8,6 +8,7 @@ optional_image_registry_ImageRegistryConfig: optional_local_storage_operator_StorageClass: - metadata: name: example-storage-class + provisioner: kubernetes.io/no-provisioner optional_local_storage_operator_StorageLV: - metadata: name: local-disks diff --git a/ztp/kube-compare-reference/metadata.yaml b/ztp/kube-compare-reference/metadata.yaml index b4ca32b95b..4b8bb603a0 100644 --- a/ztp/kube-compare-reference/metadata.yaml +++ b/ztp/kube-compare-reference/metadata.yaml @@ -288,6 +288,7 @@ templateFunctionFiles: - validate_node_selector.tmpl - unordered_list.tmpl - version_match.tmpl + - must_match_one_of.tmpl fieldsToOmit: defaultOmitRef: all diff --git a/ztp/kube-compare-reference/must_match_one_of.tmpl b/ztp/kube-compare-reference/must_match_one_of.tmpl new file mode 100644 index 0000000000..c24ef020da --- /dev/null +++ b/ztp/kube-compare-reference/must_match_one_of.tmpl @@ -0,0 +1,11 @@ +{{- define "mustMatchOneOf" }} + {{- $currentValue := index . 0 | default "--empty--" }} + {{- $allowedValues := slice . 1 }} + {{- $result := print $currentValue " not in " $allowedValues }} + {{- range $allowed := $allowedValues }} + {{- if eq $currentValue $allowed }} + {{- $result = $currentValue }} + {{- end }} + {{- end }} + {{- $result }} +{{- end }} diff --git a/ztp/kube-compare-reference/optional/local-storage-operator/StorageClass.yaml b/ztp/kube-compare-reference/optional/local-storage-operator/StorageClass.yaml index a27a237f38..899fc2e5b0 100644 --- a/ztp/kube-compare-reference/optional/local-storage-operator/StorageClass.yaml +++ b/ztp/kube-compare-reference/optional/local-storage-operator/StorageClass.yaml @@ -4,5 +4,5 @@ metadata: annotations: ran.openshift.io/ztp-deploy-wave: "10" name: {{ .metadata.name }} -provisioner: kubernetes.io/no-provisioner +provisioner: {{ template "mustMatchOneOf" (list .provisioner "kubernetes.io/no-provisioner" "topolvm.io") }} reclaimPolicy: Delete From cd995d725af24b1602ab3055da82ec70eb5df68d Mon Sep 17 00:00:00 2001 From: Angie Wang Date: Thu, 13 Feb 2025 11:59:14 -0500 Subject: [PATCH 40/43] ztp: update OadpBackupStorageLocationStatus source cr with metadata name Signed-off-by: Angie Wang --- .../example/acmpolicygenerator/acm-example-sno-site.yaml | 4 ++++ .../example/policygentemplates/example-sno-site.yaml | 4 ++++ ztp/source-crs/OadpBackupStorageLocationStatus.yaml | 8 ++++++++ 3 files changed, 16 insertions(+) diff --git a/ztp/gitops-subscriptions/argocd/example/acmpolicygenerator/acm-example-sno-site.yaml b/ztp/gitops-subscriptions/argocd/example/acmpolicygenerator/acm-example-sno-site.yaml index e2292045a6..d89607915c 100644 --- a/ztp/gitops-subscriptions/argocd/example/acmpolicygenerator/acm-example-sno-site.yaml +++ b/ztp/gitops-subscriptions/argocd/example/acmpolicygenerator/acm-example-sno-site.yaml @@ -98,5 +98,9 @@ policies: # objectStorage: # bucket: ibu # prefix: '{{hub .ManagedClusterName hub}}' +# # If there are more than one backupLocation defined in the OadpDataProtectionApplication CR above, +# # then each backupLocation should have a corresponding OadpBackupStorageLocation CR added below +# # for status tracking. Ensure that the name of each additional OadpBackupStorageLocation CR is +# # overridden with the correct index as described in the source CR comment. # - path: source-crs/OadpBackupStorageLocationStatus.yaml # --- END of source CRs needed for configuring OADP operator for SNO Image Based Upgrade --- diff --git a/ztp/gitops-subscriptions/argocd/example/policygentemplates/example-sno-site.yaml b/ztp/gitops-subscriptions/argocd/example/policygentemplates/example-sno-site.yaml index 0987756476..0502ddc276 100644 --- a/ztp/gitops-subscriptions/argocd/example/policygentemplates/example-sno-site.yaml +++ b/ztp/gitops-subscriptions/argocd/example/policygentemplates/example-sno-site.yaml @@ -72,6 +72,10 @@ spec: # objectStorage: # bucket: ibu # prefix: '{{hub .ManagedClusterName hub}}' +# # If there are more than one backupLocation defined in the OadpDataProtectionApplication CR above, +# # then each backupLocation should have a corresponding OadpBackupStorageLocation CR added below +# # for status tracking. Ensure that the name of each additional OadpBackupStorageLocation CR is +# # overridden with the correct index as described in the source CR comment. # - fileName: OadpBackupStorageLocationStatus.yaml # policyName: "config-policy" # --- END of source CRs needed for configuring OADP operator for SNO Image Based Upgrade --- diff --git a/ztp/source-crs/OadpBackupStorageLocationStatus.yaml b/ztp/source-crs/OadpBackupStorageLocationStatus.yaml index 9515eb46df..fd06d4cb93 100644 --- a/ztp/source-crs/OadpBackupStorageLocationStatus.yaml +++ b/ztp/source-crs/OadpBackupStorageLocationStatus.yaml @@ -2,6 +2,14 @@ apiVersion: velero.io/v1 kind: BackupStorageLocation metadata: + # The BackupStorageLocation name follows this pattern: + # - + # Where represents the position of the corresponding backupLocation + # in DataProtectionApplication.spec.backupLocations, starting from 1. + # + # If the DataProtectionApplication name is changed in OadpDataProtectionApplication.yaml, + # be sure to override the BackupStorageLocation name accordingly. + name: dataprotectionapplication-1 namespace: openshift-adp annotations: ran.openshift.io/ztp-deploy-wave: "100" From 86ddb3f0c55ba0ce765d85e29681e2c0745bc31c Mon Sep 17 00:00:00 2001 From: Shereen Haj Date: Thu, 23 Jan 2025 13:25:58 +0200 Subject: [PATCH 41/43] cnf-tests: initiate konflux dockerfile Add dockerfile for generating builds using konflux. Signed-off-by: Shereen Haj --- cnf-tests/.konflux/Dockerfile | 77 +++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 cnf-tests/.konflux/Dockerfile diff --git a/cnf-tests/.konflux/Dockerfile b/cnf-tests/.konflux/Dockerfile new file mode 100644 index 0000000000..2258d22e50 --- /dev/null +++ b/cnf-tests/.konflux/Dockerfile @@ -0,0 +1,77 @@ +ARG RHEL_VERSION=9.4 + +FROM brew.registry.redhat.io/rh-osbs/openshift-ose-cli-rhel9:v4.19 AS oc + +FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.23 AS builder-stresser +ENV PKG_NAME=github.com/openshift-kni/cnf-features-deploy +ENV PKG_PATH=/go/src/$PKG_NAME +ENV TESTER_PATH=$PKG_PATH/cnf-tests/pod-utils/stresser +RUN mkdir -p $PKG_PATH +COPY . $PKG_PATH/ +WORKDIR $TESTER_PATH +RUN go build -mod=vendor -o /stresser + +FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.23 AS builder-sctptester +ENV PKG_NAME=github.com/openshift-kni/cnf-features-deploy +ENV PKG_PATH=/go/src/$PKG_NAME +ENV TESTER_PATH=$PKG_PATH/cnf-tests/pod-utils/sctptester +RUN mkdir -p $PKG_PATH +COPY . $PKG_PATH/ +WORKDIR $TESTER_PATH +RUN go build -mod=vendor -o /sctptest + +FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.23 AS builder-hugepages-allocator +ENV PKG_NAME=github.com/openshift-kni/cnf-features-deploy +ENV PKG_PATH=/go/src/$PKG_NAME +ENV TESTER_PATH=$PKG_PATH/cnf-tests/pod-utils/hugepages-allocator +RUN mkdir -p $PKG_PATH +COPY . $PKG_PATH/ +WORKDIR $TESTER_PATH +RUN go build -mod=vendor -o /hugepages-allocator + +FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.23 AS builder-latency-test-runners +ENV PKG_NAME=github.com/openshift-kni/cnf-features-deploy +ENV PKG_PATH=/go/src/$PKG_NAME +ENV TESTER_PATH=$PKG_PATH/cnf-tests/pod-utils +RUN mkdir -p $PKG_PATH +COPY . $PKG_PATH/ +WORKDIR $TESTER_PATH +RUN go build -mod=vendor -o /oslat-runner oslat-runner/main.go && \ + go build -mod=vendor -o /cyclictest-runner cyclictest-runner/main.go && \ + go build -mod=vendor -o /hwlatdetect-runner hwlatdetect-runner/main.go + + +FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.23 AS gobuilder +WORKDIR /app +COPY . . +RUN make test-bin + +FROM registry.redhat.io/ubi9/ubi-minimal:${RHEL_VERSION} +RUN mkdir -p /usr/local/etc/cnf +RUN microdnf install -y lksctp-tools iproute \ + ethtool iputils procps-ng numactl-libs iptables \ + kmod realtime-tests linuxptp iperf3 nc \ + python3 # python3 is needed for hwlatdetect + +COPY --from=oc /usr/bin/oc /usr/bin/oc +COPY --from=gobuilder /app/cnf-tests/submodules/cluster-node-tuning-operator/build/_output/bin/latency-e2e.test /usr/bin/latency-e2e.test +COPY --from=gobuilder /app/cnf-tests/entrypoint/test-run.sh /usr/bin/test-run.sh +COPY --from=gobuilder /app/cnf-tests/bin/mirror /usr/bin/mirror +COPY --from=gobuilder /app/cnf-tests/mirror/images.json /usr/local/etc/cnf +COPY --from=builder-latency-test-runners /oslat-runner /usr/bin/oslat-runner +COPY --from=builder-latency-test-runners /cyclictest-runner /usr/bin/cyclictest-runner +COPY --from=builder-latency-test-runners /hwlatdetect-runner /usr/bin/hwlatdetect-runner +COPY --from=builder-stresser /stresser /usr/bin/stresser +COPY --from=builder-sctptester /sctptest /usr/bin/sctptest +COPY --from=builder-hugepages-allocator /hugepages-allocator /usr/bin/hugepages-allocator + +RUN sed -i 's/quay.io\/openshift-kni\//registry.redhat.io\/openshift4\//g' /usr/local/etc/cnf/images.json +RUN sed -i 's/cnf-tests:4.19/cnf-tests-rhel9:v4.19/g' /usr/local/etc/cnf/images.json +RUN sed -i 's/dpdk:4.19/dpdk-base-rhel8:v4.19/g' /usr/local/etc/cnf/images.json + +ENV OCP_VERSION=4.19 +ENV IMAGE_REGISTRY=registry.redhat.io/openshift4/ +ENV CNF_TESTS_IMAGE=cnf-tests-rhel9:v${OCP_VERSION} +ENV DPDK_TESTS_IMAGE=dpdk-base-rhel8:v${OCP_VERSION} + +CMD ["/usr/bin/test-run.sh"] \ No newline at end of file From 34a65c032e76d60554d10716e4790589000d2129 Mon Sep 17 00:00:00 2001 From: Shereen Haj Date: Thu, 23 Jan 2025 13:26:27 +0200 Subject: [PATCH 42/43] cnf-tests: create CI pipelines Add yaml files to configure the integration tests of Konflux pointing to the dockerfile in cnf-tests/.konflux. Some binaries that are part of the build process needed to be prefetched, thus the addition of `.repo`, `rpms.in.yaml`, and `rpms.lock.yaml` files. Signed-off-by: Shereen Haj --- .tekton/cnf-tests-pull-request.yaml | 611 ++++++++++++++++++++++++++++ .tekton/cnf-tests-push.yaml | 608 +++++++++++++++++++++++++++ cnf-tests/.konflux/rpms.in.yaml | 18 + cnf-tests/.konflux/rpms.lock.yaml | 50 +++ cnf-tests/.konflux/ubi.repo | 62 +++ 5 files changed, 1349 insertions(+) create mode 100644 .tekton/cnf-tests-pull-request.yaml create mode 100644 .tekton/cnf-tests-push.yaml create mode 100644 cnf-tests/.konflux/rpms.in.yaml create mode 100644 cnf-tests/.konflux/rpms.lock.yaml create mode 100644 cnf-tests/.konflux/ubi.repo diff --git a/.tekton/cnf-tests-pull-request.yaml b/.tekton/cnf-tests-pull-request.yaml new file mode 100644 index 0000000000..773fb2f562 --- /dev/null +++ b/.tekton/cnf-tests-pull-request.yaml @@ -0,0 +1,611 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/openshift-kni/cnf-features-deploy?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch + == "master" + creationTimestamp: null + labels: + appstudio.openshift.io/application: cnf-tests-4.19 + appstudio.openshift.io/component: cnf-tests + pipelines.appstudio.openshift.io/type: build + name: cnf-tests-on-pull-request + namespace: telco-5g-tenant +spec: + params: + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/redhat-user-workloads/telco-5g-tenant/cnf-tests:4.19-on-pr-{{revision}} + - name: image-expires-after + value: 5d + - name: dockerfile + value: cnf-tests/.konflux/Dockerfile + - name: prefetch-input + value: '{"type": "rpm", "path": "cnf-tests/.konflux"}' + pipelineSpec: + description: | + This pipeline is ideal for building container images from a Containerfile while reducing network traffic. + + _Uses `buildah` to create a container image. It also optionally creates a source image and runs some build-time tests. EC will flag a violation for [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) if any tasks are added to the pipeline. + This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build?tab=tags)_ + finally: + - name: show-sbom + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + taskRef: + params: + - name: name + value: show-sbom + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 + - name: kind + value: task + resolver: bundles + - name: show-summary + params: + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: git-url + value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) + - name: image-url + value: $(params.output-image) + - name: build-task-status + value: $(tasks.build-image-index.status) + taskRef: + params: + - name: name + value: summary + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:870d9a04d9784840a90b7bf6817cd0d0c4edfcda04b1ba1868cae625a3c3bfcc + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: Path to the source code of an application's component from where + to build image. + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile inside the context specified by parameter + path-context + name: dockerfile + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched by Cachi2 + name: prefetch-input + type: string + - default: "" + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. + name: image-expires-after + - default: "false" + description: Build a source image. + name: build-source-image + type: string + - default: "false" + description: Add built image into an OCI image index + name: build-image-index + type: string + - default: [] + description: Array of --build-arg values ("arg=value" strings) for buildah + name: build-args + type: array + - default: "" + description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file + name: build-args-file + type: string + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + tasks: + - name: init + params: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: skip-checks + value: $(params.skip-checks) + taskRef: + params: + - name: name + value: init + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:90dda596d44b3f861889da2fba161dff34c6116fe76c3989e3f84262ea0f29cd + - name: kind + value: task + resolver: bundles + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + runAfter: + - init + taskRef: + params: + - name: name + value: git-clone + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:d091a9e19567a4cbdc5acd57903c71ba71dc51d749a4ba7477e689608851e981 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + - name: dev-package-managers + value: "true" + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: prefetch-dependencies + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:b7a6b67e97c6c03b552b9cd57d4a2868d63e279ee68ced2a53e713befca9e009 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.prefetch-input) + operator: notin + values: + - "" + workspaces: + - name: source + workspace: workspace + - name: git-basic-auth + workspace: git-auth + - name: netrc + workspace: netrc + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + runAfter: + - prefetch-dependencies + taskRef: + params: + - name: name + value: buildah + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.3@sha256:956d80ce7bb7feab9c15aaa6037b89d39317c7650732b13e4433e583bf47bd94 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: build-image-index + params: + - name: IMAGE + value: $(params.output-image) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: ALWAYS_BUILD_INDEX + value: $(params.build-image-index) + - name: IMAGES + value: + - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) + runAfter: + - build-container + taskRef: + params: + - name: name + value: build-image-index + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:479775c8655d815fb515aeb97efc0e64284a8520c452754981970900b937a393 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - name: build-source-image + params: + - name: BINARY_IMAGE + value: $(params.output-image) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: source-build + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:bb8e48129d758f837e4c41e7fe40ed6d18f862b6f4d0ade3cc2d5c79adf9e556 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - input: $(params.build-source-image) + operator: in + values: + - "true" + workspaces: + - name: workspace + workspace: workspace + - name: deprecated-base-image-check + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:650330fde0773f73f6bac77ae573031c44c79165d9503b0d5ec1db3e6ef981d7 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clair-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:907f11c67b0330480cbf85c23b1085acc5a049ab90af980169251860a3d97ef7 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: ecosystem-cert-preflight-checks + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: ecosystem-cert-preflight-checks + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:df8a25a3431a70544172ed4844f9d0c6229d39130633960729f825a031a7dea9 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-snyk-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.3@sha256:b89b936f680d18adf8d3e4d7682357e28d05da382b970741ccb0f6c05a894ee2 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clamav-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:c12e7a774bb07ad2796c01071b0dc0f199111b0ee99c45b55fa599e23b200bae + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-coverity-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - coverity-availability-check + taskRef: + params: + - name: name + value: sast-coverity-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.1@sha256:63f3ac94fd881cb51a8c20d5a3dcbe2e406054bc508ab60c739138d4f55796b3 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - input: $(tasks.coverity-availability-check.results.STATUS) + operator: in + values: + - success + workspaces: + - name: workspace + workspace: workspace + - name: coverity-availability-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: coverity-availability-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.1@sha256:e61d2c756831dbad1e2b43ee2445e1dc23a29efcab67e4923b960966075b4d1f + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: sast-shell-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-shell-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:3b31fbc04c1e8bf1338eb9cdbbe7e535adeff6d5b940d0124b5391676cbafeb7 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: sast-unicode-check + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-unicode-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:12bf4880b9ddfa860dd2595e2fd8a9f20c0b0490f84577bdafd437d42ff5ecf4 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: apply-tags + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:2c2d88c07623b2d25163994ded6e9f29205ea5bbab090f4c86379739940028b9 + - name: kind + value: task + resolver: bundles + - name: push-dockerfile + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: push-dockerfile + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:e11a94301c6c89cda7765b64edcc559acdda8527c3aa8857a15f14485466ccae + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace + - name: rpms-signature-scan + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:39cd56ffa26ff5edfd5bf9b61e902cae35a345c078cd9dcbc0737d30f3ce5ef1 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + - name: git-auth + optional: true + - name: netrc + optional: true + taskRunTemplate: {} + workspaces: + - name: workspace + volumeClaimTemplate: + metadata: + creationTimestamp: null + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: {} + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} diff --git a/.tekton/cnf-tests-push.yaml b/.tekton/cnf-tests-push.yaml new file mode 100644 index 0000000000..d1f64039e2 --- /dev/null +++ b/.tekton/cnf-tests-push.yaml @@ -0,0 +1,608 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/openshift-kni/cnf-features-deploy?