Add image index task to pipelines

The build-image-index task is added to all pipelines but the generation of an image index is disabled by default. Signed-off-by: arewm <[email protected]>
konflux-ci · Aug 2, 2024 · c9a479c · c9a479c
1 parent bf2e62e
commit c9a479c
Show file tree

Hide file tree

Showing 5 changed files with 145 additions and 93 deletions.
diff --git a/pipelines/docker-build-oci-ta/patch.yaml b/pipelines/docker-build-oci-ta/patch.yaml
@@ -12,19 +12,20 @@
   path: /spec/workspaces/0
 # Order of Tasks from the base docker-build Pipeline:
 # $ kustomize build pipelines/docker-build | yq .spec.tasks.[].name | nl -v 0
-#  0  init
-#  1  clone-repository
-#  2  prefetch-dependencies
-#  3  build-container
-#  4  build-source-image
-#  5  deprecated-base-image-check
-#  6  clair-scan
-#  7  ecosystem-cert-preflight-checks
-#  8  sast-snyk-check
-#  9  clamav-scan
-# 10  sbom-json-check
-# 11  apply-tags
-# 12  push-dockerfile
+#   0  init
+#   1  clone-repository
+#   2  prefetch-dependencies
+#   3  build-container
+#   4  build-image-index
+#   5  build-source-image
+#   6  deprecated-base-image-check
+#   7  clair-scan
+#   8  ecosystem-cert-preflight-checks
+#   9  sast-snyk-check
+#  10  clamav-scan
+#  11  sbom-json-check
+#  12  apply-tags
+#  13  push-dockerfile
 
 # clone-repository Task
 - op: replace
@@ -84,46 +85,46 @@
 
 # build-source-image
 - op: replace
-  path: /spec/tasks/4/taskRef/name
+  path: /spec/tasks/5/taskRef/name
   value: source-build-oci-ta
 - op: add
-  path: /spec/tasks/4/params/-
+  path: /spec/tasks/5/params/-
   value:
     name: SOURCE_ARTIFACT
     value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
 - op: add
-  path: /spec/tasks/4/params/-
+  path: /spec/tasks/5/params/-
   value:
     name: CACHI2_ARTIFACT
     value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
 - op: remove
-  path: /spec/tasks/4/workspaces/0
+  path: /spec/tasks/5/workspaces/0
 
 # sast-snyk-check
 - op: replace
-  path: /spec/tasks/8/taskRef/name
+  path: /spec/tasks/9/taskRef/name
   value: sast-snyk-check-oci-ta
 - op: add
   # In the docker-build Pipeline, the snyk Task does not receive any parameters, so we cannot
   # append to it.
-  path: /spec/tasks/8/params
+  path: /spec/tasks/9/params
   value:
     - name: SOURCE_ARTIFACT
       value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
 - op: remove
-  path: /spec/tasks/8/workspaces/0
+  path: /spec/tasks/9/workspaces/0
 
 # push-dockerfile
 - op: replace
-  path: /spec/tasks/12/taskRef/name
+  path: /spec/tasks/13/taskRef/name
   value: push-dockerfile-oci-ta
 - op: add
-  path: /spec/tasks/12/params/-
+  path: /spec/tasks/13/params/-
   value:
     name: SOURCE_ARTIFACT
     value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
 - op: remove
-  path: /spec/tasks/12/workspaces/0
+  path: /spec/tasks/13/workspaces/0
 
 # Order of finally Tasks from the base docker-build Pipeline:
 # $ kustomize build pipelines/docker-build | yq .spec.finally.[].name | nl -v 0

diff --git a/pipelines/docker-build-rhtap/patch.yaml b/pipelines/docker-build-rhtap/patch.yaml
@@ -73,40 +73,43 @@
 # Remove tasks
 # Example - yq .spec.tasks.[].name ../build-definitions/pipelines/template-build/template-build.yaml | nl -v 0
 # to compute offsets
-#      0  init
-#      1  clone-repository
-#      2  prefetch-dependencies
-#      3  build-container
-#      4  build-source-image
-#      5  deprecated-base-image-check
-#      6  clair-scan
-#      7  ecosystem-cert-preflight-checks
-#      8  sast-snyk-check
-#      9  clamav-scan
-#      10 sbom-json-check
-#      11 apply-tags
-#      12 push-dockerfile
+# 0  init
+# 1  clone-repository
+# 2  prefetch-dependencies
+# 3  build-container
+# 4  build-image-index
+# 5  build-source-image
+# 6  deprecated-base-image-check
+# 7  clair-scan
+# 8  ecosystem-cert-preflight-checks
+# 9  sast-snyk-check
+# 10  clamav-scan
+# 11  sbom-json-check
+# 12  apply-tags
+# 13  push-dockerfile
 - op: replace
   path: /spec/tasks/3/runAfter/0
   value: clone-repository
 - op: remove
-  path: /spec/tasks/12 # push-dockerfile
+  path: /spec/tasks/13 # push-dockerfile
 - op: remove
-  path: /spec/tasks/11 # apply-tags
+  path: /spec/tasks/12 # apply-tags
 - op: remove
-  path: /spec/tasks/10 # sbom-json-check
+  path: /spec/tasks/11 # sbom-json-check
 - op: remove
-  path: /spec/tasks/9  # clamav-scan
+  path: /spec/tasks/10 # clamav-scan
 - op: remove
-  path: /spec/tasks/8  # sast-snyk-check
+  path: /spec/tasks/9  # sast-snyk-check
 - op: remove
-  path: /spec/tasks/7  # ecosystem-cert-preflight-checks
+  path: /spec/tasks/8  # ecosystem-cert-preflight-checks
 - op: remove
-  path: /spec/tasks/6  # clair-scan
+  path: /spec/tasks/7  # clair-scan
 - op: remove
-  path: /spec/tasks/5  # deprecated-base-image-check
+  path: /spec/tasks/6  # deprecated-base-image-check
 - op: remove
-  path: /spec/tasks/4  # build-source-image
+  path: /spec/tasks/5  # build-source-image
+- op: remove
+  path: /spec/tasks/4  # build-image-index
 - op: remove
   path: /spec/tasks/2  # prefetch-dependencies
 - op: remove

diff --git a/pipelines/docker-build/patch.yaml b/pipelines/docker-build/patch.yaml
@@ -8,6 +8,23 @@
     "pipelines.openshift.io/used-by": "build-cloud"
     "pipelines.openshift.io/runtime": "generic"
     "pipelines.openshift.io/strategy": "docker"
+#  yq ".spec.tasks.[].name" pipelines/template-build/template-build.yaml | nl -v 0 
+#      0  init
+#      1  clone-repository
+#      2  prefetch-dependencies
+#      3  build-container
+#      4  build-image-index
+#      5  build-source-image
+#      6  deprecated-base-image-check
+#      7  clair-scan
+#      8  ecosystem-cert-preflight-checks
+#      9  sast-snyk-check
+#     10  clamav-scan
+#     11  sbom-json-check
+#     12  apply-tags
+#     13  push-dockerfile
+
+# build-container
 - op: replace
   path: /spec/tasks/3/taskRef
   value:
@@ -49,6 +66,13 @@
       - $(params.build-args[*])
   - name: BUILD_ARGS_FILE
     value: "$(params.build-args-file)"
+
+# build-image-index
+- op: add
+  path: /spec/tasks/4/params/-
+  value:
+  - name: IMAGE_EXPIRES_AFTER
+    value: "$(params.image-expires-after)"
 - op: add
   path: /spec/results/-
   value:

diff --git a/pipelines/fbc-builder/patch.yaml b/pipelines/fbc-builder/patch.yaml
@@ -31,30 +31,37 @@
 # Remove tasks
 # Example - yq .spec.tasks.[].name ../build-definitions/pipelines/template-build/template-build.yaml | nl -v 0
 # to compute offsets
-#      0  init
-#      1  clone-repository
-#      2  prefetch-dependencies
-#      3  build-container
-#      4  build-source-image
-#      5  deprecated-base-image-check
-#      6  clair-scan
-#      7  ecosystem-cert-preflight-checks
-#      8  sast-snyk-check
-#      9  clamav-scan
-#      10 sbom-json-check
+# 0  init
+# 1  clone-repository
+# 2  prefetch-dependencies
+# 3  build-container
+# 4  build-image-index
+# 5  build-source-image
+# 6  deprecated-base-image-check
+# 7  clair-scan
+# 8  ecosystem-cert-preflight-checks
+# 9  sast-snyk-check
+# 10  clamav-scan
+# 11  sbom-json-check
+# 12  apply-tags
+# 13  push-dockerfile
 - op: replace
   path: /spec/tasks/3/runAfter/0
   value: clone-repository
 - op: remove
-  path: /spec/tasks/9  # clamav-scan
+  path: /spec/tasks/13  # push-dockerfile
 - op: remove
-  path: /spec/tasks/8  # sast-snyk-check
+  path: /spec/tasks/11  # sbom-json-check
 - op: remove
-  path: /spec/tasks/7  # ecosystem-cert-preflight-checks
+  path: /spec/tasks/10 # clamav-scan
 - op: remove
-  path: /spec/tasks/6  # clair-scan
+  path: /spec/tasks/9  # sast-snyk-check
 - op: remove
-  path: /spec/tasks/4  # build-source-image
+  path: /spec/tasks/8  # ecosystem-cert-preflight-checks
+- op: remove
+  path: /spec/tasks/7  # clair-scan
+- op: remove
+  path: /spec/tasks/5  # build-source-image
 - op: remove
   path: /spec/tasks/2  # prefetch-dependencies
 - op: add
@@ -66,15 +73,15 @@
       operator: in
       values: ["false"]
     runAfter:
-      - build-container
+      - build-image-index
     taskRef:
       name: inspect-image
       version: "0.1"
     params:
     - name: IMAGE_URL
-      value: $(tasks.build-container.results.IMAGE_URL)
+      value: $(tasks.build-image-index.results.IMAGE_URL)
     - name: IMAGE_DIGEST
-      value: $(tasks.build-container.results.IMAGE_DIGEST)
+      value: $(tasks.build-image-index.results.IMAGE_DIGEST)
     workspaces:
     - name: source
       workspace: workspace
@@ -93,9 +100,9 @@
       version: "0.1"
     params:
     - name: IMAGE_URL
-      value: $(tasks.build-container.results.IMAGE_URL)
+      value: $(tasks.build-image-index.results.IMAGE_URL)
     - name: IMAGE_DIGEST
-      value: $(tasks.build-container.results.IMAGE_DIGEST)
+      value: $(tasks.build-image-index.results.IMAGE_DIGEST)
     - name: BASE_IMAGE
       value: $(tasks.inspect-image.results.BASE_IMAGE)
     workspaces: