diff --git a/.tekton/fbc-build.yaml b/.tekton/fbc-build.yaml index c6c476679..e529cc539 100644 --- a/.tekton/fbc-build.yaml +++ b/.tekton/fbc-build.yaml @@ -5,8 +5,7 @@ metadata: spec: description: | This pipeline is ideal for building and verifying [file-based catalogs](https://konflux-ci.dev/docs/advanced-how-tos/building-olm.adoc#building-the-file-based-catalog). - - _Uses `buildah` to create a container image. Its build-time tests are limited to verifying the included catalog and do not scan the image. + _Uses `buildah` to create a container image. Its build-time tests are limited to verifying the included catalog and do not scan the image. This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-fbc-builder?tab=tags)_ finally: - name: show-sbom @@ -22,28 +21,6 @@ spec: - name: kind value: task resolver: bundles - - name: show-summary - params: - - name: pipelinerun-name - value: $(context.pipelineRun.name) - - name: git-url - value: $(tasks.clone-repository.results.url)?rev=$(tasks.clone-repository.results.commit) - - name: image-url - value: $(params.output-image) - - name: build-task-status - value: $(tasks.build-image-index.status) - taskRef: - params: - - name: name - value: summary - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:870d9a04d9784840a90b7bf6817cd0d0c4edfcda04b1ba1868cae625a3c3bfcc - - name: kind - value: task - resolver: bundles - workspaces: - - name: workspace - workspace: workspace params: - description: Source Repository URL name: git-url @@ -89,10 +66,24 @@ spec: description: Build a source image. name: build-source-image type: string - - default: "false" + - default: "true" description: Add built image into an OCI image index name: build-image-index type: string + - default: [] + description: Array of --build-arg values ("arg=value" strings) for buildah + name: build-args + type: array + - default: "" + description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file + name: build-args-file + type: string + - default: + - linux/x86_64 + description: List of platforms to build the container images on. The available + set of values is determined by the configuration of the multi-platform-controller. + name: build-platforms + type: array results: - description: "" name: IMAGE_URL @@ -130,14 +121,18 @@ spec: value: $(params.git-url) - name: revision value: $(params.revision) + - name: ociStorage + value: $(params.output-image).git + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) runAfter: - init taskRef: params: - name: name - value: git-clone + value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:d091a9e19567a4cbdc5acd57903c71ba71dc51d749a4ba7477e689608851e981 + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:8ab0c7a7ac4a4c59740a24304e17cc64fe8745376d19396c4660fc0e1a957a1b - name: kind value: task resolver: bundles @@ -147,11 +142,40 @@ spec: values: - "true" workspaces: - - name: output - workspace: workspace - name: basic-auth workspace: git-auth - - name: build-container + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image).prefetch + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: prefetch-dependencies-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:ce43e45629dac79160a4168129fabf4f7309c6e81df66bebdd2d0e265e263931 + - name: kind + value: task + resolver: bundles + workspaces: + - name: git-basic-auth + workspace: git-auth + - name: netrc + workspace: netrc + - matrix: + params: + - name: PLATFORM + value: + - $(params.build-platforms) + name: build-images params: - name: IMAGE value: $(params.output-image) @@ -161,18 +185,31 @@ spec: value: $(params.path-context) - name: HERMETIC value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) - name: IMAGE_EXPIRES_AFTER value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + - name: IMAGE_APPEND_PLATFORM + value: "true" runAfter: - clone-repository taskRef: params: - name: name - value: buildah + value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.2@sha256:7d3f090943ecb839cc505b3a5e5305c0203dfc6dbc0096713c0add9ef1e45d90 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.2@sha256:3c630943c958f070f542573a29be8e02f08646ec85ed20338ca13940f4b8be46 - name: kind value: task resolver: bundles @@ -181,9 +218,6 @@ spec: operator: in values: - "true" - workspaces: - - name: source - workspace: workspace - name: build-image-index params: - name: IMAGE @@ -196,15 +230,15 @@ spec: value: $(params.build-image-index) - name: IMAGES value: - - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) + - $(tasks.build-images.results.IMAGE_REF[*]) runAfter: - - build-container + - build-images taskRef: params: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:7b2c5ab5d711d1d487693072dec6a10ede0076290dabc673bc6ccde9a322674a + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:a89c141c8d35b2e9d9904c92c9b128f7ccf36681adac7f7422b4537b8bb077e7 - name: kind value: task resolver: bundles @@ -250,7 +284,7 @@ spec: - name: kind value: task resolver: bundles - - name: inspect-image + - name: validate-fbc params: - name: IMAGE_URL value: $(tasks.build-image-index.results.IMAGE_URL) @@ -261,56 +295,9 @@ spec: taskRef: params: - name: name - value: inspect-image - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-inspect-image:0.1@sha256:b4f8b61baf43ca503aae76078bb4cfe718ca21a5ab293d982978d6fd564bf1b6 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: source - workspace: workspace - - name: fbc-validate - params: - - name: IMAGE_URL - value: $(tasks.build-image-index.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: BASE_IMAGE - value: $(tasks.inspect-image.results.BASE_IMAGE) - runAfter: - - inspect-image - taskRef: - params: - - name: name - value: fbc-validation - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-fbc-validation:0.1@sha256:bf72968f8b36b92b4e8322f4208f20f07be1195be4551a7916d0b598c613ed4c - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: workspace - workspace: workspace - - name: fbc-related-image-check - runAfter: - - fbc-validate - taskRef: - params: - - name: name - value: fbc-related-image-check + value: validate-fbc - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-fbc-related-image-check:0.1@sha256:17dc33ef07a8f87d1a8a2f6d4f496123e0db5d29bbe7ff7956462dc5d95c3170 + value: quay.io/konflux-ci/tekton-catalog/task-validate-fbc:0.1@sha256:f370a6cb7b854d81cf779f8afc00e053df3a7619af9cf45c54e31ced1a4c5034 - name: kind value: task resolver: bundles @@ -319,11 +306,7 @@ spec: operator: in values: - "false" - workspaces: - - name: workspace - workspace: workspace workspaces: - - name: workspace - name: git-auth optional: true - name: netrc