From ad11c5a32ea15f953f66a17315eb0759364b2cc6 Mon Sep 17 00:00:00 2001 From: Karel Suta Date: Mon, 30 Oct 2023 10:38:57 +0100 Subject: [PATCH 01/23] CARRY: Remove e2e and OLM upgrade tests --- .../resources-olm-upgrade/catalogsource.yaml | 12 -- .../resources-olm-upgrade/operatorgroup.yaml | 5 - .../resources-olm-upgrade/subscription.yaml | 19 -- .github/workflows/e2e_tests.yaml | 124 ------------- .github/workflows/olm_tests.yaml | 172 ------------------ 5 files changed, 332 deletions(-) delete mode 100644 .github/resources-olm-upgrade/catalogsource.yaml delete mode 100644 .github/resources-olm-upgrade/operatorgroup.yaml delete mode 100644 .github/resources-olm-upgrade/subscription.yaml delete mode 100644 .github/workflows/e2e_tests.yaml delete mode 100644 .github/workflows/olm_tests.yaml diff --git a/.github/resources-olm-upgrade/catalogsource.yaml b/.github/resources-olm-upgrade/catalogsource.yaml deleted file mode 100644 index c74492445..000000000 --- a/.github/resources-olm-upgrade/catalogsource.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: codeflare-olm-test - namespace: olm -spec: - displayName: '' - grpcPodConfig: - securityContextConfig: restricted - image: "${CATALOG_BASE_IMG}" - publisher: '' - sourceType: grpc diff --git a/.github/resources-olm-upgrade/operatorgroup.yaml b/.github/resources-olm-upgrade/operatorgroup.yaml deleted file mode 100644 index 1fa7fc7d7..000000000 --- a/.github/resources-olm-upgrade/operatorgroup.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: openshift-operators - namespace: openshift-operators diff --git a/.github/resources-olm-upgrade/subscription.yaml b/.github/resources-olm-upgrade/subscription.yaml deleted file mode 100644 index 07fbb23bb..000000000 --- a/.github/resources-olm-upgrade/subscription.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: operators.coreos.com/v1alpha1 -kind: Subscription -metadata: - name: codeflare-operator - namespace: openshift-operators -spec: - channel: alpha - installPlanApproval: Automatic - name: codeflare-operator - source: codeflare-olm-test - sourceNamespace: olm - config: - resources: - limits: - cpu: 400m - memory: 128Mi - requests: - cpu: 50m - memory: 64Mi diff --git a/.github/workflows/e2e_tests.yaml b/.github/workflows/e2e_tests.yaml deleted file mode 100644 index d84ce09c2..000000000 --- a/.github/workflows/e2e_tests.yaml +++ /dev/null @@ -1,124 +0,0 @@ -name: e2e - -on: - pull_request: - branches: - - main - - 'release-*' - paths-ignore: - - 'docs/**' - - '**.adoc' - - '**.md' - - 'LICENSE' - push: - branches: - - main - - 'release-*' - paths-ignore: - - 'docs/**' - - '**.adoc' - - '**.md' - - 'LICENSE' - -concurrency: - group: ${{ github.head_ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - kubernetes-e2e: - - runs-on: ubuntu-20.04-4core - - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - submodules: recursive - - - name: Checkout common repo code - uses: actions/checkout@v4 - with: - repository: 'project-codeflare/codeflare-common' - ref: 'main' - path: 'common' - - - name: Set Go - uses: actions/setup-go@v5 - with: - go-version-file: './go.mod' - - - name: Set up gotestfmt - uses: gotesttools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Setup and start KinD cluster - uses: ./common/github-actions/kind - - - name: Deploy CodeFlare stack - id: deploy - run: | - echo Setting up CodeFlare stack - make setup-e2e - - echo Deploying CodeFlare operator - IMG="${REGISTRY_ADDRESS}"/codeflare-operator - make image-push -e IMG="${IMG}" - make deploy -e IMG="${IMG}" -e ENV="e2e" - kubectl wait --timeout=120s --for=condition=Available=true deployment -n openshift-operators codeflare-operator-manager - - - name: Run e2e tests - run: | - export CODEFLARE_TEST_TIMEOUT_SHORT=1m - export CODEFLARE_TEST_TIMEOUT_MEDIUM=5m - export CODEFLARE_TEST_TIMEOUT_LONG=10m - export CODEFLARE_TEST_TIMEOUT_GPU_PROVISIONING=30m - - export CODEFLARE_TEST_OUTPUT_DIR=${{ env.TEMP_DIR }} - echo "CODEFLARE_TEST_OUTPUT_DIR=${CODEFLARE_TEST_OUTPUT_DIR}" >> $GITHUB_ENV - - set -euo pipefail - go test -timeout 30m -v ./test/e2e -json 2>&1 | tee ${CODEFLARE_TEST_OUTPUT_DIR}/gotest.log | gotestfmt - - - name: Print CodeFlare operator logs - if: always() && steps.deploy.outcome == 'success' - run: | - echo "Printing CodeFlare operator logs" - kubectl logs -n openshift-operators --tail -1 -l app.kubernetes.io/name=codeflare-operator | tee ${CODEFLARE_TEST_OUTPUT_DIR}/codeflare-operator.log - - - name: Print Kueue operator logs - if: always() && steps.deploy.outcome == 'success' - run: | - echo "Printing Kueue operator logs" - KUEUE_CONTROLLER_POD=$(kubectl get pods -n kueue-system | grep kueue-controller | awk '{print $1}') - kubectl logs -n kueue-system --tail -1 ${KUEUE_CONTROLLER_POD} | tee ${CODEFLARE_TEST_OUTPUT_DIR}/kueue.log - - - name: Print KubeRay operator logs - if: always() && steps.deploy.outcome == 'success' - run: | - echo "Printing KubeRay operator logs" - kubectl logs -n ray-system --tail -1 -l app.kubernetes.io/name=kuberay | tee ${CODEFLARE_TEST_OUTPUT_DIR}/kuberay.log - - - name: Export all KinD pod logs - uses: ./common/github-actions/kind-export-logs - if: always() && steps.deploy.outcome == 'success' - with: - output-directory: ${CODEFLARE_TEST_OUTPUT_DIR} - - - name: Upload logs - uses: actions/upload-artifact@v4 - if: always() && steps.deploy.outcome == 'success' - with: - name: logs - retention-days: 10 - path: | - ${{ env.CODEFLARE_TEST_OUTPUT_DIR }}/**/*.log - - - name: Post notification about failure to a Slack channel in case of push event - if: failure() && github.event_name == 'push' - uses: slackapi/slack-github-action@v1.24.0 - with: - channel-id: "codeflare-nightlies" - slack-message: "e2e test on push failed, " - env: - SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} diff --git a/.github/workflows/olm_tests.yaml b/.github/workflows/olm_tests.yaml deleted file mode 100644 index b13f2f894..000000000 --- a/.github/workflows/olm_tests.yaml +++ /dev/null @@ -1,172 +0,0 @@ -# This workflow will build the CodeFlare Operator image and catalog containing bundle with this image, execute OLM upgrade tests using this catalog - -name: OLM Install and Upgrade - -on: - pull_request: - branches: - - main - - 'release-*' - paths-ignore: - - 'docs/**' - - '**.adoc' - - '**.md' - - 'LICENSE' - -concurrency: - group: ${{ github.head_ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - kubernetes-olm-upgrade: - runs-on: ubuntu-20.04-4core - timeout-minutes: 60 - env: - OLM_VERSION: v0.25.0 - VERSION: "v0.0.0-ghaction" # Need to supply some semver version for bundle to be properly generated - CATALOG_BASE_IMG: "registry.access.redhat.com/redhat/community-operator-index:v4.13" - CODEFLARE_TEST_TIMEOUT_SHORT: "1m" - CODEFLARE_TEST_TIMEOUT_MEDIUM: "5m" - CODEFLARE_TEST_TIMEOUT_LONG: "10m" - - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 # fetching also previous commits to get tags - - - name: Checkout common repo code - uses: actions/checkout@v4 - with: - repository: 'project-codeflare/codeflare-common' - ref: 'main' - path: 'common' - - - name: Set Go - uses: actions/setup-go@v5 - with: - go-version-file: './go.mod' - - - name: Set up gotestfmt - uses: gotesttools/gotestfmt-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Setup and start KinD cluster - uses: ./common/github-actions/kind - - - name: Install OLM - run: | - kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/${OLM_VERSION}/crds.yaml - # wait for a while to be sure CRDs are installed - sleep 1 - kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/${OLM_VERSION}/olm.yaml - echo Wait for default CatalogSource to start - kubectl wait -n ${{ env.CATALOG_SOURCE_NAMESPACE }} catalogsource/${{ env.CATALOG_SOURCE_NAME }} --for=jsonpath='{.status.connectionState.lastObservedState}'=READY --timeout=180s - env: - CATALOG_SOURCE_NAME: "operatorhubio-catalog" - CATALOG_SOURCE_NAMESPACE: "olm" - - - name: Create openshift-operator namespace and OperatorGroup - run: | - # Need to use openshift-operator namespace due to https://github.com/project-codeflare/codeflare-operator/issues/161 - kubectl create namespace openshift-operators - kubectl create -f .github/resources-olm-upgrade/operatorgroup.yaml - - - name: Deploy latest released CodeFlare operator from OLM - id: deploy - run: | - echo Create the CodeFlare operator ConfigMap - kubectl apply -n '${{ env.SUBSCRIPTION_NAMESPACE }}' -f config/e2e/config.yaml - - echo Deploying CodeFlare operator using Subscription - envsubst < .github/resources-olm-upgrade/catalogsource.yaml > ${{ env.TEMP_DIR }}/catalogsource.yaml - envsubst < .github/resources-olm-upgrade/subscription.yaml > ${{ env.TEMP_DIR }}/subscription.yaml - - kubectl create -f ${{ env.TEMP_DIR }}/catalogsource.yaml - - echo Wait for CatalogSource ${{ env.CATALOG_SOURCE_NAME }} to start - kubectl wait -n ${{ env.CATALOG_SOURCE_NAMESPACE }} catalogsource/${{ env.CATALOG_SOURCE_NAME }} --for=jsonpath='{.status.connectionState.lastObservedState}'=READY --timeout=180s - - kubectl create -f ${{ env.TEMP_DIR }}/subscription.yaml - - echo Waiting for Subscription to be ready - kubectl wait -n ${{ env.SUBSCRIPTION_NAMESPACE }} subscription/${{ env.SUBSCRIPTION_NAME }} --for=jsonpath='{.status.state}'=AtLatestKnown --timeout=180s - - echo Waiting for Deployment to be ready - timeout 60 bash -c 'until [[ $(kubectl get deployment/codeflare-operator-manager -n '${{ env.SUBSCRIPTION_NAMESPACE }}') ]]; do sleep 5 && echo "$(kubectl get deployment/codeflare-operator-manager -n '${{ env.SUBSCRIPTION_NAMESPACE }}')"; done' - kubectl wait -n ${{ env.SUBSCRIPTION_NAMESPACE }} deployment/codeflare-operator-manager --for=condition=Available=true --timeout=60s - env: - CATALOG_SOURCE_NAME: "codeflare-olm-test" - CATALOG_SOURCE_NAMESPACE: "olm" - SUBSCRIPTION_NAME: "codeflare-operator" - SUBSCRIPTION_NAMESPACE: "openshift-operators" - - - name: Store latest CSV version as PREVIOUS_VERSION env variable (used for bundle build) - run: | - CSV_VERSION=$(kubectl get ClusterServiceVersion -l operators.coreos.com/codeflare-operator.openshift-operators='' -n openshift-operators -o json | jq -r .items[].spec.version) - echo "PREVIOUS_VERSION=v$CSV_VERSION" >> $GITHUB_ENV - - - name: Build operator and catalog image - run: | - make image-push - make bundle-build - make bundle-push - make catalog-build-from-index - make catalog-push - env: - IMG: "${{ env.REGISTRY_ADDRESS }}/codeflare-operator:v0.0.1" - BUNDLE_IMG: "${{ env.REGISTRY_ADDRESS }}/codeflare-operator-bundle:v0.0.1" - CATALOG_IMG: "${{ env.REGISTRY_ADDRESS }}/codeflare-operator-catalog:v0.0.1" - OPM_BUNDLE_OPT: "--use-http" - BUNDLE_PUSH_OPT: "--tls-verify=false" - CATALOG_PUSH_OPT: "--tls-verify=false" - - - name: Update Operator to the built version - run: | - ORIGINAL_POD_NAME=$(kubectl get pod -l app.kubernetes.io/name=codeflare-operator -n openshift-operators -o json | jq -r .items[].metadata.name) - echo "Running old operator pod name is ${ORIGINAL_POD_NAME}" - - echo Updating custom CatalogSource image to the built CatalogSource with latest operator - kubectl patch CatalogSource codeflare-olm-test -n olm --type merge --patch "{\"spec\":{\"image\":\"${CATALOG_IMG}\"}}" - - echo Waiting for previous operator pod to get deleted - kubectl wait --timeout=120s --for=delete pod/${ORIGINAL_POD_NAME} -n openshift-operators - - echo Waiting for Subscription to be ready - kubectl wait -n ${{ env.SUBSCRIPTION_NAMESPACE }} subscription/${{ env.SUBSCRIPTION_NAME }} --for=jsonpath='{.status.state}'=AtLatestKnown --timeout=180s - - echo Waiting for Deployment to be ready - timeout 60 bash -c 'until [[ $(kubectl get deployment/codeflare-operator-manager -n '${{ env.SUBSCRIPTION_NAMESPACE }}') ]]; do sleep 5 && echo "$(kubectl get deployment/codeflare-operator-manager -n '${{ env.SUBSCRIPTION_NAMESPACE }}')"; done' - kubectl wait -n ${{ env.SUBSCRIPTION_NAMESPACE }} deployment/codeflare-operator-manager --for=condition=Available=true --timeout=60s - - echo Checking that correct CSV is available - CSV_VERSION=$(kubectl get ClusterServiceVersion/codeflare-operator.${VERSION} -n openshift-operators -o json | jq -r .spec.version) - if [ "v${CSV_VERSION}" != "${VERSION}" ]; then - echo "CSV version v${CSV_VERSION} doesn't match expected version ${VERSION}" - exit 1 - fi - env: - CATALOG_IMG: "${{ env.REGISTRY_ADDRESS }}/codeflare-operator-catalog:v0.0.1" - SUBSCRIPTION_NAME: "codeflare-operator" - SUBSCRIPTION_NAMESPACE: "openshift-operators" - - - name: Print CodeFlare operator logs - if: always() && steps.deploy.outcome == 'success' - run: | - echo "Printing CodeFlare operator logs" - mkdir logs - kubectl logs -n openshift-operators --tail -1 -l app.kubernetes.io/name=codeflare-operator | tee logs/codeflare-operator.log - - - name: Export all KinD pod logs - uses: ./common/github-actions/kind-export-logs - if: always() && steps.deploy.outcome == 'success' - with: - output-directory: logs - - - name: Upload logs - uses: actions/upload-artifact@v4 - if: always() && steps.deploy.outcome == 'success' - with: - name: logs - retention-days: 10 - path: logs/**/*.log From 08dc109fdb83405cbc8adb75b968b3c5f18e7e6a Mon Sep 17 00:00:00 2001 From: Bobbins228 Date: Thu, 12 Oct 2023 11:14:43 +0100 Subject: [PATCH 02/23] CARRY: Added automated workflow for pushing opendatahub/codeflare-operator image --- .github/workflows/build-and-push.yaml | 75 +++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 .github/workflows/build-and-push.yaml diff --git a/.github/workflows/build-and-push.yaml b/.github/workflows/build-and-push.yaml new file mode 100644 index 000000000..6147bce70 --- /dev/null +++ b/.github/workflows/build-and-push.yaml @@ -0,0 +1,75 @@ +# This workflow will build the CodeFlare Operator image and push it to the opendatahub image registry + +name: Build and Push + +on: + push: + branches: + - 'main' + paths: + - 'config/manager/params.env' + workflow_dispatch: + +jobs: + check-image-existence: + name: Check if ODH CFO image exists on Quay + runs-on: ubuntu-latest + outputs: + image-found: ${{ steps.image.outputs.found }} + steps: + - uses: actions/checkout@v4 + + - name: Verify that the latest images are available on Quay + id: image + run: | + imageTag=$(cat config/manager/params.env | grep codeflare-operator-controller-image | cut -d ':' -f2) + size=$(curl -s https://quay.io/api/v1/repository/opendatahub/codeflare-operator/tag/?specificTag=$imageTag | jq .tags[0].size) + if [[ "$size" -eq 0 ]]; then + echo "Operator image with tag $imageTag not found in Quay.io, will be built." + echo "found=false" >> "$GITHUB_OUTPUT" + else + echo "Operator image with tag $imageTag found in Quay.io" + fi + + build-and-push: + needs: [check-image-existence] + if: ${{ needs.check-image-existence.outputs.image-found == 'false' }} + + name: Build and push ODH/CFO image + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Set Go + uses: actions/setup-go@v5 + with: + go-version-file: './go.mod' + + - name: Login to Quay.io + uses: redhat-actions/podman-login@v1 + with: + username: ${{ secrets.QUAY_BOT_USER }} + password: ${{ secrets.QUAY_BOT_PASSWORD }} + registry: quay.io + + - name: Get Upstream Release Tags + id: release-tags + run: | + release_tag=$(gh release view -R github.com/project-codeflare/codeflare-operator --json tagName | jq -r '.tagName') + echo "RELEASE_TAG=$release_tag" >> $GITHUB_ENV + env: + GITHUB_TOKEN: ${{ github.token }} + + - name: Cleanup the go.mod and go.sum + run: | + go mod tidy + + - name: Image Build and Push + run: | + make build + make image-build -e IMG=quay.io/opendatahub/codeflare-operator:${{ env.RELEASE_TAG }} + make image-push -e IMG=quay.io/opendatahub/codeflare-operator:${{ env.RELEASE_TAG }} + + - name: Delete remote branch + run: | + git push origin --delete sync-cfo-fork From 0a2917ef33442b44dee601d0f6a20398f1eb4361 Mon Sep 17 00:00:00 2001 From: Bobbins228 Date: Tue, 17 Oct 2023 12:09:02 +0100 Subject: [PATCH 03/23] CARRY: Added Sync Fork workflow --- .github/workflows/sync-fork.yaml | 39 ++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .github/workflows/sync-fork.yaml diff --git a/.github/workflows/sync-fork.yaml b/.github/workflows/sync-fork.yaml new file mode 100644 index 000000000..0c162a3a6 --- /dev/null +++ b/.github/workflows/sync-fork.yaml @@ -0,0 +1,39 @@ +# This workflow will create a sync pr for the opendatahub-io/codeflare-operator fork with project-codeflare/codeflare-operator + +name: Create Sync Fork PR + +on: + workflow_dispatch: + +jobs: + create-fork-sync-pr: + runs-on: ubuntu-latest + + env: + GIT_BRANCH: ${GITHUB_REF#refs/heads/} + + steps: + - uses: actions/checkout@v3 + with: + persist-credentials: false + - name: repo-sync + uses: repo-sync/github-sync@v2 + with: + source_repo: "https://github.com/project-codeflare/codeflare-operator.git" + source_branch: ${{ env.GIT_BRANCH }} + destination_branch: "sync-cfo-fork" + github_token: ${{ secrets.CODEFLARE_MACHINE_ACCOUNT_TOKEN }} + + - name: Set up Git + run: | + git config --global user.email "138894154+codeflare-machine-account@users.noreply.github.com" + git config --global user.name "codeflare-machine-account" + + - name: Create Pull Request + run: | + PR_TITLE="Sync with Upstream" + PR_BODY="This pull request updates the fork to match the latest changes from the upstream repository." + gh pr create --base "${{ env.GIT_BRANCH }}" --head sync-cfo-fork --title "$PR_TITLE" --body "$PR_BODY" + env: + GITHUB_TOKEN: ${{ secrets.CODEFLARE_MACHINE_ACCOUNT_TOKEN }} + shell: bash From b8823f8f94f855eb1e32976ec198920daa44e726 Mon Sep 17 00:00:00 2001 From: Karel Suta Date: Wed, 22 Nov 2023 17:09:37 +0100 Subject: [PATCH 04/23] CARRY: Add Makefile and configuration files for e2e execution on OpenShift CI --- Makefile | 16 +++++++++++++ config/odh-operator/kustomization.yaml | 2 ++ config/odh-operator/odh.yaml | 13 +++++++++++ contrib/configuration/basic-dsc.yaml | 31 ++++++++++++++++++++++++++ 4 files changed, 62 insertions(+) create mode 100644 config/odh-operator/kustomization.yaml create mode 100644 config/odh-operator/odh.yaml create mode 100644 contrib/configuration/basic-dsc.yaml diff --git a/Makefile b/Makefile index 203b02d17..474236038 100644 --- a/Makefile +++ b/Makefile @@ -222,6 +222,11 @@ undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/confi $(KUSTOMIZE) build config/${ENV} | kubectl delete --ignore-not-found=$(ignore-not-found) -f - git restore config/* +.PHONY: install-odh-operator +install-odh-operator: kustomize ## Install ODH operator into the OpenShift cluster specified in ~/.kube/config. + $(KUSTOMIZE) build config/odh-operator | kubectl apply -f - + kubectl wait -n openshift-operators subscription/opendatahub-operator --for=jsonpath='{.status.state}'=AtLatestKnown --timeout=180s + ##@ Build Dependencies ## Location to install dependencies to @@ -392,6 +397,17 @@ test-component: envtest ginkgo ## Run component tests. test-e2e: manifests fmt vet ## Run e2e tests. go test -timeout 30m -v ./test/e2e +.PHONY: test-odh +test-odh: manifests fmt vet ## Run e2e ODH tests. + go test -timeout 60m -v ./test/odh + +.PHONY: store-odh-logs +store-odh-logs: # Store all ODH relevant logs into artifact directory + kubectl logs -n opendatahub deployment/codeflare-operator-manager > ${ARTIFACT_DIR}/codeflare-operator.log + kubectl logs -n opendatahub deployment/kuberay-operator > ${ARTIFACT_DIR}/kuberay-operator.log + kubectl logs -n openshift-operators deployment/opendatahub-operator-controller-manager > ${ARTIFACT_DIR}/odh-operator.log + kubectl get events -n opendatahub > ${ARTIFACT_DIR}/odh-events.log + .PHONY: kind-e2e kind-e2e: ## Set up e2e KinD cluster test/e2e/kind.sh diff --git a/config/odh-operator/kustomization.yaml b/config/odh-operator/kustomization.yaml new file mode 100644 index 000000000..02358bd9f --- /dev/null +++ b/config/odh-operator/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- odh.yaml diff --git a/config/odh-operator/odh.yaml b/config/odh-operator/odh.yaml new file mode 100644 index 000000000..6f7521595 --- /dev/null +++ b/config/odh-operator/odh.yaml @@ -0,0 +1,13 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: opendatahub-operator + labels: + operators.coreos.com/opendatahub-operator.openshift-operators: '' + namespace: openshift-operators +spec: + channel: fast + name: opendatahub-operator + installPlanApproval: Automatic + source: community-operators + sourceNamespace: openshift-marketplace diff --git a/contrib/configuration/basic-dsc.yaml b/contrib/configuration/basic-dsc.yaml new file mode 100644 index 000000000..1107cd316 --- /dev/null +++ b/contrib/configuration/basic-dsc.yaml @@ -0,0 +1,31 @@ +apiVersion: datasciencecluster.opendatahub.io/v1 +kind: DataScienceCluster +metadata: + labels: + app.kubernetes.io/created-by: opendatahub-operator + app.kubernetes.io/instance: default + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: datasciencecluster + app.kubernetes.io/part-of: opendatahub-operator + name: example-dsc +spec: + components: + codeflare: + devFlags: + manifests: + - uri: '' + contextDir: 'config' + sourcePath: 'manifests' + managementState: Managed + dashboard: + managementState: Managed + datasciencepipelines: + managementState: Removed + kserve: + managementState: Removed + modelmeshserving: + managementState: Removed + ray: + managementState: Managed + workbenches: + managementState: Managed From 27ac10ea94ccf2ebc0bd31d6cbbc431b16806861 Mon Sep 17 00:00:00 2001 From: Karel Suta Date: Tue, 28 Nov 2023 15:00:41 +0100 Subject: [PATCH 05/23] CARRY: Generate CodeFlare stack config map --- config/manager/kustomization.yaml | 7 +++++++ config/manager/manager.yaml | 5 ----- config/manager/params.yaml | 2 ++ 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 847eca176..bdb8b68d8 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -12,6 +12,13 @@ configurations: - params.yaml vars: +- name: namespace + objref: + kind: ConfigMap + name: stack-config + apiVersion: v1 + fieldref: + fieldpath: data.namespace - name: codeflare_operator_controller_image objref: kind: ConfigMap diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 20a34fe9d..14f62ad48 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -1,8 +1,3 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: system ---- apiVersion: apps/v1 kind: Deployment metadata: diff --git a/config/manager/params.yaml b/config/manager/params.yaml index 43509ff29..4d4bd9d60 100644 --- a/config/manager/params.yaml +++ b/config/manager/params.yaml @@ -1,3 +1,5 @@ varReference: + - path: subjects[]/namespace + kind: ClusterRoleBinding - path: spec/template/spec/containers[]/image kind: Deployment From f48e99e67f7e168301ba206d4706e23bbe0ed17a Mon Sep 17 00:00:00 2001 From: Wen Zhou Date: Wed, 25 Oct 2023 17:15:08 +0200 Subject: [PATCH 06/23] CARRY: update(manifests): use default namespace from ODH --- config/default/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index e4f0687af..84460b716 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -1,5 +1,5 @@ # Adds namespace to all resources. -namespace: openshift-operators +namespace: opendatahub # Value of this field is prepended to the # names of all resources, e.g. a deployment named From 060c9f26601f8aa281935bad703fa5b8e1086dba Mon Sep 17 00:00:00 2001 From: Karel Suta Date: Tue, 23 Jan 2024 10:34:22 +0100 Subject: [PATCH 07/23] PATCH: Adjust DSC source path for CodeFlare --- contrib/configuration/basic-dsc.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/configuration/basic-dsc.yaml b/contrib/configuration/basic-dsc.yaml index 1107cd316..de9926369 100644 --- a/contrib/configuration/basic-dsc.yaml +++ b/contrib/configuration/basic-dsc.yaml @@ -15,7 +15,7 @@ spec: manifests: - uri: '' contextDir: 'config' - sourcePath: 'manifests' + sourcePath: 'default' managementState: Managed dashboard: managementState: Managed From 1d122dab320de23c9c0a73e154ffbb571425a300 Mon Sep 17 00:00:00 2001 From: Karel Suta Date: Mon, 4 Mar 2024 09:43:18 +0100 Subject: [PATCH 08/23] CARRY: Add workflow to release ODH/CFO with compiled test binaries --- .github/workflows/odh-release.yml | 49 +++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 .github/workflows/odh-release.yml diff --git a/.github/workflows/odh-release.yml b/.github/workflows/odh-release.yml new file mode 100644 index 000000000..900e910b0 --- /dev/null +++ b/.github/workflows/odh-release.yml @@ -0,0 +1,49 @@ +# This workflow will compile e2e tests and release them + +name: ODH Release +on: + workflow_dispatch: + inputs: + version: + description: 'Tag to be used for release, i.e.: v0.0.1' + required: true + +jobs: + release-odh: + runs-on: ubuntu-latest + + # Permission required to create a release + permissions: + contents: write + + steps: + - uses: actions/checkout@v4 + + - name: Set Go + uses: actions/setup-go@v5 + with: + go-version: v1.20 + + - name: Verify that release doesn't exist yet + shell: bash {0} + run: | + gh release view ${{ github.event.inputs.version }} + status=$? + if [[ $status -eq 0 ]]; then + echo "Release ${{ github.event.inputs.version }} already exists." + exit 1 + fi + env: + GITHUB_TOKEN: ${{ github.TOKEN }} + + - name: Compile tests + run: | + go test -c -o compiled-tests/e2e ./test/e2e/ + go test -c -o compiled-tests/odh ./test/odh/ + + - name: Creates a release in GitHub + run: | + gh release create ${{ github.event.inputs.version }} --target ${{ github.ref }} compiled-tests/* + env: + GITHUB_TOKEN: ${{ secrets.CODEFLARE_MACHINE_ACCOUNT_TOKEN }} + shell: bash From d99fd5d4ff9a7d18714b86eeb7d56f80e8608a14 Mon Sep 17 00:00:00 2001 From: ChristianZaccaria Date: Wed, 26 Jun 2024 18:03:52 +0100 Subject: [PATCH 09/23] CARRY: Add workflow run for auto-merge sync --- .github/workflows/auto-merge-sync.yaml | 41 ++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .github/workflows/auto-merge-sync.yaml diff --git a/.github/workflows/auto-merge-sync.yaml b/.github/workflows/auto-merge-sync.yaml new file mode 100644 index 000000000..1267095db --- /dev/null +++ b/.github/workflows/auto-merge-sync.yaml @@ -0,0 +1,41 @@ +# Workflow is meant to run in the red-hat-data-services/codeflare-operator repo +name: Auto-Merge-Sync +on: + workflow_dispatch: + +jobs: + trigger-auto-merge-sync: + runs-on: ubuntu-latest + steps: + - name: upstream-odh-auto-merge + run: | + gh workflow run upstream-auto-merge.yaml --repo github.com/red-hat-data-services/rhods-devops-infra --ref main --field repositories=codeflare-upstream + sleep 5 + run_id=$(gh run list --workflow upstream-auto-merge.yaml --repo github.com/red-hat-data-services/rhods-devops-infra --limit 1 --json databaseId --jq .[].databaseId) + gh run watch ${run_id} --repo github.com/red-hat-data-services/rhods-devops-infra --interval 10 --exit-status + env: + GITHUB_TOKEN: ${{ secrets.PAT_TOKEN }} + shell: + bash + - name: odh-rhds-auto-merge + if: ${{ success()}} + run: | + gh workflow run upstream-auto-merge.yaml --repo github.com/red-hat-data-services/rhods-devops-infra --ref main --field repositories=codeflare-downstream + sleep 5 + run_id=$(gh run list --workflow upstream-auto-merge.yaml --repo github.com/red-hat-data-services/rhods-devops-infra --limit 1 --json databaseId --jq .