From 9fcb36ff466f5421aeebfba007ae2694d0d3ef6a Mon Sep 17 00:00:00 2001 From: Jefferson Ramos Date: Wed, 16 Aug 2023 14:42:52 -0300 Subject: [PATCH 1/2] chore: patch tekton pipeline task to reference midstream repository --- .../0.1/func-buildpacks-pac.yaml | 234 ++++++++++++++++++ .../task/func-deploy/0.1/func-deploy-pac.yaml | 30 +++ .../task/func-s2i/0.1/func-s2i-pac.yaml | 132 ++++++++++ pkg/pipelines/tekton/templates.go | 6 +- 4 files changed, 399 insertions(+), 3 deletions(-) create mode 100644 pkg/pipelines/resources/tekton/task/func-buildpacks/0.1/func-buildpacks-pac.yaml create mode 100644 pkg/pipelines/resources/tekton/task/func-deploy/0.1/func-deploy-pac.yaml create mode 100644 pkg/pipelines/resources/tekton/task/func-s2i/0.1/func-s2i-pac.yaml diff --git a/pkg/pipelines/resources/tekton/task/func-buildpacks/0.1/func-buildpacks-pac.yaml b/pkg/pipelines/resources/tekton/task/func-buildpacks/0.1/func-buildpacks-pac.yaml new file mode 100644 index 0000000000..ee227cf757 --- /dev/null +++ b/pkg/pipelines/resources/tekton/task/func-buildpacks/0.1/func-buildpacks-pac.yaml @@ -0,0 +1,234 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: func-buildpacks + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/categories: Image Build + tekton.dev/pipelines.minVersion: "0.17.0" + tekton.dev/tags: image-build + tekton.dev/displayName: "Knative Functions Buildpacks" + tekton.dev/platforms: "linux/amd64" +spec: + description: >- + The Knative Functions Buildpacks task builds source into a container image and pushes it to a registry, + using Cloud Native Buildpacks. This task is based on the Buildpacks Tekton task v 0.4. + + workspaces: + - name: source + description: Directory where application source is located. + - name: cache + description: Directory where cache is stored (when no cache image is provided). + optional: true + - name: dockerconfig + description: >- + An optional workspace that allows providing a .docker/config.json file + for Buildpacks lifecycle binary to access the container registry. + The file should be placed at the root of the Workspace with name config.json. + optional: true + + params: + - name: APP_IMAGE + description: The name of where to store the app image. + - name: REGISTRY + description: The registry associated with the function image. + - name: BUILDER_IMAGE + description: The image on which builds will run (must include lifecycle and compatible buildpacks). + - name: SOURCE_SUBPATH + description: A subpath within the `source` input where the source to build is located. + default: "" + - name: ENV_VARS + type: array + description: Environment variables to set during _build-time_. + default: [] + - name: PROCESS_TYPE + description: The default process type to set on the image. + default: "web" + - name: RUN_IMAGE + description: Reference to a run image to use. + default: "" + - name: CACHE_IMAGE + description: The name of the persistent app cache image (if no cache workspace is provided). + default: "" + - name: SKIP_RESTORE + description: Do not write layer metadata or restore cached layers. + default: "false" + - name: USER_ID + description: The user ID of the builder image user. + default: "1000" + - name: GROUP_ID + description: The group ID of the builder image user. + default: "0" + ############################################################## + ##### "default" has been changed to "0" for Knative Functions + - name: PLATFORM_DIR + description: The name of the platform directory. + default: empty-dir + + results: + - name: APP_IMAGE_DIGEST + description: The digest of the built `APP_IMAGE`. + + stepTemplate: + env: + - name: CNB_PLATFORM_API + value: "0.4" + + steps: + - name: prepare + image: docker.io/library/bash:5.1.4@sha256:b208215a4655538be652b2769d82e576bc4d0a2bb132144c060efc5be8c3f5d6 + args: + - "--env-vars" + - "$(params.ENV_VARS[*])" + script: | + #!/usr/bin/env bash + set -e + + if [[ "$(workspaces.cache.bound)" == "true" ]]; then + echo "> Setting permissions on '$(workspaces.cache.path)'..." + chown -R "$(params.USER_ID):$(params.GROUP_ID)" "$(workspaces.cache.path)" + fi + + ####################################################### + ##### "/emptyDir" has been added for Knative Functions + for path in "/tekton/home" "/layers" "/emptyDir" "$(workspaces.source.path)"; do + echo "> Setting permissions on '$path'..." + chown -R "$(params.USER_ID):$(params.GROUP_ID)" "$path" + + if [[ "$path" == "$(workspaces.source.path)" ]]; then + chmod 775 "$(workspaces.source.path)" + fi + done + + echo "> Parsing additional configuration..." + parsing_flag="" + envs=() + for arg in "$@"; do + if [[ "$arg" == "--env-vars" ]]; then + echo "-> Parsing env variables..." + parsing_flag="env-vars" + elif [[ "$parsing_flag" == "env-vars" ]]; then + envs+=("$arg") + fi + done + + echo "> Processing any environment variables..." + ENV_DIR="/platform/env" + + echo "--> Creating 'env' directory: $ENV_DIR" + mkdir -p "$ENV_DIR" + + for env in "${envs[@]}"; do + IFS='=' read -r key value <<< "$env" + if [[ "$key" != "" && "$value" != "" ]]; then + path="${ENV_DIR}/${key}" + echo "--> Writing ${path}..." + echo -n "$value" > "$path" + fi + done + + ############################################ + ##### Added part for Knative Functions ##### + ############################################ + + func_file="$(workspaces.source.path)/func.yaml" + if [ "$(params.SOURCE_SUBPATH)" != "" ]; then + func_file="$(workspaces.source.path)/$(params.SOURCE_SUBPATH)/func.yaml" + fi + echo "--> Saving 'func.yaml'" + cp $func_file /emptyDir/func.yaml + + ############################################ + + volumeMounts: + - name: layers-dir + mountPath: /layers + - name: $(params.PLATFORM_DIR) + mountPath: /platform + ######################################################## + ##### "/emptyDir" has been added for Knative Functions + - name: empty-dir + mountPath: /emptyDir + + - name: create + image: $(params.BUILDER_IMAGE) + imagePullPolicy: Always + command: ["/cnb/lifecycle/creator"] + env: + - name: DOCKER_CONFIG + value: $(workspaces.dockerconfig.path) + args: + - "-app=$(workspaces.source.path)/$(params.SOURCE_SUBPATH)" + - "-cache-dir=$(workspaces.cache.path)" + - "-cache-image=$(params.CACHE_IMAGE)" + - "-uid=$(params.USER_ID)" + - "-gid=$(params.GROUP_ID)" + - "-layers=/layers" + - "-platform=/platform" + - "-report=/layers/report.toml" + - "-process-type=$(params.PROCESS_TYPE)" + - "-skip-restore=$(params.SKIP_RESTORE)" + - "-previous-image=$(params.APP_IMAGE)" + - "-run-image=$(params.RUN_IMAGE)" + - "$(params.APP_IMAGE)" + volumeMounts: + - name: layers-dir + mountPath: /layers + - name: $(params.PLATFORM_DIR) + mountPath: /platform + securityContext: + runAsUser: 1000 + ################################################################# + ##### "runAsGroup" has been changed to "0" for Knative Functions + runAsGroup: 0 + + - name: results + image: docker.io/library/bash:5.1.4@sha256:b208215a4655538be652b2769d82e576bc4d0a2bb132144c060efc5be8c3f5d6 + script: | + #!/usr/bin/env bash + set -e + cat /layers/report.toml | grep "digest" | cut -d'"' -f2 | cut -d'"' -f2 | tr -d '\n' | tee $(results.APP_IMAGE_DIGEST.path) + + ############################################ + ##### Added part for Knative Functions ##### + ############################################ + + digest=$(cat $(results.APP_IMAGE_DIGEST.path)) + + func_file="$(workspaces.source.path)/func.yaml" + if [ "$(params.SOURCE_SUBPATH)" != "" ]; then + func_file="$(workspaces.source.path)/$(params.SOURCE_SUBPATH)/func.yaml" + fi + + if [[ ! -f "$func_file" ]]; then + echo "--> Restoring 'func.yaml'" + mkdir -p "$(workspaces.source.path)/$(params.SOURCE_SUBPATH)" + cp /emptyDir/func.yaml $func_file + fi + + echo "" + sed -i "s|^image:.*$|image: $(params.APP_IMAGE)|" "$func_file" + echo "Function image name: $(params.APP_IMAGE)" + + sed -i "s/^imageDigest:.*$/imageDigest: $digest/" "$func_file" + echo "Function image digest: $digest" + + sed -i "s|^registry:.*$|registry: $(params.REGISTRY)|" "$func_file" + echo "Function image registry: $(params.REGISTRY)" + + ############################################ + volumeMounts: + - name: layers-dir + mountPath: /layers + ######################################################## + ##### "/emptyDir" has been added for Knative Functions + - name: empty-dir + mountPath: /emptyDir + + volumes: + - name: empty-dir + emptyDir: {} + - name: layers-dir + emptyDir: {} diff --git a/pkg/pipelines/resources/tekton/task/func-deploy/0.1/func-deploy-pac.yaml b/pkg/pipelines/resources/tekton/task/func-deploy/0.1/func-deploy-pac.yaml new file mode 100644 index 0000000000..c58ff568df --- /dev/null +++ b/pkg/pipelines/resources/tekton/task/func-deploy/0.1/func-deploy-pac.yaml @@ -0,0 +1,30 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: func-deploy + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.12.1" + tekton.dev/categories: CLI + tekton.dev/tags: cli + tekton.dev/platforms: "linux/amd64" +spec: + description: >- + This Task performs a deploy operation using the Knative `func` CLI + params: + - name: path + description: Path to the function project + default: "" + - name: image + description: Container image to be deployed + default: "" + workspaces: + - name: source + description: The workspace containing the function project + steps: + - name: func-deploy + image: "ghcr.io/knative/func/func:latest" + script: | + export FUNC_IMAGE="$(params.image)" + func deploy --verbose --build=false --push=false --path=$(params.path) --remote=false diff --git a/pkg/pipelines/resources/tekton/task/func-s2i/0.1/func-s2i-pac.yaml b/pkg/pipelines/resources/tekton/task/func-s2i/0.1/func-s2i-pac.yaml new file mode 100644 index 0000000000..2d51973c27 --- /dev/null +++ b/pkg/pipelines/resources/tekton/task/func-s2i/0.1/func-s2i-pac.yaml @@ -0,0 +1,132 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: func-s2i + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.17.0" + tekton.dev/categories: Image Build + tekton.dev/tags: image-build + tekton.dev/platforms: "linux/amd64" +spec: + description: >- + Knative Functions Source-to-Image (S2I) is a toolkit and workflow for building reproducible + container images from source code + + S2I produces images by injecting source code into a base S2I container image + and letting the container prepare that source code for execution. The base + S2I container images contains the language runtime and build tools needed for + building and running the source code. + + params: + - name: BUILDER_IMAGE + description: The location of the s2i builder image. + - name: IMAGE + description: Reference of the image S2I will produce. + - name: REGISTRY + description: The registry associated with the function image. + default: "" + - name: PATH_CONTEXT + description: The location of the path to run s2i from. + default: . + - name: TLSVERIFY + description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) + default: "true" + - name: LOGLEVEL + description: Log level when running the S2I binary + default: "0" + - name: ENV_VARS + type: array + description: Environment variables to set during _build-time_. + default: [] + - name: S2I_IMAGE_SCRIPTS_URL + description: The URL containing the default assemble and run scripts for the builder image. + default: "image:///usr/libexec/s2i" + workspaces: + - name: source + - name: cache + description: Directory where cache is stored (e.g. local mvn repo). + optional: true + - name: sslcertdir + optional: true + - name: dockerconfig + description: >- + An optional workspace that allows providing a .docker/config.json file + for Buildah to access the container registry. + The file should be placed at the root of the Workspace with name config.json. + optional: true + results: + - name: IMAGE_DIGEST + description: Digest of the image just built. + steps: + - name: generate + image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:98d8cb3a255641ca6a1bce854e5e2460c20de9fb9b28e3cc67eb459f122873dd + workingDir: $(workspaces.source.path) + args: ["$(params.ENV_VARS[*])"] + script: | + echo "Processing Build Environment Variables" + echo "" > /env-vars/env-file + for var in "$@" + do + if [[ "$var" != "=" ]]; then + echo "$var" >> /env-vars/env-file + fi + done + + echo "Generated Build Env Var file" + echo "------------------------------" + cat /env-vars/env-file + echo "------------------------------" + + /usr/local/bin/s2i --loglevel=$(params.LOGLEVEL) build $(params.PATH_CONTEXT) $(params.BUILDER_IMAGE) \ + --image-scripts-url $(params.S2I_IMAGE_SCRIPTS_URL) \ + --as-dockerfile /gen-source/Dockerfile.gen --environment-file /env-vars/env-file + + echo "Preparing func.yaml for later deployment" + func_file="$(workspaces.source.path)/func.yaml" + if [ "$(params.PATH_CONTEXT)" != "" ]; then + func_file="$(workspaces.source.path)/$(params.PATH_CONTEXT)/func.yaml" + fi + sed -i "s|^registry:.*$|registry: $(params.REGISTRY)|" "$func_file" + echo "Function image registry: $(params.REGISTRY)" + + s2iignore_file="$(dirname "$func_file")/.s2iignore" + [ -f "$s2iignore_file" ] || echo "node_modules" >> "$s2iignore_file" + + volumeMounts: + - mountPath: /gen-source + name: gen-source + - mountPath: /env-vars + name: env-vars + - name: build + image: registry.redhat.io/rhel8/buildah@sha256:a1e5cc0fb334e333e5eab69689223e8bd1f0c060810d260603b26cf8c0da2023 + workingDir: /gen-source + script: | + [[ "$(workspaces.sslcertdir.bound)" == "true" ]] && CERT_DIR_FLAG="--cert-dir $(workspaces.sslcertdir.path)" + ARTIFACTS_CACHE_PATH="$(workspaces.cache.path)/mvn-artifacts" + [ -d "${ARTIFACTS_CACHE_PATH}" ] || mkdir "${ARTIFACTS_CACHE_PATH}" + buildah ${CERT_DIR_FLAG} bud --storage-driver=vfs --tls-verify=$(params.TLSVERIFY) --layers \ + -v "${ARTIFACTS_CACHE_PATH}:/tmp/artifacts/:rw,z,U" \ + -f /gen-source/Dockerfile.gen -t $(params.IMAGE) . + + [[ "$(workspaces.dockerconfig.bound)" == "true" ]] && export DOCKER_CONFIG="$(workspaces.dockerconfig.path)" + buildah ${CERT_DIR_FLAG} push --storage-driver=vfs --tls-verify=$(params.TLSVERIFY) --digestfile $(workspaces.source.path)/image-digest \ + $(params.IMAGE) docker://$(params.IMAGE) + + cat $(workspaces.source.path)/image-digest | tee /tekton/results/IMAGE_DIGEST + volumeMounts: + - name: varlibcontainers + mountPath: /var/lib/containers + - mountPath: /gen-source + name: gen-source + securityContext: + capabilities: + add: ["SETFCAP"] + volumes: + - emptyDir: {} + name: varlibcontainers + - emptyDir: {} + name: gen-source + - emptyDir: {} + name: env-vars diff --git a/pkg/pipelines/tekton/templates.go b/pkg/pipelines/tekton/templates.go index 6a156845cd..7cdaa6c2c3 100644 --- a/pkg/pipelines/tekton/templates.go +++ b/pkg/pipelines/tekton/templates.go @@ -20,9 +20,9 @@ const ( // Tasks references taskGitCloneRef = "git-clone" - taskFuncS2iRef = "https://raw.githubusercontent.com/knative/func/main/pkg/pipelines/resources/tekton/task/func-s2i/0.1/func-s2i.yaml" - taskFuncBuildpacksRef = "https://raw.githubusercontent.com/knative/func/main/pkg/pipelines/resources/tekton/task/func-buildpacks/0.1/func-buildpacks.yaml" - taskFuncDeployRef = "https://raw.githubusercontent.com/knative/func/main/pkg/pipelines/resources/tekton/task/func-deploy/0.1/func-deploy.yaml" + taskFuncS2iRef = "https://raw.githubusercontent.com/openshift-knative/kn-plugin-func/serverless-1.30.0/pkg/pipelines/resources/tekton/task/func-s2i/0.1/func-s2i-pac.yaml" + taskFuncBuildpacksRef = "https://raw.githubusercontent.com/openshift-knative/kn-plugin-func/serverless-1.30.0/pkg/pipelines/resources/tekton/task/func-buildpacks/0.1/func-buildpacks-pac.yaml" + taskFuncDeployRef = "https://raw.githubusercontent.com/openshift-knative/kn-plugin-func/serverless-1.30.0/pkg/pipelines/resources/tekton/task/func-deploy/0.1/func-deploy-pac.yaml" // S2I related properties defaultS2iImageScriptsUrl = "image:///usr/libexec/s2i" From 094fc8675dc19bb243343d893feb31f70b58f376 Mon Sep 17 00:00:00 2001 From: Jefferson Ramos Date: Wed, 16 Aug 2023 16:25:39 -0300 Subject: [PATCH 2/2] test: fix ci test by setting proper golang version --- .github/workflows/test-e2e-oncluster-runtime.yaml | 2 +- .github/workflows/test-e2e-oncluster.yaml | 2 +- .github/workflows/test-e2e-runtime.yaml | 2 +- .github/workflows/test-e2e.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test-e2e-oncluster-runtime.yaml b/.github/workflows/test-e2e-oncluster-runtime.yaml index 6778c1e26c..0bc1f452e8 100644 --- a/.github/workflows/test-e2e-oncluster-runtime.yaml +++ b/.github/workflows/test-e2e-oncluster-runtime.yaml @@ -7,7 +7,7 @@ jobs: name: On Cluster RT Test strategy: matrix: - go: [1.20.x] + go: [1.20.5] os: ["ubuntu-latest"] runs-on: ${{ matrix.os }} steps: diff --git a/.github/workflows/test-e2e-oncluster.yaml b/.github/workflows/test-e2e-oncluster.yaml index a7e4f4a9d8..b1a43929a8 100644 --- a/.github/workflows/test-e2e-oncluster.yaml +++ b/.github/workflows/test-e2e-oncluster.yaml @@ -7,7 +7,7 @@ jobs: name: On Cluster Test strategy: matrix: - go: [1.20.x] + go: [1.20.5] os: ["ubuntu-latest"] runs-on: ${{ matrix.os }} steps: diff --git a/.github/workflows/test-e2e-runtime.yaml b/.github/workflows/test-e2e-runtime.yaml index 6b7eac28fc..9893c90937 100644 --- a/.github/workflows/test-e2e-runtime.yaml +++ b/.github/workflows/test-e2e-runtime.yaml @@ -17,7 +17,7 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-go@v3 with: - go-version: 1.20.x + go-version: 1.20.5 - name: Install Binaries run: ./hack/binaries.sh - name: Allocate Cluster diff --git a/.github/workflows/test-e2e.yaml b/.github/workflows/test-e2e.yaml index b2d0ea51a2..14b9f3aa39 100644 --- a/.github/workflows/test-e2e.yaml +++ b/.github/workflows/test-e2e.yaml @@ -7,7 +7,7 @@ jobs: name: E2E Test strategy: matrix: - go: [1.20.x] + go: [1.20.5] os: ["ubuntu-latest"] runs-on: ${{ matrix.os }} steps: