From aaff3b106ae35725520474e234ca57bf796afe5d Mon Sep 17 00:00:00 2001 From: Nikhil Thomas Date: Tue, 8 Mar 2022 07:11:49 +0530 Subject: [PATCH] Add image replacement script for addon task Add a config map to collect image replacement environmnent variables for openshift platform Add a script to find latest release tag of a step image, find its sha and replace it in openshift deploment files Signed-off-by: Nikhil Thomas --- config/openshift/base/.env | 5 + config/openshift/base/kustomization.yaml | 7 +- config/openshift/base/operator.yaml | 3 + .../base/tekton-task-image-replacement.yaml | 27 ++++++ hack/openshift/update-image-sha.sh | 91 +++++++++++++++++++ 5 files changed, 132 insertions(+), 1 deletion(-) create mode 100644 config/openshift/base/.env create mode 100644 config/openshift/base/tekton-task-image-replacement.yaml create mode 100755 hack/openshift/update-image-sha.sh diff --git a/config/openshift/base/.env b/config/openshift/base/.env new file mode 100644 index 0000000000..70cee0eb0c --- /dev/null +++ b/config/openshift/base/.env @@ -0,0 +1,5 @@ +IMAGE_ADDONS_PARAM_BUILDER_IMAGE=registry.redhat.io/rhel8/buildah:"sha256:508f9275a14e9a87a16a4984d9f7743de9c8a9f56abd62c2a2750690c50ed270" +IMAGE_ADDONS_PARAM_KN_IMAGE=registry.redhat.io/openshift-serverless-1/client-kn-rhel8:"sha256:b8b992e36f76d80b1daeed0532adf94b1ce570a6aaef1dbcc2a28c666f8cd296" +IMAGE_ADDONS_SKOPEO_COPY=registry.redhat.io/rhel8/skopeo:"sha256:45b9c6e95aa1a3b19679b5c45f44f028e457608f7f64bd9aba76f12bc192611e" + +IMAGE_ADDONS_GENERATE=registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8:"sha256:98d8cb3a255641ca6a1bce854e5e2460c20de9fb9b28e3cc67eb459f122873dd" diff --git a/config/openshift/base/kustomization.yaml b/config/openshift/base/kustomization.yaml index 9469ef8f3f..9cce99a752 100644 --- a/config/openshift/base/kustomization.yaml +++ b/config/openshift/base/kustomization.yaml @@ -46,6 +46,7 @@ resources: - 300-operator_v1alpha1_addon_crd.yaml - operator_service.yaml - operator_servicemonitor.yaml +- tekton-task-image-replacement.yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization @@ -53,4 +54,8 @@ configMapGenerator: - name: tekton-config-defaults literals: - DEFAULT_TARGET_NAMESPACE=openshift-pipelines - behavior: merge \ No newline at end of file + behavior: merge +- name: tekton-task-image-replacement + envs: + - .env + behavior: merge diff --git a/config/openshift/base/operator.yaml b/config/openshift/base/operator.yaml index 9f70938100..3644b4dbfc 100644 --- a/config/openshift/base/operator.yaml +++ b/config/openshift/base/operator.yaml @@ -33,6 +33,9 @@ spec: - name: openshift-pipelines-operator image: ko://github.com/tektoncd/operator/cmd/openshift/operator imagePullPolicy: Always + envFrom: + - configMapRef: + name: tekton-task-image-replacement env: - name: SYSTEM_NAMESPACE valueFrom: diff --git a/config/openshift/base/tekton-task-image-replacement.yaml b/config/openshift/base/tekton-task-image-replacement.yaml new file mode 100644 index 0000000000..e9895f713c --- /dev/null +++ b/config/openshift/base/tekton-task-image-replacement.yaml @@ -0,0 +1,27 @@ +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: tekton-task-image-replacement + labels: + operator.tekton.dev/release: devel + +data: + IMAGE_ADDONS_PARAM_BUILDER_IMAGE= + IMAGE_ADDONS_PARAM_KN_IMAGE= + IMAGE_ADDONS_SKOPEO_COPY= + + IMAGE_ADDONS_GENERATE= diff --git a/hack/openshift/update-image-sha.sh b/hack/openshift/update-image-sha.sh new file mode 100755 index 0000000000..b005321687 --- /dev/null +++ b/hack/openshift/update-image-sha.sh @@ -0,0 +1,91 @@ +#!/usr/bin/env bash +set -e -u -o pipefail + +declare -r SCRIPT_NAME=$(basename "$0") +declare -r SCRIPT_DIR=$(cd $(dirname "$0") && pwd) +declare -r USERNAME=${REGISTRY_USER} +declare -r PASSWORD=${REGISTRY_PASSWORD} + +log() { + local level=$1; shift + echo -e "$level: $@" +} + + +err() { + log "ERROR" "$@" >&2 +} + +info() { + log "INFO" "$@" +} + +die() { + local code=$1; shift + local msg="$@"; shift + err $msg + exit $code +} + +usage() { + local msg="$1" + cat <<-EOF +Error: $msg + +USAGE: + REGISTRY_USER= REGISTRY_PASSWORD= $SCRIPT_NAME + +Example: + REGISTRY_USER=johnsmith REGISTRY_PASSWORD=pass123 $SCRIPT_NAME +EOF + exit 1 +} + +#declare -r CATALOG_VERSION="release-v0.7" + +declare -A IMAGES=( + ["buildah"]="registry.redhat.io/rhel8/buildah" + ["kn"]="registry.redhat.io/openshift-serverless-1/client-kn-rhel8" + ["skopeo-copy"]="registry.redhat.io/rhel8/skopeo" + ["s2i"]="registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8" +) + +find_latest_versions() { + local image_registry=${1:-""} + local latest_version="" + podman search --list-tags ${image_registry} | grep -v NAME | sort -r | tr -s ' ' | cut -d ' ' -f 2 | head -n 1 + +} + +find_sha_from_tag() { + local image_url=${1:-""} + podman run docker.io/mplatform/manifest-tool:v2.0.0 --username=${USERNAME} --password=${PASSWORD} inspect $image_url --raw | jq '.digest' +} + +update_image_sha() { + local image_prefix=${1:-""} + shift + local image_sha=${1:-""} + shift + echo replacemnet var = ${image_prefix} + sed -i -E 's@('${image_prefix}').*@\1:'${image_sha}'@' config/openshift/base/.env +} + + +main() { + + for image in ${!IMAGES[@]}; do + latest_version=$(find_latest_versions ${IMAGES[$image]}) + echo latest_version=$latest_version + image_url="${IMAGES[$image]}":"${latest_version}" + echo $image_url + image_sha=$(find_sha_from_tag "${image_url}") + echo image_sha=${image_sha} + update_image_sha "${IMAGES[$image]}" $image_sha + + done + + return $? +} + +main "$@"