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch + == "master" + creationTimestamp: null + labels: + appstudio.openshift.io/application: cnf-tests-4.19 + appstudio.openshift.io/component: cnf-tests + pipelines.appstudio.openshift.io/type: build + name: cnf-tests-on-push + namespace: telco-5g-tenant +spec: + params: + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/redhat-user-workloads/telco-5g-tenant/cnf-tests:4.19-{{revision}} + - name: dockerfile + value: cnf-tests/.konflux/Dockerfile + - name: prefetch-input + value: '{"type": "rpm", "path": "cnf-tests/.konflux"}' + pipelineSpec: + description: | + This pipeline is ideal for building container images from a Containerfile while reducing network traffic. + + _Uses `buildah` to create a container image. It also optionally creates a source image and runs some build-time tests. EC will flag a violation for [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) if any tasks are added to the pipeline. + This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build?tab=tags)_ + finally: + - name: show-sbom + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + taskRef: + params: + - name: name + value: show-sbom + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 + - name: kind + value: task + resolver: bundles + - name: show-summary + params: + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: git-url + value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) + - name: image-url + value: $(params.output-image) + - name: build-task-status + value: $(tasks.build-image-index.status) + taskRef: + params: + - name: name + value: summary + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:870d9a04d9784840a90b7bf6817cd0d0c4edfcda04b1ba1868cae625a3c3bfcc + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: Path to the source code of an application's component from where + to build image. + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile inside the context specified by parameter + path-context + name: dockerfile + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched by Cachi2 + name: prefetch-input + type: string + - default: "" + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. + name: image-expires-after + - default: "false" + description: Build a source image. + name: build-source-image + type: string + - default: "false" + description: Add built image into an OCI image index + name: build-image-index + type: string + - default: [] + description: Array of --build-arg values ("arg=value" strings) for buildah + name: build-args + type: array + - default: "" + description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file + name: build-args-file + type: string + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + tasks: + - name: init + params: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: skip-checks + value: $(params.skip-checks) + taskRef: + params: + - name: name + value: init + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-init@sha256:4c6712db9419461b8c8a39523c012cb0dc061fb58563bb9170b3777d74f54659 + - name: kind + value: task + resolver: bundles + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + runAfter: + - init + taskRef: + params: + - name: name + value: git-clone + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:d091a9e19567a4cbdc5acd57903c71ba71dc51d749a4ba7477e689608851e981 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + - name: dev-package-managers + value: "true" + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: prefetch-dependencies + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies@sha256:aa91d0b6b5a52bb9a61bb52b9ab9e726c268ebf0bf0f444164041d3e90ac4168 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.prefetch-input) + operator: notin + values: + - "" + workspaces: + - name: source + workspace: workspace + - name: git-basic-auth + workspace: git-auth + - name: netrc + workspace: netrc + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + runAfter: + - prefetch-dependencies + taskRef: + params: + - name: name + value: buildah + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.3@sha256:78aeb24909d89fe334e5cd2f27e3b367694f2e634671a0286e485f97cb97b66f + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: build-image-index + params: + - name: IMAGE + value: $(params.output-image) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: ALWAYS_BUILD_INDEX + value: $(params.build-image-index) + - name: IMAGES + value: + - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) + runAfter: + - build-container + taskRef: + params: + - name: name + value: build-image-index + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:09344e6bda708f48ef759bbe84bce99515549f4cfdcbe89e417f695c19463260 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - name: build-source-image + params: + - name: BINARY_IMAGE + value: $(params.output-image) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: source-build + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:9d8f146d0474440165db38a3efdf55da73856de332ebf8d598197f92156ee44e + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - input: $(params.build-source-image) + operator: in + values: + - "true" + workspaces: + - name: workspace + workspace: workspace + - name: deprecated-base-image-check + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:650330fde0773f73f6bac77ae573031c44c79165d9503b0d5ec1db3e6ef981d7 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clair-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:907f11c67b0330480cbf85c23b1085acc5a049ab90af980169251860a3d97ef7 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: ecosystem-cert-preflight-checks + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: ecosystem-cert-preflight-checks + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:df8a25a3431a70544172ed4844f9d0c6229d39130633960729f825a031a7dea9 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-snyk-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.3@sha256:b89b936f680d18adf8d3e4d7682357e28d05da382b970741ccb0f6c05a894ee2 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clamav-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:c12e7a774bb07ad2796c01071b0dc0f199111b0ee99c45b55fa599e23b200bae + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-coverity-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - coverity-availability-check + taskRef: + params: + - name: name + value: sast-coverity-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.1@sha256:63f3ac94fd881cb51a8c20d5a3dcbe2e406054bc508ab60c739138d4f55796b3 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - input: $(tasks.coverity-availability-check.results.STATUS) + operator: in + values: + - success + workspaces: + - name: workspace + workspace: workspace + - name: coverity-availability-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: coverity-availability-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.1@sha256:e61d2c756831dbad1e2b43ee2445e1dc23a29efcab67e4923b960966075b4d1f + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: sast-shell-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-shell-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:3b31fbc04c1e8bf1338eb9cdbbe7e535adeff6d5b940d0124b5391676cbafeb7 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: sast-unicode-check + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-unicode-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:12bf4880b9ddfa860dd2595e2fd8a9f20c0b0490f84577bdafd437d42ff5ecf4 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: apply-tags + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:2c2d88c07623b2d25163994ded6e9f29205ea5bbab090f4c86379739940028b9 + - name: kind + value: task + resolver: bundles + - name: push-dockerfile + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: push-dockerfile + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:e11a94301c6c89cda7765b64edcc559acdda8527c3aa8857a15f14485466ccae + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace + - name: rpms-signature-scan + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:39cd56ffa26ff5edfd5bf9b61e902cae35a345c078cd9dcbc0737d30f3ce5ef1 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + - name: git-auth + optional: true + - name: netrc + optional: true + taskRunTemplate: {} + workspaces: + - name: workspace + volumeClaimTemplate: + metadata: + creationTimestamp: null + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: {} + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} diff --git a/cnf-tests/.konflux/rpms.in.yaml b/cnf-tests/.konflux/rpms.in.yaml new file mode 100644 index 0000000000..a9fa118fc6 --- /dev/null +++ b/cnf-tests/.konflux/rpms.in.yaml @@ -0,0 +1,18 @@ +contentOrigin: + # Define at least one source of packages, but you can have as many as you want. + repofiles: + - ./ubi.repo + +packages: + # list of rpm names to resolve + [bc, linuxptp, iperf3, realtime-tests] + +arches: + # The list of architectures can be set in the config file. Any `--arch` option set + # on the command line will override this list. + # - aarch64 + - x86_64 + +context: + containerfile: Dockerfile + diff --git a/cnf-tests/.konflux/rpms.lock.yaml b/cnf-tests/.konflux/rpms.lock.yaml new file mode 100644 index 0000000000..ce2fab1559 --- /dev/null +++ b/cnf-tests/.konflux/rpms.lock.yaml @@ -0,0 +1,50 @@ +--- +lockfileVersion: 1 +lockfileVendor: redhat +arches: +- arch: x86_64 + packages: + - url: https://cdn.redhat.com/content/dist/rhel9/9/x86_64/appstream/os/Packages/i/iperf3-3.9-13.el9_5.1.x86_64.rpm + repoid: rhel-9-for-x86_64-appstream-rpms + size: 113595 + checksum: sha256:f2e88fb1f8817ae0704bb1751441c0d4a0d86328599209543be0af1c3dc44cc7 + name: iperf3 + evr: 3.9-13.el9_5.1 + sourcerpm: iperf3-3.9-13.el9_5.1.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel9/9/x86_64/appstream/os/Packages/l/linuxptp-4.2-3.el9.x86_64.rpm + repoid: rhel-9-for-x86_64-appstream-rpms + size: 281685 + checksum: sha256:ad3f79f0172dbf09aaf83a2d192464f0e43777c6c634413936fcbbe48b04ad58 + name: linuxptp + evr: 4.2-3.el9 + sourcerpm: linuxptp-4.2-3.el9.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel9/9/x86_64/appstream/os/Packages/r/realtime-tests-2.7-2.el9.x86_64.rpm + repoid: rhel-9-for-x86_64-appstream-rpms + size: 203074 + checksum: sha256:6d4313b3f14cc75d62109af427142ab504ddf8d352ed6a3da5211e59ae04859b + name: realtime-tests + evr: 2.7-2.el9 + sourcerpm: realtime-tests-2.7-2.el9.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel9/9/x86_64/baseos/os/Packages/b/bc-1.07.1-14.el9.x86_64.rpm + repoid: rhel-9-for-x86_64-baseos-rpms + size: 127511 + checksum: sha256:9b6d28a6563d4c9f721f031ab0cf146fed097d8c4d186b57eaa8dd9ceb4d0685 + name: bc + evr: 1.07.1-14.el9 + sourcerpm: bc-1.07.1-14.el9.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel9/9/x86_64/baseos/os/Packages/l/lksctp-tools-1.0.19-3.el9_4.x86_64.rpm + repoid: rhel-9-for-x86_64-baseos-rpms + size: 106024 + checksum: sha256:ac2fc5dcba641ec68b03db44c0b644ef10661bc89a060be2aa1eaa9c6a4215db + name: lksctp-tools + evr: 1.0.19-3.el9_4 + sourcerpm: lksctp-tools-1.0.19-3.el9_4.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel9/9/x86_64/baseos/os/Packages/n/numactl-libs-2.0.18-2.el9.x86_64.rpm + repoid: rhel-9-for-x86_64-baseos-rpms + size: 32868 + checksum: sha256:7be06af9f8726616bbfdc899e51821544d55cee201075c7d2aa096dab3bcefe9 + name: numactl-libs + evr: 2.0.18-2.el9 + sourcerpm: numactl-2.0.18-2.el9.src.rpm + source: [] + module_metadata: [] diff --git a/cnf-tests/.konflux/ubi.repo b/cnf-tests/.konflux/ubi.repo new file mode 100644 index 0000000000..aa4f953497 --- /dev/null +++ b/cnf-tests/.konflux/ubi.repo @@ -0,0 +1,62 @@ +[ubi-9-baseos-rpms] +name = Red Hat Universal Base Image 9 (RPMs) - BaseOS +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/baseos/os +enabled = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-9-baseos-debug-rpms] +name = Red Hat Universal Base Image 9 (Debug RPMs) - BaseOS +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/baseos/debug +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-9-baseos-source-rpms] +name = Red Hat Universal Base Image 9 (Source RPMs) - BaseOS +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/baseos/source/SRPMS +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-9-appstream-rpms] +name = Red Hat Universal Base Image 9 (RPMs) - AppStream +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/appstream/os +enabled = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-9-appstream-debug-rpms] +name = Red Hat Universal Base Image 9 (Debug RPMs) - AppStream +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/appstream/debug +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-9-appstream-source-rpms] +name = Red Hat Universal Base Image 9 (Source RPMs) - AppStream +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/appstream/source/SRPMS +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-9-codeready-builder-rpms] +name = Red Hat Universal Base Image 9 (RPMs) - CodeReady Builder +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/codeready-builder/os +enabled = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-9-codeready-builder-debug-rpms] +name = Red Hat Universal Base Image 9 (Debug RPMs) - CodeReady Builder +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/codeready-builder/debug +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-9-codeready-builder-source-rpms] +name = Red Hat Universal Base Image 9 (Source RPMs) - CodeReady Builder +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/codeready-builder/source/SRPMS +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 From 97fcc52b7f6f92f9398fac626f98fcbff5aff80c Mon Sep 17 00:00:00 2001 From: Shereen Haj Date: Tue, 18 Feb 2025 17:12:04 +0200 Subject: [PATCH 43/43] cnf-tests: tekton: adapt templating Adapt the new template. Signed-off-by: Shereen Haj --- .tekton/cnf-tests-pull-request.yaml | 1133 ++++++++++++++------------- .tekton/cnf-tests-push.yaml | 1129 +++++++++++++------------- 2 files changed, 1140 insertions(+), 1122 deletions(-) diff --git a/.tekton/cnf-tests-pull-request.yaml b/.tekton/cnf-tests-pull-request.yaml index 773fb2f562..ae89daae23 100644 --- a/.tekton/cnf-tests-pull-request.yaml +++ b/.tekton/cnf-tests-pull-request.yaml @@ -11,25 +11,25 @@ metadata: == "master" creationTimestamp: null labels: - appstudio.openshift.io/application: cnf-tests-4.19 - appstudio.openshift.io/component: cnf-tests + appstudio.openshift.io/application: cnf-tests-4-19 + appstudio.openshift.io/component: cnf-tests-4-19 pipelines.appstudio.openshift.io/type: build - name: cnf-tests-on-pull-request + name: cnf-tests-4-19-on-pull-request namespace: telco-5g-tenant spec: params: - - name: git-url - value: '{{source_url}}' - - name: revision - value: '{{revision}}' - - name: output-image - value: quay.io/redhat-user-workloads/telco-5g-tenant/cnf-tests:4.19-on-pr-{{revision}} - - name: image-expires-after - value: 5d - - name: dockerfile - value: cnf-tests/.konflux/Dockerfile - - name: prefetch-input - value: '{"type": "rpm", "path": "cnf-tests/.konflux"}' + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/redhat-user-workloads/telco-5g-tenant/cnf-tests-4-19:on-pr-{{revision}} + - name: image-expires-after + value: 5d + - name: dockerfile + value: cnf-tests/.konflux/Dockerfile + - name: prefetch-input + value: '{"type": "rpm", "path": "cnf-tests/.konflux"}' pipelineSpec: description: | This pipeline is ideal for building container images from a Containerfile while reducing network traffic. @@ -37,575 +37,584 @@ spec: _Uses `buildah` to create a container image. It also optionally creates a source image and runs some build-time tests. EC will flag a violation for [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) if any tasks are added to the pipeline. This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build?tab=tags)_ finally: - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-image-index.results.IMAGE_URL) - taskRef: + - name: show-sbom params: - - name: name - value: show-sbom - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 - - name: kind - value: task - resolver: bundles - - name: show-summary - params: - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: git-url - value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - - name: image-url - value: $(params.output-image) - - name: build-task-status - value: $(tasks.build-image-index.status) - taskRef: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + taskRef: + params: + - name: name + value: show-sbom + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 + - name: kind + value: task + resolver: bundles + - name: show-summary params: - - name: name - value: summary - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:870d9a04d9784840a90b7bf6817cd0d0c4edfcda04b1ba1868cae625a3c3bfcc - - name: kind - value: task - resolver: bundles - workspaces: - - name: workspace - workspace: workspace + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: git-url + value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) + - name: image-url + value: $(params.output-image) + - name: build-task-status + value: $(tasks.build-image-index.status) + taskRef: + params: + - name: name + value: summary + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:870d9a04d9784840a90b7bf6817cd0d0c4edfcda04b1ba1868cae625a3c3bfcc + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace params: - - description: Source Repository URL - name: git-url - type: string - - default: "" - description: Revision of the Source Repository - name: revision - type: string - - description: Fully Qualified Output Image - name: output-image - type: string - - default: . - description: Path to the source code of an application's component from where - to build image. - name: path-context - type: string - - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context - name: dockerfile - type: string - - default: "false" - description: Force rebuild image - name: rebuild - type: string - - default: "false" - description: Skip checks against built image - name: skip-checks - type: string - - default: "false" - description: Execute the build with network isolation - name: hermetic - type: string - - default: "" - description: Build dependencies to be prefetched by Cachi2 - name: prefetch-input - type: string - - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. - name: image-expires-after - - default: "false" - description: Build a source image. - name: build-source-image - type: string - - default: "false" - description: Add built image into an OCI image index - name: build-image-index - type: string - - default: [] - description: Array of --build-arg values ("arg=value" strings) for buildah - name: build-args - type: array - - default: "" - description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file - name: build-args-file - type: string + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: Path to the source code of an application's component from where + to build image. + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile inside the context specified by parameter + path-context + name: dockerfile + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched by Cachi2 + name: prefetch-input + type: string + - default: "" + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. + name: image-expires-after + - default: "false" + description: Build a source image. + name: build-source-image + type: string + - default: "false" + description: Add built image into an OCI image index + name: build-image-index + type: string + - default: [] + description: Array of --build-arg values ("arg=value" strings) for buildah + name: build-args + type: array + - default: "" + description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file + name: build-args-file + type: string results: - - description: "" - name: IMAGE_URL - value: $(tasks.build-image-index.results.IMAGE_URL) - - description: "" - name: IMAGE_DIGEST - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - description: "" - name: CHAINS-GIT_URL - value: $(tasks.clone-repository.results.url) - - description: "" - name: CHAINS-GIT_COMMIT - value: $(tasks.clone-repository.results.commit) + - description: "" + name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) tasks: - - name: init - params: - - name: image-url - value: $(params.output-image) - - name: rebuild - value: $(params.rebuild) - - name: skip-checks - value: $(params.skip-checks) - taskRef: + - name: init params: - - name: name - value: init - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:90dda596d44b3f861889da2fba161dff34c6116fe76c3989e3f84262ea0f29cd - - name: kind - value: task - resolver: bundles - - name: clone-repository - params: - - name: url - value: $(params.git-url) - - name: revision - value: $(params.revision) - runAfter: - - init - taskRef: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: skip-checks + value: $(params.skip-checks) + taskRef: + params: + - name: name + value: init + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:63eb4a4c0cfb491276bff86fdad1c96bf238506388848e79001058450a8e843a + - name: kind + value: task + resolver: bundles + - name: clone-repository params: - - name: name - value: git-clone - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:d091a9e19567a4cbdc5acd57903c71ba71dc51d749a4ba7477e689608851e981 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: output - workspace: workspace - - name: basic-auth - workspace: git-auth - - name: prefetch-dependencies - params: - - name: input - value: $(params.prefetch-input) - - name: dev-package-managers - value: "true" - runAfter: - - clone-repository - taskRef: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + runAfter: + - init + taskRef: + params: + - name: name + value: git-clone + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:fe27845cdba6fa95d9da2bfc7cb744d4df88711e8b867c4f246bdf944d4b00d0 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies params: - - name: name - value: prefetch-dependencies - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.1@sha256:b7a6b67e97c6c03b552b9cd57d4a2868d63e279ee68ced2a53e713befca9e009 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.prefetch-input) - operator: notin - values: - - "" - workspaces: - - name: source - workspace: workspace - - name: git-basic-auth - workspace: git-auth - - name: netrc - workspace: netrc - - name: build-container - params: - - name: IMAGE - value: $(params.output-image) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - $(params.build-args[*]) - - name: BUILD_ARGS_FILE - value: $(params.build-args-file) - runAfter: - - prefetch-dependencies - taskRef: + - name: input + value: $(params.prefetch-input) + - name: dev-package-managers + value: "true" + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: prefetch-dependencies + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.2@sha256:fb126d78a71fa4cef9046d2563832c91ec73e0d1a7c5811b85e9d28132b7c076 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.prefetch-input) + operator: notin + values: + - "" + workspaces: + - name: source + workspace: workspace + - name: git-basic-auth + workspace: git-auth + - name: netrc + workspace: netrc + - name: build-container params: - - name: name - value: buildah - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.3@sha256:956d80ce7bb7feab9c15aaa6037b89d39317c7650732b13e4433e583bf47bd94 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: source - workspace: workspace - - name: build-image-index - params: - - name: IMAGE - value: $(params.output-image) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - - name: ALWAYS_BUILD_INDEX - value: $(params.build-image-index) - - name: IMAGES - value: - - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + runAfter: + - prefetch-dependencies + taskRef: + params: + - name: name + value: buildah + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.4@sha256:91caef22ccb5bbc694e33eb8706cddb662840e9dc351c7e57a23f7dc50dae2e5 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: build-image-index params: - - name: name - value: build-image-index - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:479775c8655d815fb515aeb97efc0e64284a8520c452754981970900b937a393 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - - name: build-source-image - params: - - name: BINARY_IMAGE - value: $(params.output-image) - runAfter: - - build-image-index - taskRef: + - name: IMAGE + value: $(params.output-image) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: ALWAYS_BUILD_INDEX + value: $(params.build-image-index) + - name: IMAGES + value: + - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) + runAfter: + - build-container + taskRef: + params: + - name: name + value: build-image-index + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:0c2270d1b24fcbaa6fe82b6d045b715a5f24f55d099a10f65297671e2ee421e6 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - name: build-source-image params: - - name: name - value: source-build - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:bb8e48129d758f837e4c41e7fe40ed6d18f862b6f4d0ade3cc2d5c79adf9e556 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - - input: $(params.build-source-image) - operator: in - values: - - "true" - workspaces: - - name: workspace - workspace: workspace - - name: deprecated-base-image-check - params: - - name: IMAGE_URL - value: $(tasks.build-image-index.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - runAfter: - - build-image-index - taskRef: + - name: BINARY_IMAGE + value: $(params.output-image) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: source-build + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.2@sha256:6de42f19b1bc021657f0e94fce9995cdd841c9378a732948ae2a347422e0f613 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - input: $(params.build-source-image) + operator: in + values: + - "true" + workspaces: + - name: workspace + workspace: workspace + - name: deprecated-base-image-check params: - - name: name - value: deprecated-image-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:650330fde0773f73f6bac77ae573031c44c79165d9503b0d5ec1db3e6ef981d7 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: clair-scan - params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - build-image-index - taskRef: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:ced089bd8d86f95ee70f6ee1a6941d677f1c66c3b8f02fa60f9309c6c32e1929 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clair-scan params: - - name: name - value: clair-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:907f11c67b0330480cbf85c23b1085acc5a049ab90af980169251860a3d97ef7 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: ecosystem-cert-preflight-checks - params: - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - build-image-index - taskRef: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clair-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:f636f2cbe91d9d4d9685a38c8bc680a36e17f568ec0e60a93da82d1284b488c5 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: ecosystem-cert-preflight-checks params: - - name: name - value: ecosystem-cert-preflight-checks - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:df8a25a3431a70544172ed4844f9d0c6229d39130633960729f825a031a7dea9 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sast-snyk-check - params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - build-image-index - taskRef: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: ecosystem-cert-preflight-checks + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:df8a25a3431a70544172ed4844f9d0c6229d39130633960729f825a031a7dea9 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check params: - - name: name - value: sast-snyk-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.3@sha256:b89b936f680d18adf8d3e4d7682357e28d05da382b970741ccb0f6c05a894ee2 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - workspace: workspace - - name: clamav-scan - params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - build-image-index - taskRef: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-snyk-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.3@sha256:30cc34ccf6ca34e7f0951fd508fe4436d07388e7244baab77baf4ef9bdcefff4 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: clamav-scan params: - - name: name - value: clamav-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:c12e7a774bb07ad2796c01071b0dc0f199111b0ee99c45b55fa599e23b200bae - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sast-coverity-check - params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - coverity-availability-check - taskRef: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clamav-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:0db068e8a59612472a2483f5113893d0c5c9102e9ad7647d9a4789360e5bc2dc + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-coverity-check params: - - name: name - value: sast-coverity-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.1@sha256:63f3ac94fd881cb51a8c20d5a3dcbe2e406054bc508ab60c739138d4f55796b3 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - input: $(tasks.coverity-availability-check.results.STATUS) - operator: in - values: - - success - workspaces: - - name: workspace - workspace: workspace - - name: coverity-availability-check - params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - build-image-index - taskRef: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + runAfter: + - coverity-availability-check + taskRef: + params: + - name: name + value: sast-coverity-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.2@sha256:b444457e1cae45671e14c4c8fed97c757cd7a5a6b13cfac100b3d863bbbf4612 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - input: $(tasks.coverity-availability-check.results.STATUS) + operator: in + values: + - success + workspaces: + - name: source + workspace: workspace + - name: coverity-availability-check + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: coverity-availability-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:91ba738df7ec548d4127163e07a88de06568a350fbf581405cc8fc8498f6153c + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-shell-check params: - - name: name - value: coverity-availability-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.1@sha256:e61d2c756831dbad1e2b43ee2445e1dc23a29efcab67e4923b960966075b4d1f - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - workspace: workspace - - name: sast-shell-check - params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - build-image-index - taskRef: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-shell-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:438d4eecc52a772f7dde54ae274eb5349a207874bd9b1909cdab26e93a51a48c + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: sast-unicode-check params: - - name: name - value: sast-shell-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:3b31fbc04c1e8bf1338eb9cdbbe7e535adeff6d5b940d0124b5391676cbafeb7 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - workspace: workspace - - name: sast-unicode-check - params: - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - build-image-index - taskRef: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-unicode-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:b3e7807546635e03487eb61aff64a8e03c2dccb3d08939dcee50cff0f04fb8b0 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: apply-tags params: - - name: name - value: sast-unicode-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:12bf4880b9ddfa860dd2595e2fd8a9f20c0b0490f84577bdafd437d42ff5ecf4 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - workspace: workspace - - name: apply-tags - params: - - name: IMAGE - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - build-image-index - taskRef: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:5e5f290359fd34ae4cc77cbbba6ef8c9907d752572d6dc2a00f5a4c504eb48bb + - name: kind + value: task + resolver: bundles + - name: push-dockerfile params: - - name: name - value: apply-tags - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:2c2d88c07623b2d25163994ded6e9f29205ea5bbab090f4c86379739940028b9 - - name: kind - value: task - resolver: bundles - - name: push-dockerfile - params: - - name: IMAGE - value: $(tasks.build-image-index.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - runAfter: - - build-image-index - taskRef: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: push-dockerfile + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:86ba936a94bfad7a295fbceaa6531e33b9fc1f8fc2d5c44d93fc4e3af760bd1e + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace + - name: rpms-signature-scan params: - - name: name - value: push-dockerfile - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:e11a94301c6c89cda7765b64edcc559acdda8527c3aa8857a15f14485466ccae - - name: kind - value: task - resolver: bundles - workspaces: - - name: workspace - workspace: workspace - - name: rpms-signature-scan - params: - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - runAfter: - - build-image-index - taskRef: - params: - - name: name - value: rpms-signature-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:39cd56ffa26ff5edfd5bf9b61e902cae35a345c078cd9dcbc0737d30f3ce5ef1 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:e603b3df510aeefeaa12e8778c4642b21743cb0ae68704359dc7ffd2814249d2 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" workspaces: - - name: workspace - - name: git-auth - optional: true - - name: netrc - optional: true + - name: workspace + - name: git-auth + optional: true + - name: netrc + optional: true taskRunTemplate: {} workspaces: - - name: workspace - volumeClaimTemplate: - metadata: - creationTimestamp: null - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - status: {} - - name: git-auth - secret: - secretName: '{{ git_auth_secret }}' -status: {} + - name: workspace + volumeClaimTemplate: + metadata: + creationTimestamp: null + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: {} + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} \ No newline at end of file diff --git a/.tekton/cnf-tests-push.yaml b/.tekton/cnf-tests-push.yaml index d1f64039e2..203f20fdb3 100644 --- a/.tekton/cnf-tests-push.yaml +++ b/.tekton/cnf-tests-push.yaml @@ -10,23 +10,23 @@ metadata: == "master" creationTimestamp: null labels: - appstudio.openshift.io/application: cnf-tests-4.19 - appstudio.openshift.io/component: cnf-tests + appstudio.openshift.io/application: cnf-tests-4-19 + appstudio.openshift.io/component: cnf-tests-4-19 pipelines.appstudio.openshift.io/type: build - name: cnf-tests-on-push + name: cnf-tests-4-19-on-push namespace: telco-5g-tenant spec: params: - - name: git-url - value: '{{source_url}}' - - name: revision - value: '{{revision}}' - - name: output-image - value: quay.io/redhat-user-workloads/telco-5g-tenant/cnf-tests:4.19-{{revision}} - - name: dockerfile - value: cnf-tests/.konflux/Dockerfile - - name: prefetch-input - value: '{"type": "rpm", "path": "cnf-tests/.konflux"}' + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/redhat-user-workloads/telco-5g-tenant/cnf-tests-4-19:{{revision}} + - name: dockerfile + value: cnf-tests/.konflux/Dockerfile + - name: prefetch-input + value: '{"type": "rpm", "path": "cnf-tests/.konflux"}' pipelineSpec: description: | This pipeline is ideal for building container images from a Containerfile while reducing network traffic. @@ -34,575 +34,584 @@ spec: _Uses `buildah` to create a container image. It also optionally creates a source image and runs some build-time tests. EC will flag a violation for [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) if any tasks are added to the pipeline. This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build?tab=tags)_ finally: - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-image-index.results.IMAGE_URL) - taskRef: + - name: show-sbom params: - - name: name - value: show-sbom - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 - - name: kind - value: task - resolver: bundles - - name: show-summary - params: - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: git-url - value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - - name: image-url - value: $(params.output-image) - - name: build-task-status - value: $(tasks.build-image-index.status) - taskRef: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + taskRef: + params: + - name: name + value: show-sbom + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 + - name: kind + value: task + resolver: bundles + - name: show-summary params: - - name: name - value: summary - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:870d9a04d9784840a90b7bf6817cd0d0c4edfcda04b1ba1868cae625a3c3bfcc - - name: kind - value: task - resolver: bundles - workspaces: - - name: workspace - workspace: workspace + - name: pipelinerun-name + value: $(context.pipelineRun.name) + - name: git-url + value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) + - name: image-url + value: $(params.output-image) + - name: build-task-status + value: $(tasks.build-image-index.status) + taskRef: + params: + - name: name + value: summary + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:870d9a04d9784840a90b7bf6817cd0d0c4edfcda04b1ba1868cae625a3c3bfcc + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace params: - - description: Source Repository URL - name: git-url - type: string - - default: "" - description: Revision of the Source Repository - name: revision - type: string - - description: Fully Qualified Output Image - name: output-image - type: string - - default: . - description: Path to the source code of an application's component from where - to build image. - name: path-context - type: string - - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context - name: dockerfile - type: string - - default: "false" - description: Force rebuild image - name: rebuild - type: string - - default: "false" - description: Skip checks against built image - name: skip-checks - type: string - - default: "false" - description: Execute the build with network isolation - name: hermetic - type: string - - default: "" - description: Build dependencies to be prefetched by Cachi2 - name: prefetch-input - type: string - - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. - name: image-expires-after - - default: "false" - description: Build a source image. - name: build-source-image - type: string - - default: "false" - description: Add built image into an OCI image index - name: build-image-index - type: string - - default: [] - description: Array of --build-arg values ("arg=value" strings) for buildah - name: build-args - type: array - - default: "" - description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file - name: build-args-file - type: string + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: Path to the source code of an application's component from where + to build image. + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile inside the context specified by parameter + path-context + name: dockerfile + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched by Cachi2 + name: prefetch-input + type: string + - default: "" + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. + name: image-expires-after + - default: "false" + description: Build a source image. + name: build-source-image + type: string + - default: "false" + description: Add built image into an OCI image index + name: build-image-index + type: string + - default: [] + description: Array of --build-arg values ("arg=value" strings) for buildah + name: build-args + type: array + - default: "" + description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file + name: build-args-file + type: string results: - - description: "" - name: IMAGE_URL - value: $(tasks.build-image-index.results.IMAGE_URL) - - description: "" - name: IMAGE_DIGEST - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - description: "" - name: CHAINS-GIT_URL - value: $(tasks.clone-repository.results.url) - - description: "" - name: CHAINS-GIT_COMMIT - value: $(tasks.clone-repository.results.commit) + - description: "" + name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) tasks: - - name: init - params: - - name: image-url - value: $(params.output-image) - - name: rebuild - value: $(params.rebuild) - - name: skip-checks - value: $(params.skip-checks) - taskRef: + - name: init params: - - name: name - value: init - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init@sha256:4c6712db9419461b8c8a39523c012cb0dc061fb58563bb9170b3777d74f54659 - - name: kind - value: task - resolver: bundles - - name: clone-repository - params: - - name: url - value: $(params.git-url) - - name: revision - value: $(params.revision) - runAfter: - - init - taskRef: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: skip-checks + value: $(params.skip-checks) + taskRef: + params: + - name: name + value: init + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:63eb4a4c0cfb491276bff86fdad1c96bf238506388848e79001058450a8e843a + - name: kind + value: task + resolver: bundles + - name: clone-repository params: - - name: name - value: git-clone - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:d091a9e19567a4cbdc5acd57903c71ba71dc51d749a4ba7477e689608851e981 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: output - workspace: workspace - - name: basic-auth - workspace: git-auth - - name: prefetch-dependencies - params: - - name: input - value: $(params.prefetch-input) - - name: dev-package-managers - value: "true" - runAfter: - - clone-repository - taskRef: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + runAfter: + - init + taskRef: + params: + - name: name + value: git-clone + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:fe27845cdba6fa95d9da2bfc7cb744d4df88711e8b867c4f246bdf944d4b00d0 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies params: - - name: name - value: prefetch-dependencies - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies@sha256:aa91d0b6b5a52bb9a61bb52b9ab9e726c268ebf0bf0f444164041d3e90ac4168 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.prefetch-input) - operator: notin - values: - - "" - workspaces: - - name: source - workspace: workspace - - name: git-basic-auth - workspace: git-auth - - name: netrc - workspace: netrc - - name: build-container - params: - - name: IMAGE - value: $(params.output-image) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - $(params.build-args[*]) - - name: BUILD_ARGS_FILE - value: $(params.build-args-file) - runAfter: - - prefetch-dependencies - taskRef: + - name: input + value: $(params.prefetch-input) + - name: dev-package-managers + value: "true" + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: prefetch-dependencies + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.2@sha256:fb126d78a71fa4cef9046d2563832c91ec73e0d1a7c5811b85e9d28132b7c076 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.prefetch-input) + operator: notin + values: + - "" + workspaces: + - name: source + workspace: workspace + - name: git-basic-auth + workspace: git-auth + - name: netrc + workspace: netrc + - name: build-container params: - - name: name - value: buildah - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.3@sha256:78aeb24909d89fe334e5cd2f27e3b367694f2e634671a0286e485f97cb97b66f - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: source - workspace: workspace - - name: build-image-index - params: - - name: IMAGE - value: $(params.output-image) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - - name: ALWAYS_BUILD_INDEX - value: $(params.build-image-index) - - name: IMAGES - value: - - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + runAfter: + - prefetch-dependencies + taskRef: + params: + - name: name + value: buildah + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.4@sha256:91caef22ccb5bbc694e33eb8706cddb662840e9dc351c7e57a23f7dc50dae2e5 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: source + workspace: workspace + - name: build-image-index params: - - name: name - value: build-image-index - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:09344e6bda708f48ef759bbe84bce99515549f4cfdcbe89e417f695c19463260 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - - name: build-source-image - params: - - name: BINARY_IMAGE - value: $(params.output-image) - runAfter: - - build-image-index - taskRef: + - name: IMAGE + value: $(params.output-image) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: ALWAYS_BUILD_INDEX + value: $(params.build-image-index) + - name: IMAGES + value: + - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) + runAfter: + - build-container + taskRef: + params: + - name: name + value: build-image-index + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:0c2270d1b24fcbaa6fe82b6d045b715a5f24f55d099a10f65297671e2ee421e6 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - name: build-source-image params: - - name: name - value: source-build - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.1@sha256:9d8f146d0474440165db38a3efdf55da73856de332ebf8d598197f92156ee44e - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - - input: $(params.build-source-image) - operator: in - values: - - "true" - workspaces: - - name: workspace - workspace: workspace - - name: deprecated-base-image-check - params: - - name: IMAGE_URL - value: $(tasks.build-image-index.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - runAfter: - - build-image-index - taskRef: + - name: BINARY_IMAGE + value: $(params.output-image) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: source-build + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.2@sha256:6de42f19b1bc021657f0e94fce9995cdd841c9378a732948ae2a347422e0f613 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - input: $(params.build-source-image) + operator: in + values: + - "true" + workspaces: + - name: workspace + workspace: workspace + - name: deprecated-base-image-check params: - - name: name - value: deprecated-image-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:650330fde0773f73f6bac77ae573031c44c79165d9503b0d5ec1db3e6ef981d7 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: clair-scan - params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - build-image-index - taskRef: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:ced089bd8d86f95ee70f6ee1a6941d677f1c66c3b8f02fa60f9309c6c32e1929 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clair-scan params: - - name: name - value: clair-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:907f11c67b0330480cbf85c23b1085acc5a049ab90af980169251860a3d97ef7 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: ecosystem-cert-preflight-checks - params: - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - build-image-index - taskRef: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clair-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:f636f2cbe91d9d4d9685a38c8bc680a36e17f568ec0e60a93da82d1284b488c5 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: ecosystem-cert-preflight-checks params: - - name: name - value: ecosystem-cert-preflight-checks - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:df8a25a3431a70544172ed4844f9d0c6229d39130633960729f825a031a7dea9 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sast-snyk-check - params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - build-image-index - taskRef: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: ecosystem-cert-preflight-checks + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:df8a25a3431a70544172ed4844f9d0c6229d39130633960729f825a031a7dea9 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check params: - - name: name - value: sast-snyk-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.3@sha256:b89b936f680d18adf8d3e4d7682357e28d05da382b970741ccb0f6c05a894ee2 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - workspace: workspace - - name: clamav-scan - params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - build-image-index - taskRef: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-snyk-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.3@sha256:30cc34ccf6ca34e7f0951fd508fe4436d07388e7244baab77baf4ef9bdcefff4 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: clamav-scan params: - - name: name - value: clamav-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:c12e7a774bb07ad2796c01071b0dc0f199111b0ee99c45b55fa599e23b200bae - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sast-coverity-check - params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - coverity-availability-check - taskRef: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clamav-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:0db068e8a59612472a2483f5113893d0c5c9102e9ad7647d9a4789360e5bc2dc + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-coverity-check params: - - name: name - value: sast-coverity-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.1@sha256:63f3ac94fd881cb51a8c20d5a3dcbe2e406054bc508ab60c739138d4f55796b3 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - input: $(tasks.coverity-availability-check.results.STATUS) - operator: in - values: - - success - workspaces: - - name: workspace - workspace: workspace - - name: coverity-availability-check - params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - build-image-index - taskRef: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + runAfter: + - coverity-availability-check + taskRef: + params: + - name: name + value: sast-coverity-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.2@sha256:b444457e1cae45671e14c4c8fed97c757cd7a5a6b13cfac100b3d863bbbf4612 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - input: $(tasks.coverity-availability-check.results.STATUS) + operator: in + values: + - success + workspaces: + - name: source + workspace: workspace + - name: coverity-availability-check + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: coverity-availability-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:91ba738df7ec548d4127163e07a88de06568a350fbf581405cc8fc8498f6153c + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-shell-check params: - - name: name - value: coverity-availability-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.1@sha256:e61d2c756831dbad1e2b43ee2445e1dc23a29efcab67e4923b960966075b4d1f - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - workspace: workspace - - name: sast-shell-check - params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - build-image-index - taskRef: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-shell-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:438d4eecc52a772f7dde54ae274eb5349a207874bd9b1909cdab26e93a51a48c + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: sast-unicode-check params: - - name: name - value: sast-shell-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:3b31fbc04c1e8bf1338eb9cdbbe7e535adeff6d5b940d0124b5391676cbafeb7 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - workspace: workspace - - name: sast-unicode-check - params: - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - build-image-index - taskRef: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-unicode-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:b3e7807546635e03487eb61aff64a8e03c2dccb3d08939dcee50cff0f04fb8b0 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace + - name: apply-tags params: - - name: name - value: sast-unicode-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.1@sha256:12bf4880b9ddfa860dd2595e2fd8a9f20c0b0490f84577bdafd437d42ff5ecf4 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - workspace: workspace - - name: apply-tags - params: - - name: IMAGE - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - build-image-index - taskRef: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:5e5f290359fd34ae4cc77cbbba6ef8c9907d752572d6dc2a00f5a4c504eb48bb + - name: kind + value: task + resolver: bundles + - name: push-dockerfile params: - - name: name - value: apply-tags - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:2c2d88c07623b2d25163994ded6e9f29205ea5bbab090f4c86379739940028b9 - - name: kind - value: task - resolver: bundles - - name: push-dockerfile - params: - - name: IMAGE - value: $(tasks.build-image-index.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - runAfter: - - build-image-index - taskRef: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: push-dockerfile + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:86ba936a94bfad7a295fbceaa6531e33b9fc1f8fc2d5c44d93fc4e3af760bd1e + - name: kind + value: task + resolver: bundles + workspaces: + - name: workspace + workspace: workspace + - name: rpms-signature-scan params: - - name: name - value: push-dockerfile - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:e11a94301c6c89cda7765b64edcc559acdda8527c3aa8857a15f14485466ccae - - name: kind - value: task - resolver: bundles - workspaces: - - name: workspace - workspace: workspace - - name: rpms-signature-scan - params: - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - runAfter: - - build-image-index - taskRef: - params: - - name: name - value: rpms-signature-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:39cd56ffa26ff5edfd5bf9b61e902cae35a345c078cd9dcbc0737d30f3ce5ef1 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:e603b3df510aeefeaa12e8778c4642b21743cb0ae68704359dc7ffd2814249d2 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" workspaces: - - name: workspace - - name: git-auth - optional: true - - name: netrc - optional: true + - name: workspace + - name: git-auth + optional: true + - name: netrc + optional: true taskRunTemplate: {} workspaces: - - name: workspace - volumeClaimTemplate: - metadata: - creationTimestamp: null - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - status: {} - - name: git-auth - secret: - secretName: '{{ git_auth_secret }}' -status: {} + - name: workspace + volumeClaimTemplate: + metadata: + creationTimestamp: null + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + status: {} + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} \ No newline at end of file