diff --git a/.tekton/odh-trustyai-service-v2-16-push.yaml b/.tekton/odh-trustyai-service-v2-16-push.yaml index 961ceb6b..372a1934 100644 --- a/.tekton/odh-trustyai-service-v2-16-push.yaml +++ b/.tekton/odh-trustyai-service-v2-16-push.yaml @@ -6,8 +6,11 @@ metadata: build.appstudio.redhat.com/commit_sha: '{{revision}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch - == "rhoai-2.16" + build.appstudio.openshift.io/build-nudge-files: "build/operator-nudging.yaml" + pipelinesascode.tekton.dev/on-cel-expression: | + event == "push" + && target_branch == "rhoai-2.16" + && ( !".tekton/**".pathChanged() || "..tekton/odh-trustyai-service-v2-16-push.yaml".pathChanged() ) creationTimestamp: null labels: appstudio.openshift.io/application: rhoai-v2-16 @@ -22,11 +25,23 @@ spec: - name: revision value: '{{revision}}' - name: output-image - value: quay.io/redhat-user-workloads/rhoai-tenant/odh-trustyai-service-v2-16:{{revision}} + value: quay.io/rhoai/odh-trustyai-service-rhel8:{{target_branch}} - name: dockerfile value: Dockerfile.konflux - name: path-context value: . + - name: build-config-git-url + value: 'https://github.com/red-hat-data-services/RHOAI-Build-Config.git' + - name: build-config-revision + value: 'rhoai-2.16' + - name: build-config-path + value: 'odh-pig-builds/build-config.yaml' + - name: pnc-cli-config-git-url + value: 'https://gitlab.cee.redhat.com/project-ncl/utils.git' + - name: pnc-cli-config-revision + value: 'master' + - name: pnc-profile + value: 'prod' pipelineSpec: description: | This pipeline is ideal for building container images from a Containerfile while reducing network traffic. @@ -70,6 +85,27 @@ spec: - name: workspace workspace: workspace params: + - name: build-config-git-url + description: Source Repository URL containing the build configuration + type: string + - name: build-config-revision + default: "" + description: Revision of the Source Repository containing the build configuration + type: string + - name: build-config-path + default: "build-config.yaml" + description: Full path of the build configuration file + type: string + - description: Source Repository URL containing the PNC CLI configuration + name: pnc-cli-config-git-url + type: string + - default: "" + description: Revision of the Source Repository containing the PNC CLI configuration + name: pnc-cli-config-revision + type: string + - name: pnc-profile + value: 'prod' + - description: Source Repository URL name: git-url type: string @@ -184,12 +220,122 @@ spec: workspace: workspace - name: basic-auth workspace: git-auth + + - name: clone-build-config-repository + params: + - name: url + value: $(params.build-config-git-url) + - name: revision + value: $(params.build-config-revision) + - name: subdirectory + value: build-config + - name: sslVerify + value: false + taskRef: + params: + - name: name + value: git-clone + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:0bb1be8363557e8e07ec34a3c5daaaaa23c9d533f0bb12f00dc604d00de50814 + - name: kind + value: task + resolver: bundles + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + + - name: clone-pnc-cli-config-repository + params: + - name: url + value: $(params.pnc-cli-config-git-url) + - name: revision + value: $(params.pnc-cli-config-revision) + - name: subdirectory + value: cli-config + - name: sslVerify + value: false + runAfter: + - clone-build-config-repository + taskRef: + params: + - name: name + value: git-clone + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:0bb1be8363557e8e07ec34a3c5daaaaa23c9d533f0bb12f00dc604d00de50814 + - name: kind + value: task + resolver: bundles + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + + - name: pnc-cli-build + runAfter: + - clone-pnc-cli-config-repository + taskSpec: + results: + - description: The file containing the list of pnc built artifacts to be later installed inside the container build + name: pnc-file-list + steps: + - name: run-pnc-build + image: quay.io/redhat-user-workloads/konflux-jbs-pnc-tenant/pnc/pnc-cli:48a761b5093bc474850b2ebcf06641825940deb7 + env: + - name: SSO_SERVICE_ACCOUNT_NAME + valueFrom: + secretKeyRef: + name: pnc-secret + key: svc.account.username + - name: SSO_SERVICE_ACCOUNT_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: pnc-secret + key: svc.account.password + - name: PNC_PROFILE + valueFrom: + secretKeyRef: + name: pnc-secret + key: pnc.profile + + script: | + #!/bin/bash + set -e + + echo -e "\n=== Build config ===" + cat /workspace/output/build-config/$(params.build-config-path) + cp /workspace/output/build-config/$(params.build-config-path) /workspace/output + echo -e "====================" + + echo -e "\nReplacing credentials in the CLI config ..." + envsubst '${SSO_SERVICE_ACCOUNT_NAME} ${SSO_SERVICE_ACCOUNT_CLIENT_SECRET}' < /workspace/output/cli-config/konflux/configs/pnc_cli/config.yaml > /workspace/output/config.yaml + + echo -e "\nStarting the PNC build ..." + PNC_CLI_OUTPUT_FILE="/workspace/output/pnc-cli-run-output.json" + java -jar /home/jboss/bacon.jar pig run --mode=FORCE --downloadAttempts=3 /workspace/output -p /workspace/output --profile ${PNC_PROFILE} --jsonOutput > $PNC_CLI_OUTPUT_FILE + + echo -e "\nFinished the PNC build!" + echo -e "\n=== PNC build output ===" + cat $PNC_CLI_OUTPUT_FILE + echo -e "====================" + + echo -e "\nGetting the list of built files (to be used later in the container build) ..." + jq '[.builds[].builtArtifacts[]?.downloadUrl ]' "$PNC_CLI_OUTPUT_FILE" > "$(results.pnc-file-list.path)" + + cat $(results.pnc-file-list.path) + + workspaces: + - name: output + workspace: workspace + - name: prefetch-dependencies params: - name: input value: $(params.prefetch-input) runAfter: - - clone-repository + - pnc-cli-build taskRef: params: - name: name @@ -229,9 +375,17 @@ spec: value: $(tasks.clone-repository.results.commit) - name: BUILD_ARGS value: + - PNC_FILES_JSON=$(tasks.pnc-cli-build.results.pnc-file-list) - $(params.build-args[*]) - name: BUILD_ARGS_FILE value: $(params.build-args-file) + - name: LABELS + value: + - version=v2.16.0 + - url=$(params.git-url) + - release='$(tasks.clone-repository.results.commit-timestamp)' + - git.url=$(params.git-url) + - git.commit=$(params.revision) runAfter: - prefetch-dependencies taskRef: @@ -422,6 +576,9 @@ spec: params: - name: IMAGE value: $(tasks.build-image-index.results.IMAGE_URL) + - name: ADDITIONAL_TAGS + value: + - '{{target_branch}}-{{revision}}' runAfter: - build-image-index taskRef: