apiVersion: tekton.dev/v1 kind: Pipeline metadata: name: fbc-fragment-build-pipeline spec: description: | This pipeline is ideal for building and verifying [file-based catalogs](https://konflux-ci.dev/docs/advanced-how-tos/building-olm.adoc#building-the-file-based-catalog). _Uses `buildah` to create a container image. Its build-time tests are limited to verifying the included catalog and do not scan the image. This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-fbc-builder?tab=tags)_ finally: - name: show-sbom params: - name: IMAGE_URL value: $(tasks.build-image-index.results.IMAGE_URL) taskRef: params: - name: name value: show-sbom - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:04f15cbce548e1db7770eee3f155ccb2cc0140a6c371dc67e9a34d83673ea0c0 - name: kind value: task resolver: bundles - name: send-slack-notification params: - name: message value: "$(tasks.rhoai-init.results.slack-message-failure-text)" - name: secret-name value: rhoai-konflux-secret - name: key-name value: slack-webhook taskRef: params: - name: name value: slack-webhook-notification - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-slack-webhook-notification:0.1@sha256:dc17b70633363d78414b8c06dc1660d25742935f106a6116995638e1210c2730 - name: kind value: task resolver: bundles when: - input: $(tasks.status) operator: in values: - "Failed" - name: share-fbc-details params: - name: message value: "$(tasks.prepare-slack-message.results.slack-message-sucess-text)" - name: secret-name value: rhoai-konflux-secret - name: key-name value: slack-webhook taskRef: params: - name: name value: slack-webhook-notification - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-slack-webhook-notification:0.1@sha256:dc17b70633363d78414b8c06dc1660d25742935f106a6116995638e1210c2730 - name: kind value: task resolver: bundles when: - input: $(tasks.status) operator: in values: - "Completed" - "Succeeded" - input: $(params.build-type) operator: in values: - "ci" - name: Show Pipeline Details params: - name: pipelinerun-name value: "$(context.pipelineRun.name)" - name: fbc-check-status value: "$(tasks.validate-fbc.status)" - name: overall-task-status value: "$(tasks.status)" taskSpec: steps: - image: quay.io/rhoai-konflux/alpine:latest name: rhoai-init script: | pipelinerun_name=$(params.pipelinerun-name) fbc_check_status=$(params.fbc-check-status) overall_task_status=$(params.overall-task-status) echo "pipelinerun-name = $pipelinerun_name" echo "fbc_check_status = $fbc_check_status" echo "overall_task_status-name = $overall_task_status" params: - description: Source Repository URL name: git-url type: string - default: "" description: Revision of the Source Repository name: revision type: string - description: Fully Qualified Output Image name: output-image type: string - default: . description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" description: Force rebuild image name: rebuild type: string - default: "false" description: Skip checks against built image name: skip-checks type: string - default: "true" description: Execute the build with network isolation name: hermetic type: string - default: "" description: Build dependencies to be prefetched by Cachi2 name: prefetch-input type: string - default: "" description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after - default: "false" description: Build a source image. name: build-source-image type: string - default: "true" description: Add built image into an OCI image index name: build-image-index type: string - default: [] description: Array of --build-arg values ("arg=value" strings) for buildah name: build-args type: array - default: "" description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file name: build-args-file type: string - default: - linux/x86_64 description: List of platforms to build the container images on. The available set of values is determined by the configuration of the multi-platform-controller. name: build-platforms type: array results: - description: "" name: IMAGE_URL value: $(tasks.build-image-index.results.IMAGE_URL) - description: "" name: IMAGE_DIGEST value: $(tasks.build-image-index.results.IMAGE_DIGEST) - description: "" name: CHAINS-GIT_URL value: $(tasks.clone-repository.results.url) - description: "" name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository.results.commit) tasks: - name: rhoai-init params: - name: pipelinerun-name value: "$(context.pipelineRun.name)" taskSpec: results: - description: Notification text to be posted to slack name: slack-message-failure-text steps: - image: quay.io/rhoai-konflux/alpine:latest name: rhoai-init env: - name: slack_message valueFrom: secretKeyRef: name: rhoai-konflux-secret key: slack-component-failure-notification script: | pipelinerun_name=$(params.pipelinerun-name) target_branch={{target_branch}} echo "pipelinerun-name = $pipelinerun_name" application_name=${target_branch/rhoai-/} application_name=rhoai-v${application_name/./-} echo "application-name = $application_name" component_name=${pipelinerun_name/-on-*/} echo "component-name = $component_name" KONFLUX_SERVER="https://konflux.apps.stone-prod-p02.hjvn.p1.openshiftapps.com" build_url="${KONFLUX_SERVER}/application-pipeline/workspaces/rhoai/applications/${application_name}/pipelineruns/${pipelinerun_name}/logs" build_time="$(date +%Y-%m-%dT%H:%M:%S)" slack_message=${slack_message/__BUILD__URL__/$build_url} slack_message=${slack_message/__PIPELINERUN__NAME__/$pipelinerun_name} slack_message=${slack_message/__BUILD__TIME__/$build_time} echo -en "${slack_message}" > "$(results.slack-message-failure-text.path)" - name: init params: - name: image-url value: $(params.output-image) - name: rebuild value: $(params.rebuild) - name: skip-checks value: $(params.skip-checks) taskRef: params: - name: name value: init - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:2f59e9a3c20ce4509356389d327087213cc82c079b30811935837791da140f9f - name: kind value: task resolver: bundles runAfter: - rhoai-init - name: clone-repository params: - name: url value: $(params.git-url) - name: revision value: $(params.revision) - name: ociStorage value: $(params.output-image).git - name: ociArtifactExpiresAfter value: $(params.image-expires-after) runAfter: - init taskRef: params: - name: name value: git-clone-oci-ta - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3e171c1f3a9487a5764ebef629f93b3d2fc01cc8bad382dd8065cdfe42214148 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: basic-auth workspace: git-auth - name: prefetch-dependencies params: - name: input value: $(params.prefetch-input) - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - name: ociStorage value: $(params.output-image).prefetch - name: ociArtifactExpiresAfter value: $(params.image-expires-after) runAfter: - clone-repository taskRef: params: - name: name value: prefetch-dependencies-oci-ta - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:8398b3332f911b5b5244f8429adae4ec2982e7fb7ab8eecdc4e05a9fb05f60fd - name: kind value: task resolver: bundles workspaces: - name: git-basic-auth workspace: git-auth - name: netrc workspace: netrc - name: build-images matrix: params: - name: PLATFORM value: - $(params.build-platforms) params: - name: IMAGE value: $(params.output-image) - name: DOCKERFILE value: $(params.dockerfile) - name: CONTEXT value: $(params.path-context) - name: HERMETIC value: $(params.hermetic) - name: PREFETCH_INPUT value: $(params.prefetch-input) - name: IMAGE_EXPIRES_AFTER value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: BUILD_ARGS value: - $(params.build-args[*]) - name: BUILD_ARGS_FILE value: $(params.build-args-file) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - name: IMAGE_APPEND_PLATFORM value: $(params.append-platform-name) - name: LABELS value: - version=$(params.rhoai-version) - url=$(params.git-url) - git.url=$(params.git-url) - git.commit=$(params.revision) - release=$(tasks.clone-repository.results.commit-timestamp) - io.openshift.tags=$(params.component-name) runAfter: - clone-repository taskRef: params: - name: name value: buildah-remote-oci-ta - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:93f3e1ee128a56874a9e093a9e46a58639c10b8a86bae4c10363393045e3f76a - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" - name: build-image-index params: - name: IMAGE value: $(params.output-image) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: IMAGE_EXPIRES_AFTER value: $(params.image-expires-after) - name: ALWAYS_BUILD_INDEX value: $(params.build-image-index) - name: IMAGES value: - $(tasks.build-images.results.IMAGE_REF[*]) runAfter: - build-images taskRef: params: - name: name value: build-image-index - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:d34e4245b767c5b1b5edbbad9fc9cf8050cf19a69c8e55856479848405c596ec - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" - name: fbc-fips-check-oci-ta params: - name: image-digest value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) runAfter: - build-image-index taskRef: params: - name: name value: fbc-fips-check-oci-ta - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-fbc-fips-check-oci-ta:0.1@sha256:6a7355cbef1ce5ed4412bbb7d80cd7b0702761133419ad91afc1659ce36bd871 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" - name: deprecated-base-image-check params: - name: IMAGE_URL value: $(tasks.build-image-index.results.IMAGE_URL) - name: IMAGE_DIGEST value: $(tasks.build-image-index.results.IMAGE_DIGEST) runAfter: - build-image-index taskRef: params: - name: name value: deprecated-image-check - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:5d63b920b71192906fe4d6c4903f594e6f34c5edcff9d21714a08b5edcfbc667 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" - name: apply-tags params: - name: IMAGE value: $(tasks.build-image-index.results.IMAGE_URL) - name: ADDITIONAL_TAGS value: - $(params.additional-tags[*]) runAfter: - build-image-index taskRef: params: - name: name value: apply-tags - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:e1d365ce85d6448f6ebd0d0a000d0f45b694950b7545a2c34bfbcf992c80df61 - name: kind value: task resolver: bundles - name: validate-fbc params: - name: IMAGE_URL value: $(tasks.build-image-index.results.IMAGE_URL) - name: IMAGE_DIGEST value: $(tasks.build-image-index.results.IMAGE_DIGEST) runAfter: - build-image-index taskRef: params: - name: name value: validate-fbc - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-validate-fbc:0.1@sha256:eb9ab5e0f8eef5700dbe08cf7576b71f6f218e5f7d4c53fe82c6c76a43111d12 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" - name: fbc-target-index-pruning-check params: - name: IMAGE_URL value: $(tasks.build-image-index.results.IMAGE_URL) - name: IMAGE_DIGEST value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: TARGET_INDEX value: registry.redhat.io/redhat/redhat-operator-index - name: RENDERED_CATALOG_DIGEST value: $(tasks.validate-fbc.results.RENDERED_CATALOG_DIGEST) runAfter: - validate-fbc taskRef: params: - name: name value: fbc-target-index-pruning-check - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-fbc-target-index-pruning-check:0.1@sha256:9c8488152c335b61fc830a83ee57b3eb9784cbc95816d5f2f0a2551177728629 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" - name: prepare-slack-message params: - name: pipelinerun-name value: "$(context.pipelineRun.name)" - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) - name: image-digest value: $(tasks.build-image-index.results.IMAGE_DIGEST) taskSpec: results: - description: Notification text to be posted to slack name: slack-message-sucess-text steps: - image: quay.io/rhoai-konflux/alpine:latest name: rhoai-init script: | pipelinerun_name=$(params.pipelinerun-name) target_branch={{target_branch}} echo "pipelinerun-name = $pipelinerun_name" application_name=${target_branch/rhoai-/} application_name=rhoai-v${application_name/./-} echo "application-name = $application_name" component_name=${pipelinerun_name/-on-*/} echo "component-name = $component_name" KONFLUX_SERVER="https://konflux.apps.stone-prod-p02.hjvn.p1.openshiftapps.com" build_url="${KONFLUX_SERVER}/application-pipeline/workspaces/rhoai/applications/${application_name}/pipelineruns/${pipelinerun_name}/logs" if [[ "$pipelinerun_name" == *"schedule"* ]]; then alertEmoji=":nightly:" slack_message="${alertEmoji} A new *nightly build* is available for ${target_branch}: ${build_time}" else alertEmoji=":solid-success:" slack_message="${alertEmoji} A new CI build is available for ${target_branch}: ${build_time}" fi build_time="$(date +%Y-%m-%dT%H:%M:%S)" slack_message=$(echo -e "${slack_message}\nImage: $(params.image-url)@$(params.image-digest)") slack_message=$(echo -e "${slack_message}\n<${build_url}|${pipelinerun_name}>") #slack_message=$(echo -e "${slack_message}\nCC - <@U04KZMFDZ2T>") echo -n "${slack_message}" > "$(results.slack-message-sucess-text.path)" runAfter: - build-image-index workspaces: - name: git-auth optional: true - name: netrc optional: true