diff --git a/Dockerfile b/Dockerfile index 22138d7..f5cb00a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,9 +5,9 @@ LABEL maintainer="luzuccar@redhat.com" # gcc for cgo RUN dnf install -y git gcc make diffutils && rm -rf /var/lib/apt/lists/* -ENV GOLANG_VERSION 1.18.3 +ENV GOLANG_VERSION 1.18.5 ENV GOLANG_DOWNLOAD_URL https://golang.org/dl/go$GOLANG_VERSION.linux-amd64.tar.gz -ENV GOLANG_DOWNLOAD_SHA256 956f8507b302ab0bb747613695cdae10af99bbd39a90cae522b7c0302cc27245 +ENV GOLANG_DOWNLOAD_SHA256 9e5de37f9c49942c601b191ac5fba404b868bfc21d446d6960acc12283d6e5f2 ENV OPERATOR_SDK_VERSION v1.22.0 ENV OPERATOR_SDK_BIN /usr/bin/operator-sdk @@ -38,14 +38,18 @@ RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/i ENV PATH $PATH:/bin:/usr/local/go/bin:/usr/bin/ ENV GOPATH /home/1001 ENV GOCACHE /root/.cache/go-build -ENV GOENV /root/.config/go/env +env GOLANGCI_LINT_CACHE /root/.cache/golangci-lint +ENV GOENV /home/1001/.config/go/env -RUN mkdir -p /home/1001/src /home/1001/bin /home/1001/pkg /go/build \ +RUN mkdir -p /home/1001/src /home/1001/bin /home/1001/pkg /go/build /root/.cache /root/.local /.local \ && chmod -R 0777 /go \ - && chmod -R 0777 /home/1001/ + && chmod -R 0777 /home/1001/ \ + && chmod -R 0777 /root/.cache \ + && chmod -R 0777 /root/.local \ + && chmod -R 0777 /.local -RUN chown -R 1001:1001 /home/1001 \ - && chown -R 1001:1001 /go +RUN chown -R 1001:root /home/1001 \ + && chown -R 1001:root /go COPY uid_entrypoint.sh /go/ diff --git a/README.md b/README.md index f8d2732..5a944e6 100755 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ The pipeline uses 2 tasks (with steps) - catalog-image-push The reason for the separation into 2 tasks is that the *container-all* task can be re-used -to build operands (i.e in the node-oberrvability-operator we have an operand (agent) that is required) +to build operands (i.e in the node-observability-operator we have an operand (agent) that is required) A custom golang image is used with the relevant dependencies to execute the various make recipes @@ -63,7 +63,8 @@ Install the tekton cli and tekton resources before continuing (see https://tekto ### Clone the repository ```bash -git clone git@github.com:okd-project/pipelines.git +git clone git@github.com:okd-project/okd-operator-pipeline.git + ``` ### Install the storage provisioner (All clusters) @@ -104,14 +105,15 @@ kubectl get pvc -n operator-pipeline # once all pods are in the RUNNING status create a configmap as follows # this assumes you have the correct credentials and have logged into the registry to push images to -kubectl create configmap docker-config --from-file=/$HOME/.docker/config.json -n operator-pipeline +kubectl create configmap docker-config --from-file=/$HOME/.docker/config.json -n okd-team ``` ## Usage ### Option 1 - On clusters with existing PVCs -Execute the following to start a pipeline run +Execute the following to start a pipeline run, this will re-use the claim "pipeline-pvc-dev" for +future builds, it will re-use the .cache and pkg dirs to speed up builds ```bash # example (using the node-observability-operator) @@ -121,7 +123,7 @@ tkn pipeline start pipeline-dev-all \ --param base-image-registry=quay.io/ \ --param bundle-version=v0.0.1 \ --workspace name=shared-workspace,claimName=pipeline-pvc-dev \ --n operator-pipeline +-n okd-team ``` ### Option 2 - Kind clusters, or without existing PVCs @@ -134,7 +136,7 @@ tkn pipeline start pipeline-dev-all \ --param base-image-registry=quay.io/ \ --param bundle-version=v0.0.1 \ --workspace name=shared-workspace,volumeClaimTemplateFile=manifests/tekton/pipelineruns/workspace-template.yaml \ --n operator-pipeline +-n okd-team ``` @@ -180,9 +182,6 @@ The folder structure is as follows : | | | --- cicd | | | - | | --- namespace - | | | | - | | | --- namespace.yaml | | --- pvc | | | | | | | --- pipeline-pvc.yaml @@ -207,13 +206,6 @@ The folder structure is as follows : | --- container-all.yaml | --- bundle-all.yaml | - --- triggers - | | - | --- base - | | - | --- trigger-binding-dev.yaml - | --- trigger-event-listener-dev.yaml - | --- trigger-template-dev.yaml --- rbac | | | --- base diff --git a/environments/overlays/cicd/kustomization.yaml b/environments/overlays/cicd/kustomization.yaml index dc31149..1a3b25d 100755 --- a/environments/overlays/cicd/kustomization.yaml +++ b/environments/overlays/cicd/kustomization.yaml @@ -2,12 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization bases: - ../../../manifests/tekton/rbac/base -# - ../../../manifests/tekton/triggers/base - ../../../manifests/tekton/tasks/base - ../../../manifests/tekton/pipelines/base -resources: - - namespace/namespace.yaml - - pvc/pipeline-pvc.yaml - - pvc/build-cache-pvc.yaml -namespace: operator-pipeline +namespace: okd-team diff --git a/environments/overlays/cicd/namespace/namespace.yaml b/environments/overlays/cicd/namespace/namespace.yaml deleted file mode 100755 index 805ee74..0000000 --- a/environments/overlays/cicd/namespace/namespace.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: operator-pipeline - labels: - cost-tenancy: Dedicated - dept: CFE - org: redhat - network-share: redhat - product: operator-pipeline diff --git a/environments/overlays/cicd/pvc/build-cache-pvc.yaml b/environments/overlays/cicd/pvc/build-cache-pvc.yaml index 4d197b4..c1cd2ce 100755 --- a/environments/overlays/cicd/pvc/build-cache-pvc.yaml +++ b/environments/overlays/cicd/pvc/build-cache-pvc.yaml @@ -2,6 +2,7 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: build-cache-pvc-dev + namespace: okd-team spec: accessModes: - ReadWriteOnce diff --git a/environments/overlays/cicd/pvc/pipeline-pvc.yaml b/environments/overlays/cicd/pvc/pipeline-pvc.yaml index 72ae48e..4f59f73 100755 --- a/environments/overlays/cicd/pvc/pipeline-pvc.yaml +++ b/environments/overlays/cicd/pvc/pipeline-pvc.yaml @@ -2,6 +2,7 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: pipeline-pvc-dev + namespace: okd-team spec: accessModes: - ReadWriteOnce diff --git a/manifests/tekton/pipelineruns/sample-pr-dev-all-on-kind.yaml b/manifests/tekton/pipelineruns/sample-pr-dev-all-on-kind.yaml index 62af229..8408367 100644 --- a/manifests/tekton/pipelineruns/sample-pr-dev-all-on-kind.yaml +++ b/manifests/tekton/pipelineruns/sample-pr-dev-all-on-kind.yaml @@ -1,7 +1,7 @@ apiVersion: tekton.dev/v1beta1 kind: PipelineRun metadata: - namespace: operator-pipeline + namespace: okd-team name: my-dev-all spec: podTemplate: diff --git a/manifests/tekton/pipelineruns/workspace-template.yaml b/manifests/tekton/pipelineruns/workspace-template.yaml index 4d0fbd1..a1605b0 100644 --- a/manifests/tekton/pipelineruns/workspace-template.yaml +++ b/manifests/tekton/pipelineruns/workspace-template.yaml @@ -1,7 +1,7 @@ spec: - storageClassName: standard + storageClassName: ocs-external-storagecluster-ceph-rbd accessModes: - ReadWriteOnce resources: requests: - storage: 1Gi \ No newline at end of file + storage: 1Gi diff --git a/manifests/tekton/pipelines/base/pipeline-dev-all.yaml b/manifests/tekton/pipelines/base/pipeline-dev-all.yaml index f557e46..c3e12c0 100755 --- a/manifests/tekton/pipelines/base/pipeline-dev-all.yaml +++ b/manifests/tekton/pipelines/base/pipeline-dev-all.yaml @@ -2,6 +2,7 @@ apiVersion: tekton.dev/v1beta1 kind: Pipeline metadata: name: pipeline-dev-all + namespace: okd-team spec: params: - name: repo-url @@ -32,7 +33,7 @@ spec: - name: subdirectory value: $(params.repo-name) taskRef: - kind: ClusterTask + kind: Task name: git-clone workspaces: - name: src diff --git a/manifests/tekton/rbac/base/kustomization.yaml b/manifests/tekton/rbac/base/kustomization.yaml index 7b7e807..bf1a171 100755 --- a/manifests/tekton/rbac/base/kustomization.yaml +++ b/manifests/tekton/rbac/base/kustomization.yaml @@ -3,4 +3,4 @@ bases: - edit.yaml - view.yaml -namespace: golang-cicd +namespace: okd-team diff --git a/manifests/tekton/rolebindings/base/binding-dev.yaml b/manifests/tekton/rolebindings/base/binding-dev.yaml index f09aa5e..4ed0019 100755 --- a/manifests/tekton/rolebindings/base/binding-dev.yaml +++ b/manifests/tekton/rolebindings/base/binding-dev.yaml @@ -5,7 +5,7 @@ metadata: subjects: - kind: ServiceAccount name: serviceaccount-dev - namespace: sandbox-lzuccarelli + namespace: okd-team roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/manifests/tekton/tasks/base/bundle-all.yaml b/manifests/tekton/tasks/base/bundle-all.yaml index 29e1aee..2e24793 100755 --- a/manifests/tekton/tasks/base/bundle-all.yaml +++ b/manifests/tekton/tasks/base/bundle-all.yaml @@ -2,6 +2,7 @@ apiVersion: tekton.dev/v1beta1 kind: Task metadata: name: bundle-all + namespace: okd-team spec: params: - name: repo-name @@ -17,7 +18,7 @@ spec: workspaces: - name: src - name: build-cache-root - mountPath: /root + mountPath: /home/1001 - name: build-cache-home mountPath: /home/1001 @@ -27,8 +28,6 @@ spec: workingDir: /workspace/src/$(params.repo-name) command: ["make"] args: ["bundle","OPERATOR_SDK_BIN=/usr/bin/operator-sdk","KUSTOMIZE=/usr/bin/kustomize","IMG=$(params.base-image-registry)/$(params.repo-name)-bundle:$(params.bundle-version)"] - securityContext: - runAsUser: 0 - name: bundle-dockerfile-check image: quay.io/okd/go-bundle-tools:v1.0.0 @@ -41,17 +40,12 @@ spec: echo "copying Dockerfile.bundle to bundle.Dockerfile for kaniko build" cp Dockerfile.bundle bundle.Dockerfile fi - securityContext: - runAsUser: 0 - - name: bundle-image-push workingDir: /workspace/src/$(params.repo-name) image: gcr.io/kaniko-project/executor:latest command: ["/kaniko/executor"] args: ["--dockerfile=/workspace/src/$(params.repo-name)/bundle.Dockerfile","--context=/workspace/src/$(params.repo-name)/","--destination=$(params.base-image-registry)/$(params.repo-name)-bundle:$(params.bundle-version)"] - securityContext: - runAsUser: 0 volumeMounts: - name: docker-config mountPath: /kaniko/.docker/ @@ -64,16 +58,12 @@ spec: echo "executing opm generate index dockerfile" /usr/bin/opm index add --bundles $(params.base-image-registry)/$(params.repo-name)-bundle:$(params.bundle-version) --generate --out-dockerfile "index.Dockerfile" cat index.Dockerfile - securityContext: - runAsUser: 0 - name: index-image-push workingDir: /workspace/src/$(params.repo-name) image: gcr.io/kaniko-project/executor:latest command: ["/kaniko/executor"] args: ["--dockerfile=/workspace/src/$(params.repo-name)/index.Dockerfile","--context=/workspace/src/$(params.repo-name)/","--destination=$(params.base-image-registry)/$(params.repo-name)-index:$(params.bundle-version)"] - securityContext: - runAsUser: 0 volumeMounts: - name: docker-config mountPath: /kaniko/.docker/ @@ -103,16 +93,12 @@ spec: opm validate catalog cat catalog.Dockerfile - securityContext: - runAsUser: 0 - name: catalog-image-push workingDir: /workspace/src/$(params.repo-name) image: gcr.io/kaniko-project/executor:latest command: ["/kaniko/executor"] args: ["--dockerfile=/workspace/src/$(params.repo-name)/catalog.Dockerfile","--context=/workspace/src/$(params.repo-name)/","--destination=$(params.base-image-registry)/$(params.repo-name)-catalog:$(params.bundle-version)"] - securityContext: - runAsUser: 0 volumeMounts: - name: docker-config mountPath: /kaniko/.docker/ diff --git a/manifests/tekton/tasks/base/container-all.yaml b/manifests/tekton/tasks/base/container-all.yaml index 828dec9..f7f2f44 100755 --- a/manifests/tekton/tasks/base/container-all.yaml +++ b/manifests/tekton/tasks/base/container-all.yaml @@ -2,6 +2,7 @@ apiVersion: tekton.dev/v1beta1 kind: Task metadata: name: container-all + namespace: okd-team spec: params: - name: repo-name @@ -17,13 +18,14 @@ spec: workspaces: - name: src - name: build-cache-root - mountPath: /root + mountPath: /home/1001 - name: build-cache-home mountPath: /home/1001 steps: - name: verify image: quay.io/okd/go-bundle-tools:v1.0.0 + imagePullPolicy: Always onError: continue script: | #!