Skip to content

Commit dfe4702

Browse files
Rakshitha-Kamathandrewschoen
Rakshitha-Kamath
authored and
andrewschoen
committed
Alloy hermetic build
Signed-off-by: Rakshitha-Kamath <[email protected]>
1 parent 15da063 commit dfe4702

File tree

11 files changed

+5593
-15528
lines changed

11 files changed

+5593
-15528
lines changed

.tekton/alloy-9-0-pull-request.yaml

Lines changed: 28 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,7 @@ spec:
8585
description: Execute the build with network isolation
8686
name: hermetic
8787
type: string
88-
- default: '[{"type": "rpm", "path": "."}, {"type": "gomod", "path": "."}, {"type": "yarn", "path": "."}]'
88+
- default: '[{"type": "gomod", "path": "."}, {"type": "npm", "path": "yarn-install"}, {"type": "generic", "path": "."}, {"type": "yarn", "path": "alloy/internal/web/ui"}, {"type": "gomod", "path": "alloy"}, {"type": "rpm", "path": "."}]'
8989
description: Build dependencies to be prefetched by Cachi2
9090
name: prefetch-input
9191
type: string
@@ -101,7 +101,7 @@ spec:
101101
description: Add built image into an OCI image index
102102
name: build-image-index
103103
type: string
104-
- default: ['BUILDPLATFORM="linux/amd64,linux/arm64"', 'VERSION="v1.11.0-devel"', 'RELEASE_BUILD=0']
104+
- default: ['BUILDPLATFORM=amd64','BUILDPLATFORM=arm64','BUILDPLATFORM=s390x','BUILDPLATFORM=ppc64le']
105105
description: Array of --build-arg values ("arg=value" strings) for buildah
106106
name: build-args
107107
type: array
@@ -118,6 +118,10 @@ spec:
118118
description: List of platforms to build the container images on. The available set of values is determined by the configuration of the multi-platform-controller.
119119
name: build-platforms
120120
type: array
121+
- name: buildah-format
122+
default: docker
123+
type: string
124+
description: The format for the resulting image's mediaType. Valid values are oci or docker.
121125
results:
122126
- description: ""
123127
name: IMAGE_URL
@@ -145,7 +149,7 @@ spec:
145149
- name: name
146150
value: init
147151
- name: bundle
148-
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:ded314206f09712b2116deb050b774ae7efef9ab243794334c8e616871a3ffa5
152+
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:abf231cfc5a68b56f68a8ac9bb26dca3c3e434c88dd9627c72bdec0b8c335c67
149153
- name: kind
150154
value: task
151155
resolver: bundles
@@ -166,7 +170,7 @@ spec:
166170
- name: name
167171
value: git-clone-oci-ta
168172
- name: bundle
169-
value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:4a601aeec58a1dd89c271e728fd8f0d84777825b46940c3aec27f15bab3edacf
173+
value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3f1b468066b301083d8550e036f5a654fcb064810bd29eb06fec6d8ad3e35b9c
170174
- name: kind
171175
value: task
172176
resolver: bundles
@@ -188,16 +192,14 @@ spec:
188192
value: $(params.output-image).prefetch
189193
- name: ociArtifactExpiresAfter
190194
value: $(params.image-expires-after)
191-
- name: ACTIVATION_KEY
192-
value: rkamath-activation-key
193195
runAfter:
194196
- clone-repository
195197
taskRef:
196198
params:
197199
- name: name
198200
value: prefetch-dependencies-oci-ta
199201
- name: bundle
200-
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:0b58e5132333dd3b710ef9c18ecebe0d5e5b22066ba56481d34431c989cb21dd
202+
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:dc82a7270aace9b1c26f7e96f8ccab2752e53d32980c41a45e1733baad76cde6
201203
- name: kind
202204
value: task
203205
resolver: bundles
@@ -240,16 +242,16 @@ spec:
240242
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
241243
- name: IMAGE_APPEND_PLATFORM
242244
value: "true"
243-
- name: ACTIVATION_KEY
244-
value: rkamath-activation-key
245+
- name: BUILDAH_FORMAT
246+
value: $(params.buildah-format)
245247
runAfter:
246248
- prefetch-dependencies
247249
taskRef:
248250
params:
249251
- name: name
250252
value: buildah-remote-oci-ta
251253
- name: bundle
252-
value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:252e5c94fb2375c43bdfd4b65097d246f4f37392956b08e5c38f366623a0b9ce
254+
value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:650b0bca57c626c1e82f35cdfadf44a7792230b2b992aaa9c369d615aae6590d
253255
- name: kind
254256
value: task
255257
resolver: bundles
@@ -271,14 +273,16 @@ spec:
271273
- name: IMAGES
272274
value:
273275
- $(tasks.build-images.results.IMAGE_REF[*])
276+
- name: BUILDAH_FORMAT
277+
value: $(params.buildah-format)
274278
runAfter:
275279
- build-images
276280
taskRef:
277281
params:
278282
- name: name
279283
value: build-image-index
280284
- name: bundle
281-
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:ba7fbed5c4862968c1a77d6b90d5bdd497925ab1de41b859c027dd5c3069cd3e
285+
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:79784d53749584bc5a8de32142ec4e2f01cdbf42c20d94e59280e0b927c8597d
282286
- name: kind
283287
value: task
284288
resolver: bundles
@@ -304,7 +308,7 @@ spec:
304308
- name: name
305309
value: source-build-oci-ta
306310
- name: bundle
307-
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:a48c950350c5e9945cc4ad6bfad7fc653aa437c9eff74a25fd1d42fda4fe344d
311+
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:b0d6cb28a23f20db4f5cf78ed78ae3a91b9a5adfe989696ed0bbc63840a485b6
308312
- name: kind
309313
value: task
310314
resolver: bundles
@@ -330,7 +334,7 @@ spec:
330334
- name: name
331335
value: deprecated-image-check
332336
- name: bundle
333-
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:c49732039f105de809840be396f83ead8c46f6a6948e1335b76d37e9eb469574
337+
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:f59175d9a0a60411738228dfe568af4684af4aa5e7e05c832927cb917801d489
334338
- name: kind
335339
value: task
336340
resolver: bundles
@@ -339,7 +343,12 @@ spec:
339343
operator: in
340344
values:
341345
- "false"
342-
- name: clair-scan
346+
- matrix:
347+
params:
348+
- name: image-platform
349+
value:
350+
- $(params.build-platforms)
351+
name: clair-scan
343352
params:
344353
- name: image-digest
345354
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
@@ -352,7 +361,7 @@ spec:
352361
- name: name
353362
value: clair-scan
354363
- name: bundle
355-
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:076d5cde62b55bbfcdda2b4782392256bbda5ad38f839013b4330b3aba70a973
364+
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:a7cc183967f89c4ac100d04ab8f81e54733beee60a0528208107c9a22d3c43af
356365
- name: kind
357366
value: task
358367
resolver: bundles
@@ -372,7 +381,7 @@ spec:
372381
- name: name
373382
value: ecosystem-cert-preflight-checks
374383
- name: bundle
375-
value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:365c65ed8dfbd83c4a49300dcb9c74c5c3f027efec0be1a1f0baa9633c29b249
384+
value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:dae8e28761cee4ab0baf04ab9f8f1a4b3cee3c7decf461fda2bacc5c01652a60
376385
- name: kind
377386
value: task
378387
resolver: bundles
@@ -403,7 +412,7 @@ spec:
403412
- name: name
404413
value: sast-snyk-check-oci-ta
405414
- name: bundle
406-
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:e371aa09c65ab309138b4aeae9ea4dd93f83119c5cc61e9f2057fe5bb518fbe9
415+
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:783f5de1b4def2fb3fad20b914f4b3afee46ffb8f652114946e321ef3fa86449
407416
- name: kind
408417
value: task
409418
resolver: bundles
@@ -575,7 +584,7 @@ spec:
575584
- name: name
576585
value: apply-tags
577586
- name: bundle
578-
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:e0de426d492e195f59c99d2ea1ca0df7bfb8c689f5d1468fe7f70eb8684b8d02
587+
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:f44be1bf0262471f2f503f5e19da5f0628dcaf968c86272a2ad6b4871e708448
579588
- name: kind
580589
value: task
581590
resolver: bundles
@@ -598,7 +607,7 @@ spec:
598607
- name: name
599608
value: push-dockerfile-oci-ta
600609
- name: bundle
601-
value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:235ef6e835de8171c07b8a7f8947d0b40bfcff999e1ff3cb6ddd9acc65c48430
610+
value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:49f778479f468e71c2cfef722e96aa813d7ef98bde8a612e1bf1a13cd70849ec
602611
- name: kind
603612
value: task
604613
resolver: bundles

.tekton/alloy-9-0-push.yaml

Lines changed: 33 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,8 @@ spec:
2727
value:
2828
- linux/x86_64
2929
- linux/arm64
30+
- linux/ppc64le
31+
- linux/s390x
3032
- name: dockerfile
3133
value: Dockerfile
3234
- name: path-context
@@ -78,27 +80,27 @@ spec:
7880
description: Skip checks against built image
7981
name: skip-checks
8082
type: string
81-
- default: "false"
83+
- default: "true"
8284
description: Execute the build with network isolation
8385
name: hermetic
8486
type: string
85-
- default: ""
87+
- default: '[{"type": "gomod", "path": "."}, {"type": "npm", "path": "yarn-install"}, {"type": "generic", "path": "."}, {"type": "yarn", "path": "alloy/internal/web/ui"}, {"type": "gomod", "path": "alloy"}, {"type": "rpm", "path": "."}]'
8688
description: Build dependencies to be prefetched by Cachi2
8789
name: prefetch-input
8890
type: string
8991
- default: ""
9092
description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.
9193
name: image-expires-after
9294
type: string
93-
- default: "false"
95+
- default: "true"
9496
description: Build a source image.
9597
name: build-source-image
9698
type: string
9799
- default: "true"
98100
description: Add built image into an OCI image index
99101
name: build-image-index
100102
type: string
101-
- default: ['BUILDPLATFORM="linux/amd64,linux/arm64"', 'VERSION="v1.11.0-devel"', 'GOEXPERIMENT=boringcrypto', 'RELEASE_BUILD=1']
103+
- default: ['BUILDPLATFORM=amd64','BUILDPLATFORM=arm64','BUILDPLATFORM=s390x','BUILDPLATFORM=ppc64le']
102104
description: Array of --build-arg values ("arg=value" strings) for buildah
103105
name: build-args
104106
type: array
@@ -115,6 +117,10 @@ spec:
115117
description: List of platforms to build the container images on. The available set of values is determined by the configuration of the multi-platform-controller.
116118
name: build-platforms
117119
type: array
120+
- name: buildah-format
121+
default: docker
122+
type: string
123+
description: The format for the resulting image's mediaType. Valid values are oci or docker.
118124
results:
119125
- description: ""
120126
name: IMAGE_URL
@@ -142,7 +148,7 @@ spec:
142148
- name: name
143149
value: init
144150
- name: bundle
145-
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:ded314206f09712b2116deb050b774ae7efef9ab243794334c8e616871a3ffa5
151+
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:abf231cfc5a68b56f68a8ac9bb26dca3c3e434c88dd9627c72bdec0b8c335c67
146152
- name: kind
147153
value: task
148154
resolver: bundles
@@ -163,7 +169,7 @@ spec:
163169
- name: name
164170
value: git-clone-oci-ta
165171
- name: bundle
166-
value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:4a601aeec58a1dd89c271e728fd8f0d84777825b46940c3aec27f15bab3edacf
172+
value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3f1b468066b301083d8550e036f5a654fcb064810bd29eb06fec6d8ad3e35b9c
167173
- name: kind
168174
value: task
169175
resolver: bundles
@@ -192,7 +198,7 @@ spec:
192198
- name: name
193199
value: prefetch-dependencies-oci-ta
194200
- name: bundle
195-
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:0b58e5132333dd3b710ef9c18ecebe0d5e5b22066ba56481d34431c989cb21dd
201+
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:dc82a7270aace9b1c26f7e96f8ccab2752e53d32980c41a45e1733baad76cde6
196202
- name: kind
197203
value: task
198204
resolver: bundles
@@ -235,14 +241,16 @@ spec:
235241
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
236242
- name: IMAGE_APPEND_PLATFORM
237243
value: "true"
244+
- name: BUILDAH_FORMAT
245+
value: $(params.buildah-format)
238246
runAfter:
239247
- prefetch-dependencies
240248
taskRef:
241249
params:
242250
- name: name
243251
value: buildah-remote-oci-ta
244252
- name: bundle
245-
value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:252e5c94fb2375c43bdfd4b65097d246f4f37392956b08e5c38f366623a0b9ce
253+
value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:650b0bca57c626c1e82f35cdfadf44a7792230b2b992aaa9c369d615aae6590d
246254
- name: kind
247255
value: task
248256
resolver: bundles
@@ -264,14 +272,16 @@ spec:
264272
- name: IMAGES
265273
value:
266274
- $(tasks.build-images.results.IMAGE_REF[*])
275+
- name: BUILDAH_FORMAT
276+
value: $(params.buildah-format)
267277
runAfter:
268278
- build-images
269279
taskRef:
270280
params:
271281
- name: name
272282
value: build-image-index
273283
- name: bundle
274-
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:ba7fbed5c4862968c1a77d6b90d5bdd497925ab1de41b859c027dd5c3069cd3e
284+
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:79784d53749584bc5a8de32142ec4e2f01cdbf42c20d94e59280e0b927c8597d
275285
- name: kind
276286
value: task
277287
resolver: bundles
@@ -297,7 +307,7 @@ spec:
297307
- name: name
298308
value: source-build-oci-ta
299309
- name: bundle
300-
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:a48c950350c5e9945cc4ad6bfad7fc653aa437c9eff74a25fd1d42fda4fe344d
310+
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:b0d6cb28a23f20db4f5cf78ed78ae3a91b9a5adfe989696ed0bbc63840a485b6
301311
- name: kind
302312
value: task
303313
resolver: bundles
@@ -323,7 +333,7 @@ spec:
323333
- name: name
324334
value: deprecated-image-check
325335
- name: bundle
326-
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:c49732039f105de809840be396f83ead8c46f6a6948e1335b76d37e9eb469574
336+
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:f59175d9a0a60411738228dfe568af4684af4aa5e7e05c832927cb917801d489
327337
- name: kind
328338
value: task
329339
resolver: bundles
@@ -332,7 +342,12 @@ spec:
332342
operator: in
333343
values:
334344
- "false"
335-
- name: clair-scan
345+
- matrix:
346+
params:
347+
- name: image-platform
348+
value:
349+
- $(params.build-platforms)
350+
name: clair-scan
336351
params:
337352
- name: image-digest
338353
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
@@ -345,7 +360,7 @@ spec:
345360
- name: name
346361
value: clair-scan
347362
- name: bundle
348-
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:076d5cde62b55bbfcdda2b4782392256bbda5ad38f839013b4330b3aba70a973
363+
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:a7cc183967f89c4ac100d04ab8f81e54733beee60a0528208107c9a22d3c43af
349364
- name: kind
350365
value: task
351366
resolver: bundles
@@ -365,7 +380,7 @@ spec:
365380
- name: name
366381
value: ecosystem-cert-preflight-checks
367382
- name: bundle
368-
value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:365c65ed8dfbd83c4a49300dcb9c74c5c3f027efec0be1a1f0baa9633c29b249
383+
value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:dae8e28761cee4ab0baf04ab9f8f1a4b3cee3c7decf461fda2bacc5c01652a60
369384
- name: kind
370385
value: task
371386
resolver: bundles
@@ -396,7 +411,7 @@ spec:
396411
- name: name
397412
value: sast-snyk-check-oci-ta
398413
- name: bundle
399-
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:e371aa09c65ab309138b4aeae9ea4dd93f83119c5cc61e9f2057fe5bb518fbe9
414+
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:783f5de1b4def2fb3fad20b914f4b3afee46ffb8f652114946e321ef3fa86449
400415
- name: kind
401416
value: task
402417
resolver: bundles
@@ -515,7 +530,7 @@ spec:
515530
- name: name
516531
value: sast-shell-check-oci-ta
517532
- name: bundle
518-
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:808bcaf75271db6a999f53fdefb973a385add94a277d37fbd3df68f8ac7dfaa3
533+
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:bf7bdde00b7212f730c1356672290af6f38d070da2c8a316987b5c32fd49e0b9
519534
- name: kind
520535
value: task
521536
resolver: bundles
@@ -567,7 +582,7 @@ spec:
567582
- name: name
568583
value: apply-tags
569584
- name: bundle
570-
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:e0de426d492e195f59c99d2ea1ca0df7bfb8c689f5d1468fe7f70eb8684b8d02
585+
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:f44be1bf0262471f2f503f5e19da5f0628dcaf968c86272a2ad6b4871e708448
571586
- name: kind
572587
value: task
573588
resolver: bundles
@@ -590,7 +605,7 @@ spec:
590605
- name: name
591606
value: push-dockerfile-oci-ta
592607
- name: bundle
593-
value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:235ef6e835de8171c07b8a7f8947d0b40bfcff999e1ff3cb6ddd9acc65c48430
608+
value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:49f778479f468e71c2cfef722e96aa813d7ef98bde8a612e1bf1a13cd70849ec
594609
- name: kind
595610
value: task
596611
resolver: bundles

0 commit comments

Comments
 (0)