From f2c9a1d95326db945cf4c4495c55ff52b8f92b40 Mon Sep 17 00:00:00 2001 From: Roy Golan Date: Sun, 16 Jun 2024 15:09:28 +0300 Subject: [PATCH] Dockerfile ARGs for konflux builds Add a dockerfile arguments that satisfies konflux's build pipeline The main difference to the main docker file is trusted base images and must-have labels Signed-off-by: Roy Golan --- .tekton/move2kube-serverless-workflow-push.yaml | 4 +++- .tekton/mta-serverless-workflow-push.yaml | 4 +++- Makefile | 4 ++-- e2e/resources/knative-service.yaml | 16 ++++++++++++++++ move2kube/argfile.conf | 4 ++++ mta/argfile.conf | 4 ++++ pipeline/move2kube.dockerfile.in | 12 ++++++++++++ pipeline/workflow-builder.Dockerfile | 16 +++++++++++++++- 8 files changed, 59 insertions(+), 5 deletions(-) create mode 100644 move2kube/argfile.conf create mode 100644 mta/argfile.conf create mode 100644 pipeline/move2kube.dockerfile.in diff --git a/.tekton/move2kube-serverless-workflow-push.yaml b/.tekton/move2kube-serverless-workflow-push.yaml index 0fb9a1e4..6958fac5 100644 --- a/.tekton/move2kube-serverless-workflow-push.yaml +++ b/.tekton/move2kube-serverless-workflow-push.yaml @@ -18,7 +18,7 @@ metadata: spec: params: - name: dockerfile - value: pipeline/workflow-builder.Dockerfile + value: pipeline/workflow-builder.konflux.Dockerfile - name: git-url value: '{{source_url}}' - name: output-image @@ -27,6 +27,8 @@ spec: value: move2kube - name: revision value: '{{revision}}' + - name: build-args-file + value: move2kube/argfile.conf pipelineSpec: finally: - name: show-sbom diff --git a/.tekton/mta-serverless-workflow-push.yaml b/.tekton/mta-serverless-workflow-push.yaml index 890147d5..96716381 100644 --- a/.tekton/mta-serverless-workflow-push.yaml +++ b/.tekton/mta-serverless-workflow-push.yaml @@ -18,7 +18,7 @@ metadata: spec: params: - name: dockerfile - value: pipeline/workflow-builder.Dockerfile + value: pipeline/workflow-builder.konflux.Dockerfile - name: git-url value: '{{source_url}}' - name: output-image @@ -27,6 +27,8 @@ spec: value: mta - name: revision value: '{{revision}}' + - name: build-args-file + value: mta/argfile.conf pipelineSpec: finally: - name: show-sbom diff --git a/Makefile b/Makefile index b2768ff9..fc178912 100644 --- a/Makefile +++ b/Makefile @@ -118,7 +118,7 @@ prepare-workdir: # Depends on: prepare-workdir target. # Usage: make build-image ifeq ($(IS_WORKFLOW),true) -build-image: BUILD_ARGS=--build-arg WF_RESOURCES=$(WORKFLOW_ID) --build-arg=QUARKUS_EXTENSIONS=$(QUARKUS_EXTENSIONS) --build-arg=MAVEN_ARGS_APPEND=$(MAVEN_ARGS_APPEND) +build-image: BUILD_ARGS=--build-arg-file=$(WORKFLOW_ID)/argfile.conf --build-arg=BUILDER_IMAGE= --build-arg WF_RESOURCES=$(WORKFLOW_ID) --build-arg=QUARKUS_EXTENSIONS=$(QUARKUS_EXTENSIONS) --build-arg=MAVEN_ARGS_APPEND=$(MAVEN_ARGS_APPEND) endif build-image: EXTRA_ARGS=--ulimit nofile=4096:4096 build-image: prepare-workdir @@ -183,4 +183,4 @@ gen-manifests: prepare-workdir push-manifests: prepare-workdir cd $(WORKDIR) @$(CONTAINER_ENGINE) run --rm -v $(WORKDIR):/workdir -w /workdir \ - $(LINUX_IMAGE) /bin/bash -c "${SCRIPTS_DIR}/push_manifests.sh '$(GIT_USER_NAME)' $(GIT_USER_EMAIL) $(GIT_TOKEN) $(PR_OR_COMMIT_URL) $(DEPLOYMENT_REPO) $(DEPLOYMENT_BRANCH) $(WORKFLOW_ID) $(APPLICATION_ID) $(IMAGE_NAME) $(IMAGE_TAG)" \ No newline at end of file + $(LINUX_IMAGE) /bin/bash -c "${SCRIPTS_DIR}/push_manifests.sh '$(GIT_USER_NAME)' $(GIT_USER_EMAIL) $(GIT_TOKEN) $(PR_OR_COMMIT_URL) $(DEPLOYMENT_REPO) $(DEPLOYMENT_BRANCH) $(WORKFLOW_ID) $(APPLICATION_ID) $(IMAGE_NAME) $(IMAGE_TAG)" diff --git a/e2e/resources/knative-service.yaml b/e2e/resources/knative-service.yaml index 52f4e2bf..cdf7e9c6 100644 --- a/e2e/resources/knative-service.yaml +++ b/e2e/resources/knative-service.yaml @@ -1,3 +1,12 @@ +apiVersion: v1 +data: + config: | + Host * + StrictHostKeyChecking no +kind: ConfigMap +metadata: + name: m2k-ssh-config +--- apiVersion: serving.knative.dev/v1 kind: Service metadata: @@ -46,6 +55,10 @@ spec: readOnly: true mountPath: /home/jboss/.ssh/id_rsa.pub subPath: id_rsa.pub + - mountPath: /home/jboss/.ssh/config + name: m2k-ssh-config + readOnly: true + subPath: config readinessProbe: successThreshold: 1 tcpSocket: @@ -60,3 +73,6 @@ spec: secretName: sshkeys - name: pre-install emptyDir: {} + - name: m2k-ssh-config + configMap: + name: m2k-ssh-config diff --git a/move2kube/argfile.conf b/move2kube/argfile.conf new file mode 100644 index 00000000..1a25d649 --- /dev/null +++ b/move2kube/argfile.conf @@ -0,0 +1,4 @@ +BUILDER_IMAGE=brew.registry.redhat.io/rh-osbs/openshift-serverless-1-logic-swf-builder-rhel8@sha256:012439f21f964478225a459042f6e1dc14f63fdf4ae089c4ee5e613814682a27 +FLOW_NAME=move2kube Serverless Workflow +FLOW_SUMMARY=move2kube Serverless Workflow +FLOW_DESCRIPTION=move2kube workflow consumes a source code repo and pushes a branch with manifests and build files to containerize and application diff --git a/mta/argfile.conf b/mta/argfile.conf new file mode 100644 index 00000000..b61949ca --- /dev/null +++ b/mta/argfile.conf @@ -0,0 +1,4 @@ +BUILDER_IMAGE=brew.registry.redhat.io/rh-osbs/openshift-serverless-1-logic-swf-builder-rhel8@sha256:012439f21f964478225a459042f6e1dc14f63fdf4ae089c4ee5e613814682a27 +FLOW_NAME=MTA Analysis +FLOW_SUMMARY=MTA Analysis serverless workflow consumes a source code repository and executes an MTA analysis using Migration ToolKit for Applications +FLOW_DESCRIPTION=MTA Analysis serverless workflow consumes a source code repository and executes an MTA analysis using Migration ToolKit for Applications diff --git a/pipeline/move2kube.dockerfile.in b/pipeline/move2kube.dockerfile.in new file mode 100644 index 00000000..aefce4a9 --- /dev/null +++ b/pipeline/move2kube.dockerfile.in @@ -0,0 +1,12 @@ +# ARG WF_RESOURCES=move2kube + +#include "pipeline/workflow-builder.konflux.Dockerfile.in" + +LABEL name="move2kube serverless workflow" +LABEL summary="move2kube serverless workflow that takes a github project and proposes manifests and build files for containerization" +LABEL description="A workflow that takes a github project and proposses a pull request with manifests and build files for containerization using move2kube tool." +LABEL io.k8s.description="A workflow that takes a github project and proposses a pull request with manifests and build files for containerization using move2kube tool." +LABEL io.k8s.display-name="move2kube serverless workflow" +LABEL io.openshift.tags="" + + diff --git a/pipeline/workflow-builder.Dockerfile b/pipeline/workflow-builder.Dockerfile index c6deb1e4..116956f2 100644 --- a/pipeline/workflow-builder.Dockerfile +++ b/pipeline/workflow-builder.Dockerfile @@ -1,6 +1,9 @@ # FROM registry.redhat.io/openshift-serverless-1-tech-preview/logic-swf-builder-rhel8@sha256:d19b3ecaeac10e6aa03530008d25c8171254d561dc5519b9efd18dd4f0de5675 AS builder # Using the builder image below to address bugs https://issues.redhat.com/browse/FLPATH-1141 and https://issues.redhat.com/browse/FLPATH-1127 -FROM quay.io/kiegroup/kogito-swf-builder:9.99.1.CR1 AS builder + +ARG BUILDER_IMAGE + +FROM ${BUILDER_IMAGE:-kogito-swf-builder:9.99.1.CR1} AS builder # Temp hack to provide persistence artifacts - with quay.io/kiegroup/kogito-swf-builder:9.99.1.CR1 those dependencies are included in the base image. #ENV MAVEN_REPO_URL=https://maven.repository.redhat.com/earlyaccess/all @@ -33,6 +36,10 @@ RUN /home/kogito/launch/build-app.sh ./resources #============================= FROM registry.access.redhat.com/ubi8/openjdk-17:1.19-4.1715070735 +ARG FLOW_NAME +ARG FLOW_SUMMARY +ARG FLOW_DESCRIPTION + ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' # We make four distinct layers so if there are application changes the library layers can be re-used @@ -47,3 +54,10 @@ USER 185 ENV AB_JOLOKIA_OFF="" ENV JAVA_OPTS="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager" ENV JAVA_APP_JAR="/deployments/quarkus-run.jar" + +LABEL name="${FLOW_NAME}" +LABEL summary="${FLOW_SUMMARY}" +LABEL description="${FLOW_DESCRIPTION}" +LABEL io.k8s.description="${FLOW_DESCRIPTION}" +LABEL io.k8s.display-name="${FLOW_NAME}" +LABEL io.openshift.tags=""