Add Task for publishing tekton pipeline images + yaml #632
Conversation
googlebot
added
the
cla: yes
tekton-robot
added
approved
tekton/koparse/koparse.py
Outdated
| images = [] | ||
| with open(path) as f: | ||
| for line in f: | ||
| match = re.search(base + ".*@sha256:[0-9a-f]*", line) |
There was a problem hiding this comment.
great PR @bobcatfish
I don't know enough to comment on the python code, otherwise some minor comments 👍
| set -e | ||
| set -x | ||
|
|
||
| cat <<EOF > /workspace/go/src/github.com/tektoncd/pipeline/.ko.yaml |
There was a problem hiding this comment.
github.com/tektoncd/pipeline/cmd/entrypoint is missing from the ko file created here
also there is a thing called defaultBaseImage but I don't think it will save that much
There was a problem hiding this comment.
@bobcatfish what is the default base image if we don't override ?
There was a problem hiding this comment.
if you don't specify any base image, ko will use distroless
There was a problem hiding this comment.
adding a comment about the default!
There was a problem hiding this comment.
added entrypoint image :D
tekton/publish.yaml
Outdated
| - "get" | ||
| - "github.com/google/go-containerregistry/cmd/ko" | ||
|
|
||
| # TODO(#631): publish a `ko` image (which has golang) |
There was a problem hiding this comment.
would it make sense to have a Dockerfile for an image that has go and ko and just publish that instead of having steps for it, it can even be published in the task or before hand
There was a problem hiding this comment.
Yeah definitely!! I was thinking of leaving that for #631 but you're probably right, it's worth doing something better than this in the meantime XD
| cp -R /usr/local/go /workspace/golang/localgo | ||
|
|
||
| - name: ensure-release-dirs-exist | ||
| image: busybox |
There was a problem hiding this comment.
when the bucket was empty, I got the error
error exit status 1; cmd_output CommandException: No URLs matched: gs://pipeline-test-123456/*\n","stacktrace":"main.main\n\t/Users/pivotal/go/src/github.com/tektoncd/pipeline/cmd/gsutil/main.go:94\nruntime.main\n\t/usr/local/Cellar/go/1.12/libexec/src/runtime/proc.go:200"
but that might be a bug in the resource itself
There was a problem hiding this comment.
oh interesting - so you'd created the bucket but nothing was in it? ill try that out too
There was a problem hiding this comment.
hm okay so it seems like if you use the dir flag and the bucket is empty, you get this error:
Error executing command "gsutil cp -r gs://christies-empty-bucket/* /workspace/bucket" ; error exit status 1; cmd_output CommandException: No URLs matched: gs://christies-empty-bucket/*
"
stacktrace: "main.main
/Users/christiewilson/Code/go/src/github.com/tektoncd/pipeline/cmd/gsutil/main.go:94
runtime.main
/usr/local/Cellar/go/1.10.3/libexec/src/runtime/proc.go:198"
ts: 1553120763.622061
My feeling is that this is a bug in the resource; I think we should be able to handle checking out an empty bucket that we intend to put content into.
|
/test pull-tekton-pipeline-integration-tests |
|
|
||
| #### Production credentials | ||
|
|
||
| TODO(dlorenc, bobcatfish): We need to setup a group which users can be added to, as well as guidelines |
lol whaaaaat |
bobcatfish
force-pushed
the
dogfood_image_release
branch
3 times, most recently
from
43d8731
to
efd42fe
Compare
bobcatfish
force-pushed
the
dogfood_image_release
branch
3 times, most recently
from
49303df
to
9fe653b
Compare
|
I haven't finished responding to all the feedback yet but I did:
So those bits are ready for another look :D |
| os.path.abspath(__file__)), "test_release.yaml") | ||
| PATH_TO_WRONG_FILE = os.path.join(os.path.dirname( | ||
| os.path.abspath(__file__)), "koparse.py") | ||
| BUILT_IMAGES = [ |
There was a problem hiding this comment.
We need cmd/entrypoint too 👼
There was a problem hiding this comment.
actually the test data (which is the 0.1 release) doesnt have the entrypoint image! 😇
but this reminds me, i forgot to address @pivotal-nader-ziada 's comment and add the entrypoint image to the ko.yaml so I'll do that now 🤦♀️ 😅
| "gcr.io/knative-releases/github.com/knative/build-pipeline/cmd/webhook@sha256:cca7069a11aaf0d9d214306d456bc40b2e33e5839429bf07c123ad964d495d8a", | ||
| ] | ||
| EXPECTED_IMAGES = [ | ||
| "gcr.io/knative-releases/github.com/knative/build-pipeline/cmd/kubeconfigwriter", |
| set -e | ||
| set -x | ||
|
|
||
| cat <<EOF > /workspace/go/src/github.com/tektoncd/pipeline/.ko.yaml |
There was a problem hiding this comment.
@bobcatfish what is the default base image if we don't override ?
|
@bobcatfish PR #643 update the release script, you may want to include that change in your task |
bobcatfish
force-pushed
the
dogfood_image_release
branch
from
9fe653b
to
eee22e3
Compare
|
Okay I think I've addressed all comments @pivotal-nader-ziada @vdemeester , ready for another look :D |
Add a `Task` which invokes `ko` to build and publish all images and yaml config required for installing Tekton Pipelines. This Task will: * Build and publish the "base image" using Kaniko * Generate a .ko.yaml * Invoke ko to build/publish images and generate a release.yaml * Parse the release.yaml for built images; ensuring that the expected images were built (and no more) * Tag the built images with the correct version and also tag in all regions (us, asia, eu) This should be the same functionality that could previously be seen in https://github.com/tektoncd/pipeline/blob/master/hack/release.sh (which used https://github.com/knative/test-infra/blob/master/scripts/release.sh). We can remove release.sh once we have completed tektoncd#530 as well. Some functionality has been implemented in a python script, which has its own tests. Since it is currently difficult to update the pull request test logic to do additional things (such as run python unit tests), I'm hoping we are okay with waiting until tektoncd#532 to add automatic running of these tests). Use actual production bucket and registry by default (tektoncd#527) Fixes tektoncd#528 Fixes tektoncd#529
python 2.7 will no longer be maintained in 2020 (so soon now!!) and also now we get cool type annotations 😎
Instead of doing a lot of hacks to make sure we have all the tools we need to auth + invoke ko, let's build an image that has what we need in advance. Eventually we should be able to build this image and refer to the built image in our steps (tektoncd#639) but for now we'll have to hardcode it. We may also improve this image in tektoncd#631, or decide to move away from `ko` entirely.
Without `SOURCE_DATE_EPOCH` `ko` will use a hardcoded value of 48 years ago as the timestamp for a created image. This was done so that repeated build are reproducible, i.e. if you build the same thing twice, nothing will change, not even the creation time. SOURCE_DATE_EPOCH will set the creation timestamp that `ko` will use. See google/go-containerregistry#1 This was added to `release.sh` (which we are moving away from in favor of dogfodding via Tasks) in tektoncd#643
bobcatfish
force-pushed
the
dogfood_image_release
branch
from
eee22e3
to
74f1d4c
Compare
|
/test pull-tekton-pipeline-integration-tests |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bobcatfish, vdemeester The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Well my current strategy of ignoring this error and hoping it goes away doesn't seem to be working XD |
In tektoncd#632 I've been running into ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS errors saying `us-west1-c` doesn't have enough resources for our test clusters. It seems like this is outside of our control (and even tho we are using a regional `us-west1` cluster, the setup stubbornly insists on trying to use `us-west`-c`. So instead let's try `us-central` for these very scientific reasons: 1. It's the only region with 4 zones at https://cloud.google.com/compute/docs/regions-zones/ 2. Knative is using it and seems fine XD
|
I've manually applied the /test pull-tekton-pipeline-integration-tests |
In #632 I've been running into ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS errors saying `us-west1-c` doesn't have enough resources for our test clusters. It seems like this is outside of our control (and even tho we are using a regional `us-west1` cluster, the setup stubbornly insists on trying to use `us-west`-c`. So instead let's try `us-central` for these very scientific reasons: 1. It's the only region with 4 zones at https://cloud.google.com/compute/docs/regions-zones/ 2. Knative is using it and seems fine XD
o.o kind of ironic XD /test pull-tekton-pipeline-integration-tests |
|
lol so many tests failing with |
|
/me flails /test pull-tekton-pipeline-integration-tests |
|
/test pull-tekton-pipeline-integration-tests |
Changes
Add a
Taskwhich invokeskoto build and publish all images and yamlconfig required for installing Tekton Pipelines.
This Task will:
images were built (and no more)
regions (us, asia, eu)
This should be the same functionality that could previously be seen in
https://github.com/tektoncd/pipeline/blob/master/hack/release.sh
(which used
https://github.com/knative/test-infra/blob/master/scripts/release.sh).
We can remove release.sh once we have completed #530 as well.
Some functionality has been implemented in a python script, which has
its own tests. Since it is currently difficult to update the pull
request test logic to do additional things (such as run python unit
tests), I'm hoping we are okay with waiting until #532 to add
automatic running of these tests).
Fixes #528
Fixes #529
Submitter Checklist
These are the criteria that every PR should meet, please check them off as you
review them:
See the contribution guide
for more details.
Release Notes