diff --git a/.github/workflows/snc-runner-builder.yaml b/.github/workflows/snc-runner-builder.yaml index 3afef40..3c74582 100644 --- a/.github/workflows/snc-runner-builder.yaml +++ b/.github/workflows/snc-runner-builder.yaml @@ -65,6 +65,9 @@ jobs: if [[ ! -f snc-runner/tkn/task.yaml ]]; then exit 1 fi + if [[ ! -f snc-runner/tkn/pipeline.yaml ]]; then + exit 1 + fi # Check if version is in sync - name: Create k8s Kind Cluster @@ -77,12 +80,13 @@ jobs: - name: Deploy tasks run: | kubectl apply -f snc-runner/tkn/task.yaml + kubectl apply -f snc-runner/tkn/pipeline.yaml - name: Upload crc-builder-tkn uses: actions/upload-artifact@v4 with: name: snc-runner-tkn - path: snc-runner/tkn/task.yaml + path: snc-runner/tkn/*.yaml \ No newline at end of file diff --git a/.github/workflows/snc-runner-pusher.yml b/.github/workflows/snc-runner-pusher.yml index acc1e26..5ef96dc 100644 --- a/.github/workflows/snc-runner-pusher.yml +++ b/.github/workflows/snc-runner-pusher.yml @@ -63,4 +63,5 @@ jobs: curl -LO "https://github.com/tektoncd/cli/releases/download/v${TKN_VERSION}/tkn_${TKN_VERSION}_Linux_x86_64.tar.gz" tar xvzf "tkn_${TKN_VERSION}_Linux_x86_64.tar.gz" tkn ./tkn bundle push ${{ env.image }}-tkn \ - -f task.yaml \ No newline at end of file + -f task.yaml \ + -f pipeline.yaml \ No newline at end of file diff --git a/Makefile b/Makefile index f4fa865..69cc0c4 100644 --- a/Makefile +++ b/Makefile @@ -41,13 +41,15 @@ endif snc-runner-tkn-create: $(call tkn_template,$(SNC_RUNNER),$(SNC_RUNNER_V),snc-runner,task) + $(call tkn_template,$(SNC_RUNNER),$(SNC_RUNNER_V),snc-runner,pipeline) snc-runner-tkn-push: install-out-of-tree-tools ifndef IMAGE IMAGE = $(SNC_RUNNER):$(SNC_RUNNER_V) endif $(TOOLS_BINDIR)/tkn bundle push $(IMAGE)-tkn \ - -f snc-runner/tkn/task.yaml + -f snc-runner/tkn/task.yaml \ + -f snc-runner/tkn/pipeline.yaml #### crc-builder #### diff --git a/snc-runner/tkn/samples/pipelinerun.yaml b/snc-runner/tkn/samples/pipelinerun.yaml new file mode 100644 index 0000000..02ace94 --- /dev/null +++ b/snc-runner/tkn/samples/pipelinerun.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + generateName: crc-ocp-4.17.0-rc.5-arm64- +spec: + pipelineRef: + resolver: git + params: + - name: url + value: https://github.com/crc-org/ci-definitions.git + - name: revision + value: main + - name: pathInRepo + value: snc-runner/tkn/pipeline.yaml + params: + - name: arch + value: arm64 + - name: ocp-index-url + value: https://mirror.openshift.com/pub/openshift-v4/arm64/clients/ocp/4.17.0-rc.5 + - name: snc-ref + value: release-4.17 + - name: ocp-extended-cert + value: enabled + - name: debug + value: 'true' + workspaces: + - name: storage + persistentVolumeClaim: + claimName: XXXXX + - name: s3-credentials + secret: + secretName: XXXXX + - name: aws-credentials + secret: + secretName: XXXXX + - name: rh-account-secret + secret: + secretName: XXXXX + - name: ocp-pullsecret + secret: + secretName: XXXXX + timeout: "8h" \ No newline at end of file diff --git a/snc-runner/tkn/tpl/pipeline.tpl.yaml b/snc-runner/tkn/tpl/pipeline.tpl.yaml new file mode 100644 index 0000000..d114c3c --- /dev/null +++ b/snc-runner/tkn/tpl/pipeline.tpl.yaml @@ -0,0 +1,318 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: snc-builder + labels: + app.kubernetes.io/version: "cversion" + redhat.com/product: openshift-local + dev.lifecycle.io/phase: build + openshift-local.redhat.com/component: bundle + annotations: + tekton.dev/pipelines.minVersion: "0.44.x" + tekton.dev/categories: bundle + tekton.dev/tags: openshift-local, bundle + tekton.dev/displayName: "openshift local bundle" + tekton.dev/platforms: "linux/amd64" +spec: + description: >- + This pipeline will bundles for Openshift Local: + + * bundles for all platforms and store them on an s3 compatible storage + + workspaces: + - name: storage + - name: s3-credentials + description: | + ocp secret holding the s3 credentials. Secret should be accessible to this task. + --- + apiVersion: v1 + kind: Secret + metadata: + name: XXXX + labels: + app.kubernetes.io/component: XXXX + type: Opaque + data: + download-url: ${download_url} + upload-url: ${upload_url} + access-key: ${access_key} + secret-key: ${secret_key} + - name: aws-credentials + description: | + ocp secret holding the aws credentials. Secret should be accessible to this task. + + --- + apiVersion: v1 + kind: Secret + metadata: + name: XXXX + labels: + app.kubernetes.io/component: XXXX + type: Opaque + data: + access-key: ${access_key} + secret-key: ${secret_key} + region: ${region} + - name: rh-account-secret + description: | + ocp secret holding the credentials for a valid rh user to subscribe VM. Secret should be accessible to this task. + + Sample format for valid Secret + --- + apiVersion: v1 + kind: Secret + metadata: + name: credentials-${configname} + type: Opaque + data: + user: ${user} + password: ${password} + - name: ocp-pullsecret + description: | + crc secret name holding the pullsecret. This is only required if backed tested is crc preset + + secret should match following format: + --- + apiVersion: v1 + kind: Secret + metadata: + name: ${secret-name} + type: Opaque + data: + pullsecret: ${pullsecret-value} + + params: + # SNC runner params + - name: arch + description: arch for binaries x86_64 or arm64 + default: x86_64 + - name: runner-host-version + description: Set the RHEL os version for snc-runner. + default: '9.4' + - name: bundle-type + description: bundle to be built (openshift, microshift or okd) + default: openshift + # SNC repo params + - name: snc-scm + description: repository for snc project + default: 'https://github.com/code-ready/snc.git' + - name: snc-ref + description: repository ref for snc project + default: master + - name: snc-pullrequest + description: in case bundle build from PR + default: "''" + # OCP params + - name: ocp-index-url + description: full url to download assets for an specific ocp version. Format base_url/ocp-version + default: "''" + - name: ocp-extended-cert + description: this param controls if apply patched images for KAO and KMCO to extend cert duration. Valid values are disabled or enabled + default: disabled + # Destination params + - name: s3-bundles-path + default: crc-bundle + # Control + - name: debug + type: string + description: control verbosity and keep instances after run for troubleshooting. + default: "false" + + tasks: + - name: preparer + taskSpec: + description: This task will prepare the environment and data for being used within the pipeline + params: + - name: ocp-index-url + results: + - name: correlation + - name: ocp-version + - name: ocp-mirror + steps: + - name: preparer + image: registry.access.redhat.com/ubi9/ubi-minimal + script: | + #!/bin/sh + echo -n $RANDOM$RANDOM | tee $(results.correlation.path) + index_url=$(params.ocp-index-url) + echo -n ${index_url##*/} | tee $(results.ocp-version.path) + echo -n ${index_url/\/$version/''} | tee $(results.ocp-mirror.path) + params: + - name: ocp-index-url + value: $(params.ocp-index-url) + - name: provision-snc-runner + runAfter: + - preparer + taskRef: + resolver: git + params: + - name: url + value: https://github.com/redhat-developer/mapt.git + - name: revision + value: v0.7.1 + - name: pathInRepo + value: tkn/infra-aws-rhel.yaml + params: + - name: project-name + value: ci-snc-runner-$(tasks.preparer.results.correlation) + - name: operation + value: create + - name: arch + value: $(params.arch) + - name: version + value: $(params.runner-host-version) + - name: ws-output-path + value: ci-snc-runner/$(tasks.preparer.results.correlation) + - name: profile-snc + value: 'true' + - name: debug + value: $(params.debug) + workspaces: + - name: storage + workspace: storage + - name: aws-credentials + workspace: aws-credentials + - name: rh-account-secret + workspace: rh-account-secret + timeout: "45m" + - name: build-bundle + runAfter: + - provision-snc-runner + taskRef: + resolver: git + params: + - name: url + value: https://github.com/crc-org/ci-definitions.git + - name: revision + value: snc-runner-cversion + - name: pathInRepo + value: snc-runner/tkn/task.yaml + params: + - name: workspace-resources-path + value: ci-snc-runner/$(tasks.preparer.results.correlation) + - name: host + value: $(tasks.provision-snc-runner.results.host) + - name: username + value: $(tasks.provision-snc-runner.results.username) + - name: key + value: $(tasks.provision-snc-runner.results.key) + - name: scm + value: $(params.snc-scm) + - name: ref + value: $(params.snc-ref) + - name: pr + value: $(params.snc-pullrequest) + - name: ocp-version + value: $(tasks.preparer.results.ocp-version) + - name: ocp-mirror + value: $(tasks.preparer.results.ocp-mirror) + - name: ocp-extended-cert + value: $(params.ocp-extended-cert) + - name: s3-path + value: $(params.s3-bundles-path)/$(tasks.preparer.results.ocp-version) + - name: debug + value: $(params.debug) + workspaces: + - name: storage + workspace: storage + - name: s3-credentials + workspace: s3-credentials + - name: ocp-pullsecret + workspace: ocp-pullsecret + timeout: "185m" + finally: + - name: decomission-snc-runner + when: + - input: $(params.debug) + operator: in + values: ["false"] + taskRef: + resolver: git + params: + - name: url + value: https://github.com/redhat-developer/mapt.git + - name: revision + value: v0.7.1 + - name: pathInRepo + value: tkn/infra-aws-rhel.yaml + params: + - name: project-name + value: ci-snc-runner-$(tasks.preparer.results.correlation) + - name: operation + value: destroy + - name: ws-output-path + value: ci-snc-runner/$(tasks.preparer.results.correlation) + - name: debug + value: $(params.debug) + workspaces: + - name: storage + workspace: storage + - name: aws-credentials + workspace: aws-credentials + - name: rh-account-secret + workspace: rh-account-secret + timeout: "20m" + - name: print-decomission + when: + - input: $(params.debug) + operator: in + values: ["true"] + taskSpec: + params: + - name: correlation + steps: + - name: print + image: registry.access.redhat.com/ubi9/ubi-minimal + script: | + #!/bin/sh + + set -exuo pipefail + + touch pipelinerun.yaml + + cat < pipelinerun.yaml + --- + apiVersion: tekton.dev/v1beta1 + kind: TaskRun + metadata: + generateName: decomission-snc-runner-$(params.correlation) + spec: + taskRef: + resolver: git + params: + - name: url + value: https://github.com/redhat-developer/mapt.git + - name: revision + value: v0.7.1 + - name: pathInRepo + value: tkn/infra-aws-rhel.yaml + params: + - name: project-name + value: ci-snc-runner-$(params.correlation) + - name: operation + value: destroy + - name: ws-output-path + value: ci-snc-runner/$(params.correlation) + - name: debug + value: 'true' + workspaces: + - name: storage + persistentVolumeClaim: + claimName: XXXXX + - name: aws-credentials + secret: + secretName: XXXXX + - name: rh-account-secret + secret: + secretName: XXXXX + timeout: "20m" + EOF + + cat pipelinerun.yaml + params: + - name: correlation + value: $(tasks.preparer.results.correlation) + + + diff --git a/snc-runner/tkn/tpl/task.tpl.yaml b/snc-runner/tkn/tpl/task.tpl.yaml index 78f82d8..256f5ca 100644 --- a/snc-runner/tkn/tpl/task.tpl.yaml +++ b/snc-runner/tkn/tpl/task.tpl.yaml @@ -25,6 +25,23 @@ spec: - name: storage description: volume to store outputs to connect within the target machine + state file for the infrastructure mountPath: /opt/storage + - name: s3-credentials + description: | + ocp secret holding the s3 credentials. Secret should be accessible to this task. + --- + apiVersion: v1 + kind: Secret + metadata: + name: XXXX + labels: + app.kubernetes.io/component: XXXX + type: Opaque + data: + download-url: ${download_url} + upload-url: ${upload_url} + access-key: ${access_key} + secret-key: ${secret_key} + mountPath: /opt/s3-credentials - name: ocp-pullsecret description: | crc secret name holding the pullsecret. This is only required if backed tested is crc preset @@ -65,10 +82,8 @@ spec: - name: ocp-extended-cert default: "enabled" # Destination - - name: s3-url - - name: s3-access-key - - name: s3-secret-key - name: s3-path + description: 'destination path on s3' # Control params - name: debug description: debug purposes extend verbosity on cmds executed on the target @@ -83,7 +98,6 @@ spec: #!/bin/bash set pipefail - # If debug add verbosity if [[ $(params.debug) == "true" ]]; then set -exuo pipefail @@ -96,7 +110,6 @@ spec: TARGET_HOST_KEY_PATH=/opt/storage/$(params.workspace-resources-path)/$(params.key) chmod 600 ${TARGET_HOST_KEY_PATH} TARGET_FOLDER=crc-snc-runner - TARGET_RESULTS=results TARGET_CLEANUP='true' if [[ $(params.debug) == "true" ]]; then TARGET_CLEANUP='false' @@ -118,17 +131,17 @@ spec: # Compose the run.sh command based on params cmd="${TARGET_FOLDER}/run.sh -ocp-ps-path /home/$(params.username)/${TARGET_FOLDER}/pullsecret " cmd="$cmd -ocp-version $(params.ocp-version) " - cmd="$cmd -ocp-extended-cert $(params.ocp-extended-cert) " - cmd="$cmd -s3-url $(params.s3-url) " - cmd="$cmd -s3-ak $(params.s3-access-key) " - cmd="$cmd -s3-sk $(params.s3-secret-key) " - cmd="$cmd -s3-path $(params.s3-path) " - cmd="$cmd -ref $(params.ref) " + cmd+="-ocp-extended-cert $(params.ocp-extended-cert) " + cmd+="-s3-url $(cat /opt/s3-credentials/upload-url) " + cmd+="-s3-ak $(cat /opt/s3-credentials/access-key) " + cmd+="-s3-sk $(cat /opt/s3-credentials/secret-key) " + cmd+="-s3-path $(params.s3-path) " + cmd+="-ref $(params.ref) " if [[ $(params.pr) != "" ]]; then - cmd="$cmd -pr $(params.pr) " + cmd+="-pr $(params.pr) " fi if [[ $(params.ocp-mirror) != "" ]]; then - cmd="$cmd -ocp-mirror $(params.ocp-mirror) " + cmd+="-ocp-mirror $(params.ocp-mirror) " fi # Exec