diff --git a/.tekton/odh-trustyai-service-v2-16-push.yaml b/.tekton/odh-trustyai-service-v2-16-push.yaml index 46c75b9c..0712469b 100644 --- a/.tekton/odh-trustyai-service-v2-16-push.yaml +++ b/.tekton/odh-trustyai-service-v2-16-push.yaml @@ -10,7 +10,8 @@ metadata: build.appstudio.openshift.io/build-nudge-files: "build/operator-nudging.yaml" pipelinesascode.tekton.dev/on-cel-expression: | event == "push" - && target_branch == "rhoai-2.16" && "artifacts.lock.yaml".pathChanged() + && target_branch == "rhoai-2.16" + && ( !".tekton/**".pathChanged() || ".tekton/odh-trustyai-service-v2-16-push.yaml".pathChanged() ) creationTimestamp: null labels: appstudio.openshift.io/application: rhoai-v2-16 @@ -30,6 +31,18 @@ spec: value: Dockerfile.konflux - name: path-context value: . + - name: build-config-git-url + value: 'https://github.com/red-hat-data-services/RHOAI-Build-Config.git' + - name: build-config-revision + value: 'rhoai-2.16' + - name: build-config-path + value: 'trustyai-pig-builds/build-config.yaml' + - name: pnc-cli-config-git-url + value: 'https://gitlab.cee.redhat.com/project-ncl/utils.git' + - name: pnc-cli-config-revision + value: 'master' + - name: pnc-profile + value: 'prod' - name: prefetch-input value: [{"path": ".", "type": "rpm"}, {"path": ".", "type": "generic"}] pipelineSpec: @@ -97,6 +110,27 @@ spec: values: - "Failed" params: + - name: build-config-git-url + description: Source Repository URL containing the build configuration + type: string + - name: build-config-revision + default: "" + description: Revision of the Source Repository containing the build configuration + type: string + - name: build-config-path + default: "build-config.yaml" + description: Full path of the build configuration file + type: string + - description: Source Repository URL containing the PNC CLI configuration + name: pnc-cli-config-git-url + type: string + - default: "" + description: Revision of the Source Repository containing the PNC CLI configuration + name: pnc-cli-config-revision + type: string + - name: pnc-profile + value: 'prod' + - description: Source Repository URL name: git-url type: string @@ -252,7 +286,124 @@ spec: workspace: workspace - name: basic-auth workspace: git-auth - + + - name: clone-build-config-repository + params: + - name: url + value: $(params.build-config-git-url) + - name: revision + value: $(params.build-config-revision) + - name: CHAINS-GIT_URL + value: $(params.build-config-git-url) + - name: CHAINS-GIT_COMMIT + value: $(params.build-config-revision) + - name: subdirectory + value: build-config + - name: sslVerify + value: false + taskRef: + params: + - name: name + value: git-clone + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:d091a9e19567a4cbdc5acd57903c71ba71dc51d749a4ba7477e689608851e981 + - name: kind + value: task + resolver: bundles + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + + - name: clone-pnc-cli-config-repository + params: + - name: url + value: $(params.pnc-cli-config-git-url) + - name: revision + value: $(params.pnc-cli-config-revision) + - name: CHAINS-GIT_URL + value: $(params.build-config-git-url) + - name: CHAINS-GIT_COMMIT + value: $(params.build-config-revision) + - name: subdirectory + value: cli-config + - name: sslVerify + value: false + runAfter: + - clone-build-config-repository + taskRef: + params: + - name: name + value: git-clone + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:d091a9e19567a4cbdc5acd57903c71ba71dc51d749a4ba7477e689608851e981 + - name: kind + value: task + resolver: bundles + workspaces: + - name: output + workspace: workspace + - name: basic-auth + workspace: git-auth + + - name: pnc-cli-build + runAfter: + - clone-pnc-cli-config-repository + taskSpec: + results: + - description: The file containing the list of pnc built artifacts to be later installed inside the container build + name: pnc-file-list + steps: + - name: run-pnc-build + image: quay.io/redhat-user-workloads/konflux-jbs-pnc-tenant/pnc/pnc-cli@sha256:00f29bb186e3afedbffeb57942038f7d9ad747640e0a4ae2c53c573a8cdece74 + env: + - name: SSO_SERVICE_ACCOUNT_NAME + valueFrom: + secretKeyRef: + name: pnc-secret + key: svc.account.username + - name: SSO_SERVICE_ACCOUNT_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: pnc-secret + key: svc.account.password + - name: PNC_PROFILE + valueFrom: + secretKeyRef: + name: pnc-secret + key: pnc.profile + + script: | + #!/bin/bash + set -e + + echo -e "\n=== Build config ===" + cat /workspace/source/build-config/$(params.build-config-path) + cp /workspace/source/build-config/$(params.build-config-path) /workspace/source + + echo -e "====================" + echo -e "\nReplacing credentials in the CLI config ..." + envsubst '${SSO_SERVICE_ACCOUNT_NAME} ${SSO_SERVICE_ACCOUNT_CLIENT_SECRET}' < /workspace/source/cli-config/konflux/configs/pnc_cli/config.yaml > /workspace/source/config.yaml + + echo -e "\nStarting the PNC build ..." + PNC_CLI_OUTPUT_FILE="/workspace/source/pnc-cli-run-output.json" + java -jar /home/jboss/bacon.jar pig run --mode=FORCE --downloadAttempts=3 /workspace/source -p /workspace/source --profile ${PNC_PROFILE} --jsonOutput > $PNC_CLI_OUTPUT_FILE + + echo -e "\nFinished the PNC build!" + echo -e "\n=== PNC build output ===" + cat $PNC_CLI_OUTPUT_FILE + echo -e "====================" + + echo -e "\nGetting the list of built files (to be used later in the container build) ..." + jq '[.builds[].builtArtifacts[]?.downloadUrl ]' "$PNC_CLI_OUTPUT_FILE" > "$(results.pnc-file-list.path)" + jq '{metadata: {version: "1.0"}, artifacts: [.builds[].builtArtifacts[]? | select(.downloadUrl | endswith(".zip")) | {download_url: .downloadUrl , checksums: {sha256: .sha256}}] }' $PNC_CLI_OUTPUT_FILE | yq -p json > "$(workspaces.source.path)/source/generic_lockfile.yaml" + + cat $(results.pnc-file-list.path) + workspaces: + - name: source + workspace: workspace + - name: prefetch-dependencies params: - name: input @@ -260,7 +411,7 @@ spec: - name: dev-package-managers value: "true" runAfter: - - clone-repository + - pnc-cli-build taskRef: params: - name: name @@ -300,6 +451,7 @@ spec: value: $(tasks.clone-repository.results.commit) - name: BUILD_ARGS value: + - PNC_FILES_JSON=$(tasks.pnc-cli-build.results.pnc-file-list) - $(params.build-args[*]) - name: BUILD_ARGS_FILE value: $(params.build-args-file) @@ -307,7 +459,7 @@ spec: value: - version=v2.16.0 - url=$(params.git-url) - - release='$(tasks.clone-repository.results.commit-timestamp)' + - release='$(tasks.clone-repository.results.commit-timestamp)' - git.url=$(params.git-url) - git.commit=$(params.revision) - io.openshift.tags="odh-trustyai-service" @@ -502,7 +654,7 @@ spec: - name: IMAGE value: $(tasks.build-image-index.results.IMAGE_URL) - name: ADDITIONAL_TAGS - value: + value: - '{{target_branch}}-{{revision}}' runAfter: - build-image-index @@ -583,4 +735,4 @@ spec: - name: git-auth secret: secretName: '{{ git_auth_secret }}' -status: {} +status: {} \ No newline at end of file