diff --git a/.tekton/rekor-build-test-image.yaml b/.tekton/rekor-build-test-image.yaml new file mode 100644 index 000000000..cef925425 --- /dev/null +++ b/.tekton/rekor-build-test-image.yaml @@ -0,0 +1,61 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: build-test-image + annotations: + tekton.dev/title: "Build a test image for rekor-server" +spec: + workspaces: + - name: source + results: + - name: TEST_IMAGE_URL + description: The reference of the built image. + steps: + - name: build-and-push-test-image + securityContext: + capabilities: + add: ["SETFCAP"] + workingDir: $(workspaces.source.path) + image: quay.io/buildah/stable:v1 + volumeMounts: + - name: docker-config-volume + mountPath: $(workspaces.source.path)/.docker + - name: brew-config-volume + mountPath: $(workspaces.source.path)/.brew_auth + - name: varlibcontainers + mountPath: /home/build/.local/share/containers + env: + - name: REGISTRY_AUTH_FILE + value: .docker/.dockerconfigjson + script: | + #!/usr/bin/env sh + buildah --storage-driver=vfs bud \ + --target=test --format=oci \ + --tls-verify=true --no-cache \ + --authfile .brew_auth/.dockerconfigjson \ + -f source/Dockerfile -t quay.io/securesign/rekor-server_test:latest source + + buildah --storage-driver=vfs push \ + --tls-verify=true \ + quay.io/securesign/rekor-server_test:latest \ + docker://quay.io/securesign/rekor-server_test:latest + + - name: get-image-sha + workingDir: $(workspaces.source.path) + image: quay.io/skopeo/stable:v1 + script: | + export IMAGE_DIGEST=$(skopeo inspect docker://quay.io/securesign/rekor-server_test:latest | grep -m1 '"Digest":' | awk -F'"' '{print $4}') + echo -n "quay.io/securesign/rekor-server_test@$IMAGE_DIGEST" > $(results.TEST_IMAGE_URL.path) + + volumes: + - name: docker-config-volume + secret: + secretName: rekor-test-build-secret + - name: brew-config-volume + secret: + secretName: brew-registry-pull-secret + - name: varlibcontainers + emptyDir: {} +# This file bundles the builds for the rekor test image . +# If any changes are made to this file, it must be pushed to Quay using the following command: +# 'tkn bundle push quay.io/securesign/rekor-build-test-image:latest -f .tekton/rekor-build-test-image.yaml'. diff --git a/.tekton/rekor-e2e-test.yaml b/.tekton/rekor-e2e-test.yaml index aa3c4b84c..a5d42acda 100644 --- a/.tekton/rekor-e2e-test.yaml +++ b/.tekton/rekor-e2e-test.yaml @@ -15,7 +15,7 @@ spec: sidecars: - name: mysql - image: gcr.io/trillian-opensource-ci/db_server:v1.4.0 + image: quay.io/redhat-user-workloads/rhtas-tenant/rhtas-stack-1-0-beta/trillian-database:0870a57daf2b2cca85219e76064606969c0369df env: - name: MYSQL_ROOT_PASSWORD value: zaphod @@ -27,10 +27,10 @@ spec: value: zaphod - name: redis-server - image: registry.redhat.io/rhel9/redis-6@sha256:031a5a63611e1e6a9fec47492a32347417263b79ad3b63bcee72fc7d02d64c94 + image: registry.redhat.io/rhel9/redis-6@sha256:91b755b9fb09b7299896f9a90f7d2752fdba36a8e6e9b9d1ddc17f3f92466745 - name: trillian-log-server - image: quay.io/redhat-user-workloads/rhtas-tenant/rhtas-stack-1-0-beta/trillian-logserver:build-58a79-1696502872 + image: quay.io/redhat-user-workloads/rhtas-tenant/trillian-1-0-gamma/trillian-logserver-1-5:b0fbe2d8a36ceb49d83536fe59d00dc48e055901 workingDir: $(workspaces.source.path)/source command: - "/bin/sh" @@ -38,7 +38,7 @@ spec: - 'sleep 60 && /trillian_log_server --storage_system=mysql --mysql_uri="test:zaphod@tcp(127.0.0.1:3306)/test" --rpc_endpoint=0.0.0.0:8090 --http_endpoint=0.0.0.0:8091 --alsologtostderr' - name: trillian-log-signer - image: quay.io/redhat-user-workloads/rhtas-tenant/rhtas-stack-1-0-beta/trillian-logsigner:build-38813-1696586021 + image: quay.io/redhat-user-workloads/rhtas-tenant/trillian-1-0-gamma/trillian-logsigner-1-5:b0fbe2d8a36ceb49d83536fe59d00dc48e055901 workingDir: $(workspaces.source.path)/source command: - "/bin/sh" @@ -69,6 +69,4 @@ spec: # This file bundles the e2e tests for rekor. # If any changes are made to this file, it must be pushed to Quay using the following command: -# 'tkn bundle push quay.io/securesign/rekor-e2e-test:latest -f .tekton/rekor-e2e-test.yaml'. -# This will generate a new SHA for the bundle. -# Ensure that this new SHA is updated in the pull and push pipeline files for each component. \ No newline at end of file +# 'tkn bundle push quay.io/securesign/rekor-e2e-test:latest -f .tekton/rekor-e2e-test.yaml'. \ No newline at end of file diff --git a/.tekton/rekor-server-1-0-gamma-pull-request.yaml b/.tekton/rekor-server-1-0-gamma-pull-request.yaml index be36f7743..1eb519b9a 100644 --- a/.tekton/rekor-server-1-0-gamma-pull-request.yaml +++ b/.tekton/rekor-server-1-0-gamma-pull-request.yaml @@ -398,6 +398,39 @@ spec: workspaces: - name: source workspace: workspace + - name: build-test-image + runAfter: + - prefetch-dependencies + taskRef: + params: + - name: name + value: build-test-image + - name: bundle + value: quay.io/securesign/rekor-build-test-image:latest + - name: kind + value: task + resolver: bundles + workspaces: + - name: source + workspace: workspace + - name: run-e2e-test + params: + - name: TEST_IMAGE_URL + value: $(tasks.build-test-image.results.TEST_IMAGE_URL) + runAfter: + - build-test-image + taskRef: + params: + - name: name + value: rekor-e2e-test + - name: bundle + value: quay.io/securesign/rekor-e2e-test:latest + - name: kind + value: task + resolver: bundles + workspaces: + - name: source + workspace: workspace workspaces: - name: workspace - name: git-auth