-
Notifications
You must be signed in to change notification settings - Fork 44
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(HACBS-1798): add bundle resolver
This commit contain implementation of tekton bundle resolver pipelineRef.bundle and taskRef.bundle are being deprecated new format is added to all catalog. For release-service change for the same refer HACBS-1780 Signed-off-by: Happy Bhati <[email protected]>
- Loading branch information
1 parent
bbca616
commit a5d63c6
Showing
52 changed files
with
2,334 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
# Release Pipeline | ||
|
||
Tekton pipeline to verify Snapshot prior to Deployment | ||
|
||
## Parameters | ||
|
||
| Name | Description | Optional | Default value | | ||
|------|-------------|----------|---------------| | ||
| snapshot | The Snapshot in JSON format | No | - | | ||
| enterpriseContractPolicy | JSON representation of the policy to be applied when validating the enterprise contract | No | - | | ||
|
||
## Changes since 0.1 | ||
|
||
The syntax for `taskRef.bundle` and `pipelineRef.bundle` is deprecated, | ||
bundles resolver is used with new format. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
--- | ||
apiVersion: tekton.dev/v1 | ||
kind: Pipeline | ||
metadata: | ||
name: deploy-release | ||
labels: | ||
app.kubernetes.io/version: "0.2" | ||
annotations: | ||
tekton.dev/pipelines.minVersion: "0.12.1" | ||
tekton.dev/tags: release | ||
spec: | ||
description: >- | ||
Tekton pipeline to verify Snapshot prior to Deployment | ||
params: | ||
- name: snapshot | ||
type: string | ||
description: The Snapshot in JSON format | ||
- name: enterpriseContractPolicy | ||
type: string | ||
description: JSON representation of the EnterpriseContractPolicy | ||
tasks: | ||
- name: verify-enterprise-contract | ||
taskRef: | ||
resolverRef: | ||
resolver: "bundles" | ||
params: | ||
- name: bundle | ||
value: quay.io/hacbs-contract/ec-task-bundle:snapshot | ||
- name: kind | ||
value: task | ||
- name: name | ||
value: verify-enterprise-contract | ||
params: | ||
- name: IMAGES | ||
value: $(params.snapshot) | ||
- name: SSL_CERT_DIR | ||
value: /var/run/secrets/kubernetes.io/serviceaccount | ||
- name: POLICY_CONFIGURATION | ||
value: $(params.enterpriseContractPolicy) | ||
- name: STRICT | ||
value: "1" |
21 changes: 21 additions & 0 deletions
21
catalog/pipeline/deploy-release/0.2/samples/sample_release_PipelineRun.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
--- | ||
apiVersion: tekton.dev/v1 | ||
kind: PipelineRun | ||
metadata: | ||
name: release-run-empty-params | ||
spec: | ||
params: | ||
- name: snapshot | ||
value: "" | ||
- name: enterpriseContractPolicy | ||
value: "" | ||
pipelineRef: | ||
resolverRef: | ||
resolver: "bundles" | ||
params: | ||
- name: bundle | ||
value: quay.io/hacbs-release/pipeline-deploy-release:0.2 | ||
- name: kind | ||
value: pipeline | ||
- name: name | ||
value: deploy-release |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
--- | ||
apiVersion: tekton.dev/v1 | ||
kind: PipelineRun | ||
metadata: | ||
name: release-run-empty-params | ||
spec: | ||
params: | ||
- name: snapshot | ||
value: "" | ||
- name: enterpriseContractPolicy | ||
value: "" | ||
pipelineRef: | ||
resolverRef: | ||
resolver: "bundles" | ||
params: | ||
- name: bundle | ||
value: quay.io/hacbs-release/pipeline-deploy-release:0.2 | ||
- name: kind | ||
value: pipeline | ||
- name: name | ||
value: deploy-release |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
# FBC Release Pipeline | ||
|
||
FBC Release Pipeline | ||
|
||
## Parameters | ||
|
||
| Name | Description | Optional | Default value | | ||
|------|-------------|----------|---------------| | ||
| snapshot | The Snapshot in JSON format | No | - | | ||
| enterpriseContractPolicy | JSON representation of the EnterpriseContractPolicy | No | - | | ||
| fromIndex | Index image (catalog of catalogs) the FBC fragment will be added to | No | - | | ||
| overWriteFromIndex | Boolean indicating if the fromIndex should be overwritten | Yes | "false" | | ||
| binaryImage | OCP binary image to be baked into the index image | Yes | "" | | ||
| buildTags | List of additional tags the internal index image copy should be tagged with | Yes | "[]" | | ||
| addArches | List of arches the index image should be built for | Yes | "[]" | | ||
| requester | Name of the user that requested the signing, for auditing purposes | No | - | | ||
| signingConfigMapName | The ConfigMap Name required by the Pipeline | No | - | | ||
| requestUpdateTimeout | Max seconds to wait until the status is updated | Yes | - | | ||
| buildTimeoutSeconds | Max seconds to wait until the build finishes | Yes | - | | ||
|
||
## Changelog | ||
|
||
## Changes since 0.4 | ||
The syntax for `taskRef.bundle` and `pipelineRef.bundle` is deprecated, | ||
bundles resolver is used with new format. | ||
|
||
### Changes since 0.6 | ||
- adds sign-index-image task | ||
- refactor task and change its reference name from `create-internal-request` | ||
to `add-fbc-contribution-to-index-image` | ||
- adds `requester` and `signingConfigMapName` parameters | ||
- removes `resolvedIndexImage` result | ||
|
||
### Changes since 0.5 | ||
- updates `create-internal-request` task version to 0.3 | ||
|
||
### Changes since 0.4 | ||
- updates `create-internal-request` task version to 0.2 | ||
- adds `resolvedIndexImage` result | ||
|
||
### Changes since 0.3 | ||
- removes param `fbcFragment` | ||
- adds param `buildTimeoutSeconds` | ||
|
||
### Changes since 0.2 | ||
- renames the pipeline to `fbc-release` | ||
- forces the pipeline to run after `verify-enterprise-contract` | ||
|
||
### Changes since 0.1 | ||
- adds param `requestUpdateTimeout` | ||
- adds task result values to the pipeline results | ||
- `requestMessage` gets `$(tasks.create-internal-request.results.requestMessage)` | ||
- `requestReason` gets `$(tasks.create-internal-request.results.requestReason)` | ||
- `requestResults` gets `$(tasks.create-internal-request.results.requestResults)` | ||
- changes `verify-enterprise-contract` task version |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,138 @@ | ||
--- | ||
apiVersion: tekton.dev/v1 | ||
kind: Pipeline | ||
metadata: | ||
name: fbc-release | ||
labels: | ||
app.kubernetes.io/version: "0.8" | ||
annotations: | ||
tekton.dev/pipelines.minVersion: "0.12.1" | ||
tekton.dev/tags: release | ||
spec: | ||
description: >- | ||
Tekton release pipeline to interact with FBC Pipeline | ||
params: | ||
- name: snapshot | ||
type: string | ||
description: The Snapshot in JSON format | ||
- name: enterpriseContractPolicy | ||
type: string | ||
description: JSON representation of the EnterpriseContractPolicy | ||
- name: fromIndex | ||
type: string | ||
description: The source Index image (catalog of catalogs) FBC fragment | ||
- name: targetIndex | ||
type: string | ||
description: Index image (catalog of catalogs) the FBC fragment will be added to | ||
- name: overwriteFromIndex | ||
type: string | ||
description: Boolean indicating if the fromIndex should be overwritten | ||
- name: binaryImage | ||
type: string | ||
default: "" | ||
description: OCP binary image to be baked into the index image | ||
- name: buildTags | ||
type: string | ||
default: "[]" | ||
description: List of additional tags the internal index image copy should be tagged with | ||
- name: addArches | ||
type: string | ||
default: "[]" | ||
description: List arches to be added to be built | ||
- name: requester | ||
type: string | ||
description: Name of the user that requested the signing, for auditing purposes | ||
- name: signingConfigMapName | ||
type: string | ||
default: "hacbs-signing-pipeline-config" | ||
description: The ConfigMap to be used by the signing Pipeline | ||
- name: requestUpdateTimeout | ||
type: string | ||
description: Max seconds to wait until the status is updated | ||
- name: buildTimeoutSeconds | ||
type: string | ||
description: Max seconds to wait until the build finishes | ||
results: | ||
- name: requestMessage | ||
value: $(tasks.add-fbc-contribution-to-index-image.results.requestMessage) | ||
- name: requestReason | ||
value: $(tasks.add-fbc-contribution-to-index-image.results.requestReason) | ||
- name: requestResults | ||
value: $(tasks.add-fbc-contribution-to-index-image.results.requestResults) | ||
tasks: | ||
- name: verify-enterprise-contract | ||
taskRef: | ||
resolverRef: | ||
resolver: "bundles" | ||
params: | ||
- name: bundle | ||
value: quay.io/hacbs-contract/ec-task-bundle:snapshot | ||
- name: kind | ||
value: task | ||
- name: name | ||
value: verify-enterprise-contract | ||
params: | ||
- name: IMAGES | ||
value: $(params.snapshot) | ||
- name: SSL_CERT_DIR | ||
value: /var/run/secrets/kubernetes.io/serviceaccount | ||
- name: POLICY_CONFIGURATION | ||
value: $(params.enterpriseContractPolicy) | ||
- name: STRICT | ||
value: "1" | ||
- name: add-fbc-contribution-to-index-image | ||
taskRef: | ||
resolverRef: | ||
resolver: "bundles" | ||
params: | ||
- name: bundle | ||
value: quay.io/hacbs-release/task-create-internal-request:0.4 | ||
- name: kind | ||
value: task | ||
- name: name | ||
value: create-internal-request | ||
params: | ||
- name: pipelineRunName | ||
value: $(context.pipelineRun.name) | ||
- name: fbcFragment | ||
value: $(params.snapshot) | ||
- name: fromIndex | ||
value: $(params.fromIndex) | ||
- name: overwriteFromIndex | ||
value: $(params.overwriteFromIndex) | ||
- name: binaryImage | ||
value: $(params.binaryImage) | ||
- name: buildTags | ||
value: $(params.buildTags) | ||
- name: addArches | ||
value: $(params.addArches) | ||
- name: requestUpdateTimeout | ||
value: $(params.requestUpdateTimeout) | ||
- name: buildTimeoutSeconds | ||
value: $(params.buildTimeoutSeconds) | ||
runAfter: | ||
- verify-enterprise-contract | ||
- name: sign-index-image | ||
taskRef: | ||
resolverRef: | ||
resolver: "bundles" | ||
params: | ||
- name: bundle | ||
value: quay.io/hacbs-release/task-sign-index-image:0.1 | ||
- name: kind | ||
value: task | ||
- name: name | ||
value: sign-index-image | ||
params: | ||
- name: pipelineRunName | ||
value: $(context.pipelineRun.name) | ||
- name: requestJsonResults | ||
value: $(tasks.add-fbc-contribution-to-index-image.results.requestResults) | ||
- name: targetIndex | ||
value: $(params.targetIndex) | ||
- name: requester | ||
value: $(params.requester) | ||
- name: configMapName | ||
value: $(params.signingConfigMapName) | ||
- name: requestUpdateTimeout | ||
value: $(params.requestUpdateTimeout) |
39 changes: 39 additions & 0 deletions
39
catalog/pipeline/fbc-release/0.8/samples/sample_release_PipelineRun.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
--- | ||
apiVersion: tekton.dev/v1 | ||
kind: PipelineRun | ||
metadata: | ||
name: fbc-release-run-empty-params | ||
spec: | ||
params: | ||
- name: snapshot | ||
value: "" | ||
- name: enterpriseContractPolicy | ||
value: "" | ||
- name: fromIndex | ||
value: "" | ||
- name: overwriteFromIndex | ||
value: "" | ||
- name: binaryImage | ||
value: "" | ||
- name: buildTags | ||
value: "" | ||
- name: addArches | ||
value: "" | ||
- name: requester | ||
value: "" | ||
- name: signingConfigMapName | ||
value: "" | ||
- name: requestUpdateTimeout | ||
value: "" | ||
- name: buildTimeoutSeconds | ||
value: "" | ||
pipelineRef: | ||
resolverRef: | ||
resolver: "bundles" | ||
params: | ||
- name: bundle | ||
value: quay.io/hacbs-release/pipeline-fbc-release:0.8 | ||
- name: kind | ||
value: pipeline | ||
- name: name | ||
value: fbc-release |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
--- | ||
apiVersion: tekton.dev/v1 | ||
kind: PipelineRun | ||
metadata: | ||
name: fbc-release-run-empty-params | ||
spec: | ||
params: | ||
- name: snapshot | ||
value: "" | ||
- name: enterpriseContractPolicy | ||
value: "" | ||
- name: fromIndex | ||
value: "" | ||
- name: overwriteFromIndex | ||
value: "" | ||
- name: binaryImage | ||
value: "" | ||
- name: buildTags | ||
value: "" | ||
- name: addArches | ||
value: "" | ||
- name: requester | ||
value: "" | ||
- name: signingConfigMapName | ||
value: "" | ||
- name: requestUpdateTimeout | ||
value: "" | ||
- name: buildTimeoutSeconds | ||
value: "" | ||
pipelineRef: | ||
resolverRef: | ||
resolver: "bundles" | ||
params: | ||
- name: bundle | ||
value: quay.io/hacbs-release/pipeline-fbc-release:0.8 | ||
- name: kind | ||
value: pipeline | ||
- name: name | ||
value: fbc-release |
Oops, something went wrong.