-
Notifications
You must be signed in to change notification settings - Fork 143
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
unify on a common buildah image for all tasks
Signed-off-by: arewm <[email protected]>
- Loading branch information
Showing
11 changed files
with
150 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,130 @@ | ||
apiVersion: tekton.dev/v1 | ||
kind: Task | ||
metadata: | ||
labels: | ||
app.kubernetes.io/version: "0.1" | ||
build.appstudio.redhat.com/build_type: "docker" | ||
annotations: | ||
tekton.dev/pipelines.minVersion: "0.12.1" | ||
tekton.dev/tags: "image-build, konflux" | ||
name: build-image-index | ||
spec: | ||
description: |- | ||
This takes existing Image Manifests and combines them in an Image Index. | ||
params: | ||
- name: IMAGE | ||
description: The target image and tag where the image will be pushed to. | ||
type: string | ||
- name: TLSVERIFY | ||
description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) | ||
type: string | ||
default: "true" | ||
- name: COMMIT_SHA | ||
description: The commit the image is built from. | ||
type: string | ||
default: "" | ||
- name: IMAGES | ||
description: List of Image Manifests to be referenced by the Image Index | ||
type: array | ||
- name: IMAGE_EXPIRES_AFTER | ||
description: Delete image tag after specified time resulting in garbage collection of the digest. Empty means to keep the image tag. Time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. | ||
type: string | ||
default: "" | ||
- name: BUILD_IMAGE_INDEX | ||
description: Create an OCI image index referencing all passed params.IMAGES. This allows us to always include this task for a consistent pipeline even if a user does not want to generate the image index. If the image index generation is skipped, the task will forward values for params.IMAGES[0] to results.IMAGE_*. | ||
type: string | ||
default: "false" | ||
- name: STORAGE_DRIVER | ||
description: Storage driver to configure for buildah | ||
type: string | ||
default: vfs | ||
results: | ||
- description: Digest of the image just built | ||
name: IMAGE_DIGEST | ||
- description: Image repository where the built image was pushed | ||
name: IMAGE_URL | ||
- description: List of all referenced image manifests | ||
name: IMAGES | ||
stepTemplate: | ||
env: | ||
- name: BUILDAH_FORMAT | ||
value: oci | ||
- name: COMMIT_SHA | ||
value: $(params.COMMIT_SHA) | ||
- name: IMAGE | ||
value: $(params.IMAGE) | ||
- name: TLSVERIFY | ||
value: $(params.TLSVERIFY) | ||
- name: BUILD_IMAGE_INDEX | ||
value: $(params.BUILD_IMAGE_INDEX) | ||
- name: STORAGE_DRIVER | ||
value: $(params.STORAGE_DRIVER) | ||
steps: | ||
- image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 | ||
# per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting | ||
# the cluster will set imagePullPolicy to IfNotPresent | ||
name: build | ||
computeResources: | ||
limits: | ||
memory: 4Gi | ||
requests: | ||
memory: 512Mi | ||
cpu: 250m | ||
args: ["$(params.IMAGES[*])"] | ||
script: | | ||
#!/bin/bash | ||
# Fixing group permission on /var/lib/containers | ||
set -eu | ||
set -o pipefail | ||
chown root:root /var/lib/containers | ||
sed -i 's/^\s*short-name-mode\s*=\s*.*/short-name-mode = "disabled"/' /etc/containers/registries.conf | ||
image_manifests="" | ||
buildah manifest create "$IMAGE" | ||
for i in $@ | ||
do | ||
TOADD="$i" | ||
if [[ $(echo "$i" | tr -cd ":" | wc -c) == 2 ]]; then | ||
#we need to remove the tag, and just reference the digest | ||
#as tag + digest is not supported | ||
TOADD_REPOSITORY="$(echo "$i" | cut -d: -f1)" | ||
TOADD_DIGEST="sha256:$(echo "$i" | cut -d: -f3)" | ||
TOADD="${TOADD_REPOSITORY}@${TOADD_DIGEST}" | ||
fi | ||
if [[ "$SKIP_INDEX_GENERATION" != "false" ]]; then | ||
echo "Skipping image index generation. Returning results for $TOADD" | ||
echo -n "${TOADD_REPOSITORY}" > "$(results.IMAGE_URL.path)" | ||
echo -n "${TOADD_DIGEST}" > "$(results.IMAGE_DIGEST.path)" | ||
echo -n "${TOADD}" > "$(results.IMAGES.path)" | ||
exit 0 | ||
fi | ||
echo "Adding $TOADD" | ||
image_manifests="${image_manifests} ${TOADD}," | ||
buildah manifest add $IMAGE "docker://$TOADD" --all | ||
done | ||
status=-1 | ||
max_run=5 | ||
sleep_sec=10 | ||
for run in $(seq 1 $max_run); do | ||
status=0 | ||
[ "$run" -gt 1 ] && sleep $sleep_sec | ||
echo "Pushing image to registry" | ||
buildah manifest push \ | ||
--tls-verify=$TLSVERIFY \ | ||
--digestfile image-digest $IMAGE \ | ||
docker://$IMAGE && break || status=$? | ||
done | ||
if [ "$status" -ne 0 ]; then | ||
echo "Failed to push image to registry after ${max_run} tries" | ||
exit 1 | ||
fi | ||
cat image-digest | tee $(results.IMAGE_DIGEST.path) | ||
echo -n "$IMAGE" | tee "$(results.IMAGE_URL.path)" | ||
echo -n "${image_manifests:1:-1}" > "$(results.IMAGES.path)" | ||
securityContext: | ||
capabilities: | ||
add: | ||
- SETFCAP |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters