diff --git a/task-generator/remote/main.go b/task-generator/remote/main.go index 7d9b74f5d7..1c4fcc2b7b 100644 --- a/task-generator/remote/main.go +++ b/task-generator/remote/main.go @@ -103,12 +103,13 @@ func convertToSsh(task *tektonapi.Task, taskVersion string) { // to prevent them from getting garbage collected before generating the image index. // We can simplify this process, preventing the need for users to manually specify // the image by auto-appending the architecture from the PLATFORM parameter. For - // example, this will append -arm64 if PLATFORM is linux/arm64 if not present. Since - // we cannot modify the parameter itself, this replacement needs to happen in any task + // example, this will append -arm64 if PLATFORM is linux/arm64 if not present. If PLATFORM + // does not contain a "/" then the entire platform will be appended to IMAGE (i.e. "localhost"). + // Since we cannot modify the parameter itself, this replacement needs to happen in any task // step where the IMAGE parameter is used. // If a user defines the IMAGE parameter with an -arm64 suffix, the arm64 suffix will // not be appended again based on the PLATFORM. - adjustRemoteImage := `if [[ "${IMAGE##*-}" != "${PLATFORM##*/}" ]]; then + adjustRemoteImage := `if [ -n "${APPEND_PLATFORM_ARCH}" ] && [ "${IMAGE##*-}" != "${PLATFORM##*/}" ]; then export IMAGE="${IMAGE}-${PLATFORM##*/}" fi ` @@ -142,55 +143,65 @@ if [ -e "/ssh/error" ]; then #no server could be provisioned cat /ssh/error exit 1 +fi +export SSH_HOST=$(cat /ssh/host) +[ "$SSH_HOST" == "localhost" ] && IS_LOCALHOST=true + +if [[ $IS_LOCALHOST ]]; then + echo "Localhost detected; running build in cluster" elif [ -e "/ssh/otp" ]; then - curl --cacert /ssh/otp-ca -XPOST -d @/ssh/otp $(cat /ssh/otp-server) >~/.ssh/id_rsa - echo "" >> ~/.ssh/id_rsa + curl --cacert /ssh/otp-ca -XPOST -d @/ssh/otp $(cat /ssh/otp-server) >~/.ssh/id_rsa + echo "" >> ~/.ssh/id_rsa else cp /ssh/id_rsa ~/.ssh fi -chmod 0400 ~/.ssh/id_rsa -export SSH_HOST=$(cat /ssh/host) -export BUILD_DIR=$(cat /ssh/user-dir) -export SSH_ARGS="-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ServerAliveCountMax=10" + mkdir -p scripts -echo "$BUILD_DIR" -ssh $SSH_ARGS "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" - -PORT_FORWARD="" -PODMAN_PORT_FORWARD="" -if [ -n "$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR" ] ; then -PORT_FORWARD=" -L 80:$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR:80" -PODMAN_PORT_FORWARD=" -e JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR=localhost" -fi + +if ! [[ $IS_LOCALHOST ]]; then + chmod 0400 ~/.ssh/id_rsa + export BUILD_DIR=$(cat /ssh/user-dir) + export SSH_ARGS="-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ServerAliveCountMax=10" + echo "$BUILD_DIR" + ssh $SSH_ARGS "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" + + PORT_FORWARD="" + PODMAN_PORT_FORWARD="" + if [ -n "$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR" ] ; then + PORT_FORWARD=" -L 80:$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR:80" + PODMAN_PORT_FORWARD=" -e JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR=localhost" + fi ` - if taskVersion != "0.1" { - ret += adjustRemoteImage - } env := "$PODMAN_PORT_FORWARD \\\n" // disable podman subscription-manager integration - env += " --tmpfs /run/secrets \\\n" + env += " --tmpfs /run/secrets \\\n" // Before the build we sync the contents of the workspace to the remote host for _, workspace := range task.Spec.Workspaces { - ret += "\nrsync -ra $(workspaces." + workspace.Name + ".path)/ \"$SSH_HOST:$BUILD_DIR/workspaces/" + workspace.Name + "/\"" - podmanArgs += " -v \"$BUILD_DIR/workspaces/" + workspace.Name + ":$(workspaces." + workspace.Name + ".path):Z\" \\\n" + ret += "\n rsync -ra $(workspaces." + workspace.Name + ".path)/ \"$SSH_HOST:$BUILD_DIR/workspaces/" + workspace.Name + "/\"" + podmanArgs += " -v \"$BUILD_DIR/workspaces/" + workspace.Name + ":$(workspaces." + workspace.Name + ".path):Z\" \\\n" } // Also sync the volume mounts from the template for _, volume := range task.Spec.StepTemplate.VolumeMounts { - ret += "\nrsync -ra " + volume.MountPath + "/ \"$SSH_HOST:$BUILD_DIR/volumes/" + volume.Name + "/\"" - podmanArgs += " -v \"$BUILD_DIR/volumes/" + volume.Name + ":" + volume.MountPath + ":Z\" \\\n" + ret += "\n rsync -ra " + volume.MountPath + "/ \"$SSH_HOST:$BUILD_DIR/volumes/" + volume.Name + "/\"" + podmanArgs += " -v \"$BUILD_DIR/volumes/" + volume.Name + ":" + volume.MountPath + ":Z\" \\\n" } for _, volume := range step.VolumeMounts { if syncVolumes[volume.Name] { - ret += "\nrsync -ra " + volume.MountPath + "/ \"$SSH_HOST:$BUILD_DIR/volumes/" + volume.Name + "/\"" - podmanArgs += " -v \"$BUILD_DIR/volumes/" + volume.Name + ":" + volume.MountPath + ":Z\" \\\n" + ret += "\n rsync -ra " + volume.MountPath + "/ \"$SSH_HOST:$BUILD_DIR/volumes/" + volume.Name + "/\"" + podmanArgs += " -v \"$BUILD_DIR/volumes/" + volume.Name + ":" + volume.MountPath + ":Z\" \\\n" } } - ret += "\nrsync -ra \"$HOME/.docker/\" \"$SSH_HOST:$BUILD_DIR/.docker/\"" - podmanArgs += " -v \"$BUILD_DIR/.docker/:/root/.docker:Z\" \\\n" - ret += "\nrsync -ra \"/tekton/results/\" \"$SSH_HOST:$BUILD_DIR/tekton-results/\"" - podmanArgs += " -v \"$BUILD_DIR/tekton-results/:/tekton/results:Z\" \\\n" + ret += "\n rsync -ra \"$HOME/.docker/\" \"$SSH_HOST:$BUILD_DIR/.docker/\"" + podmanArgs += " -v \"$BUILD_DIR/.docker/:/root/.docker:Z\" \\\n" + ret += "\n rsync -ra \"/tekton/results/\" \"$SSH_HOST:$BUILD_DIR/results/\"" + podmanArgs += " -v \"$BUILD_DIR/results/:/tekton/results:Z\" \\\n" + ret += "\nfi\n" + + if taskVersion != "0.1" { + ret += adjustRemoteImage + } script := "scripts/script-" + step.Name + ".sh" @@ -214,33 +225,36 @@ fi ret += step.Script ret += "\nbuildah push \"$IMAGE\" oci:rhtap-final-image" ret += "\nREMOTESSHEOF" - ret += "\nchmod +x " + script + ret += "\nchmod +x " + script + "\n" if task.Spec.StepTemplate != nil { for _, e := range task.Spec.StepTemplate.Env { - env += " -e " + e.Name + "=\"$" + e.Name + "\" \\\n" + env += " -e " + e.Name + "=\"$" + e.Name + "\" \\\n" } } - ret += "\nrsync -ra scripts \"$SSH_HOST:$BUILD_DIR\"" + ret += "\nif ! [[ $IS_LOCALHOST ]]; then" + ret += "\n rsync -ra scripts \"$SSH_HOST:$BUILD_DIR\"" containerScript := "/script/script-" + step.Name + ".sh" for _, e := range step.Env { - env += " -e " + e.Name + "=\"$" + e.Name + "\" \\\n" + env += " -e " + e.Name + "=\"$" + e.Name + "\" \\\n" } - podmanArgs += " -v $BUILD_DIR/scripts:/script:Z \\\n" - ret += "\nssh $SSH_ARGS \"$SSH_HOST\" $PORT_FORWARD podman run " + env + "" + podmanArgs + "--user=0 --rm \"$BUILDER_IMAGE\" " + containerScript + podmanArgs += " -v $BUILD_DIR/scripts:/script:Z \\\n" + ret += "\n ssh $SSH_ARGS \"$SSH_HOST\" $PORT_FORWARD podman run " + env + "" + podmanArgs + " --user=0 --rm \"$BUILDER_IMAGE\" " + containerScript // Sync the contents of the workspaces back so subsequent tasks can use them for _, workspace := range task.Spec.Workspaces { - ret += "\nrsync -ra \"$SSH_HOST:$BUILD_DIR/workspaces/" + workspace.Name + "/\" \"$(workspaces." + workspace.Name + ".path)/\"" + ret += "\n rsync -ra \"$SSH_HOST:$BUILD_DIR/workspaces/" + workspace.Name + "/\" \"$(workspaces." + workspace.Name + ".path)/\"" } for _, volume := range task.Spec.StepTemplate.VolumeMounts { - ret += "\nrsync -ra \"$SSH_HOST:$BUILD_DIR/volumes/" + volume.Name + "/\" " + volume.MountPath + "/" + ret += "\n rsync -ra \"$SSH_HOST:$BUILD_DIR/volumes/" + volume.Name + "/\" " + volume.MountPath + "/" } //sync back results - ret += "\nrsync -ra \"$SSH_HOST:$BUILD_DIR/tekton-results/\" \"/tekton/results/\"" + ret += "\n rsync -ra \"$SSH_HOST:$BUILD_DIR/results/\" \"/tekton/results/\"" - ret += "\nbuildah pull oci:rhtap-final-image" + ret += "\n buildah pull oci:rhtap-final-image" + ret += "\nelse\n bash " + containerScript + ret += "\nfi" ret += "\nbuildah images" ret += "\nbuildah tag localhost/rhtap-final-image \"$IMAGE\"" ret += "\ncontainer=$(buildah from --pull-never \"$IMAGE\")\nbuildah mount \"$container\" | tee /shared/container_path\necho $container > /shared/container_name" @@ -276,5 +290,8 @@ fi task.Spec.StepTemplate.Env = append(task.Spec.StepTemplate.Env, v1.EnvVar{Name: "BUILDER_IMAGE", Value: builderImage}) if taskVersion != "0.1" { task.Spec.StepTemplate.Env = append(task.Spec.StepTemplate.Env, v1.EnvVar{Name: "PLATFORM", Value: "$(params.PLATFORM)"}) + + task.Spec.Params = append(task.Spec.Params, tektonapi.ParamSpec{Name: "APPEND_PLATFORM_ARCH", Type: tektonapi.ParamTypeString, Description: "Whether the platform architecture should be appended to the IMAGE tag", Default: &tektonapi.ParamValue{StringVal: "", Type: tektonapi.ParamTypeString}}) + task.Spec.StepTemplate.Env = append(task.Spec.StepTemplate.Env, v1.EnvVar{Name: "APPEND_PLATFORM_ARCH", Value: "$(params.APPEND_PLATFORM_ARCH)"}) } } diff --git a/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml b/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml index 000ea36bf3..9f30fde9a7 100644 --- a/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml +++ b/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml @@ -220,35 +220,45 @@ spec: #no server could be provisioned cat /ssh/error exit 1 + fi + export SSH_HOST=$(cat /ssh/host) + [ "$SSH_HOST" == "localhost" ] && IS_LOCALHOST=true + + if [[ $IS_LOCALHOST ]]; then + echo "Localhost detected; running build in cluster" elif [ -e "/ssh/otp" ]; then - curl --cacert /ssh/otp-ca -XPOST -d @/ssh/otp $(cat /ssh/otp-server) >~/.ssh/id_rsa - echo "" >> ~/.ssh/id_rsa + curl --cacert /ssh/otp-ca -XPOST -d @/ssh/otp $(cat /ssh/otp-server) >~/.ssh/id_rsa + echo "" >> ~/.ssh/id_rsa else cp /ssh/id_rsa ~/.ssh fi - chmod 0400 ~/.ssh/id_rsa - export SSH_HOST=$(cat /ssh/host) - export BUILD_DIR=$(cat /ssh/user-dir) - export SSH_ARGS="-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ServerAliveCountMax=10" + mkdir -p scripts - echo "$BUILD_DIR" - ssh $SSH_ARGS "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" - - PORT_FORWARD="" - PODMAN_PORT_FORWARD="" - if [ -n "$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR" ] ; then - PORT_FORWARD=" -L 80:$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR:80" - PODMAN_PORT_FORWARD=" -e JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR=localhost" + + if ! [[ $IS_LOCALHOST ]]; then + chmod 0400 ~/.ssh/id_rsa + export BUILD_DIR=$(cat /ssh/user-dir) + export SSH_ARGS="-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ServerAliveCountMax=10" + echo "$BUILD_DIR" + ssh $SSH_ARGS "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" + + PORT_FORWARD="" + PODMAN_PORT_FORWARD="" + if [ -n "$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR" ] ; then + PORT_FORWARD=" -L 80:$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR:80" + PODMAN_PORT_FORWARD=" -e JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR=localhost" + fi + + rsync -ra /shared/ "$SSH_HOST:$BUILD_DIR/volumes/shared/" + rsync -ra /var/workdir/ "$SSH_HOST:$BUILD_DIR/volumes/workdir/" + rsync -ra /entitlement/ "$SSH_HOST:$BUILD_DIR/volumes/etc-pki-entitlement/" + rsync -ra /activation-key/ "$SSH_HOST:$BUILD_DIR/volumes/activation-key/" + rsync -ra /additional-secret/ "$SSH_HOST:$BUILD_DIR/volumes/additional-secret/" + rsync -ra /mnt/trusted-ca/ "$SSH_HOST:$BUILD_DIR/volumes/trusted-ca/" + rsync -ra "$HOME/.docker/" "$SSH_HOST:$BUILD_DIR/.docker/" + rsync -ra "/tekton/results/" "$SSH_HOST:$BUILD_DIR/results/" fi - rsync -ra /shared/ "$SSH_HOST:$BUILD_DIR/volumes/shared/" - rsync -ra /var/workdir/ "$SSH_HOST:$BUILD_DIR/volumes/workdir/" - rsync -ra /entitlement/ "$SSH_HOST:$BUILD_DIR/volumes/etc-pki-entitlement/" - rsync -ra /activation-key/ "$SSH_HOST:$BUILD_DIR/volumes/activation-key/" - rsync -ra /additional-secret/ "$SSH_HOST:$BUILD_DIR/volumes/additional-secret/" - rsync -ra /mnt/trusted-ca/ "$SSH_HOST:$BUILD_DIR/volumes/trusted-ca/" - rsync -ra "$HOME/.docker/" "$SSH_HOST:$BUILD_DIR/.docker/" - rsync -ra "/tekton/results/" "$SSH_HOST:$BUILD_DIR/tekton-results/" cat >scripts/script-build.sh <<'REMOTESSHEOF' #!/bin/bash set -o verbose @@ -431,42 +441,47 @@ spec: buildah push "$IMAGE" oci:rhtap-final-image REMOTESSHEOF chmod +x scripts/script-build.sh - rsync -ra scripts "$SSH_HOST:$BUILD_DIR" - ssh $SSH_ARGS "$SSH_HOST" $PORT_FORWARD podman run $PODMAN_PORT_FORWARD \ - --tmpfs /run/secrets \ - -e ADDITIONAL_SECRET="$ADDITIONAL_SECRET" \ - -e ADD_CAPABILITIES="$ADD_CAPABILITIES" \ - -e BUILDAH_FORMAT="$BUILDAH_FORMAT" \ - -e BUILD_ARGS_FILE="$BUILD_ARGS_FILE" \ - -e CONTEXT="$CONTEXT" \ - -e DOCKERFILE="$DOCKERFILE" \ - -e ENTITLEMENT_SECRET="$ENTITLEMENT_SECRET" \ - -e HERMETIC="$HERMETIC" \ - -e IMAGE="$IMAGE" \ - -e IMAGE_EXPIRES_AFTER="$IMAGE_EXPIRES_AFTER" \ - -e SKIP_UNUSED_STAGES="$SKIP_UNUSED_STAGES" \ - -e SQUASH="$SQUASH" \ - -e STORAGE_DRIVER="$STORAGE_DRIVER" \ - -e TARGET_STAGE="$TARGET_STAGE" \ - -e TLSVERIFY="$TLSVERIFY" \ - -e YUM_REPOS_D_FETCHED="$YUM_REPOS_D_FETCHED" \ - -e YUM_REPOS_D_SRC="$YUM_REPOS_D_SRC" \ - -e YUM_REPOS_D_TARGET="$YUM_REPOS_D_TARGET" \ - -e COMMIT_SHA="$COMMIT_SHA" \ - -v "$BUILD_DIR/volumes/shared:/shared:Z" \ - -v "$BUILD_DIR/volumes/workdir:/var/workdir:Z" \ - -v "$BUILD_DIR/volumes/etc-pki-entitlement:/entitlement:Z" \ - -v "$BUILD_DIR/volumes/activation-key:/activation-key:Z" \ - -v "$BUILD_DIR/volumes/additional-secret:/additional-secret:Z" \ - -v "$BUILD_DIR/volumes/trusted-ca:/mnt/trusted-ca:Z" \ - -v "$BUILD_DIR/.docker/:/root/.docker:Z" \ - -v "$BUILD_DIR/tekton-results/:/tekton/results:Z" \ - -v $BUILD_DIR/scripts:/script:Z \ - --user=0 --rm "$BUILDER_IMAGE" /script/script-build.sh - rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/shared/" /shared/ - rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/workdir/" /var/workdir/ - rsync -ra "$SSH_HOST:$BUILD_DIR/tekton-results/" "/tekton/results/" - buildah pull oci:rhtap-final-image + + if ! [[ $IS_LOCALHOST ]]; then + rsync -ra scripts "$SSH_HOST:$BUILD_DIR" + ssh $SSH_ARGS "$SSH_HOST" $PORT_FORWARD podman run $PODMAN_PORT_FORWARD \ + --tmpfs /run/secrets \ + -e ADDITIONAL_SECRET="$ADDITIONAL_SECRET" \ + -e ADD_CAPABILITIES="$ADD_CAPABILITIES" \ + -e BUILDAH_FORMAT="$BUILDAH_FORMAT" \ + -e BUILD_ARGS_FILE="$BUILD_ARGS_FILE" \ + -e CONTEXT="$CONTEXT" \ + -e DOCKERFILE="$DOCKERFILE" \ + -e ENTITLEMENT_SECRET="$ENTITLEMENT_SECRET" \ + -e HERMETIC="$HERMETIC" \ + -e IMAGE="$IMAGE" \ + -e IMAGE_EXPIRES_AFTER="$IMAGE_EXPIRES_AFTER" \ + -e SKIP_UNUSED_STAGES="$SKIP_UNUSED_STAGES" \ + -e SQUASH="$SQUASH" \ + -e STORAGE_DRIVER="$STORAGE_DRIVER" \ + -e TARGET_STAGE="$TARGET_STAGE" \ + -e TLSVERIFY="$TLSVERIFY" \ + -e YUM_REPOS_D_FETCHED="$YUM_REPOS_D_FETCHED" \ + -e YUM_REPOS_D_SRC="$YUM_REPOS_D_SRC" \ + -e YUM_REPOS_D_TARGET="$YUM_REPOS_D_TARGET" \ + -e COMMIT_SHA="$COMMIT_SHA" \ + -v "$BUILD_DIR/volumes/shared:/shared:Z" \ + -v "$BUILD_DIR/volumes/workdir:/var/workdir:Z" \ + -v "$BUILD_DIR/volumes/etc-pki-entitlement:/entitlement:Z" \ + -v "$BUILD_DIR/volumes/activation-key:/activation-key:Z" \ + -v "$BUILD_DIR/volumes/additional-secret:/additional-secret:Z" \ + -v "$BUILD_DIR/volumes/trusted-ca:/mnt/trusted-ca:Z" \ + -v "$BUILD_DIR/.docker/:/root/.docker:Z" \ + -v "$BUILD_DIR/results/:/tekton/results:Z" \ + -v $BUILD_DIR/scripts:/script:Z \ + --user=0 --rm "$BUILDER_IMAGE" /script/script-build.sh + rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/shared/" /shared/ + rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/workdir/" /var/workdir/ + rsync -ra "$SSH_HOST:$BUILD_DIR/results/" "/tekton/results/" + buildah pull oci:rhtap-final-image + else + bash /script/script-build.sh + fi buildah images buildah tag localhost/rhtap-final-image "$IMAGE" container=$(buildah from --pull-never "$IMAGE") diff --git a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml index 5bdad24676..9d6db8dee7 100644 --- a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml +++ b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml @@ -127,6 +127,11 @@ spec: - description: The platform to build on name: PLATFORM type: string + - default: "" + description: Whether the platform architecture should be appended to the IMAGE + tag + name: APPEND_PLATFORM_ARCH + type: string results: - description: Digest of the image just built name: IMAGE_DIGEST @@ -189,6 +194,8 @@ spec: value: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 - name: PLATFORM value: $(params.PLATFORM) + - name: APPEND_PLATFORM_ARCH + value: $(params.APPEND_PLATFORM_ARCH) volumeMounts: - mountPath: /shared name: shared @@ -225,38 +232,48 @@ spec: #no server could be provisioned cat /ssh/error exit 1 + fi + export SSH_HOST=$(cat /ssh/host) + [ "$SSH_HOST" == "localhost" ] && IS_LOCALHOST=true + + if [[ $IS_LOCALHOST ]]; then + echo "Localhost detected; running build in cluster" elif [ -e "/ssh/otp" ]; then - curl --cacert /ssh/otp-ca -XPOST -d @/ssh/otp $(cat /ssh/otp-server) >~/.ssh/id_rsa - echo "" >> ~/.ssh/id_rsa + curl --cacert /ssh/otp-ca -XPOST -d @/ssh/otp $(cat /ssh/otp-server) >~/.ssh/id_rsa + echo "" >> ~/.ssh/id_rsa else cp /ssh/id_rsa ~/.ssh fi - chmod 0400 ~/.ssh/id_rsa - export SSH_HOST=$(cat /ssh/host) - export BUILD_DIR=$(cat /ssh/user-dir) - export SSH_ARGS="-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ServerAliveCountMax=10" + mkdir -p scripts - echo "$BUILD_DIR" - ssh $SSH_ARGS "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" - PORT_FORWARD="" - PODMAN_PORT_FORWARD="" - if [ -n "$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR" ] ; then - PORT_FORWARD=" -L 80:$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR:80" - PODMAN_PORT_FORWARD=" -e JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR=localhost" + if ! [[ $IS_LOCALHOST ]]; then + chmod 0400 ~/.ssh/id_rsa + export BUILD_DIR=$(cat /ssh/user-dir) + export SSH_ARGS="-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ServerAliveCountMax=10" + echo "$BUILD_DIR" + ssh $SSH_ARGS "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" + + PORT_FORWARD="" + PODMAN_PORT_FORWARD="" + if [ -n "$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR" ] ; then + PORT_FORWARD=" -L 80:$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR:80" + PODMAN_PORT_FORWARD=" -e JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR=localhost" + fi + + rsync -ra /shared/ "$SSH_HOST:$BUILD_DIR/volumes/shared/" + rsync -ra /var/workdir/ "$SSH_HOST:$BUILD_DIR/volumes/workdir/" + rsync -ra /entitlement/ "$SSH_HOST:$BUILD_DIR/volumes/etc-pki-entitlement/" + rsync -ra /activation-key/ "$SSH_HOST:$BUILD_DIR/volumes/activation-key/" + rsync -ra /additional-secret/ "$SSH_HOST:$BUILD_DIR/volumes/additional-secret/" + rsync -ra /mnt/trusted-ca/ "$SSH_HOST:$BUILD_DIR/volumes/trusted-ca/" + rsync -ra "$HOME/.docker/" "$SSH_HOST:$BUILD_DIR/.docker/" + rsync -ra "/tekton/results/" "$SSH_HOST:$BUILD_DIR/results/" fi - if [[ "${IMAGE##*-}" != "${PLATFORM##*/}" ]]; then + if [ -n "${APPEND_PLATFORM_ARCH}" ] && [ "${IMAGE##*-}" != "${PLATFORM##*/}" ]; then export IMAGE="${IMAGE}-${PLATFORM##*/}" fi - rsync -ra /shared/ "$SSH_HOST:$BUILD_DIR/volumes/shared/" - rsync -ra /var/workdir/ "$SSH_HOST:$BUILD_DIR/volumes/workdir/" - rsync -ra /entitlement/ "$SSH_HOST:$BUILD_DIR/volumes/etc-pki-entitlement/" - rsync -ra /activation-key/ "$SSH_HOST:$BUILD_DIR/volumes/activation-key/" - rsync -ra /additional-secret/ "$SSH_HOST:$BUILD_DIR/volumes/additional-secret/" - rsync -ra /mnt/trusted-ca/ "$SSH_HOST:$BUILD_DIR/volumes/trusted-ca/" - rsync -ra "$HOME/.docker/" "$SSH_HOST:$BUILD_DIR/.docker/" - rsync -ra "/tekton/results/" "$SSH_HOST:$BUILD_DIR/tekton-results/" cat >scripts/script-build.sh <<'REMOTESSHEOF' #!/bin/bash set -e @@ -441,43 +458,48 @@ spec: buildah push "$IMAGE" oci:rhtap-final-image REMOTESSHEOF chmod +x scripts/script-build.sh - rsync -ra scripts "$SSH_HOST:$BUILD_DIR" - ssh $SSH_ARGS "$SSH_HOST" $PORT_FORWARD podman run $PODMAN_PORT_FORWARD \ - --tmpfs /run/secrets \ - -e ACTIVATION_KEY="$ACTIVATION_KEY" \ - -e ADDITIONAL_SECRET="$ADDITIONAL_SECRET" \ - -e ADD_CAPABILITIES="$ADD_CAPABILITIES" \ - -e BUILDAH_FORMAT="$BUILDAH_FORMAT" \ - -e BUILD_ARGS_FILE="$BUILD_ARGS_FILE" \ - -e CONTEXT="$CONTEXT" \ - -e DOCKERFILE="$DOCKERFILE" \ - -e ENTITLEMENT_SECRET="$ENTITLEMENT_SECRET" \ - -e HERMETIC="$HERMETIC" \ - -e IMAGE="$IMAGE" \ - -e IMAGE_EXPIRES_AFTER="$IMAGE_EXPIRES_AFTER" \ - -e SKIP_UNUSED_STAGES="$SKIP_UNUSED_STAGES" \ - -e SQUASH="$SQUASH" \ - -e STORAGE_DRIVER="$STORAGE_DRIVER" \ - -e TARGET_STAGE="$TARGET_STAGE" \ - -e TLSVERIFY="$TLSVERIFY" \ - -e YUM_REPOS_D_FETCHED="$YUM_REPOS_D_FETCHED" \ - -e YUM_REPOS_D_SRC="$YUM_REPOS_D_SRC" \ - -e YUM_REPOS_D_TARGET="$YUM_REPOS_D_TARGET" \ - -e COMMIT_SHA="$COMMIT_SHA" \ - -v "$BUILD_DIR/volumes/shared:/shared:Z" \ - -v "$BUILD_DIR/volumes/workdir:/var/workdir:Z" \ - -v "$BUILD_DIR/volumes/etc-pki-entitlement:/entitlement:Z" \ - -v "$BUILD_DIR/volumes/activation-key:/activation-key:Z" \ - -v "$BUILD_DIR/volumes/additional-secret:/additional-secret:Z" \ - -v "$BUILD_DIR/volumes/trusted-ca:/mnt/trusted-ca:Z" \ - -v "$BUILD_DIR/.docker/:/root/.docker:Z" \ - -v "$BUILD_DIR/tekton-results/:/tekton/results:Z" \ - -v $BUILD_DIR/scripts:/script:Z \ - --user=0 --rm "$BUILDER_IMAGE" /script/script-build.sh - rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/shared/" /shared/ - rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/workdir/" /var/workdir/ - rsync -ra "$SSH_HOST:$BUILD_DIR/tekton-results/" "/tekton/results/" - buildah pull oci:rhtap-final-image + + if ! [[ $IS_LOCALHOST ]]; then + rsync -ra scripts "$SSH_HOST:$BUILD_DIR" + ssh $SSH_ARGS "$SSH_HOST" $PORT_FORWARD podman run $PODMAN_PORT_FORWARD \ + --tmpfs /run/secrets \ + -e ACTIVATION_KEY="$ACTIVATION_KEY" \ + -e ADDITIONAL_SECRET="$ADDITIONAL_SECRET" \ + -e ADD_CAPABILITIES="$ADD_CAPABILITIES" \ + -e BUILDAH_FORMAT="$BUILDAH_FORMAT" \ + -e BUILD_ARGS_FILE="$BUILD_ARGS_FILE" \ + -e CONTEXT="$CONTEXT" \ + -e DOCKERFILE="$DOCKERFILE" \ + -e ENTITLEMENT_SECRET="$ENTITLEMENT_SECRET" \ + -e HERMETIC="$HERMETIC" \ + -e IMAGE="$IMAGE" \ + -e IMAGE_EXPIRES_AFTER="$IMAGE_EXPIRES_AFTER" \ + -e SKIP_UNUSED_STAGES="$SKIP_UNUSED_STAGES" \ + -e SQUASH="$SQUASH" \ + -e STORAGE_DRIVER="$STORAGE_DRIVER" \ + -e TARGET_STAGE="$TARGET_STAGE" \ + -e TLSVERIFY="$TLSVERIFY" \ + -e YUM_REPOS_D_FETCHED="$YUM_REPOS_D_FETCHED" \ + -e YUM_REPOS_D_SRC="$YUM_REPOS_D_SRC" \ + -e YUM_REPOS_D_TARGET="$YUM_REPOS_D_TARGET" \ + -e COMMIT_SHA="$COMMIT_SHA" \ + -v "$BUILD_DIR/volumes/shared:/shared:Z" \ + -v "$BUILD_DIR/volumes/workdir:/var/workdir:Z" \ + -v "$BUILD_DIR/volumes/etc-pki-entitlement:/entitlement:Z" \ + -v "$BUILD_DIR/volumes/activation-key:/activation-key:Z" \ + -v "$BUILD_DIR/volumes/additional-secret:/additional-secret:Z" \ + -v "$BUILD_DIR/volumes/trusted-ca:/mnt/trusted-ca:Z" \ + -v "$BUILD_DIR/.docker/:/root/.docker:Z" \ + -v "$BUILD_DIR/results/:/tekton/results:Z" \ + -v $BUILD_DIR/scripts:/script:Z \ + --user=0 --rm "$BUILDER_IMAGE" /script/script-build.sh + rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/shared/" /shared/ + rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/workdir/" /var/workdir/ + rsync -ra "$SSH_HOST:$BUILD_DIR/results/" "/tekton/results/" + buildah pull oci:rhtap-final-image + else + bash /script/script-build.sh + fi buildah images buildah tag localhost/rhtap-final-image "$IMAGE" container=$(buildah from --pull-never "$IMAGE") @@ -515,7 +537,7 @@ spec: script: | #!/bin/bash set -e - if [[ "${IMAGE##*-}" != "${PLATFORM##*/}" ]]; then + if [ -n "${APPEND_PLATFORM_ARCH}" ] && [ "${IMAGE##*-}" != "${PLATFORM##*/}" ]; then export IMAGE="${IMAGE}-${PLATFORM##*/}" fi echo "Running syft on the source directory" @@ -541,7 +563,7 @@ spec: script: | #!/bin/bash set -e - if [[ "${IMAGE##*-}" != "${PLATFORM##*/}" ]]; then + if [ -n "${APPEND_PLATFORM_ARCH}" ] && [ "${IMAGE##*-}" != "${PLATFORM##*/}" ]; then export IMAGE="${IMAGE}-${PLATFORM##*/}" fi if [ -f /var/lib/containers/java ]; then @@ -610,7 +632,7 @@ spec: script: | #!/bin/bash set -e - if [[ "${IMAGE##*-}" != "${PLATFORM##*/}" ]]; then + if [ -n "${APPEND_PLATFORM_ARCH}" ] && [ "${IMAGE##*-}" != "${PLATFORM##*/}" ]; then export IMAGE="${IMAGE}-${PLATFORM##*/}" fi if [ -f "sbom-cachi2.json" ]; then @@ -659,7 +681,7 @@ spec: script: | #!/bin/bash set -e - if [[ "${IMAGE##*-}" != "${PLATFORM##*/}" ]]; then + if [ -n "${APPEND_PLATFORM_ARCH}" ] && [ "${IMAGE##*-}" != "${PLATFORM##*/}" ]; then export IMAGE="${IMAGE}-${PLATFORM##*/}" fi python3 /app/base_images_sbom_script.py \ @@ -681,7 +703,7 @@ spec: script: | #!/bin/bash set -e - if [[ "${IMAGE##*-}" != "${PLATFORM##*/}" ]]; then + if [ -n "${APPEND_PLATFORM_ARCH}" ] && [ "${IMAGE##*-}" != "${PLATFORM##*/}" ]; then export IMAGE="${IMAGE}-${PLATFORM##*/}" fi @@ -758,7 +780,7 @@ spec: script: | #!/bin/bash set -e - if [[ "${IMAGE##*-}" != "${PLATFORM##*/}" ]]; then + if [ -n "${APPEND_PLATFORM_ARCH}" ] && [ "${IMAGE##*-}" != "${PLATFORM##*/}" ]; then export IMAGE="${IMAGE}-${PLATFORM##*/}" fi ca_bundle=/mnt/trusted-ca/ca-bundle.crt diff --git a/task/buildah-remote/0.1/buildah-remote.yaml b/task/buildah-remote/0.1/buildah-remote.yaml index aa3cdb0ceb..5bce715bf6 100644 --- a/task/buildah-remote/0.1/buildah-remote.yaml +++ b/task/buildah-remote/0.1/buildah-remote.yaml @@ -208,35 +208,45 @@ spec: #no server could be provisioned cat /ssh/error exit 1 + fi + export SSH_HOST=$(cat /ssh/host) + [ "$SSH_HOST" == "localhost" ] && IS_LOCALHOST=true + + if [[ $IS_LOCALHOST ]]; then + echo "Localhost detected; running build in cluster" elif [ -e "/ssh/otp" ]; then - curl --cacert /ssh/otp-ca -XPOST -d @/ssh/otp $(cat /ssh/otp-server) >~/.ssh/id_rsa - echo "" >> ~/.ssh/id_rsa + curl --cacert /ssh/otp-ca -XPOST -d @/ssh/otp $(cat /ssh/otp-server) >~/.ssh/id_rsa + echo "" >> ~/.ssh/id_rsa else cp /ssh/id_rsa ~/.ssh fi - chmod 0400 ~/.ssh/id_rsa - export SSH_HOST=$(cat /ssh/host) - export BUILD_DIR=$(cat /ssh/user-dir) - export SSH_ARGS="-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ServerAliveCountMax=10" + mkdir -p scripts - echo "$BUILD_DIR" - ssh $SSH_ARGS "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" - - PORT_FORWARD="" - PODMAN_PORT_FORWARD="" - if [ -n "$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR" ] ; then - PORT_FORWARD=" -L 80:$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR:80" - PODMAN_PORT_FORWARD=" -e JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR=localhost" + + if ! [[ $IS_LOCALHOST ]]; then + chmod 0400 ~/.ssh/id_rsa + export BUILD_DIR=$(cat /ssh/user-dir) + export SSH_ARGS="-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ServerAliveCountMax=10" + echo "$BUILD_DIR" + ssh $SSH_ARGS "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" + + PORT_FORWARD="" + PODMAN_PORT_FORWARD="" + if [ -n "$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR" ] ; then + PORT_FORWARD=" -L 80:$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR:80" + PODMAN_PORT_FORWARD=" -e JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR=localhost" + fi + + rsync -ra $(workspaces.source.path)/ "$SSH_HOST:$BUILD_DIR/workspaces/source/" + rsync -ra /shared/ "$SSH_HOST:$BUILD_DIR/volumes/shared/" + rsync -ra /entitlement/ "$SSH_HOST:$BUILD_DIR/volumes/etc-pki-entitlement/" + rsync -ra /activation-key/ "$SSH_HOST:$BUILD_DIR/volumes/activation-key/" + rsync -ra /additional-secret/ "$SSH_HOST:$BUILD_DIR/volumes/additional-secret/" + rsync -ra /mnt/trusted-ca/ "$SSH_HOST:$BUILD_DIR/volumes/trusted-ca/" + rsync -ra "$HOME/.docker/" "$SSH_HOST:$BUILD_DIR/.docker/" + rsync -ra "/tekton/results/" "$SSH_HOST:$BUILD_DIR/results/" fi - rsync -ra $(workspaces.source.path)/ "$SSH_HOST:$BUILD_DIR/workspaces/source/" - rsync -ra /shared/ "$SSH_HOST:$BUILD_DIR/volumes/shared/" - rsync -ra /entitlement/ "$SSH_HOST:$BUILD_DIR/volumes/etc-pki-entitlement/" - rsync -ra /activation-key/ "$SSH_HOST:$BUILD_DIR/volumes/activation-key/" - rsync -ra /additional-secret/ "$SSH_HOST:$BUILD_DIR/volumes/additional-secret/" - rsync -ra /mnt/trusted-ca/ "$SSH_HOST:$BUILD_DIR/volumes/trusted-ca/" - rsync -ra "$HOME/.docker/" "$SSH_HOST:$BUILD_DIR/.docker/" - rsync -ra "/tekton/results/" "$SSH_HOST:$BUILD_DIR/tekton-results/" cat >scripts/script-build.sh <<'REMOTESSHEOF' #!/bin/bash set -o verbose @@ -423,43 +433,48 @@ spec: buildah push "$IMAGE" oci:rhtap-final-image REMOTESSHEOF chmod +x scripts/script-build.sh - rsync -ra scripts "$SSH_HOST:$BUILD_DIR" - ssh $SSH_ARGS "$SSH_HOST" $PORT_FORWARD podman run $PODMAN_PORT_FORWARD \ - --tmpfs /run/secrets \ - -e BUILDAH_FORMAT="$BUILDAH_FORMAT" \ - -e STORAGE_DRIVER="$STORAGE_DRIVER" \ - -e HERMETIC="$HERMETIC" \ - -e CONTEXT="$CONTEXT" \ - -e DOCKERFILE="$DOCKERFILE" \ - -e IMAGE="$IMAGE" \ - -e TLSVERIFY="$TLSVERIFY" \ - -e IMAGE_EXPIRES_AFTER="$IMAGE_EXPIRES_AFTER" \ - -e YUM_REPOS_D_SRC="$YUM_REPOS_D_SRC" \ - -e YUM_REPOS_D_FETCHED="$YUM_REPOS_D_FETCHED" \ - -e YUM_REPOS_D_TARGET="$YUM_REPOS_D_TARGET" \ - -e TARGET_STAGE="$TARGET_STAGE" \ - -e PARAM_BUILDER_IMAGE="$PARAM_BUILDER_IMAGE" \ - -e ENTITLEMENT_SECRET="$ENTITLEMENT_SECRET" \ - -e ADDITIONAL_SECRET="$ADDITIONAL_SECRET" \ - -e BUILD_ARGS_FILE="$BUILD_ARGS_FILE" \ - -e ADD_CAPABILITIES="$ADD_CAPABILITIES" \ - -e SQUASH="$SQUASH" \ - -e SKIP_UNUSED_STAGES="$SKIP_UNUSED_STAGES" \ - -e COMMIT_SHA="$COMMIT_SHA" \ - -v "$BUILD_DIR/workspaces/source:$(workspaces.source.path):Z" \ - -v "$BUILD_DIR/volumes/shared:/shared:Z" \ - -v "$BUILD_DIR/volumes/etc-pki-entitlement:/entitlement:Z" \ - -v "$BUILD_DIR/volumes/activation-key:/activation-key:Z" \ - -v "$BUILD_DIR/volumes/additional-secret:/additional-secret:Z" \ - -v "$BUILD_DIR/volumes/trusted-ca:/mnt/trusted-ca:Z" \ - -v "$BUILD_DIR/.docker/:/root/.docker:Z" \ - -v "$BUILD_DIR/tekton-results/:/tekton/results:Z" \ - -v $BUILD_DIR/scripts:/script:Z \ - --user=0 --rm "$BUILDER_IMAGE" /script/script-build.sh - rsync -ra "$SSH_HOST:$BUILD_DIR/workspaces/source/" "$(workspaces.source.path)/" - rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/shared/" /shared/ - rsync -ra "$SSH_HOST:$BUILD_DIR/tekton-results/" "/tekton/results/" - buildah pull oci:rhtap-final-image + + if ! [[ $IS_LOCALHOST ]]; then + rsync -ra scripts "$SSH_HOST:$BUILD_DIR" + ssh $SSH_ARGS "$SSH_HOST" $PORT_FORWARD podman run $PODMAN_PORT_FORWARD \ + --tmpfs /run/secrets \ + -e BUILDAH_FORMAT="$BUILDAH_FORMAT" \ + -e STORAGE_DRIVER="$STORAGE_DRIVER" \ + -e HERMETIC="$HERMETIC" \ + -e CONTEXT="$CONTEXT" \ + -e DOCKERFILE="$DOCKERFILE" \ + -e IMAGE="$IMAGE" \ + -e TLSVERIFY="$TLSVERIFY" \ + -e IMAGE_EXPIRES_AFTER="$IMAGE_EXPIRES_AFTER" \ + -e YUM_REPOS_D_SRC="$YUM_REPOS_D_SRC" \ + -e YUM_REPOS_D_FETCHED="$YUM_REPOS_D_FETCHED" \ + -e YUM_REPOS_D_TARGET="$YUM_REPOS_D_TARGET" \ + -e TARGET_STAGE="$TARGET_STAGE" \ + -e PARAM_BUILDER_IMAGE="$PARAM_BUILDER_IMAGE" \ + -e ENTITLEMENT_SECRET="$ENTITLEMENT_SECRET" \ + -e ADDITIONAL_SECRET="$ADDITIONAL_SECRET" \ + -e BUILD_ARGS_FILE="$BUILD_ARGS_FILE" \ + -e ADD_CAPABILITIES="$ADD_CAPABILITIES" \ + -e SQUASH="$SQUASH" \ + -e SKIP_UNUSED_STAGES="$SKIP_UNUSED_STAGES" \ + -e COMMIT_SHA="$COMMIT_SHA" \ + -v "$BUILD_DIR/workspaces/source:$(workspaces.source.path):Z" \ + -v "$BUILD_DIR/volumes/shared:/shared:Z" \ + -v "$BUILD_DIR/volumes/etc-pki-entitlement:/entitlement:Z" \ + -v "$BUILD_DIR/volumes/activation-key:/activation-key:Z" \ + -v "$BUILD_DIR/volumes/additional-secret:/additional-secret:Z" \ + -v "$BUILD_DIR/volumes/trusted-ca:/mnt/trusted-ca:Z" \ + -v "$BUILD_DIR/.docker/:/root/.docker:Z" \ + -v "$BUILD_DIR/results/:/tekton/results:Z" \ + -v $BUILD_DIR/scripts:/script:Z \ + --user=0 --rm "$BUILDER_IMAGE" /script/script-build.sh + rsync -ra "$SSH_HOST:$BUILD_DIR/workspaces/source/" "$(workspaces.source.path)/" + rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/shared/" /shared/ + rsync -ra "$SSH_HOST:$BUILD_DIR/results/" "/tekton/results/" + buildah pull oci:rhtap-final-image + else + bash /script/script-build.sh + fi buildah images buildah tag localhost/rhtap-final-image "$IMAGE" container=$(buildah from --pull-never "$IMAGE") diff --git a/task/buildah-remote/0.2/buildah-remote.yaml b/task/buildah-remote/0.2/buildah-remote.yaml index aafc9baedb..6b2f77a0a4 100644 --- a/task/buildah-remote/0.2/buildah-remote.yaml +++ b/task/buildah-remote/0.2/buildah-remote.yaml @@ -118,6 +118,11 @@ spec: - description: The platform to build on name: PLATFORM type: string + - default: "" + description: Whether the platform architecture should be appended to the IMAGE + tag + name: APPEND_PLATFORM_ARCH + type: string results: - description: Digest of the image just built name: IMAGE_DIGEST @@ -180,6 +185,8 @@ spec: value: quay.io/konflux-ci/buildah:latest@sha256:7cb5a35b7fe44e397fbf3b834f3bd8dcd9403a7c0a0b51469e6ec75b107d0846 - name: PLATFORM value: $(params.PLATFORM) + - name: APPEND_PLATFORM_ARCH + value: $(params.APPEND_PLATFORM_ARCH) volumeMounts: - mountPath: /shared name: shared @@ -207,38 +214,48 @@ spec: #no server could be provisioned cat /ssh/error exit 1 + fi + export SSH_HOST=$(cat /ssh/host) + [ "$SSH_HOST" == "localhost" ] && IS_LOCALHOST=true + + if [[ $IS_LOCALHOST ]]; then + echo "Localhost detected; running build in cluster" elif [ -e "/ssh/otp" ]; then - curl --cacert /ssh/otp-ca -XPOST -d @/ssh/otp $(cat /ssh/otp-server) >~/.ssh/id_rsa - echo "" >> ~/.ssh/id_rsa + curl --cacert /ssh/otp-ca -XPOST -d @/ssh/otp $(cat /ssh/otp-server) >~/.ssh/id_rsa + echo "" >> ~/.ssh/id_rsa else cp /ssh/id_rsa ~/.ssh fi - chmod 0400 ~/.ssh/id_rsa - export SSH_HOST=$(cat /ssh/host) - export BUILD_DIR=$(cat /ssh/user-dir) - export SSH_ARGS="-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ServerAliveCountMax=10" + mkdir -p scripts - echo "$BUILD_DIR" - ssh $SSH_ARGS "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" - PORT_FORWARD="" - PODMAN_PORT_FORWARD="" - if [ -n "$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR" ] ; then - PORT_FORWARD=" -L 80:$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR:80" - PODMAN_PORT_FORWARD=" -e JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR=localhost" + if ! [[ $IS_LOCALHOST ]]; then + chmod 0400 ~/.ssh/id_rsa + export BUILD_DIR=$(cat /ssh/user-dir) + export SSH_ARGS="-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ServerAliveCountMax=10" + echo "$BUILD_DIR" + ssh $SSH_ARGS "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/volumes" + + PORT_FORWARD="" + PODMAN_PORT_FORWARD="" + if [ -n "$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR" ] ; then + PORT_FORWARD=" -L 80:$JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR:80" + PODMAN_PORT_FORWARD=" -e JVM_BUILD_WORKSPACE_ARTIFACT_CACHE_PORT_80_TCP_ADDR=localhost" + fi + + rsync -ra $(workspaces.source.path)/ "$SSH_HOST:$BUILD_DIR/workspaces/source/" + rsync -ra /shared/ "$SSH_HOST:$BUILD_DIR/volumes/shared/" + rsync -ra /entitlement/ "$SSH_HOST:$BUILD_DIR/volumes/etc-pki-entitlement/" + rsync -ra /activation-key/ "$SSH_HOST:$BUILD_DIR/volumes/activation-key/" + rsync -ra /additional-secret/ "$SSH_HOST:$BUILD_DIR/volumes/additional-secret/" + rsync -ra /mnt/trusted-ca/ "$SSH_HOST:$BUILD_DIR/volumes/trusted-ca/" + rsync -ra "$HOME/.docker/" "$SSH_HOST:$BUILD_DIR/.docker/" + rsync -ra "/tekton/results/" "$SSH_HOST:$BUILD_DIR/results/" fi - if [[ "${IMAGE##*-}" != "${PLATFORM##*/}" ]]; then + if [ -n "${APPEND_PLATFORM_ARCH}" ] && [ "${IMAGE##*-}" != "${PLATFORM##*/}" ]; then export IMAGE="${IMAGE}-${PLATFORM##*/}" fi - rsync -ra $(workspaces.source.path)/ "$SSH_HOST:$BUILD_DIR/workspaces/source/" - rsync -ra /shared/ "$SSH_HOST:$BUILD_DIR/volumes/shared/" - rsync -ra /entitlement/ "$SSH_HOST:$BUILD_DIR/volumes/etc-pki-entitlement/" - rsync -ra /activation-key/ "$SSH_HOST:$BUILD_DIR/volumes/activation-key/" - rsync -ra /additional-secret/ "$SSH_HOST:$BUILD_DIR/volumes/additional-secret/" - rsync -ra /mnt/trusted-ca/ "$SSH_HOST:$BUILD_DIR/volumes/trusted-ca/" - rsync -ra "$HOME/.docker/" "$SSH_HOST:$BUILD_DIR/.docker/" - rsync -ra "/tekton/results/" "$SSH_HOST:$BUILD_DIR/tekton-results/" cat >scripts/script-build.sh <<'REMOTESSHEOF' #!/bin/bash set -e @@ -423,43 +440,48 @@ spec: buildah push "$IMAGE" oci:rhtap-final-image REMOTESSHEOF chmod +x scripts/script-build.sh - rsync -ra scripts "$SSH_HOST:$BUILD_DIR" - ssh $SSH_ARGS "$SSH_HOST" $PORT_FORWARD podman run $PODMAN_PORT_FORWARD \ - --tmpfs /run/secrets \ - -e BUILDAH_FORMAT="$BUILDAH_FORMAT" \ - -e STORAGE_DRIVER="$STORAGE_DRIVER" \ - -e HERMETIC="$HERMETIC" \ - -e CONTEXT="$CONTEXT" \ - -e DOCKERFILE="$DOCKERFILE" \ - -e IMAGE="$IMAGE" \ - -e TLSVERIFY="$TLSVERIFY" \ - -e IMAGE_EXPIRES_AFTER="$IMAGE_EXPIRES_AFTER" \ - -e YUM_REPOS_D_SRC="$YUM_REPOS_D_SRC" \ - -e YUM_REPOS_D_FETCHED="$YUM_REPOS_D_FETCHED" \ - -e YUM_REPOS_D_TARGET="$YUM_REPOS_D_TARGET" \ - -e TARGET_STAGE="$TARGET_STAGE" \ - -e ENTITLEMENT_SECRET="$ENTITLEMENT_SECRET" \ - -e ACTIVATION_KEY="$ACTIVATION_KEY" \ - -e ADDITIONAL_SECRET="$ADDITIONAL_SECRET" \ - -e BUILD_ARGS_FILE="$BUILD_ARGS_FILE" \ - -e ADD_CAPABILITIES="$ADD_CAPABILITIES" \ - -e SQUASH="$SQUASH" \ - -e SKIP_UNUSED_STAGES="$SKIP_UNUSED_STAGES" \ - -e COMMIT_SHA="$COMMIT_SHA" \ - -v "$BUILD_DIR/workspaces/source:$(workspaces.source.path):Z" \ - -v "$BUILD_DIR/volumes/shared:/shared:Z" \ - -v "$BUILD_DIR/volumes/etc-pki-entitlement:/entitlement:Z" \ - -v "$BUILD_DIR/volumes/activation-key:/activation-key:Z" \ - -v "$BUILD_DIR/volumes/additional-secret:/additional-secret:Z" \ - -v "$BUILD_DIR/volumes/trusted-ca:/mnt/trusted-ca:Z" \ - -v "$BUILD_DIR/.docker/:/root/.docker:Z" \ - -v "$BUILD_DIR/tekton-results/:/tekton/results:Z" \ - -v $BUILD_DIR/scripts:/script:Z \ - --user=0 --rm "$BUILDER_IMAGE" /script/script-build.sh - rsync -ra "$SSH_HOST:$BUILD_DIR/workspaces/source/" "$(workspaces.source.path)/" - rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/shared/" /shared/ - rsync -ra "$SSH_HOST:$BUILD_DIR/tekton-results/" "/tekton/results/" - buildah pull oci:rhtap-final-image + + if ! [[ $IS_LOCALHOST ]]; then + rsync -ra scripts "$SSH_HOST:$BUILD_DIR" + ssh $SSH_ARGS "$SSH_HOST" $PORT_FORWARD podman run $PODMAN_PORT_FORWARD \ + --tmpfs /run/secrets \ + -e BUILDAH_FORMAT="$BUILDAH_FORMAT" \ + -e STORAGE_DRIVER="$STORAGE_DRIVER" \ + -e HERMETIC="$HERMETIC" \ + -e CONTEXT="$CONTEXT" \ + -e DOCKERFILE="$DOCKERFILE" \ + -e IMAGE="$IMAGE" \ + -e TLSVERIFY="$TLSVERIFY" \ + -e IMAGE_EXPIRES_AFTER="$IMAGE_EXPIRES_AFTER" \ + -e YUM_REPOS_D_SRC="$YUM_REPOS_D_SRC" \ + -e YUM_REPOS_D_FETCHED="$YUM_REPOS_D_FETCHED" \ + -e YUM_REPOS_D_TARGET="$YUM_REPOS_D_TARGET" \ + -e TARGET_STAGE="$TARGET_STAGE" \ + -e ENTITLEMENT_SECRET="$ENTITLEMENT_SECRET" \ + -e ACTIVATION_KEY="$ACTIVATION_KEY" \ + -e ADDITIONAL_SECRET="$ADDITIONAL_SECRET" \ + -e BUILD_ARGS_FILE="$BUILD_ARGS_FILE" \ + -e ADD_CAPABILITIES="$ADD_CAPABILITIES" \ + -e SQUASH="$SQUASH" \ + -e SKIP_UNUSED_STAGES="$SKIP_UNUSED_STAGES" \ + -e COMMIT_SHA="$COMMIT_SHA" \ + -v "$BUILD_DIR/workspaces/source:$(workspaces.source.path):Z" \ + -v "$BUILD_DIR/volumes/shared:/shared:Z" \ + -v "$BUILD_DIR/volumes/etc-pki-entitlement:/entitlement:Z" \ + -v "$BUILD_DIR/volumes/activation-key:/activation-key:Z" \ + -v "$BUILD_DIR/volumes/additional-secret:/additional-secret:Z" \ + -v "$BUILD_DIR/volumes/trusted-ca:/mnt/trusted-ca:Z" \ + -v "$BUILD_DIR/.docker/:/root/.docker:Z" \ + -v "$BUILD_DIR/results/:/tekton/results:Z" \ + -v $BUILD_DIR/scripts:/script:Z \ + --user=0 --rm "$BUILDER_IMAGE" /script/script-build.sh + rsync -ra "$SSH_HOST:$BUILD_DIR/workspaces/source/" "$(workspaces.source.path)/" + rsync -ra "$SSH_HOST:$BUILD_DIR/volumes/shared/" /shared/ + rsync -ra "$SSH_HOST:$BUILD_DIR/results/" "/tekton/results/" + buildah pull oci:rhtap-final-image + else + bash /script/script-build.sh + fi buildah images buildah tag localhost/rhtap-final-image "$IMAGE" container=$(buildah from --pull-never "$IMAGE") @@ -497,7 +519,7 @@ spec: script: | #!/bin/bash set -e - if [[ "${IMAGE##*-}" != "${PLATFORM##*/}" ]]; then + if [ -n "${APPEND_PLATFORM_ARCH}" ] && [ "${IMAGE##*-}" != "${PLATFORM##*/}" ]; then export IMAGE="${IMAGE}-${PLATFORM##*/}" fi echo "Running syft on the source directory" @@ -523,7 +545,7 @@ spec: script: | #!/bin/bash set -e - if [[ "${IMAGE##*-}" != "${PLATFORM##*/}" ]]; then + if [ -n "${APPEND_PLATFORM_ARCH}" ] && [ "${IMAGE##*-}" != "${PLATFORM##*/}" ]; then export IMAGE="${IMAGE}-${PLATFORM##*/}" fi if [ -f /var/lib/containers/java ]; then @@ -592,7 +614,7 @@ spec: script: | #!/bin/bash set -e - if [[ "${IMAGE##*-}" != "${PLATFORM##*/}" ]]; then + if [ -n "${APPEND_PLATFORM_ARCH}" ] && [ "${IMAGE##*-}" != "${PLATFORM##*/}" ]; then export IMAGE="${IMAGE}-${PLATFORM##*/}" fi if [ -f "sbom-cachi2.json" ]; then @@ -641,7 +663,7 @@ spec: script: | #!/bin/bash set -e - if [[ "${IMAGE##*-}" != "${PLATFORM##*/}" ]]; then + if [ -n "${APPEND_PLATFORM_ARCH}" ] && [ "${IMAGE##*-}" != "${PLATFORM##*/}" ]; then export IMAGE="${IMAGE}-${PLATFORM##*/}" fi python3 /app/base_images_sbom_script.py \ @@ -663,7 +685,7 @@ spec: script: | #!/bin/bash set -e - if [[ "${IMAGE##*-}" != "${PLATFORM##*/}" ]]; then + if [ -n "${APPEND_PLATFORM_ARCH}" ] && [ "${IMAGE##*-}" != "${PLATFORM##*/}" ]; then export IMAGE="${IMAGE}-${PLATFORM##*/}" fi @@ -740,7 +762,7 @@ spec: script: | #!/bin/bash set -e - if [[ "${IMAGE##*-}" != "${PLATFORM##*/}" ]]; then + if [ -n "${APPEND_PLATFORM_ARCH}" ] && [ "${IMAGE##*-}" != "${PLATFORM##*/}" ]; then export IMAGE="${IMAGE}-${PLATFORM##*/}" fi ca_bundle=/mnt/trusted-ca/ca-bundle.crt