diff --git a/snc-runner/release-info b/snc-runner/release-info index 6cd2428..b9deb06 100644 --- a/snc-runner/release-info +++ b/snc-runner/release-info @@ -1,2 +1,2 @@ quay.io/crc-org/ci-snc-runner -1.0.0 \ No newline at end of file +1.0.1 \ No newline at end of file diff --git a/snc-runner/tkn/pipeline.yaml b/snc-runner/tkn/pipeline.yaml new file mode 100644 index 0000000..9cbcbf3 --- /dev/null +++ b/snc-runner/tkn/pipeline.yaml @@ -0,0 +1,318 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: snc-builder + labels: + app.kubernetes.io/version: "v1.0.1" + redhat.com/product: openshift-local + dev.lifecycle.io/phase: build + openshift-local.redhat.com/component: bundle + annotations: + tekton.dev/pipelines.minVersion: "0.44.x" + tekton.dev/categories: bundle + tekton.dev/tags: openshift-local, bundle + tekton.dev/displayName: "openshift local bundle" + tekton.dev/platforms: "linux/amd64" +spec: + description: >- + This pipeline will bundles for Openshift Local: + + * bundles for all platforms and store them on an s3 compatible storage + + workspaces: + - name: storage + - name: s3-credentials + description: | + ocp secret holding the s3 credentials. Secret should be accessible to this task. + --- + apiVersion: v1 + kind: Secret + metadata: + name: XXXX + labels: + app.kubernetes.io/component: XXXX + type: Opaque + data: + download-url: ${download_url} + upload-url: ${upload_url} + access-key: ${access_key} + secret-key: ${secret_key} + - name: aws-credentials + description: | + ocp secret holding the aws credentials. Secret should be accessible to this task. + + --- + apiVersion: v1 + kind: Secret + metadata: + name: XXXX + labels: + app.kubernetes.io/component: XXXX + type: Opaque + data: + access-key: ${access_key} + secret-key: ${secret_key} + region: ${region} + - name: rh-account-secret + description: | + ocp secret holding the credentials for a valid rh user to subscribe VM. Secret should be accessible to this task. + + Sample format for valid Secret + --- + apiVersion: v1 + kind: Secret + metadata: + name: credentials-${configname} + type: Opaque + data: + user: ${user} + password: ${password} + - name: ocp-pullsecret + description: | + crc secret name holding the pullsecret. This is only required if backed tested is crc preset + + secret should match following format: + --- + apiVersion: v1 + kind: Secret + metadata: + name: ${secret-name} + type: Opaque + data: + pullsecret: ${pullsecret-value} + + params: + # SNC runner params + - name: arch + description: arch for binaries x86_64 or arm64 + default: x86_64 + - name: runner-host-version + description: Set the RHEL os version for snc-runner. + default: '9.4' + - name: bundle-type + description: bundle to be built (openshift, microshift or okd) + default: openshift + # SNC repo params + - name: snc-scm + description: repository for snc project + default: 'https://github.com/code-ready/snc.git' + - name: snc-ref + description: repository ref for snc project + default: master + - name: snc-pullrequest + description: in case bundle build from PR + default: "''" + # OCP params + - name: ocp-index-url + description: full url to download assets for an specific ocp version. Format base_url/ocp-version + default: "''" + - name: ocp-extended-cert + description: this param controls if apply patched images for KAO and KMCO to extend cert duration. Valid values are disabled or enabled + default: disabled + # Destination params + - name: s3-bundles-path + default: crc-bundle + # Control + - name: debug + type: string + description: control verbosity and keep instances after run for troubleshooting. + default: "false" + + tasks: + - name: preparer + taskSpec: + description: This task will prepare the environment and data for being used within the pipeline + params: + - name: ocp-index-url + results: + - name: correlation + - name: ocp-version + - name: ocp-mirror + steps: + - name: preparer + image: registry.access.redhat.com/ubi9/ubi-minimal + script: | + #!