Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Convert pre-build task to yaml. #2117

Merged
merged 4 commits into from
Sep 30, 2024
Merged

Convert pre-build task to yaml. #2117

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ca5e1ba
Convert pre-build task to yaml.
rnc Sep 24, 2024
0e0cc8f
Minor improvements to cleanup
rnc Sep 27, 2024
fedbfca
Add optional to secrets.
rnc Sep 27, 2024
5717743
Inline testing logging calls to fix depth calculation
rnc Sep 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions deploy/base-development.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,15 +42,13 @@ fi
# and if 'true' or 'false' is seen that is coerced to a bool which causes an issue
export JBS_S3_SYNC_ENABLED="\"$JBS_S3_SYNC_ENABLED\""

kubectl delete --ignore-not-found deployments.apps hacbs-jvm-operator -n jvm-build-service
kubectl delete --ignore-not-found deployments.apps jvm-build-workspace-artifact-cache

function cleanAllArtifacts() {
# Following are created in CI code
kubectl delete --ignore-not-found=true tasks.tekton.dev git-clone
kubectl delete --ignore-not-found=true tasks.tekton.dev maven
kubectl delete --ignore-not-found=true pipelines.tekton.dev sample-component-build
kubectl delete --ignore-not-found=true clusterrolebindings.rbac.authorization.k8s.io pipeline-test-jvm-namespace
kubectl delete --ignore-not-found=true clusterrolebindings.rbac.authorization.k8s.io pipeline-${JBS_WORKER_NAMESPACE}
kubectl delete --ignore-not-found=true deployments.apps jvm-build-maven-repo -n ${JBS_WORKER_NAMESPACE}

kubectl delete --ignore-not-found=true artifactbuilds.jvmbuildservice.io --all

Expand All @@ -61,6 +59,9 @@ function cleanAllArtifacts() {
echo -e "\033[0;32mSetting context to $JBS_WORKER_NAMESPACE with quay image $JBS_QUAY_ORG\033[0m"
# Its possible to set context before namespaces have been created.
kubectl config set-context --current --namespace=$JBS_WORKER_NAMESPACE
kubectl delete --ignore-not-found deployments.apps hacbs-jvm-operator -n jvm-build-service
kubectl delete --ignore-not-found deployments.apps jvm-build-workspace-artifact-cache


if [ "$1" = "--clean" ]; then
cleanAllArtifacts
Expand Down
10 changes: 3 additions & 7 deletions deploy/tasks/maven-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,14 +37,10 @@ spec:
type: string
default: "quay.io/redhat-appstudio/hacbs-jvm-build-request-processor:dev"
volumes:
- name: shared
emptyDir: {}
- name: workdir
emptyDir: {}
stepTemplate:
volumeMounts:
- mountPath: /shared
name: shared
- mountPath: /var/workdir
name: workdir
steps:
Expand All @@ -70,10 +66,10 @@ spec:
runAsUser: 0
computeResources:
limits:
cpu: "1"
memory: 2Gi
cpu: 300m
memory: 512Mi
requests:
cpu: 50m
cpu: 10m
memory: 512Mi
env:
- name: MVN_REPO
Expand Down
147 changes: 147 additions & 0 deletions deploy/tasks/pre-build.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,147 @@
---
apiVersion: tekton.dev/v1
kind: Task
metadata:
name: pre-build
annotations:
tekton.dev/pipelines.minVersion: 0.12.1
tekton.dev/tags: image-build, konflux
labels:
app.kubernetes.io/version: "0.1"
build.appstudio.redhat.com/build_type: docker
spec:
description: |-
Sets up pre-build running the preprocessor, pushing the source and creating the OCI image.
params:
- name: IMAGE_URL
description: URL of the OCI image to use.
type: string
- name: NAME
description: Name of the pipeline run (i.e. unique dependency build name)
type: string
- name: GIT_SCRIPT
description: Git clone commands
type: string
- name: GIT_IDENTITY
description: Git username
type: string
- name: GIT_URL
description: URL to determine whether we're using gitlab or github
type: string
- name: GIT_DEPLOY_TOKEN
description: Name of jvm-build-git-repo-secrets secret containing git password/token to use.
type: string
- name: GIT_SSL_VERIFICATION
description: Whether to disable ssl verification
type: string
default: "false"
- name: GIT_REUSE_REPOSITORY
description: Whether to reuse existing git repository or create new one
type: string
- name: SCM_URL
description: Reference to the git repository
type: string
- name: SCM_HASH
description: Git hash
type: string
- name: RECIPE_IMAGE
description: The image from the build recipe to use
- name: BUILD_SCRIPT
description: The build script to embed with the Containerfile
- name: PREPROCESSOR_ARGS
description: The arguments for the build preprocessor
- name: ORAS_OPTIONS
type: string
description: Optional environment variable string for build-trusted-artifacts
default: ""
- name: JVM_BUILD_SERVICE_REQPROCESSOR_IMAGE
description: Name of the processor image. Useful to override for development.
type: string
default: "quay.io/redhat-appstudio/hacbs-jvm-build-request-processor:dev"
results:
- name: PRE_BUILD_IMAGE_DIGEST
description: Digest of the image just built
- name: GIT_ARCHIVE
description: Git archive information
workspaces:
- description: The git repo will be cloned onto the volume backing this Workspace.
name: source
mountPath: /var/workdir
- name: tls
steps:
# Should we use our own git clone task? Or embed (somehow) Konflux's version?
- name: git-clone
image: $(params.RECIPE_IMAGE)
computeResources:
limits:
cpu: 300m
memory: 512Mi
requests:
cpu: 10m
memory: 512Mi
securityContext:
runAsUser: 0
env:
- name: GIT_TOKEN
valueFrom:
secretKeyRef:
optional: true
name: jvm-build-git-secrets
key: .git-credentials
script: |
$(params.GIT_SCRIPT)
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently not using Konflux git clone task but the original simple git clone from JBS and passing it through as a script from the operator.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The more we use Konflux's tasks the better I think, but not a problem for now to use our own. Can be a subsequent PR.

- name: preprocessor
image: $(params.JVM_BUILD_SERVICE_REQPROCESSOR_IMAGE)
securityContext:
runAsUser: 0
computeResources:
limits:
cpu: 300m
memory: 512Mi
requests:
cpu: 10m
memory: 512Mi
script: |
$(params.BUILD_SCRIPT)
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To embed the Containerfile / build-script into the repository currently passing them through from the operator (which is generating them). Eventually I think the preprocessor should generate them (for the following steps (create-pre-build-source and create-pre-build-image) to use).

Copy link
Member

@vibe13 vibe13 Sep 30, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes I believe it would be cleaner that the preprocessor generates the build script and propagates it as a result to following steps. Can be a subsequent PR.

/opt/jboss/container/java/run/run-java.sh $(params.PREPROCESSOR_ARGS)
- name: create-pre-build-source
image: $(params.JVM_BUILD_SERVICE_REQPROCESSOR_IMAGE)
securityContext:
runAsUser: 0
computeResources:
limits:
cpu: 300m
memory: 512Mi
requests:
cpu: 10m
memory: 512Mi
env:
- name: GIT_DEPLOY_TOKEN
valueFrom:
secretKeyRef:
optional: true
name: $(params.GIT_DEPLOY_TOKEN)
key: gitdeploytoken
args:
- deploy-pre-build-source
- --source-path=$(workspaces.source.path)/source
- --task-run-name=$(context.taskRun.name)
- --scm-uri=$(params.SCM_URL)
- --scm-commit=$(params.SCM_HASH)
- --image-id=$(params.NAME)
- --git-identity=$(params.GIT_IDENTITY)
- --git-url=$(params.GIT_URL)
- --git-disable-ssl-verification=$(params.GIT_SSL_VERIFICATION)
- --git-reuse-repository=$(params.GIT_REUSE_REPOSITORY)
- name: create-pre-build-image
image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:d6f57d97d19008437680190908fe5444cda380f9c77d0e9efde7153720412e05
script: |
echo "Creating pre-build-image archive"
export ORAS_OPTIONS="$ORAS_OPTIONS --image-spec=v1.0 --artifact-type application/vnd.oci.image.config.v1+json"
create-archive --store $(params.IMAGE_URL) $(results.PRE_BUILD_IMAGE_DIGEST.path)=$(workspaces.source.path)/source
env:
- name: ORAS_OPTIONS
value: $(params.ORAS_OPTIONS)
- name: IMAGE_URL
value: $(params.IMAGE_URL)

4 changes: 2 additions & 2 deletions ...s/build-request-processor/src/main/java/com/redhat/hacbs/container/deploy/git/GitHub.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,11 @@ enum Type {
public GitHub(String endpoint, String identity, String token, boolean ssl)
throws IOException {
if (isNotEmpty(token)) {
github = new GitHubBuilder().withEndpoint(endpoint == null ? GITHUB_URL : endpoint)
github = new GitHubBuilder().withEndpoint(isNotEmpty(endpoint) ? endpoint : GITHUB_URL)
.withOAuthToken(token)
.build();
} else {
github = new GitHubBuilder().withEndpoint(endpoint == null ? GITHUB_URL : endpoint)
github = new GitHubBuilder().withEndpoint(isNotEmpty(endpoint) ? endpoint : GITHUB_URL)
.build();
}
owner = identity;
Expand Down
Loading
Loading