/usr/bin/env bash @@ -84,8 +86,6 @@ spec: EOF golangci-lint run -c golangci.yaml --deadline=30m workingDir: /workspace/src/$(params.repo-name) - securityContext: - runAsUser: 0 - name: unit-test image: quay.io/okd/go-bundle-tools:v1.0.0 @@ -93,8 +93,6 @@ spec: resources: command: ["make"] args: ["test"] - securityContext: - runAsUser: 0 - name: build image: quay.io/okd/go-bundle-tools:v1.0.0 @@ -108,8 +106,6 @@ spec: memory: 2000Mi command: ["make"] args: ["build-operator"] - securityContext: - runAsUser: 0 - name: runtime-docker workingDir: /workspace/src/$(params.repo-name) @@ -127,8 +123,6 @@ spec: cat runtime.Dockerfile # move dockerignore as it blocks bin directory mv .dockerignore .bakdockerignore - securityContext: - runAsUser: 0 volumeMounts: - name: docker-config mountPath: /kaniko/.docker/ @@ -138,8 +132,6 @@ spec: image: gcr.io/kaniko-project/executor:latest command: ["/kaniko/executor"] args: ["--dockerfile=/workspace/src/$(params.repo-name)/runtime.Dockerfile","--context=/workspace/src/$(params.repo-name)/","--destination=$(params.base-image-registry)/$(params.repo-name):$(params.bundle-version)"] - securityContext: - runAsUser: 0 volumeMounts: - name: docker-config mountPath: /kaniko/.docker/ diff --git a/manifests/tekton/tasks/base/git-clone.yaml b/manifests/tekton/tasks/base/git-clone.yaml index 8ac2f1d..546d0e0 100755 --- a/manifests/tekton/tasks/base/git-clone.yaml +++ b/manifests/tekton/tasks/base/git-clone.yaml @@ -1,5 +1,5 @@ apiVersion: tekton.dev/v1beta1 -kind: ClusterTask +kind: Task metadata: name: git-clone labels: diff --git a/manifests/tekton/triggers/base/kustomization.yaml b/manifests/tekton/triggers/base/kustomization.yaml deleted file mode 100755 index 380326c..0000000 --- a/manifests/tekton/triggers/base/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -namePrefix: - -bases: - - trigger-binding-dev.yaml - - trigger-event-listener-dev.yaml - - trigger-template-dev.yaml - - - diff --git a/manifests/tekton/triggers/base/trigger-binding-dev.yaml b/manifests/tekton/triggers/base/trigger-binding-dev.yaml deleted file mode 100755 index 30ae072..0000000 --- a/manifests/tekton/triggers/base/trigger-binding-dev.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: triggers.tekton.dev/v1alpha1 -kind: TriggerBinding -metadata: - name: trigger-binding-dev -spec: - params: - - name: repo-url - value: $(body.url) - - name: repo-name - value: $(body.name) - - name: bundle-version - value: $(body.version) - - name: base-image-registry - value: $(body.imageregistry) - - name: storage-class-name - value: $(body.storageclassname) diff --git a/manifests/tekton/triggers/base/trigger-event-listener-dev.yaml b/manifests/tekton/triggers/base/trigger-event-listener-dev.yaml deleted file mode 100755 index 7afaba0..0000000 --- a/manifests/tekton/triggers/base/trigger-event-listener-dev.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: triggers.tekton.dev/v1alpha1 -kind: EventListener -metadata: - name: eventlistener-dev -spec: - triggers: - - bindings: - - kind: TriggerBinding - ref: trigger-binding-dev - template: - ref: trigger-template-dev diff --git a/manifests/tekton/triggers/base/trigger-template-dev.yaml b/manifests/tekton/triggers/base/trigger-template-dev.yaml deleted file mode 100755 index b1ec1fd..0000000 --- a/manifests/tekton/triggers/base/trigger-template-dev.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: triggers.tekton.dev/v1alpha1 -kind: TriggerTemplate -metadata: - name: trigger-template-dev -spec: - params: - - name: repo-url - description: The git repository url - - name: repo-name - description: The repo name - - name: bundle-version - description: bundle version (v0.0.1) - - name: base-image-registry - description: base image registry - - name: storage-class-name - description: StorageClass used for PVCs - - resourcetemplates: - - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - generateName: $(tt.params.repo-name)- - spec: - pipelineRef: - name: pipeline-dev - params: - - name: repo-url - value: $(tt.params.repo-url) - - name: repo-name - value: $(tt.params.repo-name) - - name: bundle-version - value: $(tt.params.bundle-version) - - name: base-image-registry - value: $(tt.params.base-image-registry) - - workspaces: - - name: shared-workspace - volumeClaimTemplate: - spec: - storageClassName: $(tt.params.storage-class-name) - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi