Skip to content

Red Hat Konflux update quay-builder-qemu-v3-15 #34

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: redhat-3.15
Choose a base branch
from
Open

Red Hat Konflux update quay-builder-qemu-v3-15 #34

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
120 changes: 34 additions & 86 deletions .tekton/quay-builder-qemu-v3-15-pull-request.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,9 @@ metadata:
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
pipelinesascode.tekton.dev/cancel-in-progress: "true"
pipelinesascode.tekton.dev/max-keep-runs: "3"
pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "redhat-3.15"
creationTimestamp:
pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
== "redhat-3.15"
creationTimestamp: null
labels:
appstudio.openshift.io/application: quay-v3-15
appstudio.openshift.io/component: quay-builder-qemu-v3-15
Expand All @@ -26,44 +27,14 @@ spec:
value: quay.io/redhat-user-workloads/quay-eng-tenant/quay-builder-qemu-v3-15:on-pr-{{revision}}
- name: image-expires-after
value: 5d
- name: build-platforms
value:
- linux/x86_64
- linux/arm64
- linux/ppc64le
- linux/s390x
- name: dockerfile
value: Containerfile.quay-builder-qemu
- name: hermetic
value: "true"
- name: build-source-image
value: "true"
- name: prefetch-input
value: |
[
{"type":"generic", "path": "."},
{"type":"rpm", "path": "."}
]
value: Dockerfile
pipelineSpec:
description: |
This pipeline is ideal for building multi-arch container images from a Containerfile while maintaining trust after pipeline customization.
This pipeline is ideal for building container images from a Containerfile while maintaining trust after pipeline customization.

_Uses `buildah` to create a multi-platform container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. This pipeline requires that the [multi platform controller](https://github.com/konflux-ci/multi-platform-controller) is deployed and configured on your Konflux instance. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://conforma.dev/docs/policy/packages/release_trusted_task.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks.
This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-multi-platform-oci-ta?tab=tags)_
finally:
- name: show-sbom
params:
- name: IMAGE_URL
value: $(tasks.build-image-index.results.IMAGE_URL)
taskRef:
params:
- name: name
value: show-sbom
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:beb0616db051952b4b861dd8c3e00fa1c0eccbd926feddf71194d3bb3ace9ce7
- name: kind
value: task
resolver: bundles
_Uses `buildah` to create a container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://conforma.dev/docs/policy/packages/release_trusted_task.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks.
This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-oci-ta?tab=tags)_
params:
- description: Source Repository URL
name: git-url
Expand All @@ -76,11 +47,13 @@ spec:
name: output-image
type: string
- default: .
description: Path to the source code of an application's component from where to build image.
description: Path to the source code of an application's component from where
to build image.
name: path-context
type: string
- default: Dockerfile
description: Path to the Dockerfile inside the context specified by parameter path-context
description: Path to the Dockerfile inside the context specified by parameter
path-context
name: dockerfile
type: string
- default: "false"
Expand All @@ -96,18 +69,19 @@ spec:
name: hermetic
type: string
- default: ""
description: Build dependencies to be prefetched by Cachi2
description: Build dependencies to be prefetched
name: prefetch-input
type: string
- default: ""
description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.
description: Image tag expiration time, time values could be something like
1h, 2d, 3w for hours, days, and weeks, respectively.
name: image-expires-after
type: string
- default: "false"
description: Build a source image.
name: build-source-image
type: string
- default: "true"
- default: "false"
description: Add built image into an OCI image index
name: build-image-index
type: string
Expand All @@ -120,14 +94,10 @@ spec:
name: build-args-file
type: string
- default: "false"
description: Whether to enable privileged mode, should be used only with remote VMs
description: Whether to enable privileged mode, should be used only with remote
VMs
name: privileged-nested
type: string
- default:
- linux/x86_64
description: List of platforms to build the container images on. The available set of values is determined by the configuration of the multi-platform-controller.
name: build-platforms
type: array
results:
- description: ""
name: IMAGE_URL
Expand Down Expand Up @@ -176,7 +146,7 @@ spec:
- name: name
value: git-clone-oci-ta
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:efcce59f226b1426f7685917e41a50b73478f38fe9ac56c98f1e961effd4b6f0
value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3f1b468066b301083d8550e036f5a654fcb064810bd29eb06fec6d8ad3e35b9c
- name: kind
value: task
resolver: bundles
Expand All @@ -198,8 +168,6 @@ spec:
value: $(params.output-image).prefetch
- name: ociArtifactExpiresAfter
value: $(params.image-expires-after)
- name: dev-package-managers
value: "true"
runAfter:
- clone-repository
taskRef:
Expand All @@ -216,12 +184,7 @@ spec:
workspace: git-auth
- name: netrc
workspace: netrc
- matrix:
params:
- name: PLATFORM
value:
- $(params.build-platforms)
name: build-images
- name: build-container
params:
- name: IMAGE
value: $(params.output-image)
Expand All @@ -244,35 +207,20 @@ spec:
value: $(params.build-args-file)
- name: PRIVILEGED_NESTED
value: $(params.privileged-nested)
- name: SOURCE_URL
value: $(tasks.clone-repository.results.url)
- name: SOURCE_ARTIFACT
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
- name: CACHI2_ARTIFACT
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
- name: IMAGE_APPEND_PLATFORM
value: "true"
- name: LABELS
value:
- com.redhat.component="quay-builder-qemu-rhcos-container"
- name="quay/quay-builder-qemu-rhcos-rhel8"
- version=3.15
- io.k8s.display-name="Red Hat Quay - Builder QEMU RHCOS"
- io.k8s.description="Red Hat Quay - Builder QEMU RHCOS"
- io.openshift.tags="quay"
- summary="Red Hat Quay - Builder QEMU RHCOS"
- maintainer="[email protected]"
- distribution-scope="restricted"
- description="Red Hat Quay - Builder QEMU RHCOS"
- tags="quay"
- url="https://docs.redhat.com/en/documentation/red_hat_quay/3.15"
- vendor=Red Hat, Inc.
runAfter:
- prefetch-dependencies
taskRef:
params:
- name: name
value: buildah-remote-oci-ta
value: buildah-oci-ta
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:e149741bff59350e110699d9933c5ac8fdb4a9fcacab524e0b12c6653463c938
value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.5@sha256:fdd3f39c8ea97de0d77bcde160704dbd33fdcb9cd235836927bbb170aaefb80f
- name: kind
value: task
resolver: bundles
Expand All @@ -293,15 +241,15 @@ spec:
value: $(params.build-image-index)
- name: IMAGES
value:
- $(tasks.build-images.results.IMAGE_REF[*])
- $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)
runAfter:
- build-images
- build-container
taskRef:
params:
- name: name
value: build-image-index
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:ba7fbed5c4862968c1a77d6b90d5bdd497925ab1de41b859c027dd5c3069cd3e
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:79784d53749584bc5a8de32142ec4e2f01cdbf42c20d94e59280e0b927c8597d
- name: kind
value: task
resolver: bundles
Expand All @@ -314,20 +262,20 @@ spec:
params:
- name: BINARY_IMAGE
value: $(tasks.build-image-index.results.IMAGE_URL)
- name: BINARY_IMAGE_DIGEST
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
- name: SOURCE_ARTIFACT
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
- name: CACHI2_ARTIFACT
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
- name: BINARY_IMAGE_DIGEST
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
runAfter:
- build-image-index
taskRef:
params:
- name: name
value: source-build-oci-ta
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:21d33596cf7ff61cab38b68caf578e55509748962bf6f4030bf1dfb8cd68a257
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:b0d6cb28a23f20db4f5cf78ed78ae3a91b9a5adfe989696ed0bbc63840a485b6
- name: kind
value: task
resolver: bundles
Expand All @@ -353,7 +301,7 @@ spec:
- name: name
value: deprecated-image-check
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:2c32152a55f6bfba67b41be456da46b6e109bb3e348e25220eed4eed149958c5
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:1d07d16810c26713f3d875083924d93697900147364360587ccb5a63f2c31012
- name: kind
value: task
resolver: bundles
Expand All @@ -375,7 +323,7 @@ spec:
- name: name
value: clair-scan
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:076d5cde62b55bbfcdda2b4782392256bbda5ad38f839013b4330b3aba70a973
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:a7cc183967f89c4ac100d04ab8f81e54733beee60a0528208107c9a22d3c43af
- name: kind
value: task
resolver: bundles
Expand Down Expand Up @@ -443,7 +391,7 @@ spec:
- name: name
value: clamav-scan
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:40555593de346dd3083410c9517d52c3f27e27cb66f447054f4f66fcff56e23f
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:b0bd59748cda4a7abf311e4f448e6c1d00c6b6d8c0ecc1c2eb33e08dc0e0b802
- name: kind
value: task
resolver: bundles
Expand Down Expand Up @@ -606,7 +554,7 @@ spec:
- name: name
value: push-dockerfile-oci-ta
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:06529ba66b37bdc1f55590359aa849bc570b4e9c110c983e27f07081dc09a12b
value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:49f778479f468e71c2cfef722e96aa813d7ef98bde8a612e1bf1a13cd70849ec
- name: kind
value: task
resolver: bundles
Expand All @@ -623,7 +571,7 @@ spec:
- name: name
value: rpms-signature-scan
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:1b6c20ab3dbfb0972803d3ebcb2fa72642e59400c77bd66dfd82028bdd09e120
value: quay.io/konflux-ci/konflux-vanguard/task-rpms-signature-scan:0.2@sha256:49ff6d117c3e9dc3966d1244e118e168b3501742ec14c3a4161a276ff48d04d5
- name: kind
value: task
resolver: bundles
Expand Down
Loading