From 5e00b9ca7535a9e6cf7ddc6b196059932178b885 Mon Sep 17 00:00:00 2001 From: Olivier Cazade Date: Fri, 29 Nov 2024 17:21:02 +0000 Subject: [PATCH] Fix version in konflux build (#765) --- .tekton/pipeline-ref.yaml | 60 ++++++++++++++++++++-------- contrib/docker/Dockerfile.downstream | 19 ++++++--- 2 files changed, 58 insertions(+), 21 deletions(-) diff --git a/.tekton/pipeline-ref.yaml b/.tekton/pipeline-ref.yaml index 9a888cf13..2b3a34c77 100644 --- a/.tekton/pipeline-ref.yaml +++ b/.tekton/pipeline-ref.yaml @@ -13,7 +13,7 @@ spec: - name: name value: show-sbom - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:52f8b96b96ce4203d4b74d850a85f963125bf8eef0683ea5acdd80818d335a28 - name: kind value: task resolver: bundles @@ -25,6 +25,10 @@ spec: description: Revision of the Source Repository name: revision type: string + - default: "main" + description: Version to build + name: build-version + type: string - description: Fully Qualified Output Image name: output-image type: string @@ -81,10 +85,10 @@ spec: results: - description: "" name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) + value: $(tasks.build-image-index.results.IMAGE_URL) - description: "" name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) + value: $(tasks.build-image-index.results.IMAGE_DIGEST) - description: "" name: CHAINS-GIT_URL value: $(tasks.clone-repository.results.url) @@ -108,7 +112,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:0523b51c28375a3f222da91690e22eff11888ebc98a0c73c468af44762265c69 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:f239f38bba3a8351c8cb0980fde8e2ee477ded7200178b0f45175e4006ff1dca - name: kind value: task resolver: bundles @@ -129,7 +133,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:4bf48d038ff12d25bdeb5ab3e98dc2271818056f454c83d7393ebbd413028147 + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:d1e63ec00bed1c9f0f571fa76b4da570be49a7c255c610544a461495230ba1b1 - name: kind value: task resolver: bundles @@ -158,7 +162,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:b1ac9124ad909a8d7dbac01b1a02ef9a973d448d4c94efcf3d1b29e2a5c9e76f + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:3c11f5de6a0281bf93857f0c85bbbdfeda4cc118337da273fef0c138bda5eebb - name: kind value: task resolver: bundles @@ -196,7 +200,9 @@ spec: - name: BUILD_ARGS value: - $(params.build-args[*]) - - "COMMIT=tasks.clone-repository.results.commit" + - "COMMIT=$(tasks.clone-repository.results.commit)" + - "BUILDVERSION=$(params.build-version)" + - "DATE=$(tasks.clone-repository.results.commit-timestamp)" - name: BUILD_ARGS_FILE value: $(params.build-args-file) - name: SOURCE_ARTIFACT @@ -212,7 +218,7 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.2@sha256:52a1a93cf99ab1f1092e983ac41b3684b7af004772d325e89b42e82e046bc7d1 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.2@sha256:cfc8f89bc984ae8309df82ac15cc6e302832f48f51cc0bde56edb4f43e57ffcf - name: kind value: task resolver: bundles @@ -241,7 +247,7 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:ebc17bb22481160eec6eb7277df1e48b90f599bebe563cd4f046807f4e32ced3 + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:5da8c2f09990b801f1fd02a0ab3c4136845661e53c98e8a7ebf720774e064fac - name: kind value: task resolver: bundles @@ -266,7 +272,7 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:bd786bc1d33391bb169f98a1070d1a39e410b835f05fd0db0263754c65bd9bea + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:178298b5c8bbc2f8fa91ef94aca57a5a2dcb3834c71c8835bae51a20fe30e4e7 - name: kind value: task resolver: bundles @@ -292,7 +298,29 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:5a1a165fa02270f0a947d8a2131ee9d8be0b8e9d34123828c2bef589e504ee84 + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:443ffa897ee35e416a0bfd39721c68cbf88cfa5c74c843c5183218d0cd586e82 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: rpms-signature-scan + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:7aa4d3c95e2b963e82fdda392f7cb3d61e3dab035416cf4a3a34e43cf3c9c9b8 - name: kind value: task resolver: bundles @@ -314,7 +342,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:0a5421111e7092740398691d5bd7c125cc0896f29531d19414bb5724ae41692a + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:90e371fe7ec2288259a906bc1fd49c53b8b97a0b0b02da0893fb65e3be2a5801 - name: kind value: task resolver: bundles @@ -334,7 +362,7 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:df8a25a3431a70544172ed4844f9d0c6229d39130633960729f825a031a7dea9 + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:5131cce0f93d0b728c7bcc0d6cee4c61d4c9f67c6d619c627e41e3c9775b497d - name: kind value: task resolver: bundles @@ -360,7 +388,7 @@ spec: - name: name value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:65a213322ea7c64159e37071d369d74b6378b23403150e29537865cada90f022 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:699cfad1caaa4060f0a6de5d5fb376bf2eb90967d89ec4ffef328fd358ac966d - name: kind value: task resolver: bundles @@ -382,7 +410,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:b4f450f1447b166da671f1d5819ab5a1485083e5c27ab91f7d8b7a2ff994c8c2 + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:1981b5aa330a4d59f59d760e54a36ebd596948abf6a36e45e103d4fd82ecbcf3 - name: kind value: task resolver: bundles @@ -425,7 +453,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:80d48a1b9d2707490309941ec9f79338533938f959ca9a207b481b0e8a5e7a93 + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:eee2eb7b5ce2e55dde37114fefe842080c8a8e443dcc2ccf324cfb22b0453db4 - name: kind value: task resolver: bundles diff --git a/contrib/docker/Dockerfile.downstream b/contrib/docker/Dockerfile.downstream index 994bb7c77..1af43c820 100644 --- a/contrib/docker/Dockerfile.downstream +++ b/contrib/docker/Dockerfile.downstream @@ -3,23 +3,32 @@ ARG COMMIT FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.22.5-202407301806.g4c8b32d.el9 as builder ARG TARGETARCH=amd64 -ARG LDFLAGS +ARG BUILDVERSION +ARG DATE + WORKDIR /app # Copy source code COPY go.mod . COPY go.sum . +COPY Makefile . +COPY .mk/ .mk/ COPY vendor/ vendor/ +COPY .git/ .git/ COPY cmd/ cmd/ COPY pkg/ pkg/ -RUN GOARCH=$TARGETARCH go build -ldflags "$LDFLAGS" -mod vendor -o flowlogs-pipeline cmd/flowlogs-pipeline/main.go +RUN git status --porcelain +RUN GOARCH=$TARGETARCH go build -ldflags "-X main.BuildVersion=$BUILDVERSION -X main.BuildDate=$DATE" "./cmd/flowlogs-pipeline" # final stage -FROM --platform=linux/$TARGETARCH registry.access.redhat.com/ubi9/ubi-minimal:9.4 +FROM --platform=linux/$TARGETARCH registry.access.redhat.com/ubi9/ubi-minimal:9.5 + +ARG COMMIT COPY --from=builder /app/flowlogs-pipeline /app/ +# expose ports ENTRYPOINT ["/app/flowlogs-pipeline"] LABEL com.redhat.component="network-observability-flowlogs-pipeline-container" @@ -30,5 +39,5 @@ LABEL summary="Network Observability Flow-Logs Pipeline" LABEL maintainer="support@redhat.com" LABEL io.openshift.tags="network-observability-flowlogs-pipeline" LABEL upstream-vcs-type="git" -LABEL upstream-vcs-type="$COMMIT" -LABEL description="Flow-Logs Pipeline is an observability tool that consumes logs from various inputs, transform them and export logs to Loki and / or metrics to Prometheus." +LABEL upstream-vcs-ref="$COMMIT" +LABEL description="Flow-Logs Pipeline (a.k.a. FLP) is an observability tool that consumes logs from various inputs, transform them and export logs to loki and / or time series metrics to prometheus."