From 124c38e9cc522f8f851ec5349434b6867ca734fb Mon Sep 17 00:00:00 2001 From: konflux Date: Fri, 25 Apr 2025 09:09:37 +0000 Subject: [PATCH] Konflux build pipeline service account migration for odh-mm-rest-proxy-v2-19 Signed-off-by: konflux --- .tekton/odh-mm-rest-proxy-v2-19-push.yaml | 117 +++++++++++----------- 1 file changed, 60 insertions(+), 57 deletions(-) diff --git a/.tekton/odh-mm-rest-proxy-v2-19-push.yaml b/.tekton/odh-mm-rest-proxy-v2-19-push.yaml index 843191b1..b0fbe06a 100644 --- a/.tekton/odh-mm-rest-proxy-v2-19-push.yaml +++ b/.tekton/odh-mm-rest-proxy-v2-19-push.yaml @@ -1,18 +1,16 @@ apiVersion: tekton.dev/v1 kind: PipelineRun -#retest metadata: annotations: + build.appstudio.openshift.io/build-nudge-files: build/operator-nudging.yaml build.appstudio.openshift.io/repo: https://github.com/red-hat-data-services/rest-proxy?rev={{revision}} build.appstudio.redhat.com/commit_sha: '{{revision}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/max-keep-runs: "3" - build.appstudio.openshift.io/build-nudge-files: "build/operator-nudging.yaml" - pipelinesascode.tekton.dev/on-cel-expression: | - event == "push" - && target_branch == "rhoai-2.19" - && ( !".tekton/**".pathChanged() || ".tekton/odh-mm-rest-proxy-v2-19-push.yaml".pathChanged() ) - creationTimestamp: + pipelinesascode.tekton.dev/on-cel-expression: "event == \"push\" \n&& target_branch + == \"rhoai-2.19\"\n&& ( !\".tekton/**\".pathChanged() || \".tekton/odh-mm-rest-proxy-v2-19-push.yaml\".pathChanged() + )\n" + creationTimestamp: null labels: appstudio.openshift.io/application: rhoai-v2-19 appstudio.openshift.io/component: odh-mm-rest-proxy-v2-19 @@ -56,7 +54,7 @@ spec: - name: send-slack-notification params: - name: message - value: "$(tasks.rhoai-init.results.slack-message-failure-text)" + value: $(tasks.rhoai-init.results.slack-message-failure-text) - name: secret-name value: rhoai-konflux-secret - name: key-name @@ -74,7 +72,7 @@ spec: - input: $(tasks.status) operator: in values: - - "Failed" + - Failed params: - description: Source Repository URL name: git-url @@ -87,11 +85,13 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where to build image. + description: Path to the source code of an application's component from where + to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter path-context + description: Path to the Dockerfile inside the context specified by parameter + path-context name: dockerfile type: string - default: "false" @@ -111,7 +111,8 @@ spec: name: prefetch-input type: string - default: "" - description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "true" description: Build a source image. @@ -146,20 +147,23 @@ spec: - name: rhoai-init params: - name: pipelinerun-name - value: "$(context.pipelineRun.name)" + value: $(context.pipelineRun.name) taskSpec: + metadata: {} results: - description: Notification text to be posted to slack name: slack-message-failure-text + spec: null steps: - - image: quay.io/rhoai-konflux/alpine:latest - name: rhoai-init + - computeResources: {} env: - name: slack_message valueFrom: secretKeyRef: - name: rhoai-konflux-secret key: slack-component-failure-notification + name: rhoai-konflux-secret + image: quay.io/rhoai-konflux/alpine:latest + name: rhoai-init script: | pipelinerun_name=$(params.pipelinerun-name) target_branch={{target_branch}} @@ -190,6 +194,8 @@ spec: value: $(params.rebuild) - name: skip-checks value: $(params.skip-checks) + runAfter: + - rhoai-init taskRef: params: - name: name @@ -199,8 +205,6 @@ spec: - name: kind value: task resolver: bundles - runAfter: - - rhoai-init - name: clone-repository params: - name: url @@ -364,56 +368,54 @@ spec: - "true" - name: sast-shell-check params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - - build-image-index + - build-image-index taskRef: params: - - name: name - value: sast-shell-check-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:a591675c72f06fb9c5b1a3d60e6e4c58e4df5f7da180c7a4691a692a6e7e6496 - - name: kind - value: task + - name: name + value: sast-shell-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:a591675c72f06fb9c5b1a3d60e6e4c58e4df5f7da180c7a4691a692a6e7e6496 + - name: kind + value: task resolver: bundles when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: [] + - input: $(params.skip-checks) + operator: in + values: + - "false" - name: sast-unicode-check params: - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) runAfter: - - build-image-index + - build-image-index taskRef: params: - - name: name - value: sast-unicode-check-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.1@sha256:424f2f659c02998dc3a43e1ce869e3148982c59adb74f953f8fa91ff1c9ab86e - - name: kind - value: task + - name: name + value: sast-unicode-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.1@sha256:424f2f659c02998dc3a43e1ce869e3148982c59adb74f953f8fa91ff1c9ab86e + - name: kind + value: task resolver: bundles when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: [] + - input: $(params.skip-checks) + operator: in + values: + - "false" - name: deprecated-base-image-check params: - name: IMAGE_URL @@ -594,7 +596,8 @@ spec: optional: true - name: netrc optional: true - taskRunTemplate: {} + taskRunTemplate: + serviceAccountName: build-pipeline-odh-mm-rest-proxy-v2-19 workspaces: - name: git-auth secret: