Skip to content

Commit

Permalink
feat(HACBS-1798): add bundle resolver
Browse files Browse the repository at this point in the history
This commit contain  implementation of tekton bundle resolver
pipelineRef.bundle and taskRef.bundle are being deprecated
new format is added to all catalog.

For release-service change for the same refer HACBS-1780

Signed-off-by: Happy Bhati <[email protected]>
  • Loading branch information
happybhati committed Mar 23, 2023
1 parent bbca616 commit a5d63c6
Show file tree
Hide file tree
Showing 52 changed files with 2,334 additions and 0 deletions.
15 changes: 15 additions & 0 deletions catalog/pipeline/deploy-release/0.2/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# Release Pipeline

Tekton pipeline to verify Snapshot prior to Deployment

## Parameters

| Name | Description | Optional | Default value |
|------|-------------|----------|---------------|
| snapshot | The Snapshot in JSON format | No | - |
| enterpriseContractPolicy | JSON representation of the policy to be applied when validating the enterprise contract | No | - |

## Changes since 0.1

The syntax for `taskRef.bundle` and `pipelineRef.bundle` is deprecated,
bundles resolver is used with new format.
41 changes: 41 additions & 0 deletions catalog/pipeline/deploy-release/0.2/deploy-release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
---
apiVersion: tekton.dev/v1
kind: Pipeline
metadata:
name: deploy-release
labels:
app.kubernetes.io/version: "0.2"
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/tags: release
spec:
description: >-
Tekton pipeline to verify Snapshot prior to Deployment
params:
- name: snapshot
type: string
description: The Snapshot in JSON format
- name: enterpriseContractPolicy
type: string
description: JSON representation of the EnterpriseContractPolicy
tasks:
- name: verify-enterprise-contract
taskRef:
resolverRef:
resolver: "bundles"
params:
- name: bundle
value: quay.io/hacbs-contract/ec-task-bundle:snapshot
- name: kind
value: task
- name: name
value: verify-enterprise-contract
params:
- name: IMAGES
value: $(params.snapshot)
- name: SSL_CERT_DIR
value: /var/run/secrets/kubernetes.io/serviceaccount
- name: POLICY_CONFIGURATION
value: $(params.enterpriseContractPolicy)
- name: STRICT
value: "1"
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
apiVersion: tekton.dev/v1
kind: PipelineRun
metadata:
name: release-run-empty-params
spec:
params:
- name: snapshot
value: ""
- name: enterpriseContractPolicy
value: ""
pipelineRef:
resolverRef:
resolver: "bundles"
params:
- name: bundle
value: quay.io/hacbs-release/pipeline-deploy-release:0.2
- name: kind
value: pipeline
- name: name
value: deploy-release
21 changes: 21 additions & 0 deletions catalog/pipeline/deploy-release/0.2/tests/run.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
apiVersion: tekton.dev/v1
kind: PipelineRun
metadata:
name: release-run-empty-params
spec:
params:
- name: snapshot
value: ""
- name: enterpriseContractPolicy
value: ""
pipelineRef:
resolverRef:
resolver: "bundles"
params:
- name: bundle
value: quay.io/hacbs-release/pipeline-deploy-release:0.2
- name: kind
value: pipeline
- name: name
value: deploy-release
55 changes: 55 additions & 0 deletions catalog/pipeline/fbc-release/0.8/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
# FBC Release Pipeline

FBC Release Pipeline

## Parameters

| Name | Description | Optional | Default value |
|------|-------------|----------|---------------|
| snapshot | The Snapshot in JSON format | No | - |
| enterpriseContractPolicy | JSON representation of the EnterpriseContractPolicy | No | - |
| fromIndex | Index image (catalog of catalogs) the FBC fragment will be added to | No | - |
| overWriteFromIndex | Boolean indicating if the fromIndex should be overwritten | Yes | "false" |
| binaryImage | OCP binary image to be baked into the index image | Yes | "" |
| buildTags | List of additional tags the internal index image copy should be tagged with | Yes | "[]" |
| addArches | List of arches the index image should be built for | Yes | "[]" |
| requester | Name of the user that requested the signing, for auditing purposes | No | - |
| signingConfigMapName | The ConfigMap Name required by the Pipeline | No | - |
| requestUpdateTimeout | Max seconds to wait until the status is updated | Yes | - |
| buildTimeoutSeconds | Max seconds to wait until the build finishes | Yes | - |

## Changelog

## Changes since 0.4
The syntax for `taskRef.bundle` and `pipelineRef.bundle` is deprecated,
bundles resolver is used with new format.

### Changes since 0.6
- adds sign-index-image task
- refactor task and change its reference name from `create-internal-request`
to `add-fbc-contribution-to-index-image`
- adds `requester` and `signingConfigMapName` parameters
- removes `resolvedIndexImage` result

### Changes since 0.5
- updates `create-internal-request` task version to 0.3

### Changes since 0.4
- updates `create-internal-request` task version to 0.2
- adds `resolvedIndexImage` result

### Changes since 0.3
- removes param `fbcFragment`
- adds param `buildTimeoutSeconds`

### Changes since 0.2
- renames the pipeline to `fbc-release`
- forces the pipeline to run after `verify-enterprise-contract`

### Changes since 0.1
- adds param `requestUpdateTimeout`
- adds task result values to the pipeline results
- `requestMessage` gets `$(tasks.create-internal-request.results.requestMessage)`
- `requestReason` gets `$(tasks.create-internal-request.results.requestReason)`
- `requestResults` gets `$(tasks.create-internal-request.results.requestResults)`
- changes `verify-enterprise-contract` task version
138 changes: 138 additions & 0 deletions catalog/pipeline/fbc-release/0.8/fbc-release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
---
apiVersion: tekton.dev/v1
kind: Pipeline
metadata:
name: fbc-release
labels:
app.kubernetes.io/version: "0.8"
annotations:
tekton.dev/pipelines.minVersion: "0.12.1"
tekton.dev/tags: release
spec:
description: >-
Tekton release pipeline to interact with FBC Pipeline
params:
- name: snapshot
type: string
description: The Snapshot in JSON format
- name: enterpriseContractPolicy
type: string
description: JSON representation of the EnterpriseContractPolicy
- name: fromIndex
type: string
description: The source Index image (catalog of catalogs) FBC fragment
- name: targetIndex
type: string
description: Index image (catalog of catalogs) the FBC fragment will be added to
- name: overwriteFromIndex
type: string
description: Boolean indicating if the fromIndex should be overwritten
- name: binaryImage
type: string
default: ""
description: OCP binary image to be baked into the index image
- name: buildTags
type: string
default: "[]"
description: List of additional tags the internal index image copy should be tagged with
- name: addArches
type: string
default: "[]"
description: List arches to be added to be built
- name: requester
type: string
description: Name of the user that requested the signing, for auditing purposes
- name: signingConfigMapName
type: string
default: "hacbs-signing-pipeline-config"
description: The ConfigMap to be used by the signing Pipeline
- name: requestUpdateTimeout
type: string
description: Max seconds to wait until the status is updated
- name: buildTimeoutSeconds
type: string
description: Max seconds to wait until the build finishes
results:
- name: requestMessage
value: $(tasks.add-fbc-contribution-to-index-image.results.requestMessage)
- name: requestReason
value: $(tasks.add-fbc-contribution-to-index-image.results.requestReason)
- name: requestResults
value: $(tasks.add-fbc-contribution-to-index-image.results.requestResults)
tasks:
- name: verify-enterprise-contract
taskRef:
resolverRef:
resolver: "bundles"
params:
- name: bundle
value: quay.io/hacbs-contract/ec-task-bundle:snapshot
- name: kind
value: task
- name: name
value: verify-enterprise-contract
params:
- name: IMAGES
value: $(params.snapshot)
- name: SSL_CERT_DIR
value: /var/run/secrets/kubernetes.io/serviceaccount
- name: POLICY_CONFIGURATION
value: $(params.enterpriseContractPolicy)
- name: STRICT
value: "1"
- name: add-fbc-contribution-to-index-image
taskRef:
resolverRef:
resolver: "bundles"
params:
- name: bundle
value: quay.io/hacbs-release/task-create-internal-request:0.4
- name: kind
value: task
- name: name
value: create-internal-request
params:
- name: pipelineRunName
value: $(context.pipelineRun.name)
- name: fbcFragment
value: $(params.snapshot)
- name: fromIndex
value: $(params.fromIndex)
- name: overwriteFromIndex
value: $(params.overwriteFromIndex)
- name: binaryImage
value: $(params.binaryImage)
- name: buildTags
value: $(params.buildTags)
- name: addArches
value: $(params.addArches)
- name: requestUpdateTimeout
value: $(params.requestUpdateTimeout)
- name: buildTimeoutSeconds
value: $(params.buildTimeoutSeconds)
runAfter:
- verify-enterprise-contract
- name: sign-index-image
taskRef:
resolverRef:
resolver: "bundles"
params:
- name: bundle
value: quay.io/hacbs-release/task-sign-index-image:0.1
- name: kind
value: task
- name: name
value: sign-index-image
params:
- name: pipelineRunName
value: $(context.pipelineRun.name)
- name: requestJsonResults
value: $(tasks.add-fbc-contribution-to-index-image.results.requestResults)
- name: targetIndex
value: $(params.targetIndex)
- name: requester
value: $(params.requester)
- name: configMapName
value: $(params.signingConfigMapName)
- name: requestUpdateTimeout
value: $(params.requestUpdateTimeout)
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
---
apiVersion: tekton.dev/v1
kind: PipelineRun
metadata:
name: fbc-release-run-empty-params
spec:
params:
- name: snapshot
value: ""
- name: enterpriseContractPolicy
value: ""
- name: fromIndex
value: ""
- name: overwriteFromIndex
value: ""
- name: binaryImage
value: ""
- name: buildTags
value: ""
- name: addArches
value: ""
- name: requester
value: ""
- name: signingConfigMapName
value: ""
- name: requestUpdateTimeout
value: ""
- name: buildTimeoutSeconds
value: ""
pipelineRef:
resolverRef:
resolver: "bundles"
params:
- name: bundle
value: quay.io/hacbs-release/pipeline-fbc-release:0.8
- name: kind
value: pipeline
- name: name
value: fbc-release
39 changes: 39 additions & 0 deletions catalog/pipeline/fbc-release/0.8/tests/run.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
---
apiVersion: tekton.dev/v1
kind: PipelineRun
metadata:
name: fbc-release-run-empty-params
spec:
params:
- name: snapshot
value: ""
- name: enterpriseContractPolicy
value: ""
- name: fromIndex
value: ""
- name: overwriteFromIndex
value: ""
- name: binaryImage
value: ""
- name: buildTags
value: ""
- name: addArches
value: ""
- name: requester
value: ""
- name: signingConfigMapName
value: ""
- name: requestUpdateTimeout
value: ""
- name: buildTimeoutSeconds
value: ""
pipelineRef:
resolverRef:
resolver: "bundles"
params:
- name: bundle
value: quay.io/hacbs-release/pipeline-fbc-release:0.8
- name: kind
value: pipeline
- name: name
value: fbc-release
Loading

0 comments on commit a5d63c6

Please sign in to comment.