From db9916edd06beba8a0dd8a83df32d7dfc6bd66e2 Mon Sep 17 00:00:00 2001 From: Adrian Riobo Lorenzo Date: Tue, 30 Jul 2024 13:58:52 +0200 Subject: [PATCH] chore: added snc-runner ci definition Signed-off-by: Adrian Riobo Lorenzo --- .github/workflows/build-oci.yaml | 25 +++++ .github/workflows/tkn-bundle.yaml | 29 ++++++ Makefile | 29 ++++++ snc-runner/README.md | 9 ++ snc-runner/oci/Containerfile | 9 ++ snc-runner/oci/run.sh | 156 ++++++++++++++++++++++++++++++ snc-runner/release-info | 2 + snc-runner/tkn/task.yaml | 144 +++++++++++++++++++++++++++ snc-runner/tkn/tpl/task.tpl.yaml | 144 +++++++++++++++++++++++++++ tools/bin/.gitignore | 1 + tools/tools.mk | 12 +++ 11 files changed, 560 insertions(+) create mode 100644 .github/workflows/build-oci.yaml create mode 100644 .github/workflows/tkn-bundle.yaml create mode 100644 Makefile create mode 100644 snc-runner/README.md create mode 100644 snc-runner/oci/Containerfile create mode 100755 snc-runner/oci/run.sh create mode 100644 snc-runner/release-info create mode 100644 snc-runner/tkn/task.yaml create mode 100644 snc-runner/tkn/tpl/task.tpl.yaml create mode 100644 tools/bin/.gitignore create mode 100644 tools/tools.mk diff --git a/.github/workflows/build-oci.yaml b/.github/workflows/build-oci.yaml new file mode 100644 index 0000000..809d2af --- /dev/null +++ b/.github/workflows/build-oci.yaml @@ -0,0 +1,25 @@ +name: oci-builds + +on: + push: + branches: [ main ] + tags: + - '*' + pull_request: + branches: [ main ] + +jobs: + build-mapt: + name: build-mapt + runs-on: ubuntu-24.04 + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Build image for PR + if: ${{ github.event_name == 'pull_request' }} + shell: bash + run: | + SNC_RUNNER=ghcr.io/crc-org/ci-definitions SNC_RUNNER_V=pr-${{ github.event.number }} make oci-build + + \ No newline at end of file diff --git a/.github/workflows/tkn-bundle.yaml b/.github/workflows/tkn-bundle.yaml new file mode 100644 index 0000000..87971f4 --- /dev/null +++ b/.github/workflows/tkn-bundle.yaml @@ -0,0 +1,29 @@ +name: tkn-bundle + +on: + push: + branches: [ main ] + tags: + - '*' + pull_request: + branches: [ main ] + +jobs: + tkn-check: + name: tkn-check + runs-on: ubuntu-24.04 + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Create k8s Kind Cluster + uses: helm/kind-action@v1 + + # https://docs.openshift.com/pipelines/1.15/about/op-release-notes.html + - name: Deploy min supported tekton version + run: kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.44.5/release.yaml + + - name: Deploy tasks + run: kubectl apply -f snc-runner/tkn/task.yaml + + \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..3560061 --- /dev/null +++ b/Makefile @@ -0,0 +1,29 @@ +CONTAINER_MANAGER ?= podman + +# Helpers +TOOLS_DIR := tools +include tools/tools.mk + +# Registries and versions +SNC_RUNNER ?= $(shell sed -n 1p snc-runner/release-info) +SNC_RUNNER_V ?= $(shell sed -n 2p snc-runner/release-info) + +.PHONY: oci-build oci-push tkn-create tkn-push + +## Functions +oci_builder = ${CONTAINER_MANAGER} build -t $(1):$(2) -f $(3)/oci/Containerfile $(3)/oci +oci_pusher = ${CONTAINER_MANAGER} push $(1):$(2) +tkn_creator = sed -e 's%cimage%$(1)%g' -e 's%cversion%$(2)%g' $(3)/tkn/tpl/task.tpl.yaml > $(3)/tkn/task.yaml +tkn_pusher = $(TOOLS_BINDIR)/tkn bundle push $(1):$(2)-tkn -f $(3)/tkn/task.yaml + +oci-build: + $(call oci_builder,$(SNC_RUNNER),$(SNC_RUNNER_V),snc-runner) + +oci-push: + $(call oci_pusher,$(SNC_RUNNER),$(SNC_RUNNER_V)) + +tkn-create: + $(call tkn_creator,$(SNC_RUNNER),$(SNC_RUNNER_V),snc-runner) + +tkn-push: install-out-of-tree-tools + $(call tkn_pusher,$(SNC_RUNNER),$(SNC_RUNNER_V),snc-runner) \ No newline at end of file diff --git a/snc-runner/README.md b/snc-runner/README.md new file mode 100644 index 0000000..960be40 --- /dev/null +++ b/snc-runner/README.md @@ -0,0 +1,9 @@ +# Overview + +TBD + +# Execute + +## Container + +## Tekton \ No newline at end of file diff --git a/snc-runner/oci/Containerfile b/snc-runner/oci/Containerfile new file mode 100644 index 0000000..4cfd711 --- /dev/null +++ b/snc-runner/oci/Containerfile @@ -0,0 +1,9 @@ +FROM quay.io/rhqp/deliverest:v0.0.6 + +LABEL org.opencontainers.image.authors="CRCQE " + +# Mandatory envs extending from deliverest +ENV ASSETS_FOLDER=/opt/snc \ + OS=linux + +COPY run.sh ${ASSETS_FOLDER}/ diff --git a/snc-runner/oci/run.sh b/snc-runner/oci/run.sh new file mode 100755 index 0000000..8e2af01 --- /dev/null +++ b/snc-runner/oci/run.sh @@ -0,0 +1,156 @@ +#!/bin/bash +# +# Usage run.sh -ocp-ps-path /Users/.../ps -ocp-version 4.1X.X [-ocp-extended-cert enabled] \ +# -s3-url https://amazon.es/ -s3-ak XXXX -s3-sk XXXX -s3-path nightly/ocp/4.1X.X \ +# [-scm https://github.com/code-ready/snc.git] [-ref master] [-pr] [-ocp-mirror] + +# Define error handler function +function handle_error() { + FILENAME_PATTERN="log-bundle-*.tar.gz" + OUTPUT_FILENAME="log-bundle.tar.gz" + + set -exuo pipefail + + pushd crc-tmp-install-data + log_filename=$(find . -name ${FILENAME_PATTERN} -printf "%f\n" | grep . || true) + + # Enforce ntp sync + sudo timedatectl set-ntp on + # wait for sync + while [[ $(timedatectl status | grep 'System clock synchronized' | grep -Eo '(yes|no)') = no ]]; do + sleep 2 + done + + if [ "${log_filename}" != "" ]; then + mc cp ${log_filename} datalake/${s3Path} + fi + + # Optionally exit the script gracefully + exit 1 +} + +# Parameters +# Default values +scm="https://github.com/code-ready/snc.git" +ref="master" +export SNC_USE_PATCHED_RELEASE_IMAGE="enabled" +while [[ $# -gt 0 ]]; do + key="$1" + case $key in + -scm) + scm="$2" + shift + shift + ;; + -ref) + ref="$2" + shift + shift + ;; + -pr) + pr="$2" + shift + shift + ;; + -ocp-ps-path) + export OPENSHIFT_PULL_SECRET_PATH="$2" + shift + shift + ;; + -ocp-version) + export OPENSHIFT_VERSION="$2" + shift + shift + ;; + -ocp-mirror) + MIRROR="$2" + shift + shift + ;; + -ocp-extended-cert) + export SNC_USE_PATCHED_RELEASE_IMAGE="$2" + shift + shift + ;; + -s3-url) + s3Url="$2" + shift + shift + ;; + -s3-ak) + s3AccessKey="$2" + shift + shift + ;; + -s3-sk) + s3SecretKey="$2" + shift + shift + ;; + -s3-path) + s3Path="$2" + shift + shift + ;; + *) # unknown option + shift + ;; + esac +done + +set -exuo pipefail + +export LC_ALL=C.UTF-8 +export LANG=C.UTF-8 + +# Validations +if [[ -z ${OPENSHIFT_PULL_SECRET_PATH+x} ]] || [[ -z ${OPENSHIFT_VERSION+x} ]]; then + echo "OPENSHIFT_PULL_SECRET_PATH and OPENSHIFT_VERSION should be provided" + exit 1 +fi + +# Set datalake for uploading results / error logs +if ! which mc >/dev/null; then + if [[ $(uname -m) == "x86_64" ]]; then + mcurl="https://dl.min.io/client/mc/release/linux-amd64/mc" + else + mcurl="https://dl.min.io/client/mc/release/linux-arm64/mc" + fi + sudo curl ${mcurl} -o /usr/local/bin/mc + sudo chmod +x /usr/local/bin/mc +fi +mc alias set datalake ${s3Url} \ + ${s3AccessKey} \ + ${s3SecretKey} \ + --api S3v4 +mc mb -p datalake/${s3Path} + +# Get SNC code +git clone ${scm} +pushd snc +if [[ ! -z ${pr+x} ]]; then + git fetch origin pull/${pr}/head:pr-${pr} + git checkout pr-${pr} +else + git checkout ${ref} +fi + +# Run SNC +trap handle_error ERR +./snc.sh + +# Create disks +SNC_GENERATE_LINUX_BUNDLE=1 ./createdisk.sh crc-tmp-install-data +mkdir -p ${OPENSHIFT_VERSION} +mv *.crcbundle ${OPENSHIFT_VERSION}/ +pushd ${OPENSHIFT_VERSION} +# Standarize arch names +arch=$(uname -m) +if [[ ${arch} == "aarch64" ]]; then + arch="arm64" +fi +sha256sum * > bundles.${arch}.sha256 +popd + +# Upload disks +mc cp -r ${OPENSHIFT_VERSION}/* datalake/${s3Path} diff --git a/snc-runner/release-info b/snc-runner/release-info new file mode 100644 index 0000000..adcd6ee --- /dev/null +++ b/snc-runner/release-info @@ -0,0 +1,2 @@ +quay.io/rhqp/snc-runner +2.0.0-dev \ No newline at end of file diff --git a/snc-runner/tkn/task.yaml b/snc-runner/tkn/task.yaml new file mode 100644 index 0000000..1f731ed --- /dev/null +++ b/snc-runner/tkn/task.yaml @@ -0,0 +1,144 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: snc-runner + labels: + # 2.0.0-dev values should be passed to the template + app.kubernetes.io/version: "2.0.0-dev" + redhat.com/product: openshift-local + dev.lifecycle.io/phase: build + openshift-local.redhat.com/component: bundle + annotations: + tekton.dev/pipelines.minVersion: "0.44.x" + tekton.dev/categories: openshift-local + tekton.dev/tags: openshift-local, testing + tekton.dev/displayName: "ocp bundle for openshift local" + tekton.dev/platforms: "linux/amd64" +spec: + description: >- + This task will run snc project on a target host to create a bundle for crc + + The target host should be snc compliant. + + workspaces: + - name: storage + description: volume to store outputs to connect within the target machine + state file for the infrastructure + mountPath: /opt/storage + - name: ocp-pullsecret + description: | + crc secret name holding the pullsecret. This is only required if backed tested is crc preset + + secret should match following format: + --- + apiVersion: v1 + kind: Secret + metadata: + name: ${secret-name} + type: Opaque + data: + pullsecret: ${pullsecret-value} + mountPath: /etc/crc + + params: + # correlate params + - name: workspace-resources-path + description: path on workspace to find resources to connect and managed provisioned machine + # remote target host params + - name: host + description: target host + - name: username + description: username to connect to the provisioned machine + - name: key + description: key file name to connect to the provisioned machine within the workspace resources path + # SNC params + - name: scm + default: 'https://github.com/code-ready/snc.git' + - name: ref + default: 'master' + - name: pr + default: "''" + - name: ocp-version + description: ocp version + - name: ocp-mirror + default: "''" + - name: ocp-extended-cert + default: "enabled" + # Destination + - name: s3-url + - name: s3-access-key + - name: s3-secret-key + - name: s3-path + # Control params + - name: debug + description: debug purposes extend verbosity on cmds executed on the target + default: 'false' + + steps: + - name: runner + # quay.io/rhqp/snc-runner and 2.0.0-dev values should be passed to the template + image: quay.io/rhqp/snc-runner:2.0.0-dev + imagePullPolicy: Always + script: | + #!/bin/bash + + set pipefail + + # If debug add verbosity + if [[ $(params.debug) == "true" ]]; then + set -exuo pipefail + fi + + # Set values for deliverest to run logic remotely + DEBUG=$(params.debug) + TARGET_HOST=$(params.host) + TARGET_HOST_USERNAME=$(params.username) + TARGET_HOST_KEY_PATH=/opt/storage/$(params.workspace-resources-path)/$(params.key) + chmod 600 ${TARGET_HOST_KEY_PATH} + TARGET_FOLDER=crc-snc-runner + TARGET_RESULTS=results + TARGET_CLEANUP='true' + if [[ $(params.debug) == "true" ]]; then + TARGET_CLEANUP='false' + fi + + # Image will excute run.sh on remote host + # Usage run.sh -ocp-ps-path /Users/.../ps -ocp-version 4.1X.X -ocp-extended-cert enabled \ + # -s3-url https://amazon.es/ -s3-ak XXXX -s3-sk XXXX -s3-path distributables/resources/bundles \ + # [-scm https://github.com/code-ready/snc.git] [-ref master] [-pr] [-ocp-mirror] + + # Pull secret (if exists) we will use ASSETS_FOLDER defined on the image + # to let deliverest move the pull secret to target host + if test -f /etc/crc/pullsecret; then + # ASSETS_FOLDER ENV is defined at Containerfile + # All assets inside that folder will be copied to the target host + cp /etc/crc/pullsecret ${ASSETS_FOLDER}/pullsecret + fi + + # Compose the run.sh command based on params + cmd="${TARGET_FOLDER}/run.sh -ocp-ps-path /home/$(params.username)/${TARGET_FOLDER}/pullsecret " + cmd="$cmd -ocp-version $(params.ocp-version) " + cmd="$cmd -ocp-extended-cert $(params.ocp-extended-cert) " + cmd="$cmd -s3-url $(params.s3-url) " + cmd="$cmd -s3-ak $(params.s3-access-key) " + cmd="$cmd -s3-sk $(params.s3-secret-key) " + cmd="$cmd -s3-path $(params.s3-path) " + if [[ $(params.pr) != "" ]]; then + cmd="$cmd -pr $(params.pr) " + fi + if [[ $(params.ocp-mirror) != "" ]]; then + cmd="$cmd -ocp-mirror $(params.ocp-mirror) " + fi + + # Exec + . entrypoint.sh "${cmd}" + + resources: + requests: + memory: "50Mi" + cpu: "5m" + limits: + memory: "70Mi" + cpu: "10m" + + \ No newline at end of file diff --git a/snc-runner/tkn/tpl/task.tpl.yaml b/snc-runner/tkn/tpl/task.tpl.yaml new file mode 100644 index 0000000..66ff508 --- /dev/null +++ b/snc-runner/tkn/tpl/task.tpl.yaml @@ -0,0 +1,144 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: snc-runner + labels: + # cversion values should be passed to the template + app.kubernetes.io/version: "cversion" + redhat.com/product: openshift-local + dev.lifecycle.io/phase: build + openshift-local.redhat.com/component: bundle + annotations: + tekton.dev/pipelines.minVersion: "0.44.x" + tekton.dev/categories: openshift-local + tekton.dev/tags: openshift-local, testing + tekton.dev/displayName: "ocp bundle for openshift local" + tekton.dev/platforms: "linux/amd64" +spec: + description: >- + This task will run snc project on a target host to create a bundle for crc + + The target host should be snc compliant. + + workspaces: + - name: storage + description: volume to store outputs to connect within the target machine + state file for the infrastructure + mountPath: /opt/storage + - name: ocp-pullsecret + description: | + crc secret name holding the pullsecret. This is only required if backed tested is crc preset + + secret should match following format: + --- + apiVersion: v1 + kind: Secret + metadata: + name: ${secret-name} + type: Opaque + data: + pullsecret: ${pullsecret-value} + mountPath: /etc/crc + + params: + # correlate params + - name: workspace-resources-path + description: path on workspace to find resources to connect and managed provisioned machine + # remote target host params + - name: host + description: target host + - name: username + description: username to connect to the provisioned machine + - name: key + description: key file name to connect to the provisioned machine within the workspace resources path + # SNC params + - name: scm + default: 'https://github.com/code-ready/snc.git' + - name: ref + default: 'master' + - name: pr + default: "''" + - name: ocp-version + description: ocp version + - name: ocp-mirror + default: "''" + - name: ocp-extended-cert + default: "enabled" + # Destination + - name: s3-url + - name: s3-access-key + - name: s3-secret-key + - name: s3-path + # Control params + - name: debug + description: debug purposes extend verbosity on cmds executed on the target + default: 'false' + + steps: + - name: runner + # cimage and cversion values should be passed to the template + image: cimage:cversion + imagePullPolicy: Always + script: | + #!/bin/bash + + set pipefail + + # If debug add verbosity + if [[ $(params.debug) == "true" ]]; then + set -exuo pipefail + fi + + # Set values for deliverest to run logic remotely + DEBUG=$(params.debug) + TARGET_HOST=$(params.host) + TARGET_HOST_USERNAME=$(params.username) + TARGET_HOST_KEY_PATH=/opt/storage/$(params.workspace-resources-path)/$(params.key) + chmod 600 ${TARGET_HOST_KEY_PATH} + TARGET_FOLDER=crc-snc-runner + TARGET_RESULTS=results + TARGET_CLEANUP='true' + if [[ $(params.debug) == "true" ]]; then + TARGET_CLEANUP='false' + fi + + # Image will excute run.sh on remote host + # Usage run.sh -ocp-ps-path /Users/.../ps -ocp-version 4.1X.X -ocp-extended-cert enabled \ + # -s3-url https://amazon.es/ -s3-ak XXXX -s3-sk XXXX -s3-path distributables/resources/bundles \ + # [-scm https://github.com/code-ready/snc.git] [-ref master] [-pr] [-ocp-mirror] + + # Pull secret (if exists) we will use ASSETS_FOLDER defined on the image + # to let deliverest move the pull secret to target host + if test -f /etc/crc/pullsecret; then + # ASSETS_FOLDER ENV is defined at Containerfile + # All assets inside that folder will be copied to the target host + cp /etc/crc/pullsecret ${ASSETS_FOLDER}/pullsecret + fi + + # Compose the run.sh command based on params + cmd="${TARGET_FOLDER}/run.sh -ocp-ps-path /home/$(params.username)/${TARGET_FOLDER}/pullsecret " + cmd="$cmd -ocp-version $(params.ocp-version) " + cmd="$cmd -ocp-extended-cert $(params.ocp-extended-cert) " + cmd="$cmd -s3-url $(params.s3-url) " + cmd="$cmd -s3-ak $(params.s3-access-key) " + cmd="$cmd -s3-sk $(params.s3-secret-key) " + cmd="$cmd -s3-path $(params.s3-path) " + if [[ $(params.pr) != "" ]]; then + cmd="$cmd -pr $(params.pr) " + fi + if [[ $(params.ocp-mirror) != "" ]]; then + cmd="$cmd -ocp-mirror $(params.ocp-mirror) " + fi + + # Exec + . entrypoint.sh "${cmd}" + + resources: + requests: + memory: "50Mi" + cpu: "5m" + limits: + memory: "70Mi" + cpu: "10m" + + \ No newline at end of file diff --git a/tools/bin/.gitignore b/tools/bin/.gitignore new file mode 100644 index 0000000..ac9b1c7 --- /dev/null +++ b/tools/bin/.gitignore @@ -0,0 +1 @@ +tkn \ No newline at end of file diff --git a/tools/tools.mk b/tools/tools.mk new file mode 100644 index 0000000..ed41158 --- /dev/null +++ b/tools/tools.mk @@ -0,0 +1,12 @@ +TOOLS_BINDIR = $(realpath $(TOOLS_DIR)/bin) +TKN_VERSION = 0.37.0 + +.PHONY: install-out-of-tree-tools +install-out-of-tree-tools: \ + $(TOOLS_BINDIR)/tkn + +$(TOOLS_BINDIR)/tkn: + cd $(TOOLS_BINDIR) \ + && curl -LO "https://github.com/tektoncd/cli/releases/download/v${TKN_VERSION}/tkn_${TKN_VERSION}_Linux_x86_64.tar.gz" \ + && tar xvzf "tkn_${TKN_VERSION}_Linux_x86_64.tar.gz" tkn \ + && rm "tkn_${TKN_VERSION}_Linux_x86_64.tar.gz"