/bin/sh + echo -n $RANDOM$RANDOM | tee $(results.correlation.path) + index_url=$(params.ocp-index-url) + echo -n ${index_url##*/} | tee $(results.ocp-version.path) + echo -n ${index_url/\/$version/''} | tee $(results.ocp-mirror.path) + params: + - name: ocp-index-url + value: $(params.ocp-index-url) + - name: provision-snc-runner + runAfter: + - preparer + taskRef: + resolver: git + params: + - name: url + value: https://github.com/redhat-developer/mapt.git + - name: revision + value: v0.7.1 + - name: pathInRepo + value: tkn/infra-aws-rhel.yaml + params: + - name: project-name + value: ci-snc-runner-$(tasks.preparer.results.correlation) + - name: operation + value: create + - name: arch + value: $(params.arch) + - name: version + value: $(params.runner-host-version) + - name: ws-output-path + value: ci-snc-runner/$(tasks.preparer.results.correlation) + - name: profile-snc + value: 'true' + - name: debug + value: $(params.debug) + workspaces: + - name: storage + workspace: storage + - name: aws-credentials + workspace: aws-credentials + - name: rh-account-secret + workspace: rh-account-secret + timeout: "45m" + - name: build-bundle + runAfter: + - provision-snc-runner + taskRef: + resolver: git + params: + - name: url + value: https://github.com/crc-org/ci-definitions.git + - name: revision + value: snc-runner-v1.0.1 + - name: pathInRepo + value: snc-runner/tkn/task.yaml + params: + - name: workspace-resources-path + value: ci-snc-runner/$(tasks.preparer.results.correlation) + - name: host + value: $(tasks.provision-snc-runner.results.host) + - name: username + value: $(tasks.provision-snc-runner.results.username) + - name: key + value: $(tasks.provision-snc-runner.results.key) + - name: scm + value: $(params.snc-scm) + - name: ref + value: $(params.snc-ref) + - name: pr + value: $(params.snc-pullrequest) + - name: ocp-version + value: $(tasks.preparer.results.ocp-version) + - name: ocp-mirror + value: $(tasks.preparer.results.ocp-mirror) + - name: ocp-extended-cert + value: $(params.ocp-extended-cert) + - name: s3-path + value: $(params.s3-bundles-path)/$(tasks.preparer.results.ocp-version) + - name: debug + value: $(params.debug) + workspaces: + - name: storage + workspace: storage + - name: s3-credentials + workspace: s3-credentials + - name: ocp-pullsecret + workspace: ocp-pullsecret + timeout: "185m" + finally: + - name: decomission-snc-runner + when: + - input: $(params.debug) + operator: in + values: ["false"] + taskRef: + resolver: git + params: + - name: url + value: https://github.com/redhat-developer/mapt.git + - name: revision + value: v0.7.1 + - name: pathInRepo + value: tkn/infra-aws-rhel.yaml + params: + - name: project-name + value: ci-snc-runner-$(tasks.preparer.results.correlation) + - name: operation + value: destroy + - name: ws-output-path + value: ci-snc-runner/$(tasks.preparer.results.correlation) + - name: debug + value: $(params.debug) + workspaces: + - name: storage + workspace: storage + - name: aws-credentials + workspace: aws-credentials + - name: rh-account-secret + workspace: rh-account-secret + timeout: "20m" + - name: print-decomission + when: + - input: $(params.debug) + operator: in + values: ["true"] + taskSpec: + params: + - name: correlation + steps: + - name: print + image: registry.access.redhat.com/ubi9/ubi-minimal + script: | + #!/bin/sh + + set -exuo pipefail + + touch pipelinerun.yaml + + cat < pipelinerun.yaml + --- + apiVersion: tekton.dev/v1beta1 + kind: TaskRun + metadata: + generateName: decomission-snc-runner-$(params.correlation) + spec: + taskRef: + resolver: git + params: + - name: url + value: https://github.com/redhat-developer/mapt.git + - name: revision + value: v0.7.1 + - name: pathInRepo + value: tkn/infra-aws-rhel.yaml + params: + - name: project-name + value: ci-snc-runner-$(params.correlation) + - name: operation + value: destroy + - name: ws-output-path + value: ci-snc-runner/$(params.correlation) + - name: debug + value: 'true' + workspaces: + - name: storage + persistentVolumeClaim: + claimName: XXXXX + - name: aws-credentials + secret: + secretName: XXXXX + - name: rh-account-secret + secret: + secretName: XXXXX + timeout: "20m" + EOF + + cat pipelinerun.yaml + params: + - name: correlation + value: $(tasks.preparer.results.correlation) + + + diff --git a/snc-runner/tkn/task.yaml b/snc-runner/tkn/task.yaml index a7975d6..9a4b7cb 100644 --- a/snc-runner/tkn/task.yaml +++ b/snc-runner/tkn/task.yaml @@ -4,8 +4,8 @@ kind: Task metadata: name: snc-runner labels: - # v1.0.0 values should be passed to the template - app.kubernetes.io/version: "v1.0.0" + # v1.0.1 values should be passed to the template + app.kubernetes.io/version: "v1.0.1" redhat.com/product: openshift-local dev.lifecycle.io/phase: build openshift-local.redhat.com/component: bundle @@ -25,6 +25,23 @@ spec: - name: storage description: volume to store outputs to connect within the target machine + state file for the infrastructure mountPath: /opt/storage + - name: s3-credentials + description: | + ocp secret holding the s3 credentials. Secret should be accessible to this task. + --- + apiVersion: v1 + kind: Secret + metadata: + name: XXXX + labels: + app.kubernetes.io/component: XXXX + type: Opaque + data: + download-url: ${download_url} + upload-url: ${upload_url} + access-key: ${access_key} + secret-key: ${secret_key} + mountPath: /opt/s3-credentials - name: ocp-pullsecret description: | crc secret name holding the pullsecret. This is only required if backed tested is crc preset @@ -65,10 +82,8 @@ spec: - name: ocp-extended-cert default: "enabled" # Destination - - name: s3-url - - name: s3-access-key - - name: s3-secret-key - name: s3-path + description: 'destination path on s3' # Control params - name: debug description: debug purposes extend verbosity on cmds executed on the target @@ -76,14 +91,13 @@ spec: steps: - name: runner - # quay.io/crc-org/ci-snc-runner and v1.0.0 values should be passed to the template - image: quay.io/crc-org/ci-snc-runner:v1.0.0 + # quay.io/crc-org/ci-snc-runner and v1.0.1 values should be passed to the template + image: quay.io/crc-org/ci-snc-runner:v1.0.1 imagePullPolicy: Always script: | #!/bin/bash set pipefail - # If debug add verbosity if [[ $(params.debug) == "true" ]]; then set -exuo pipefail @@ -96,7 +110,6 @@ spec: TARGET_HOST_KEY_PATH=/opt/storage/$(params.workspace-resources-path)/$(params.key) chmod 600 ${TARGET_HOST_KEY_PATH} TARGET_FOLDER=crc-snc-runner - TARGET_RESULTS=results TARGET_CLEANUP='true' if [[ $(params.debug) == "true" ]]; then TARGET_CLEANUP='false' @@ -118,16 +131,17 @@ spec: # Compose the run.sh command based on params cmd="${TARGET_FOLDER}/run.sh -ocp-ps-path /home/$(params.username)/${TARGET_FOLDER}/pullsecret " cmd="$cmd -ocp-version $(params.ocp-version) " - cmd="$cmd -ocp-extended-cert $(params.ocp-extended-cert) " - cmd="$cmd -s3-url $(params.s3-url) " - cmd="$cmd -s3-ak $(params.s3-access-key) " - cmd="$cmd -s3-sk $(params.s3-secret-key) " - cmd="$cmd -s3-path $(params.s3-path) " + cmd+="-ocp-extended-cert $(params.ocp-extended-cert) " + cmd+="-s3-url $(cat /opt/s3-credentials/upload-url) " + cmd+="-s3-ak $(cat /opt/s3-credentials/access-key) " + cmd+="-s3-sk $(cat /opt/s3-credentials/secret-key) " + cmd+="-s3-path $(params.s3-path) " + cmd+="-ref $(params.ref) " if [[ $(params.pr) != "" ]]; then - cmd="$cmd -pr $(params.pr) " + cmd+="-pr $(params.pr) " fi if [[ $(params.ocp-mirror) != "" ]]; then - cmd="$cmd -ocp-mirror $(params.ocp-mirror) " + cmd+="-ocp-mirror $(params.ocp-mirror) " fi # Exec