From 9d1c10ce306defa484c8dd9e3010db10b10e62e9 Mon Sep 17 00:00:00 2001 From: Pete Savage Date: Tue, 17 Dec 2024 10:48:19 +0000 Subject: [PATCH] Added new trusted artifact --- .tekton/clowder-pull-request.yaml | 101 ++++++++++++++++++++++++++++++ Makefile | 10 +++ build/template_check.sh | 27 +++----- ci/konflux_minikube_e2e_tests.sh | 1 - 4 files changed, 119 insertions(+), 20 deletions(-) diff --git a/.tekton/clowder-pull-request.yaml b/.tekton/clowder-pull-request.yaml index 3f948571e..b9055a960 100644 --- a/.tekton/clowder-pull-request.yaml +++ b/.tekton/clowder-pull-request.yaml @@ -244,6 +244,97 @@ spec: operator: in values: - "true" + - name: make-template + params: + # New parameter to use the Trusted Artifact from the git-clone Task. + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image).make-template-kustomize + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + runAfter: + - prefetch-dependencies + taskSpec: + results: + - name: TEMPLATE_ARTIFACT + type: array + description: Template artifact + params: + - description: The Trusted Artifact URI pointing to the artifact with the application source code. + name: SOURCE_ARTIFACT + type: string + stepTemplate: + volumeMounts: + - mountPath: /var/workdir + name: workdir + steps: + # New step to fetch the Trusted Artifact and make it available to the next steps. + - name: use-trusted-artifact + image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:81c4864dae6bb11595f657be887e205262e70086a05ed16ada827fd6391926ac + args: + - use + - $(params.SOURCE_ARTIFACT)=/var/workdir/source + - name: make-template + image: registry.access.redhat.com/ubi8/go-toolset:1.22.7-5.1731464728 + workingDir: /opt/app-root/src + script: | + set -xe && cp /var/workdir/source/* /opt/app-root/src -Rv && cd /opt/app-root/src && make release && make build-template-kustomize + - name: create-template-manifest-trusted-artifact + image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:81c4864dae6bb11595f657be887e205262e70086a05ed16ada827fd6391926ac + args: + - create + - manifest=/opt/app-root/src/manifest.yaml + - deploy-kustomize=/opt/app-root/src/deploy-kustomize.yaml + - --store + - $(params.ociStorage) + volumes: + # New volume to store a copy of the source code accessible only to this Task. + - name: workdir + emptyDir: {} + - name: run-template-tests + params: + # New parameter to use the Trusted Artifact from the git-clone Task. + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: TEMPLATE_ARTIFACT + value: $(tasks.make-template.results.TEMPLATE_ARTIFACT) + runAfter: + - make-template + taskSpec: + params: + - description: The Trusted Artifact URI pointing to the artifact with the application source code. + name: SOURCE_ARTIFACT + type: string + - description: The Trusted Artifact URI pointing to the artifact with the template. + name: TEMPLATE_ARTIFACT + type: string + stepTemplate: + volumeMounts: + - mountPath: /var/workdir + name: workdir + steps: + # New step to fetch the Trusted Artifact and make it available to the next steps. + - name: use-trusted-artifact + image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:81c4864dae6bb11595f657be887e205262e70086a05ed16ada827fd6391926ac + args: + - use + - $(params.SOURCE_ARTIFACT)=/var/workdir/source + - name: use-trusted-artifact-template + image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:81c4864dae6bb11595f657be887e205262e70086a05ed16ada827fd6391926ac + args: + - use + - $(params.TEMPLATE_ARTIFACT[0])=/var/workdir/source/manifest.yaml + - $(params.TEMPLATE_ARTIFACT[1])=/var/workdir/source/deploy-kustomize.yaml + - name: test-template + image: registry.access.redhat.com/ubi8/go-toolset:1.22.7-5.1731464728 + workingDir: /opt/app-root/src + script: | + set -xe && cd /var/workdir/source && make test-template + volumes: + # New volume to store a copy of the source code accessible only to this Task. + - name: workdir + emptyDir: {} - name: run-unit-tests params: # New parameter to use the Trusted Artifact from the git-clone Task. @@ -280,8 +371,11 @@ spec: # New parameter to use the Trusted Artifact from the git-clone Task. - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: TEMPLATE_ARTIFACT + value: $(tasks.make-template.results.TEMPLATE_ARTIFACT) runAfter: - build-container + - run-template-tests taskSpec: params: - description: The Trusted Artifact URI pointing to the artifact with the application source code. @@ -298,6 +392,13 @@ spec: args: - use - $(params.SOURCE_ARTIFACT)=/var/workdir/source + - name: use-trusted-artifact-template + image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:81c4864dae6bb11595f657be887e205262e70086a05ed16ada827fd6391926ac + args: + - use + - $(params.TEMPLATE_ARTIFACT[0])=/var/workdir/source/manifest.yaml + - $(params.TEMPLATE_ARTIFACT[1])=/var/workdir/source/deploy.yaml + - $(params.TEMPLATE_ARTIFACT[2])=/var/workdir/source/deploy-mutate.yaml - name: e2e-tests image: registry.access.redhat.com/ubi8/ubi:8.10-1132.1732635159 workingDir: /var/workdir/source diff --git a/Makefile b/Makefile index b87590b51..0a1ab9ecb 100644 --- a/Makefile +++ b/Makefile @@ -2,6 +2,8 @@ CLOWDER_BUILD_TAG ?= $(shell git rev-parse HEAD) GO_CMD ?= go +TEMPLATE_KUSTOMIZE ?= "deploy-kustomize.yaml" + # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. ENVTEST_K8S_VERSION = 1.28 @@ -74,6 +76,14 @@ build-template: manifests kustomize controller-gen $(KUSTOMIZE) build config/deployment-template | ./manifest2template.py --config config/deployment-template/clowder_config.yaml --mutate > deploy-mutate.yml $(KUSTOMIZE) build config/deployment-template | ./manifest2template.py --config config/deployment-template/clowder_config.yaml > deploy.yml +build-template-kustomize: manifests kustomize controller-gen + $(KUSTOMIZE) build config/deployment-template > $(TEMPLATE_KUSTOMIZE) + +test-template: + cat $(TEMPLATE_KUSTOMIZE) | ./manifest2template.py --config config/deployment-template/clowder_config.yaml --mutate > deploy-mutate-test.yml + cat $(TEMPLATE_KUSTOMIZE) | ./manifest2template.py --config config/deployment-template/clowder_config.yaml > deploy-test.yml + source ./build/template_check.sh + release: manifests kustomize controller-gen echo "---" > manifest.yaml cat config/manager/clowder_config.yaml >> manifest.yaml diff --git a/build/template_check.sh b/build/template_check.sh index 82bdb4947..fb73879c5 100755 --- a/build/template_check.sh +++ b/build/template_check.sh @@ -2,27 +2,16 @@ set -exv -python3 -m venv "build/.build_venv" -source build/.build_venv/bin/activate -pip install pyyaml - -CURRENT_DEPLOY=$(md5sum deploy.yml) -CURRENT_MUTATE=$(md5sum deploy-mutate.yml) - -make build-template - -if [[ $CURRENT_DEPLOY != $(md5sum deploy.yml) ]]; then - echo "Deployment template not updated. Please run make build-template and recommit" - exit 1 -else +if diff -q deploy.yml deploy-test.yml > /dev/null; then echo "Deployment template is up to date" +else + echo "Deployment template [deploy.yml] not updated. Please run make build-template and recommit" + exit 1 fi -if [[ $CURRENT_MUTATE != $(md5sum deploy-mutate.yml) ]]; then - echo "Mutating template not updated. Please run make build-template and recommit" - exit 1 +if diff -q deploy-mutate.yml deploy-mutate-test.yml > /dev/null; then + echo "Deployment template is up to date" else - echo "Mutating template is up to date" + echo "Deployment template [deploy-mutate.yml] not updated. Please run make build-template and recommit" + exit 1 fi - -deactivate diff --git a/ci/konflux_minikube_e2e_tests.sh b/ci/konflux_minikube_e2e_tests.sh index f8a4d0d2f..07ebbb228 100755 --- a/ci/konflux_minikube_e2e_tests.sh +++ b/ci/konflux_minikube_e2e_tests.sh @@ -24,7 +24,6 @@ cd /var/workdir/source ./"${KREW}" install krew ) -source build/template_check.sh export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH" export PATH="/bins:$PATH"