Validate kustomize build in CI

konflux-ci · Jan 21, 2025 · f8972c2 · f8972c2
1 parent a5d908b
commit f8972c2
Show file tree

Hide file tree

Showing 44 changed files with 13,874 additions and 1,428 deletions.
diff --git a/.github/workflows/check-kustomize-build.yaml b/.github/workflows/check-kustomize-build.yaml
@@ -0,0 +1,13 @@
+name: Validate PR - kustomize manifests
+'on':
+  pull_request:
+    branches: [main]
+jobs:
+  kustomize-build:
+    name: Check Kustomize Build of Task and Pipelines
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Validate Manifests
+        run: hack/verify-manifests.sh
diff --git a/README.md b/README.md
@@ -91,6 +91,15 @@ Buildah also has a remote version, which can be generated with:
 ./hack/generate-buildah-remote.sh
 ```
 
+## Making changes to tasks and pipelines
+
+If your tasks or pipelines contains `kustomization.yaml`, after making changes to the tasks or pipelines, run `hack/build-manifests.sh` and
+commit the generated manifests as well to the same directory (in addition to your changes).
+It will help us to make sure the kustomize build is successful and review the changes.
+
+`hack/build-manifests.sh` needs `kustomize` to be installed locally.It can be downloaded using `hack/get-kustomize.sh` script.
+
+
 ## Testing
 
 ### Prerequisites

diff --git a/hack/build-manifests.sh b/hack/build-manifests.sh
@@ -0,0 +1,66 @@
+#!/bin/bash -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)"
+
+# You can ignore building manifests for some tasks by providing the SKIP_TASKS variable
+# with the task name separated by a space, for example:
+# SKIP_TASKS="git-clone init"
+
+SKIP_TASKS="generate-odcs-compose provision-env-with-ephemeral-namespace verify-signed-rpms"
+
+# You can ignore building manifests for some pipelines by providing the SKIP_PIPELINES variable
+# with the task name separated by a space, for example:
+# SKIP_PIPELINES="rhtap gitops-pull-request-rhtap"
+
+SKIP_PIPELINES="gitops-pull-request-rhtap"
+
+main() {
+    local kustomize=${1:-kustomize}
+    local dirs
+
+    cd "$SCRIPT_DIR/.."
+    task_dirs=$(find task -maxdepth 4 \( -name 'kustomization.yaml' -o -name 'kustomization.yml' \) -exec dirname {} \;)
+    pipeline_dirs=$(find pipelines -mindepth 2 \( -name 'kustomization.yaml' -o -name 'kustomization.yml' \) -exec dirname {} \;)
+    local ret=0
+
+    for task_dir in ${task_dirs}; do
+        echo "Building task directory: ${task_dir}"
+        task_name=$(echo $task_dir | awk -F '/' '{print $2}')
+        # Skip the tasks mentioned in SKIP_TASKS
+        skipit=
+        for tname in ${SKIP_TASKS};do
+            [[ ${tname} == "${task_name}" ]] && skipit=True
+        done
+        [[ -n ${skipit} ]] && continue
+        if ! "$kustomize" build -o "$task_dir/$task_name.yaml" "$task_dir"; then
+            echo "failed to build task: $task_dir" >&2
+            ret=1
+        fi
+    done
+
+    for pipeline_dir in ${pipeline_dirs}; do
+        echo "Building pipeline directory: ${pipeline_dir}"
+        pipeline_name=$(echo $pipeline_dir | awk -F '/' '{print $2}')
+        # Skip the pipelines mentioned in SKIP_PIPELINES
+        skipit=
+        for pname in ${SKIP_PIPELINES};do
+            [[ ${pname} == "${pipeline_name}" ]] && skipit=True
+        done
+        [[ -n ${skipit} ]] && continue
+
+        if ! "$kustomize" build -o "$pipeline_dir/$pipeline_name.yaml" "$pipeline_dir"; then
+            echo "failed to build pipeline: $pipeline_dir" >&2
+            ret=1
+        fi
+    done
+
+    exit "$ret"
+
+}
+
+if [[ "${BASH_SOURCE[0]}" == "$0" ]]; then
+    main "$@"
+fi
+
+
+
diff --git a/hack/get-kustomize.sh b/hack/get-kustomize.sh
@@ -0,0 +1,20 @@
+#!/bin/bash -e
+
+main() {
+    local target_dir=${1:?target dir for storing kustomize should be specified}
+
+    mkdir -p "$target_dir"
+    if [[ -f "${target_dir}/kustomize" ]]; then
+        exit 0
+    fi
+
+    curl -L https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv5.3.0/kustomize_v5.3.0_linux_amd64.tar.gz | tar -C "$target_dir" -xvzf -
+
+    ls -l "$target_dir"
+    echo "PATH -> $PATH"
+}
+
+
+if [[ "${BASH_SOURCE[0]}" == "$0" ]]; then
+    main "$@"
+fi
diff --git a/hack/missing-ta-tasks.sh b/hack/missing-ta-tasks.sh
@@ -14,22 +14,31 @@ trap 'rm "${tmp_files[@]}" > /dev/null 2>&1' EXIT
 # Tasks that are currently missing Trusted Artifact variant
 todo=(
   task/buildah-10gb/0.2/kustomization.yaml
+  task/buildah-10gb/0.2/buildah-10gb.yaml
   task/buildah-20gb/0.2/kustomization.yaml
+  task/buildah-20gb/0.2/buildah-20gb.yaml
   task/buildah-24gb/0.2/kustomization.yaml
+  task/buildah-24gb/0.2/buildah-24gb.yaml
   task/buildah-6gb/0.2/kustomization.yaml
+  task/buildah-6gb/0.2/buildah-6gb.yaml
   task/buildah-8gb/0.2/kustomization.yaml
+  task/buildah-8gb/0.2/buildah-8gb.yaml
   task/buildah-min/0.2/kustomization.yaml
+  task/buildah-min/0.2/buildah-min.yaml
   task/buildah-rhtap/0.1/buildah-rhtap.yaml
   task/download-sbom-from-url-in-attestation/0.1/download-sbom-from-url-in-attestation.yaml
   task/fbc-related-image-check/0.1/fbc-related-image-check.yaml
   task/fbc-related-image-check/0.2/kustomization.yaml
+  task/fbc-related-image-check/0.2/fbc-related-image-check.yaml
   task/fbc-validation/0.1/fbc-validation.yaml
   task/fbc-validation/0.2/kustomization.yaml
+  task/fbc-validation/0.2/fbc-validation.yaml
   task/gather-deploy-images/0.1/gather-deploy-images.yaml
   task/generate-odcs-compose/0.2/generate-odcs-compose.yaml
   task/generate-odcs-compose/0.2/kustomization.yaml
   task/inspect-image/0.1/inspect-image.yaml
   task/inspect-image/0.2/kustomization.yaml
+  task/inspect-image/0.2/inspect-image.yaml
   task/operator-sdk-generate-bundle/0.1/operator-sdk-generate-bundle.yaml
   task/opm-get-bundle-version/0.1/opm-get-bundle-version.yaml
   task/opm-render-bundles/0.1/opm-render-bundles.yaml

diff --git a/hack/verify-manifests.sh b/hack/verify-manifests.sh
@@ -0,0 +1,21 @@
+#!/bin/bash -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)"
+
+main() {
+    local kustomize=${1:-kustomize}
+
+    "${SCRIPT_DIR}"/build-manifests.sh "$kustomize"
+    if [[ $(git status --porcelain) ]]; then
+        git diff --exit-code >&2 || {
+            echo "Did you forget to build the manifests locally?" >&2;
+            echo "Please run ./hack/build-manifests.sh and update your PR" >&2;
+            exit 1;
+        }
+    fi
+    echo "changes are up to date" >&2
+}
+
+if [[ "${BASH_SOURCE[0]}" == "$0" ]]; then
+    main "$@"
+fi