From 49c83952d622552587b257ec84d90f0ec014aa72 Mon Sep 17 00:00:00 2001 From: arewm Date: Tue, 6 Aug 2024 13:29:52 -0400 Subject: [PATCH] unify on a common buildah image for all tasks Updating the image used for the remote tasks resulted in a bump in the buildah version. This includes https://github.com/containers/common/commit/08fc0b450 which no longer sets the repository or tag when pulling without the optional name. To properly populate the image in the container's registry, we need to push and pull it with the optional name. Signed-off-by: arewm --- task-generator/remote/main.go | 5 ++--- .../build-image-manifest/0.1/build-image-manifest.yaml | 2 +- task/buildah-oci-ta/0.1/buildah-oci-ta.yaml | 4 ++-- task/buildah-oci-ta/0.2/buildah-oci-ta.yaml | 4 ++-- .../0.1/buildah-remote-oci-ta.yaml | 10 +++++----- .../0.2/buildah-remote-oci-ta.yaml | 10 +++++----- task/buildah-remote/0.1/buildah-remote.yaml | 10 +++++----- task/buildah-remote/0.2/buildah-remote.yaml | 10 +++++----- task/buildah/0.1/buildah.yaml | 4 ++-- task/buildah/0.2/buildah.yaml | 4 ++-- 10 files changed, 31 insertions(+), 32 deletions(-) diff --git a/task-generator/remote/main.go b/task-generator/remote/main.go index 950da014b4..361671a1bb 100644 --- a/task-generator/remote/main.go +++ b/task-generator/remote/main.go @@ -224,7 +224,7 @@ if ! [[ $IS_LOCALHOST ]]; then ret += "cd " + step.WorkingDir + "\n" } ret += step.Script - ret += "\nbuildah push \"$IMAGE\" oci:rhtap-final-image" + ret += "\nbuildah push \"$IMAGE\" \"oci:konflux-final-image:$IMAGE\"" ret += "\nREMOTESSHEOF" ret += "\nchmod +x " + script + "\n" @@ -253,7 +253,7 @@ if ! [[ $IS_LOCALHOST ]]; then //sync back results ret += "\n rsync -ra \"$SSH_HOST:$BUILD_DIR/results/\" \"/tekton/results/\"" - ret += "\n buildah pull oci:rhtap-final-image" + ret += "\n buildah pull \"oci:konflux-final-image:$IMAGE\"" ret += "\nelse\n bash " + containerScript ret += "\nfi" ret += "\nbuildah images" @@ -266,7 +266,6 @@ if ! [[ $IS_LOCALHOST ]]; then } step.Script = ret builderImage = step.Image - step.Image = "quay.io/redhat-appstudio/multi-platform-runner:01c7670e81d5120347cf0ad13372742489985e5f@sha256:246adeaaba600e207131d63a7f706cffdcdc37d8f600c56187123ec62823ff44" step.VolumeMounts = append(step.VolumeMounts, v1.VolumeMount{ Name: "ssh", ReadOnly: true, diff --git a/task/build-image-manifest/0.1/build-image-manifest.yaml b/task/build-image-manifest/0.1/build-image-manifest.yaml index 57ba3c3a90..26b0456588 100644 --- a/task/build-image-manifest/0.1/build-image-manifest.yaml +++ b/task/build-image-manifest/0.1/build-image-manifest.yaml @@ -54,7 +54,7 @@ spec: - name: COMMIT_SHA value: $(params.COMMIT_SHA) steps: - - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + - image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent name: build diff --git a/task/buildah-oci-ta/0.1/buildah-oci-ta.yaml b/task/buildah-oci-ta/0.1/buildah-oci-ta.yaml index d4e6ea3710..45f0f325fa 100644 --- a/task/buildah-oci-ta/0.1/buildah-oci-ta.yaml +++ b/task/buildah-oci-ta/0.1/buildah-oci-ta.yaml @@ -220,7 +220,7 @@ spec: - $(params.SOURCE_ARTIFACT)=/var/workdir/source - $(params.CACHI2_ARTIFACT)=/var/workdir/cachi2 - name: build - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 args: - $(params.BUILD_ARGS[*]) workingDir: /var/workdir @@ -528,7 +528,7 @@ spec: securityContext: runAsUser: 0 - name: inject-sbom-and-push - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 workingDir: /var/workdir volumeMounts: - mountPath: /var/lib/containers diff --git a/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml b/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml index f6db08c933..e9958b4961 100644 --- a/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml +++ b/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml @@ -222,7 +222,7 @@ spec: - $(params.SOURCE_ARTIFACT)=/var/workdir/source - $(params.CACHI2_ARTIFACT)=/var/workdir/cachi2 - name: build - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 args: - $(params.BUILD_ARGS[*]) workingDir: /var/workdir @@ -506,7 +506,7 @@ spec: securityContext: runAsUser: 0 - name: inject-sbom-and-push - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 workingDir: /var/workdir volumeMounts: - mountPath: /var/lib/containers diff --git a/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml b/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml index 82bbcee8cb..1b846e70e9 100644 --- a/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml +++ b/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml @@ -184,7 +184,7 @@ spec: - name: YUM_REPOS_D_TARGET value: $(params.YUM_REPOS_D_TARGET) - name: BUILDER_IMAGE - value: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + value: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 volumeMounts: - mountPath: /shared name: shared @@ -209,7 +209,7 @@ spec: env: - name: COMMIT_SHA value: $(params.COMMIT_SHA) - image: quay.io/redhat-appstudio/multi-platform-runner:01c7670e81d5120347cf0ad13372742489985e5f@sha256:246adeaaba600e207131d63a7f706cffdcdc37d8f600c56187123ec62823ff44 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 name: build script: |- #!/bin/bash @@ -438,7 +438,7 @@ spec: # Needed to generate base images SBOM echo "$BASE_IMAGES" >/var/workdir/base_images_from_dockerfile - buildah push "$IMAGE" oci:rhtap-final-image + buildah push "$IMAGE" "oci:konflux-final-image:$IMAGE" REMOTESSHEOF chmod +x scripts/script-build.sh @@ -478,7 +478,7 @@ spec: rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/shared/" /shared/ rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/workdir/" /var/workdir/ rsync -ra "$SSH_HOST:$BUILD_DIR/results/" "/tekton/results/" - buildah pull oci:rhtap-final-image + buildah pull "oci:konflux-final-image:$IMAGE" else bash scripts/script-build.sh fi @@ -617,7 +617,7 @@ spec: runAsUser: 0 workingDir: /var/workdir - computeResources: {} - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 name: inject-sbom-and-push script: | base_image_name=$(buildah inspect --format '{{ index .ImageAnnotations "org.opencontainers.image.base.name"}}' $IMAGE | cut -f1 -d'@') diff --git a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml index 7efd36035e..e46c8c5935 100644 --- a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml +++ b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml @@ -191,7 +191,7 @@ spec: - name: YUM_REPOS_D_TARGET value: $(params.YUM_REPOS_D_TARGET) - name: BUILDER_IMAGE - value: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + value: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 - name: PLATFORM value: $(params.PLATFORM) - name: IMAGE_APPEND_PLATFORM @@ -221,7 +221,7 @@ spec: env: - name: COMMIT_SHA value: $(params.COMMIT_SHA) - image: quay.io/redhat-appstudio/multi-platform-runner:01c7670e81d5120347cf0ad13372742489985e5f@sha256:246adeaaba600e207131d63a7f706cffdcdc37d8f600c56187123ec62823ff44 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 name: build script: |- #!/bin/bash @@ -456,7 +456,7 @@ spec: # Needed to generate base images SBOM echo "$BASE_IMAGES" >/shared/base_images_from_dockerfile - buildah push "$IMAGE" oci:rhtap-final-image + buildah push "$IMAGE" "oci:konflux-final-image:$IMAGE" REMOTESSHEOF chmod +x scripts/script-build.sh @@ -497,7 +497,7 @@ spec: rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/shared/" /shared/ rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/workdir/" /var/workdir/ rsync -ra "$SSH_HOST:$BUILD_DIR/results/" "/tekton/results/" - buildah pull oci:rhtap-final-image + buildah pull "oci:konflux-final-image:$IMAGE" else bash scripts/script-build.sh fi @@ -624,7 +624,7 @@ spec: requests: cpu: "1" memory: 1Gi - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 name: inject-sbom-and-push script: | #!/bin/bash diff --git a/task/buildah-remote/0.1/buildah-remote.yaml b/task/buildah-remote/0.1/buildah-remote.yaml index 05af19f28b..a31b912631 100644 --- a/task/buildah-remote/0.1/buildah-remote.yaml +++ b/task/buildah-remote/0.1/buildah-remote.yaml @@ -181,7 +181,7 @@ spec: - name: SKIP_UNUSED_STAGES value: $(params.SKIP_UNUSED_STAGES) - name: BUILDER_IMAGE - value: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + value: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 volumeMounts: - mountPath: /shared name: shared @@ -197,7 +197,7 @@ spec: env: - name: COMMIT_SHA value: $(params.COMMIT_SHA) - image: quay.io/redhat-appstudio/multi-platform-runner:01c7670e81d5120347cf0ad13372742489985e5f@sha256:246adeaaba600e207131d63a7f706cffdcdc37d8f600c56187123ec62823ff44 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 name: build script: |- #!/bin/bash @@ -430,7 +430,7 @@ spec: # Needed to generate base images SBOM echo "$BASE_IMAGES" > $(workspaces.source.path)/base_images_from_dockerfile - buildah push "$IMAGE" oci:rhtap-final-image + buildah push "$IMAGE" "oci:konflux-final-image:$IMAGE" REMOTESSHEOF chmod +x scripts/script-build.sh @@ -471,7 +471,7 @@ spec: rsync -ra "$SSH_HOST:$BUILD_DIR/workspaces/source/" "$(workspaces.source.path)/" rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/shared/" /shared/ rsync -ra "$SSH_HOST:$BUILD_DIR/results/" "/tekton/results/" - buildah pull oci:rhtap-final-image + buildah pull "oci:konflux-final-image:$IMAGE" else bash scripts/script-build.sh fi @@ -610,7 +610,7 @@ spec: runAsUser: 0 workingDir: $(workspaces.source.path) - computeResources: {} - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 name: inject-sbom-and-push script: | if [ -n "${PARAM_BUILDER_IMAGE}" ]; then diff --git a/task/buildah-remote/0.2/buildah-remote.yaml b/task/buildah-remote/0.2/buildah-remote.yaml index 365ad9e918..05562e787a 100644 --- a/task/buildah-remote/0.2/buildah-remote.yaml +++ b/task/buildah-remote/0.2/buildah-remote.yaml @@ -182,7 +182,7 @@ spec: - name: SKIP_UNUSED_STAGES value: $(params.SKIP_UNUSED_STAGES) - name: BUILDER_IMAGE - value: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + value: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 - name: PLATFORM value: $(params.PLATFORM) - name: IMAGE_APPEND_PLATFORM @@ -203,7 +203,7 @@ spec: env: - name: COMMIT_SHA value: $(params.COMMIT_SHA) - image: quay.io/redhat-appstudio/multi-platform-runner:01c7670e81d5120347cf0ad13372742489985e5f@sha256:246adeaaba600e207131d63a7f706cffdcdc37d8f600c56187123ec62823ff44 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 name: build script: |- #!/bin/bash @@ -438,7 +438,7 @@ spec: # Needed to generate base images SBOM echo "$BASE_IMAGES" > /shared/base_images_from_dockerfile - buildah push "$IMAGE" oci:rhtap-final-image + buildah push "$IMAGE" "oci:konflux-final-image:$IMAGE" REMOTESSHEOF chmod +x scripts/script-build.sh @@ -479,7 +479,7 @@ spec: rsync -ra "$SSH_HOST:$BUILD_DIR/workspaces/source/" "$(workspaces.source.path)/" rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/shared/" /shared/ rsync -ra "$SSH_HOST:$BUILD_DIR/results/" "/tekton/results/" - buildah pull oci:rhtap-final-image + buildah pull "oci:konflux-final-image:$IMAGE" else bash scripts/script-build.sh fi @@ -606,7 +606,7 @@ spec: requests: cpu: "1" memory: 1Gi - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 name: inject-sbom-and-push script: | #!/bin/bash diff --git a/task/buildah/0.1/buildah.yaml b/task/buildah/0.1/buildah.yaml index 87cac02954..5771a08f00 100644 --- a/task/buildah/0.1/buildah.yaml +++ b/task/buildah/0.1/buildah.yaml @@ -169,7 +169,7 @@ spec: value: $(params.SKIP_UNUSED_STAGES) steps: - - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + - image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 name: build computeResources: limits: @@ -491,7 +491,7 @@ spec: runAsUser: 0 - name: inject-sbom-and-push - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 computeResources: {} script: | if [ -n "${PARAM_BUILDER_IMAGE}" ]; then diff --git a/task/buildah/0.2/buildah.yaml b/task/buildah/0.2/buildah.yaml index 4e25450487..a5793f3325 100644 --- a/task/buildah/0.2/buildah.yaml +++ b/task/buildah/0.2/buildah.yaml @@ -164,7 +164,7 @@ spec: value: $(params.SKIP_UNUSED_STAGES) steps: - - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + - image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 name: build computeResources: limits: @@ -455,7 +455,7 @@ spec: runAsUser: 0 - name: inject-sbom-and-push - image: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 + image: quay.io/konflux-ci/buildah-task:latest@sha256:5d933087a49a6e0b959b9a9fa5a91d545380217e565d7be7cc74a9588f64c314 computeResources: limits: memory: 4Gi