Skip to content

Commit

Permalink
Sync build-definitions
Browse files Browse the repository at this point in the history
  • Loading branch information
RHTAP bot committed Mar 21, 2024
1 parent d3760d1 commit 9183640
Show file tree
Hide file tree
Showing 3 changed files with 59 additions and 11 deletions.
14 changes: 14 additions & 0 deletions pac/pipelines/gitops-pull-request-rhtap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@ spec:
description: Gitops repo revision
name: revision
type: string
- default: main
description: The target branch for the pull request
name: target-branch
type: string
- default: github.com/enterprise-contract/config//default
description: Enterprise Contract policy to validate against
name: ec-policy-configuration
Expand Down Expand Up @@ -38,6 +42,8 @@ spec:
value: $(params.git-url)
- name: revision
value: $(params.revision)
- name: fetchTags
value: "true"
taskRef:
name: git-clone
workspaces:
Expand All @@ -46,6 +52,9 @@ spec:
- name: basic-auth
workspace: git-auth
- name: gather-deploy-images
params:
- name: TARGET_BRANCH
value: $(params.target-branch)
runAfter:
- clone-repository
taskRef:
Expand All @@ -71,3 +80,8 @@ spec:
- gather-deploy-images
taskRef:
name: verify-enterprise-contract
when:
- input: $(tasks.gather-deploy-images.results.IMAGES_TO_VERIFY)
operator: notin
values:
- ""
37 changes: 35 additions & 2 deletions pac/tasks/gather-deploy-images.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,23 +7,56 @@ spec:
workspaces:
- description: Should contain a cloned gitops repo at the ./source subpath
name: source
params:
- name: TARGET_BRANCH
description: >
If specified, will gather only the images that changed between
the current revision and the target branch. Useful for pull requests.
Note that the repository cloned on the source workspace must already
contain the origin/$TARGET_BRANCH reference.
type: string
default: ""
results:
- name: IMAGES_TO_VERIFY
description: The images to be verified, in a format compatible with https://github.com/redhat-appstudio/build-definitions/tree/main/task/verify-enterprise-contract/0.1
description: >
The images to be verified, in a format compatible with
https://github.com/redhat-appstudio/build-definitions/tree/main/task/verify-enterprise-contract/0.1.
When there are no images to verify, this is an empty string.
steps:
- name: get-images-per-env
image: quay.io/redhat-appstudio/appstudio-utils:5bd7d6cb0b17f9f2eab043a8ad16ba3d90551bc2@sha256:8c7fcf86af40c71aeb58e4279625c8308af5144e2f6b8e28b0ec7e795260e5f7
workingDir: $(workspaces.source.path)/source
env:
- name: TARGET_BRANCH
value: $(params.TARGET_BRANCH)
script: |
#!/bin/bash
set -euo pipefail
IMAGE_PATH='.spec.template.spec.containers[0].image'
component_name=$(yq .metadata.name application.yaml)
for env in development stage prod; do
yq '.spec.template.spec.containers[0].image' "components/${component_name}/overlays/${env}/deployment-patch.yaml"
yaml_path=components/${component_name}/overlays/${env}/deployment-patch.yaml
image=$(yq "$IMAGE_PATH" "$yaml_path")
if [ -n "$TARGET_BRANCH" ]; then
prev_image=$(git show "origin/$TARGET_BRANCH:$yaml_path" | yq "$IMAGE_PATH")
if [ "$prev_image" = "$image" ]; then
# don't check images that didn't change between the current revision and the target branch
continue
fi
fi
printf "%s\n" "$image"
done | sort -u > /tmp/all-images.txt
if [ ! -s /tmp/all-images.txt ]; then
echo "No images to verify"
touch $(results.IMAGES_TO_VERIFY.path)
exit 0
fi
# TODO: each component needs a {"source": {"git": {"url": "...", "revision": "..."}}}
# will that be too large for Tekton results?
Expand Down
19 changes: 10 additions & 9 deletions pac/tasks/update-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ spec:
optional: true
steps:
- name: patch-gitops
image: quay.io/redhat-appstudio/task-toolset@sha256:931a9f7886586391ccb38d33fd15a47eb03568f9b19512b0a57a56384fa52a3c
image: quay.io/redhat-appstudio/appstudio-utils:5bd7d6cb0b17f9f2eab043a8ad16ba3d90551bc2@sha256:8c7fcf86af40c71aeb58e4279625c8308af5144e2f6b8e28b0ec7e795260e5f7
volumeMounts:
- name: gitops-auth-secret
mountPath: /gitops-auth-secret
Expand All @@ -34,7 +34,7 @@ spec:
value: $(params.image)
script: |
if test -f /gitops-auth-secret/password ; then
gitops_repo_url=${PARAM_GITOPS_REPO_URL}
gitops_repo_url=${PARAM_GITOPS_REPO_URL%'.git'}
remote_without_protocol=${gitops_repo_url#'https://'}
password=$(cat /gitops-auth-secret/password)
Expand All @@ -53,25 +53,26 @@ spec:
exit 0
fi
# https://github.com/user-org/test-component-gitops => test-component
gitops_repo_name=$(basename ${PARAM_GITOPS_REPO_URL})
component_id=${gitops_repo_name%'-gitops'}
deployment_patch_filepath="components/${component_id}/overlays/development/deployment-patch.yaml"
git config --global user.email "rhtap@noreplay.com"
git config --global user.name "gitops-update"
git clone ${PARAM_GITOPS_REPO_URL}
gitops_repo_name=$(basename ${gitops_repo_url})
cd ${gitops_repo_name}
sed -i "s| image: .*| image: ${PARAM_IMAGE}|" $deployment_patch_filepath
component_name=$(yq .metadata.name application.yaml)
deployment_patch_filepath="components/${component_name}/overlays/development/deployment-patch.yaml"
IMAGE_PATH='.spec.template.spec.containers[0].image'
old_image=$(yq "${IMAGE_PATH}" "${deployment_patch_filepath}")
yq e -i "${IMAGE_PATH} |= \"${PARAM_IMAGE}\"" "${deployment_patch_filepath}"
git add .
git commit -m "Update '${component_id}' component image to: ${PARAM_IMAGE}"
git commit -m "Update '${component_name}' component image to: ${PARAM_IMAGE}"
git remote set-url origin $origin_with_auth
git push 2> /dev/null || \
{
echo "Failed to push update to gitops repository: ${PARAM_GITOPS_REPO_URL}"
echo 'Do you have correct git credentials configured?'
exit 1
}
echo "Successfully updated development image from ${old_image} to ${PARAM_IMAGE}"

0 comments on commit 9183640

Please sign in to comment.