[].databaseId) + gh run watch ${run_id} --repo github.com/red-hat-data-services/rhods-devops-infra --interval 10 --exit-status + env: + GITHUB_TOKEN: ${{ secrets.PAT_TOKEN }} + shell: + bash + - name: rhds-release-auto-merge + if: ${{ success()}} + run: | + gh workflow run main-release-auto-merge.yaml --repo github.com/red-hat-data-services/rhods-devops-infra --ref main --field repositories=codeflare-operator + sleep 5 + run_id=$(gh run list --workflow main-release-auto-merge.yaml --repo github.com/red-hat-data-services/rhods-devops-infra --limit 1 --json databaseId --jq .[].databaseId) + gh run watch ${run_id} --repo github.com/red-hat-data-services/rhods-devops-infra --interval 10 --exit-status + env: + GITHUB_TOKEN: ${{ secrets.PAT_TOKEN }} + shell: + bash From 6f29c030c22f82b737d00743dce38bc330c78f0b Mon Sep 17 00:00:00 2001 From: Karel Suta Date: Fri, 12 Jul 2024 08:41:12 +0200 Subject: [PATCH 10/23] Fix setup-go action to use Go version from go.mod --- .github/workflows/odh-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/odh-release.yml b/.github/workflows/odh-release.yml index 900e910b0..295c45e9a 100644 --- a/.github/workflows/odh-release.yml +++ b/.github/workflows/odh-release.yml @@ -22,7 +22,7 @@ jobs: - name: Set Go uses: actions/setup-go@v5 with: - go-version: v1.20 + go-version-file: './go.mod' - name: Verify that release doesn't exist yet shell: bash {0} From 9c79483a74fa10d8f5b153dff94189f82564c6b7 Mon Sep 17 00:00:00 2001 From: ChristianZaccaria Date: Fri, 16 Aug 2024 14:56:01 +0100 Subject: [PATCH 11/23] CARRY: Fix build-and-push workflow and remove sync-fork.yaml --- .github/workflows/build-and-push.yaml | 4 --- .github/workflows/sync-fork.yaml | 39 --------------------------- 2 files changed, 43 deletions(-) delete mode 100644 .github/workflows/sync-fork.yaml diff --git a/.github/workflows/build-and-push.yaml b/.github/workflows/build-and-push.yaml index 6147bce70..d2fa60acd 100644 --- a/.github/workflows/build-and-push.yaml +++ b/.github/workflows/build-and-push.yaml @@ -69,7 +69,3 @@ jobs: make build make image-build -e IMG=quay.io/opendatahub/codeflare-operator:${{ env.RELEASE_TAG }} make image-push -e IMG=quay.io/opendatahub/codeflare-operator:${{ env.RELEASE_TAG }} - - - name: Delete remote branch - run: | - git push origin --delete sync-cfo-fork diff --git a/.github/workflows/sync-fork.yaml b/.github/workflows/sync-fork.yaml deleted file mode 100644 index 0c162a3a6..000000000 --- a/.github/workflows/sync-fork.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# This workflow will create a sync pr for the opendatahub-io/codeflare-operator fork with project-codeflare/codeflare-operator - -name: Create Sync Fork PR - -on: - workflow_dispatch: - -jobs: - create-fork-sync-pr: - runs-on: ubuntu-latest - - env: - GIT_BRANCH: ${GITHUB_REF#refs/heads/} - - steps: - - uses: actions/checkout@v3 - with: - persist-credentials: false - - name: repo-sync - uses: repo-sync/github-sync@v2 - with: - source_repo: "https://github.com/project-codeflare/codeflare-operator.git" - source_branch: ${{ env.GIT_BRANCH }} - destination_branch: "sync-cfo-fork" - github_token: ${{ secrets.CODEFLARE_MACHINE_ACCOUNT_TOKEN }} - - - name: Set up Git - run: | - git config --global user.email "138894154+codeflare-machine-account@users.noreply.github.com" - git config --global user.name "codeflare-machine-account" - - - name: Create Pull Request - run: | - PR_TITLE="Sync with Upstream" - PR_BODY="This pull request updates the fork to match the latest changes from the upstream repository." - gh pr create --base "${{ env.GIT_BRANCH }}" --head sync-cfo-fork --title "$PR_TITLE" --body "$PR_BODY" - env: - GITHUB_TOKEN: ${{ secrets.CODEFLARE_MACHINE_ACCOUNT_TOKEN }} - shell: bash From ff6b22300369e9116a41b557e7eed380e270bc54 Mon Sep 17 00:00:00 2001 From: ChristianZaccaria Date: Mon, 19 Aug 2024 09:51:46 +0100 Subject: [PATCH 12/23] CARRY: remove ODH go test from odh-release --- .github/workflows/odh-release.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/odh-release.yml b/.github/workflows/odh-release.yml index 295c45e9a..92b5bd2ec 100644 --- a/.github/workflows/odh-release.yml +++ b/.github/workflows/odh-release.yml @@ -39,7 +39,6 @@ jobs: - name: Compile tests run: | go test -c -o compiled-tests/e2e ./test/e2e/ - go test -c -o compiled-tests/odh ./test/odh/ - name: Creates a release in GitHub run: | From 6d6206ee4b7c566c327187bcc8883e16b8ee4164 Mon Sep 17 00:00:00 2001 From: Fiona Waters Date: Fri, 27 Sep 2024 15:56:15 +0100 Subject: [PATCH 13/23] updating prompt for release tag --- .github/workflows/odh-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/odh-release.yml b/.github/workflows/odh-release.yml index 92b5bd2ec..9fb2a6c0a 100644 --- a/.github/workflows/odh-release.yml +++ b/.github/workflows/odh-release.yml @@ -5,7 +5,7 @@ on: workflow_dispatch: inputs: version: - description: 'Tag to be used for release, i.e.: v0.0.1' + description: 'Tag to be used for release, i.e.: v0.0.1-odh' required: true jobs: From cc6c70a88e1e6e6463cebca1cf843c5f3b60ef56 Mon Sep 17 00:00:00 2001 From: Shilpa Chugh Date: Fri, 20 Dec 2024 16:22:13 +0530 Subject: [PATCH 14/23] Update dsc name --- contrib/configuration/basic-dsc.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/configuration/basic-dsc.yaml b/contrib/configuration/basic-dsc.yaml index de9926369..4efbd0fce 100644 --- a/contrib/configuration/basic-dsc.yaml +++ b/contrib/configuration/basic-dsc.yaml @@ -7,7 +7,7 @@ metadata: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: datasciencecluster app.kubernetes.io/part-of: opendatahub-operator - name: example-dsc + name: default-dsc spec: components: codeflare: From a1fc6af23565ad6913f746d23254a285a987a84c Mon Sep 17 00:00:00 2001 From: Shilpa Chugh Date: Fri, 20 Dec 2024 16:29:02 +0530 Subject: [PATCH 15/23] Remove test-odh as this folder is no longer present --- Makefile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/Makefile b/Makefile index 85a1c2ef8..c701a13cb 100644 --- a/Makefile +++ b/Makefile @@ -400,10 +400,6 @@ test-component: envtest ginkgo ## Run component tests. test-e2e: manifests fmt vet ## Run e2e tests. go test -timeout 30m -v ./test/e2e -.PHONY: test-odh -test-odh: manifests fmt vet ## Run e2e ODH tests. - go test -timeout 60m -v ./test/odh - .PHONY: store-odh-logs store-odh-logs: # Store all ODH relevant logs into artifact directory kubectl logs -n opendatahub deployment/codeflare-operator-manager > ${ARTIFACT_DIR}/codeflare-operator.log From e7111ec5275dd1a020bae59ab9909ad80de1a593 Mon Sep 17 00:00:00 2001 From: Shilpa Chugh Date: Fri, 20 Dec 2024 17:14:11 +0530 Subject: [PATCH 16/23] Add kueue in dsc --- contrib/configuration/basic-dsc.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/contrib/configuration/basic-dsc.yaml b/contrib/configuration/basic-dsc.yaml index 4efbd0fce..9a0c2bccc 100644 --- a/contrib/configuration/basic-dsc.yaml +++ b/contrib/configuration/basic-dsc.yaml @@ -23,6 +23,8 @@ spec: managementState: Removed kserve: managementState: Removed + kueue: + managementState: Managed modelmeshserving: managementState: Removed ray: From 48b6af4d1400f88e8f1c667dcca261b58a0c9fc8 Mon Sep 17 00:00:00 2001 From: Karel Suta Date: Mon, 6 Jan 2025 08:43:05 +0100 Subject: [PATCH 17/23] Reintroduce OLM upgrade tests for ODH project to fix automerge --- .../resources-olm-upgrade/catalogsource.yaml | 12 ++ .../resources-olm-upgrade/operatorgroup.yaml | 5 + .../resources-olm-upgrade/subscription.yaml | 19 ++ .github/workflows/olm_tests.yaml | 172 ++++++++++++++++++ 4 files changed, 208 insertions(+) create mode 100644 .github/resources-olm-upgrade/catalogsource.yaml create mode 100644 .github/resources-olm-upgrade/operatorgroup.yaml create mode 100644 .github/resources-olm-upgrade/subscription.yaml create mode 100644 .github/workflows/olm_tests.yaml diff --git a/.github/resources-olm-upgrade/catalogsource.yaml b/.github/resources-olm-upgrade/catalogsource.yaml new file mode 100644 index 000000000..c74492445 --- /dev/null +++ b/.github/resources-olm-upgrade/catalogsource.yaml @@ -0,0 +1,12 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: CatalogSource +metadata: + name: codeflare-olm-test + namespace: olm +spec: + displayName: '' + grpcPodConfig: + securityContextConfig: restricted + image: "${CATALOG_BASE_IMG}" + publisher: '' + sourceType: grpc diff --git a/.github/resources-olm-upgrade/operatorgroup.yaml b/.github/resources-olm-upgrade/operatorgroup.yaml new file mode 100644 index 000000000..1fa7fc7d7 --- /dev/null +++ b/.github/resources-olm-upgrade/operatorgroup.yaml @@ -0,0 +1,5 @@ +apiVersion: operators.coreos.com/v1 +kind: OperatorGroup +metadata: + name: openshift-operators + namespace: openshift-operators diff --git a/.github/resources-olm-upgrade/subscription.yaml b/.github/resources-olm-upgrade/subscription.yaml new file mode 100644 index 000000000..07fbb23bb --- /dev/null +++ b/.github/resources-olm-upgrade/subscription.yaml @@ -0,0 +1,19 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: codeflare-operator + namespace: openshift-operators +spec: + channel: alpha + installPlanApproval: Automatic + name: codeflare-operator + source: codeflare-olm-test + sourceNamespace: olm + config: + resources: + limits: + cpu: 400m + memory: 128Mi + requests: + cpu: 50m + memory: 64Mi diff --git a/.github/workflows/olm_tests.yaml b/.github/workflows/olm_tests.yaml new file mode 100644 index 000000000..b13f2f894 --- /dev/null +++ b/.github/workflows/olm_tests.yaml @@ -0,0 +1,172 @@ +# This workflow will build the CodeFlare Operator image and catalog containing bundle with this image, execute OLM upgrade tests using this catalog + +name: OLM Install and Upgrade + +on: + pull_request: + branches: + - main + - 'release-*' + paths-ignore: + - 'docs/**' + - '**.adoc' + - '**.md' + - 'LICENSE' + +concurrency: + group: ${{ github.head_ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + kubernetes-olm-upgrade: + runs-on: ubuntu-20.04-4core + timeout-minutes: 60 + env: + OLM_VERSION: v0.25.0 + VERSION: "v0.0.0-ghaction" # Need to supply some semver version for bundle to be properly generated + CATALOG_BASE_IMG: "registry.access.redhat.com/redhat/community-operator-index:v4.13" + CODEFLARE_TEST_TIMEOUT_SHORT: "1m" + CODEFLARE_TEST_TIMEOUT_MEDIUM: "5m" + CODEFLARE_TEST_TIMEOUT_LONG: "10m" + + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # fetching also previous commits to get tags + + - name: Checkout common repo code + uses: actions/checkout@v4 + with: + repository: 'project-codeflare/codeflare-common' + ref: 'main' + path: 'common' + + - name: Set Go + uses: actions/setup-go@v5 + with: + go-version-file: './go.mod' + + - name: Set up gotestfmt + uses: gotesttools/gotestfmt-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Setup and start KinD cluster + uses: ./common/github-actions/kind + + - name: Install OLM + run: | + kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/${OLM_VERSION}/crds.yaml + # wait for a while to be sure CRDs are installed + sleep 1 + kubectl create -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/${OLM_VERSION}/olm.yaml + echo Wait for default CatalogSource to start + kubectl wait -n ${{ env.CATALOG_SOURCE_NAMESPACE }} catalogsource/${{ env.CATALOG_SOURCE_NAME }} --for=jsonpath='{.status.connectionState.lastObservedState}'=READY --timeout=180s + env: + CATALOG_SOURCE_NAME: "operatorhubio-catalog" + CATALOG_SOURCE_NAMESPACE: "olm" + + - name: Create openshift-operator namespace and OperatorGroup + run: | + # Need to use openshift-operator namespace due to https://github.com/project-codeflare/codeflare-operator/issues/161 + kubectl create namespace openshift-operators + kubectl create -f .github/resources-olm-upgrade/operatorgroup.yaml + + - name: Deploy latest released CodeFlare operator from OLM + id: deploy + run: | + echo Create the CodeFlare operator ConfigMap + kubectl apply -n '${{ env.SUBSCRIPTION_NAMESPACE }}' -f config/e2e/config.yaml + + echo Deploying CodeFlare operator using Subscription + envsubst < .github/resources-olm-upgrade/catalogsource.yaml > ${{ env.TEMP_DIR }}/catalogsource.yaml + envsubst < .github/resources-olm-upgrade/subscription.yaml > ${{ env.TEMP_DIR }}/subscription.yaml + + kubectl create -f ${{ env.TEMP_DIR }}/catalogsource.yaml + + echo Wait for CatalogSource ${{ env.CATALOG_SOURCE_NAME }} to start + kubectl wait -n ${{ env.CATALOG_SOURCE_NAMESPACE }} catalogsource/${{ env.CATALOG_SOURCE_NAME }} --for=jsonpath='{.status.connectionState.lastObservedState}'=READY --timeout=180s + + kubectl create -f ${{ env.TEMP_DIR }}/subscription.yaml + + echo Waiting for Subscription to be ready + kubectl wait -n ${{ env.SUBSCRIPTION_NAMESPACE }} subscription/${{ env.SUBSCRIPTION_NAME }} --for=jsonpath='{.status.state}'=AtLatestKnown --timeout=180s + + echo Waiting for Deployment to be ready + timeout 60 bash -c 'until [[ $(kubectl get deployment/codeflare-operator-manager -n '${{ env.SUBSCRIPTION_NAMESPACE }}') ]]; do sleep 5 && echo "$(kubectl get deployment/codeflare-operator-manager -n '${{ env.SUBSCRIPTION_NAMESPACE }}')"; done' + kubectl wait -n ${{ env.SUBSCRIPTION_NAMESPACE }} deployment/codeflare-operator-manager --for=condition=Available=true --timeout=60s + env: + CATALOG_SOURCE_NAME: "codeflare-olm-test" + CATALOG_SOURCE_NAMESPACE: "olm" + SUBSCRIPTION_NAME: "codeflare-operator" + SUBSCRIPTION_NAMESPACE: "openshift-operators" + + - name: Store latest CSV version as PREVIOUS_VERSION env variable (used for bundle build) + run: | + CSV_VERSION=$(kubectl get ClusterServiceVersion -l operators.coreos.com/codeflare-operator.openshift-operators='' -n openshift-operators -o json | jq -r .items[].spec.version) + echo "PREVIOUS_VERSION=v$CSV_VERSION" >> $GITHUB_ENV + + - name: Build operator and catalog image + run: | + make image-push + make bundle-build + make bundle-push + make catalog-build-from-index + make catalog-push + env: + IMG: "${{ env.REGISTRY_ADDRESS }}/codeflare-operator:v0.0.1" + BUNDLE_IMG: "${{ env.REGISTRY_ADDRESS }}/codeflare-operator-bundle:v0.0.1" + CATALOG_IMG: "${{ env.REGISTRY_ADDRESS }}/codeflare-operator-catalog:v0.0.1" + OPM_BUNDLE_OPT: "--use-http" + BUNDLE_PUSH_OPT: "--tls-verify=false" + CATALOG_PUSH_OPT: "--tls-verify=false" + + - name: Update Operator to the built version + run: | + ORIGINAL_POD_NAME=$(kubectl get pod -l app.kubernetes.io/name=codeflare-operator -n openshift-operators -o json | jq -r .items[].metadata.name) + echo "Running old operator pod name is ${ORIGINAL_POD_NAME}" + + echo Updating custom CatalogSource image to the built CatalogSource with latest operator + kubectl patch CatalogSource codeflare-olm-test -n olm --type merge --patch "{\"spec\":{\"image\":\"${CATALOG_IMG}\"}}" + + echo Waiting for previous operator pod to get deleted + kubectl wait --timeout=120s --for=delete pod/${ORIGINAL_POD_NAME} -n openshift-operators + + echo Waiting for Subscription to be ready + kubectl wait -n ${{ env.SUBSCRIPTION_NAMESPACE }} subscription/${{ env.SUBSCRIPTION_NAME }} --for=jsonpath='{.status.state}'=AtLatestKnown --timeout=180s + + echo Waiting for Deployment to be ready + timeout 60 bash -c 'until [[ $(kubectl get deployment/codeflare-operator-manager -n '${{ env.SUBSCRIPTION_NAMESPACE }}') ]]; do sleep 5 && echo "$(kubectl get deployment/codeflare-operator-manager -n '${{ env.SUBSCRIPTION_NAMESPACE }}')"; done' + kubectl wait -n ${{ env.SUBSCRIPTION_NAMESPACE }} deployment/codeflare-operator-manager --for=condition=Available=true --timeout=60s + + echo Checking that correct CSV is available + CSV_VERSION=$(kubectl get ClusterServiceVersion/codeflare-operator.${VERSION} -n openshift-operators -o json | jq -r .spec.version) + if [ "v${CSV_VERSION}" != "${VERSION}" ]; then + echo "CSV version v${CSV_VERSION} doesn't match expected version ${VERSION}" + exit 1 + fi + env: + CATALOG_IMG: "${{ env.REGISTRY_ADDRESS }}/codeflare-operator-catalog:v0.0.1" + SUBSCRIPTION_NAME: "codeflare-operator" + SUBSCRIPTION_NAMESPACE: "openshift-operators" + + - name: Print CodeFlare operator logs + if: always() && steps.deploy.outcome == 'success' + run: | + echo "Printing CodeFlare operator logs" + mkdir logs + kubectl logs -n openshift-operators --tail -1 -l app.kubernetes.io/name=codeflare-operator | tee logs/codeflare-operator.log + + - name: Export all KinD pod logs + uses: ./common/github-actions/kind-export-logs + if: always() && steps.deploy.outcome == 'success' + with: + output-directory: logs + + - name: Upload logs + uses: actions/upload-artifact@v4 + if: always() && steps.deploy.outcome == 'success' + with: + name: logs + retention-days: 10 + path: logs/**/*.log From c12832493ceee69b224bd4f6f847c311b792bcdd Mon Sep 17 00:00:00 2001 From: Srihari Date: Tue, 7 Jan 2025 13:07:54 +0530 Subject: [PATCH 18/23] Add the component_metadata.yaml file to track codeflare-operator release version --- README.md | 1 + config/component_metadata.yaml | 4 ++++ 2 files changed, 5 insertions(+) create mode 100644 config/component_metadata.yaml diff --git a/README.md b/README.md index 9920c9d94..808add653 100644 --- a/README.md +++ b/README.md @@ -114,6 +114,7 @@ For ODH tests additional environment variables are needed: 6. In ODH/CFO verify that the [Build and Push action](https://github.com/opendatahub-io/codeflare-operator/actions/workflows/build-and-push.yaml) was triggered and ran successfully. 7. Make sure that release automation created a PR updating CodeFlare SDK version in [ODH Notebooks repository](https://github.com/opendatahub-io/notebooks). Make sure the PR gets merged. 8. Run [ODH CodeFlare Operator release workflow](https://github.com/opendatahub-io/codeflare-operator/actions/workflows/odh-release.yml) to produce ODH CodeFlare Operator release. +9. Ensure that the version details in the `config/component_metadata.yaml` file are updated to reflect the latest upstream CodeFlare Operator release version ### Releases involving part of the stack diff --git a/config/component_metadata.yaml b/config/component_metadata.yaml new file mode 100644 index 000000000..725f12ee2 --- /dev/null +++ b/config/component_metadata.yaml @@ -0,0 +1,4 @@ +releases: + - name: CodeFlare operator + version: 1.12.0 + repoUrl: https://github.com/project-codeflare/codeflare-operator From 237b14d8b00b5929f8bfa3077770dca514a85477 Mon Sep 17 00:00:00 2001 From: Shilpa Chugh Date: Fri, 14 Feb 2025 18:17:22 +0530 Subject: [PATCH 19/23] update metadata file with latest release --- config/component_metadata.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/component_metadata.yaml b/config/component_metadata.yaml index 725f12ee2..61be7369b 100644 --- a/config/component_metadata.yaml +++ b/config/component_metadata.yaml @@ -1,4 +1,4 @@ releases: - name: CodeFlare operator - version: 1.12.0 + version: 1.15.0 repoUrl: https://github.com/project-codeflare/codeflare-operator From 72370a332e4974f185829c46d5b92da647ca44c9 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 30 Jun 2025 14:35:13 +0000 Subject: [PATCH 20/23] Update Tekton output-image tags to version v1.16.0 --- .tekton/odh-codeflare-operator-push.yaml | 662 +++++++++++++++++++++++ 1 file changed, 662 insertions(+) create mode 100644 .tekton/odh-codeflare-operator-push.yaml diff --git a/.tekton/odh-codeflare-operator-push.yaml b/.tekton/odh-codeflare-operator-push.yaml new file mode 100644 index 000000000..cf22bb676 --- /dev/null +++ b/.tekton/odh-codeflare-operator-push.yaml @@ -0,0 +1,662 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/opendatahub-io/codeflare-operator?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/cancel-in-progress: "false" + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-target-branch: "[test]" + pipelinesascode.tekton.dev/on-event: "[push, comment]" + pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch + == "main" + creationTimestamp: null + labels: + appstudio.openshift.io/application: opendatahub-release + appstudio.openshift.io/component: odh-codeflare-operator + pipelines.appstudio.openshift.io/type: build + name: odh-codeflare-operator-on-push + namespace: open-data-hub-tenant +spec: + params: + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/opendatahub/odh-codeflare-operator:v1.16.0 + - name: dockerfile + value: Dockerfile + - name: path-context + value: . + pipelineSpec: + description: | + This pipeline is ideal for building container images from a Containerfile while maintaining trust after pipeline customization. + + _Uses `buildah` to create a container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks. + This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-oci-ta?tab=tags)_ + finally: + - name: show-sbom + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + taskRef: + params: + - name: name + value: show-sbom + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:002f7c8c1d2f9e09904035da414aba1188ae091df0ea9532cd997be05e73d594 + - name: kind + value: task + resolver: bundles + - name: send-slack-notification + params: + - name: message + value: "$(tasks.rhoai-init.results.slack-message-failure-text)" + - name: secret-name + value: slack-secret + - name: key-name + value: slack-webhook + taskRef: + params: + - name: name + value: slack-webhook-notification + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-slack-webhook-notification:0.1@sha256:dc17b70633363d78414b8c06dc1660d25742935f106a6116995638e1210c2730 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.status) + operator: in + values: + - "Failed" + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: Path to the source code of an application's component from where + to build image. + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile inside the context specified by parameter + path-context + name: dockerfile + type: string + - default: "true" + description: Force rebuild image + name: rebuild + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "false" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched by Cachi2 + name: prefetch-input + type: string + - default: "" + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. + name: image-expires-after + - default: "false" + description: Build a source image. + name: build-source-image + type: string + - default: "false" + description: Add built image into an OCI image index + name: build-image-index + type: string + - default: [] + description: Array of --build-arg values ("arg=value" strings) for buildah + name: build-args + type: array + - default: "" + description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file + name: build-args-file + type: string + - default: "false" + description: Whether to enable privileged mode, should be used only with remote + VMs + name: privileged-nested + type: string + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + tasks: + - name: rhoai-init + params: + - name: pipelinerun-name + value: "$(context.pipelineRun.name)" + taskSpec: + results: + - description: Notification text to be posted to slack + name: slack-message-failure-text + steps: + - image: quay.io/rhoai-konflux/alpine:latest + name: rhoai-init + env: + - name: slack_message + valueFrom: + secretKeyRef: + name: slack-secret + key: slack-component-failure-notification + script: | + pipelinerun_name=$(params.pipelinerun-name) + echo "pipelinerun-name = $pipelinerun_name" + application_name=opendatahub-release + echo "application-name = $application_name" + + component_name=${pipelinerun_name/-on-*/} + echo "component-name = $component_name" + + KONFLUX_SERVER="https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com" + build_url="${KONFLUX_SERVER}/ns/open-data-hub-tenant/applications/${application_name}/pipelineruns/${pipelinerun_name}/logs" + + build_time="$(date +%Y-%m-%dT%H:%M:%S)" + + slack_message=${slack_message/__BUILD__URL__/$build_url} + slack_message=${slack_message/__PIPELINERUN__NAME__/$pipelinerun_name} + slack_message=${slack_message/__BUILD__TIME__/$build_time} + + echo -en "${slack_message}" > "$(results.slack-message-failure-text.path)" + - name: init + params: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: skip-checks + value: $(params.skip-checks) + taskRef: + params: + - name: name + value: init + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:7a24924417260b7094541caaedd2853dc8da08d4bb0968f710a400d3e8062063 + - name: kind + value: task + resolver: bundles + runAfter: + - rhoai-init + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + - name: ociStorage + value: $(params.output-image).git + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) + runAfter: + - init + taskRef: + params: + - name: name + value: git-clone-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:8ecf57d5a6697ce709bee65b62781efe79a10b0c2b95e05576442b67fbd61744 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: basic-auth + workspace: git-auth + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image).prefetch + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: prefetch-dependencies-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:022032b9c5e1c0c91dbb89f0e89692f5cd463e953851a883b750a3e6700ea6f3 + - name: kind + value: task + resolver: bundles + workspaces: + - name: git-basic-auth + workspace: git-auth + - name: netrc + workspace: netrc + - name: build-container + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + - name: PRIVILEGED_NESTED + value: $(params.privileged-nested) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - prefetch-dependencies + taskRef: + params: + - name: name + value: buildah-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.4@sha256:b91b634c32b7fd98dbfc4cdbc0a97d7694997fd49ceebabf34c2535fd47f84a2 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - name: build-image-index + params: + - name: IMAGE + value: $(params.output-image) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: ALWAYS_BUILD_INDEX + value: $(params.build-image-index) + - name: IMAGES + value: + - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) + runAfter: + - build-container + taskRef: + params: + - name: name + value: build-image-index + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:462ecbf94ec44a8b770d6ef8838955f91f57ee79795e5c18bdc0fcb0df593742 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - name: build-source-image + params: + - name: BINARY_IMAGE + value: $(params.output-image) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: source-build-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.2@sha256:56fa2cbfc04bad4765b7fe1fa8022587f4042d4e8533bb5f65311d46b43226ee + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - input: $(params.build-source-image) + operator: in + values: + - "true" + - name: deprecated-base-image-check + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:eb8136b543147b4a3e88ca3cc661ca6a11e303f35f0db44059f69151beea8496 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clair-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:7c73e2beca9b8306387efeaf775831440ec799b05a5f5c008a65bb941a1e91f6 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: ecosystem-cert-preflight-checks + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: ecosystem-cert-preflight-checks + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:dea8d9b4bec3e99d612d799798acf132df48276164b5193ea68f9f3c25ae425b + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-snyk-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-snyk-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:89aead32dc21404e4e0913be9668bdd2eea795db3e4caa762fb619044e479cb8 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: clamav-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:59094118aa07d5b0199565c4e0b2d0f4feb9a4741877c8716877572e2c4804f9 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-coverity-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - coverity-availability-check + taskRef: + params: + - name: name + value: sast-coverity-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.3@sha256:c8eb622d59019582f6f11ed656c0f04f388737f7dd6e47cd780ad0f34bb38bb2 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - input: $(tasks.coverity-availability-check.results.STATUS) + operator: in + values: + - success + - name: coverity-availability-check + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: coverity-availability-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:8b58c4fae00c0dfe3937abfb8a9a61aa3c408cca4278b817db53d518428d944e + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-shell-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-shell-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:57b3262138eb06186ae7375f84ca53788bba2a66cfd03d39cb82c78df050aba5 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: sast-unicode-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: sast-unicode-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.2@sha256:df185dbe4e2852668f9c46f938dd752e90ea9c79696363378435a6499596c319 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: apply-tags + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:3f89ba89cacf8547261b5ce064acce81bfe470c8ace127794d0e90aebc8c347d + - name: kind + value: task + resolver: bundles + - name: push-dockerfile + params: + - name: IMAGE + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: push-dockerfile-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:278f84550844c1c050a65536799f4b54e7c203e0ac51393aa75379dd974c82e9 + - name: kind + value: task + resolver: bundles + - name: rpms-signature-scan + params: + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:2366b2f394610192736dd8edac1a702964daeb961603dfc9ceb6b8188e39a009 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: git-auth + optional: true + - name: netrc + optional: true + taskRunTemplate: + serviceAccountName: build-pipeline-odh-codeflare-operator + workspaces: + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} From 7425d5265e815c7a94ee5c5cd3ad1b6f1df5b2fd Mon Sep 17 00:00:00 2001 From: kryanbeane Date: Tue, 1 Jul 2025 12:46:58 +0100 Subject: [PATCH 21/23] fix: use old quay repo --- .tekton/odh-codeflare-operator-push.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.tekton/odh-codeflare-operator-push.yaml b/.tekton/odh-codeflare-operator-push.yaml index cf22bb676..9b00d38d1 100644 --- a/.tekton/odh-codeflare-operator-push.yaml +++ b/.tekton/odh-codeflare-operator-push.yaml @@ -25,7 +25,7 @@ spec: - name: revision value: '{{revision}}' - name: output-image - value: quay.io/opendatahub/odh-codeflare-operator:v1.16.0 + value: quay.io/opendatahub/codeflare-operator:v1.16.0 - name: dockerfile value: Dockerfile - name: path-context From 2523dd3532023fbd2fb44c87b547b597dabeb0db Mon Sep 17 00:00:00 2001 From: Maor Friedman Date: Thu, 3 Jul 2025 11:58:35 +0300 Subject: [PATCH 22/23] use central pipeline definition --- .tekton/odh-codeflare-operator-push.yaml | 630 +---------------------- 1 file changed, 8 insertions(+), 622 deletions(-) diff --git a/.tekton/odh-codeflare-operator-push.yaml b/.tekton/odh-codeflare-operator-push.yaml index 9b00d38d1..103bbc578 100644 --- a/.tekton/odh-codeflare-operator-push.yaml +++ b/.tekton/odh-codeflare-operator-push.yaml @@ -30,629 +30,15 @@ spec: value: Dockerfile - name: path-context value: . - pipelineSpec: - description: | - This pipeline is ideal for building container images from a Containerfile while maintaining trust after pipeline customization. - - _Uses `buildah` to create a container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks. - This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-oci-ta?tab=tags)_ - finally: - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-image-index.results.IMAGE_URL) - taskRef: - params: - - name: name - value: show-sbom - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:002f7c8c1d2f9e09904035da414aba1188ae091df0ea9532cd997be05e73d594 - - name: kind - value: task - resolver: bundles - - name: send-slack-notification - params: - - name: message - value: "$(tasks.rhoai-init.results.slack-message-failure-text)" - - name: secret-name - value: slack-secret - - name: key-name - value: slack-webhook - taskRef: - params: - - name: name - value: slack-webhook-notification - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-slack-webhook-notification:0.1@sha256:dc17b70633363d78414b8c06dc1660d25742935f106a6116995638e1210c2730 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.status) - operator: in - values: - - "Failed" + pipelineRef: + resolver: git params: - - description: Source Repository URL - name: git-url - type: string - - default: "" - description: Revision of the Source Repository - name: revision - type: string - - description: Fully Qualified Output Image - name: output-image - type: string - - default: . - description: Path to the source code of an application's component from where - to build image. - name: path-context - type: string - - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context - name: dockerfile - type: string - - default: "true" - description: Force rebuild image - name: rebuild - type: string - - default: "false" - description: Skip checks against built image - name: skip-checks - type: string - - default: "false" - description: Execute the build with network isolation - name: hermetic - type: string - - default: "" - description: Build dependencies to be prefetched by Cachi2 - name: prefetch-input - type: string - - default: "" - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. - name: image-expires-after - - default: "false" - description: Build a source image. - name: build-source-image - type: string - - default: "false" - description: Add built image into an OCI image index - name: build-image-index - type: string - - default: [] - description: Array of --build-arg values ("arg=value" strings) for buildah - name: build-args - type: array - - default: "" - description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file - name: build-args-file - type: string - - default: "false" - description: Whether to enable privileged mode, should be used only with remote - VMs - name: privileged-nested - type: string - results: - - description: "" - name: IMAGE_URL - value: $(tasks.build-image-index.results.IMAGE_URL) - - description: "" - name: IMAGE_DIGEST - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - description: "" - name: CHAINS-GIT_URL - value: $(tasks.clone-repository.results.url) - - description: "" - name: CHAINS-GIT_COMMIT - value: $(tasks.clone-repository.results.commit) - tasks: - - name: rhoai-init - params: - - name: pipelinerun-name - value: "$(context.pipelineRun.name)" - taskSpec: - results: - - description: Notification text to be posted to slack - name: slack-message-failure-text - steps: - - image: quay.io/rhoai-konflux/alpine:latest - name: rhoai-init - env: - - name: slack_message - valueFrom: - secretKeyRef: - name: slack-secret - key: slack-component-failure-notification - script: | - pipelinerun_name=$(params.pipelinerun-name) - echo "pipelinerun-name = $pipelinerun_name" - application_name=opendatahub-release - echo "application-name = $application_name" - - component_name=${pipelinerun_name/-on-*/} - echo "component-name = $component_name" - - KONFLUX_SERVER="https://konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com" - build_url="${KONFLUX_SERVER}/ns/open-data-hub-tenant/applications/${application_name}/pipelineruns/${pipelinerun_name}/logs" - - build_time="$(date +%Y-%m-%dT%H:%M:%S)" - - slack_message=${slack_message/__BUILD__URL__/$build_url} - slack_message=${slack_message/__PIPELINERUN__NAME__/$pipelinerun_name} - slack_message=${slack_message/__BUILD__TIME__/$build_time} - - echo -en "${slack_message}" > "$(results.slack-message-failure-text.path)" - - name: init - params: - - name: image-url - value: $(params.output-image) - - name: rebuild - value: $(params.rebuild) - - name: skip-checks - value: $(params.skip-checks) - taskRef: - params: - - name: name - value: init - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:7a24924417260b7094541caaedd2853dc8da08d4bb0968f710a400d3e8062063 - - name: kind - value: task - resolver: bundles - runAfter: - - rhoai-init - - name: clone-repository - params: - - name: url - value: $(params.git-url) - - name: revision - value: $(params.revision) - - name: ociStorage - value: $(params.output-image).git - - name: ociArtifactExpiresAfter - value: $(params.image-expires-after) - runAfter: - - init - taskRef: - params: - - name: name - value: git-clone-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:8ecf57d5a6697ce709bee65b62781efe79a10b0c2b95e05576442b67fbd61744 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - workspaces: - - name: basic-auth - workspace: git-auth - - name: prefetch-dependencies - params: - - name: input - value: $(params.prefetch-input) - - name: SOURCE_ARTIFACT - value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - - name: ociStorage - value: $(params.output-image).prefetch - - name: ociArtifactExpiresAfter - value: $(params.image-expires-after) - runAfter: - - clone-repository - taskRef: - params: - - name: name - value: prefetch-dependencies-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:022032b9c5e1c0c91dbb89f0e89692f5cd463e953851a883b750a3e6700ea6f3 - - name: kind - value: task - resolver: bundles - workspaces: - - name: git-basic-auth - workspace: git-auth - - name: netrc - workspace: netrc - - name: build-container - params: - - name: IMAGE - value: $(params.output-image) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - $(params.build-args[*]) - - name: BUILD_ARGS_FILE - value: $(params.build-args-file) - - name: PRIVILEGED_NESTED - value: $(params.privileged-nested) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - runAfter: - - prefetch-dependencies - taskRef: - params: - - name: name - value: buildah-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.4@sha256:b91b634c32b7fd98dbfc4cdbc0a97d7694997fd49ceebabf34c2535fd47f84a2 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - - name: build-image-index - params: - - name: IMAGE - value: $(params.output-image) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - - name: ALWAYS_BUILD_INDEX - value: $(params.build-image-index) - - name: IMAGES - value: - - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - params: - - name: name - value: build-image-index - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:462ecbf94ec44a8b770d6ef8838955f91f57ee79795e5c18bdc0fcb0df593742 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - - name: build-source-image - params: - - name: BINARY_IMAGE - value: $(params.output-image) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - runAfter: - - build-image-index - taskRef: - params: - - name: name - value: source-build-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.2@sha256:56fa2cbfc04bad4765b7fe1fa8022587f4042d4e8533bb5f65311d46b43226ee - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: - - "true" - - input: $(params.build-source-image) - operator: in - values: - - "true" - - name: deprecated-base-image-check - params: - - name: IMAGE_URL - value: $(tasks.build-image-index.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - runAfter: - - build-image-index - taskRef: - params: - - name: name - value: deprecated-image-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:eb8136b543147b4a3e88ca3cc661ca6a11e303f35f0db44059f69151beea8496 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: clair-scan - params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - build-image-index - taskRef: - params: - - name: name - value: clair-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:7c73e2beca9b8306387efeaf775831440ec799b05a5f5c008a65bb941a1e91f6 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: ecosystem-cert-preflight-checks - params: - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - build-image-index - taskRef: - params: - - name: name - value: ecosystem-cert-preflight-checks - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:dea8d9b4bec3e99d612d799798acf132df48276164b5193ea68f9f3c25ae425b - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sast-snyk-check - params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - runAfter: - - build-image-index - taskRef: - params: - - name: name - value: sast-snyk-check-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:89aead32dc21404e4e0913be9668bdd2eea795db3e4caa762fb619044e479cb8 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: clamav-scan - params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - build-image-index - taskRef: - params: - - name: name - value: clamav-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:59094118aa07d5b0199565c4e0b2d0f4feb9a4741877c8716877572e2c4804f9 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sast-coverity-check - params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - - name: IMAGE - value: $(params.output-image) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - $(params.build-args[*]) - - name: BUILD_ARGS_FILE - value: $(params.build-args-file) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - runAfter: - - coverity-availability-check - taskRef: - params: - - name: name - value: sast-coverity-check-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.3@sha256:c8eb622d59019582f6f11ed656c0f04f388737f7dd6e47cd780ad0f34bb38bb2 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - input: $(tasks.coverity-availability-check.results.STATUS) - operator: in - values: - - success - - name: coverity-availability-check - runAfter: - - build-image-index - taskRef: - params: - - name: name - value: coverity-availability-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:8b58c4fae00c0dfe3937abfb8a9a61aa3c408cca4278b817db53d518428d944e - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sast-shell-check - params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - runAfter: - - build-image-index - taskRef: - params: - - name: name - value: sast-shell-check-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:57b3262138eb06186ae7375f84ca53788bba2a66cfd03d39cb82c78df050aba5 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: sast-unicode-check - params: - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - runAfter: - - build-image-index - taskRef: - params: - - name: name - value: sast-unicode-check-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.2@sha256:df185dbe4e2852668f9c46f938dd752e90ea9c79696363378435a6499596c319 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - - name: apply-tags - params: - - name: IMAGE - value: $(tasks.build-image-index.results.IMAGE_URL) - runAfter: - - build-image-index - taskRef: - params: - - name: name - value: apply-tags - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:3f89ba89cacf8547261b5ce064acce81bfe470c8ace127794d0e90aebc8c347d - - name: kind - value: task - resolver: bundles - - name: push-dockerfile - params: - - name: IMAGE - value: $(tasks.build-image-index.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - runAfter: - - build-image-index - taskRef: - params: - - name: name - value: push-dockerfile-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:278f84550844c1c050a65536799f4b54e7c203e0ac51393aa75379dd974c82e9 - - name: kind - value: task - resolver: bundles - - name: rpms-signature-scan - params: - - name: image-url - value: $(tasks.build-image-index.results.IMAGE_URL) - - name: image-digest - value: $(tasks.build-image-index.results.IMAGE_DIGEST) - runAfter: - - build-image-index - taskRef: - params: - - name: name - value: rpms-signature-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:2366b2f394610192736dd8edac1a702964daeb961603dfc9ceb6b8188e39a009 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - workspaces: - - name: git-auth - optional: true - - name: netrc - optional: true + - name: url + value: https://github.com/red-hat-data-services/konflux-central.git + - name: revision + value: '{{ target_branch }}' + - name: pathInRepo + value: pipelines/container-build.yaml taskRunTemplate: serviceAccountName: build-pipeline-odh-codeflare-operator workspaces: From 1f4e5d9f1b8a59166a083b3219166ae7579f975d Mon Sep 17 00:00:00 2001 From: Maor Friedman Date: Thu, 3 Jul 2025 12:01:53 +0300 Subject: [PATCH 23/23] add pull request pipeline --- .../odh-codeflare-operator-pull-request.yaml | 50 +++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 .tekton/odh-codeflare-operator-pull-request.yaml diff --git a/.tekton/odh-codeflare-operator-pull-request.yaml b/.tekton/odh-codeflare-operator-pull-request.yaml new file mode 100644 index 000000000..163003502 --- /dev/null +++ b/.tekton/odh-codeflare-operator-pull-request.yaml @@ -0,0 +1,50 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/opendatahub-io/codeflare-operator?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/cancel-in-progress: "false" + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-target-branch: "[test]" + pipelinesascode.tekton.dev/on-event: "[pull_request]" + pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch + == "main" + creationTimestamp: null + labels: + appstudio.openshift.io/application: opendatahub-release + appstudio.openshift.io/component: odh-codeflare-operator + pipelines.appstudio.openshift.io/type: build + name: odh-codeflare-operator-on-pull-request + namespace: open-data-hub-tenant +spec: + params: + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: image-expires-after + value: 5d + - name: output-image + value: quay.io/opendatahub/codeflare-operator:pr-v1.16.0 + - name: dockerfile + value: Dockerfile + - name: path-context + value: . + pipelineRef: + resolver: git + params: + - name: url + value: https://github.com/red-hat-data-services/konflux-central.git + - name: revision + value: '{{ target_branch }}' + - name: pathInRepo + value: pipelines/container-build.yaml + taskRunTemplate: + serviceAccountName: build-pipeline-odh-codeflare-operator + workspaces: + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {}