sps enablement for master (#1080)

Author: Tirumalavasa

.pipeline-config-ci.yaml

@@ -0,0 +1,78 @@
+version: '2'
+
+# CI Pipeline: code-checks, code-build, deploy-checks, deploy-release
+tasks:
+  code-checks:
+    # code-checks includes five configurable steps: setup, detect-secrets, compliance-checks, peer-review, static-scan
+    include:
+      - dind
+    steps:
+      - name: checks-setup
+        when: 'false'
+      - name: detect-secrets
+        when: 'false'
+      - name: compliance-checks
+        when: 'false'
+      - name: peer-review
+        when: 'false'
+      - name: static-scan
+        when: 'false'
+        
+  code-build:
+    runtimeClassName: medium
+    displayName: Build amd64, ppc64le and s390x images
+    include:
+      - dind
+    # code-build includes five configurable steps: setup, unit-test, build-artifact, sign-artifact, scan-artifact
+    steps:
+      - name: setup
+        when: 'false'
+      - name: unit-test
+        when: 'false'
+      - name: build-artifact
+        include:
+          - docker-socket
+          - dind
+        image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3.66
+        script: |
+          #!/usr/bin/env bash
+          if [[ "$PIPELINE_DEBUG" == 1 ]]; then
+              trap env EXIT
+              env
+              set -x
+          fi
+          cd "$WORKSPACE/$(load_repo app-repo path)"
+          export ARCH="amd64"
+          export GIT_BRANCH="$(get_env git-branch)"
+          export GIT_COMMIT="$(get_env git-commit)"
+          export BUILD_TAG="$(cat internal/version/version.go | tr -d '\n')"
+          source build_scripts/setup_env.sh
+          source build_scripts/build_image.sh
+      - name: sign-artifact
+        when: 'false'
+      - name: scan-artifact
+        when: 'false'
+
+  deploy-checks:
+    include:
+      - dind
+    # deploy-checks includes three configurable steps: deploy, dynamic-scan, acceptance-test
+    steps:
+      - name: deploy
+        when: 'false'
+      - name: dynamic-scan
+        when: 'false'
+      - name: acceptance-test
+        when: 'false'
+
+  deploy-release:
+    # deploy-release includes one configurable step: run-stage
+    steps:
+      - name: run-stage
+        when: 'false'
+
+finally:
+  code-ci-finish:
+    steps:
+      - name: run-stage
+        when: 'false'

.pipeline-config-pr.yaml

@@ -0,0 +1,41 @@
+version: '2'
+
+# PR Pipeline: pr-code-checks, code-pr-finish
+tasks:
+  pr-code-checks:
+    runtimeClassName: medium
+    displayName: Build amd64, ppc64le and s390x images
+    include:
+      - dind
+    steps:
+      - name: checks-setup
+        when: 'false'
+      - name: detect-secrets
+        when: 'false'
+      - name: unit-test
+        include:
+          - docker-socket
+          - dind
+        image: icr.io/continuous-delivery/pipeline/pipeline-base-ubi:3.66
+        script: |
+          #!/usr/bin/env bash
+          if [[ "$PIPELINE_DEBUG" == 1 ]]; then
+              trap env EXIT
+              env
+              set -x
+          fi
+          cd "$WORKSPACE/$(load_repo app-repo path)"
+          export ARCH="amd64"
+          export GIT_BRANCH="$(get_env git-branch)"
+          export GIT_COMMIT="$(get_env git-commit)"
+          export BUILD_TAG="${GIT_COMMIT:0:7}"
+          source build_scripts/setup_env.sh
+          source build_scripts/build_image.sh
+      - name: compliance-checks
+        when: 'false'
+
+finally:
+  code-pr-finish:
+    steps:
+      - name: run-stage
+        when: 'false'

Dockerfile

@@ -15,15 +15,13 @@
 FROM docker-na-public.artifactory.swg-devops.com/hyc-cloud-private-edge-docker-local/build-images/ubi9-minimal:latest
 
 ARG VCS_REF
-ARG VCS_URL
 ARG IMG_VERSION
 ARG IMG_RELEASE
 
 LABEL org.label-schema.vendor="IBM" \
     org.label-schema.name="ibm-iam-operator" \
     org.label-schema.description="IBM IAM Operator" \
     org.label-schema.vcs-ref=$VCS_REF \
-    org.label-schema.vcs-url=$VCS_URL \
     org.label-schema.license="Licensed Materials - Property of IBM" \
     org.label-schema.schema-version="1.0" \
     name="ibm-iam-operator" \

Makefile

@@ -26,8 +26,7 @@ DATA_NS ?= $(CONTROL_NS)
 WATCH_NS ?= $(DATA_NS)
 
 GIT_COMMIT_ID=$(shell git rev-parse --short HEAD)
-GIT_REMOTE_URL=$(shell git config --get remote.origin.url)
-IMAGE_BUILD_OPTS=--build-arg "VCS_REF=$(GIT_COMMIT_ID)" --build-arg "VCS_URL=$(GIT_REMOTE_URL)" --build-arg "IMG_VERSION=$(VERSION)" --build-arg "IMG_RELEASE=$(shell date +%s)"
+IMAGE_BUILD_OPTS=--build-arg "VCS_REF=$(GIT_COMMIT_ID)" --build-arg "IMG_VERSION=$(VERSION)" --build-arg "IMG_RELEASE=$(shell date +%s)"
 
 # Image URL to use all building/pushing image targets;
 # Use your own docker registry and image name for dev/test by overridding the IMG and REGISTRY environment variable.
@@ -37,9 +36,6 @@ CONTAINER_CLI ?= docker
 
 MARKDOWN_LINT_WHITELIST=https://quay.io/cnr
 
-ifeq ($(BUILD_LOCALLY),0)
-    export CONFIG_DOCKER_TARGET = config-docker
-endif
 
 TESTARGS_DEFAULT := "-v"
 export TESTARGS ?= $(TESTARGS_DEFAULT)
@@ -414,7 +410,7 @@ bundle-render: ## Render the bundle contents into the local FBC index.
 	./hack/bundle-render $(IMG).v$(BUNDLE_VERSION) $(BUNDLE_IMG)
 
 TARGET_ARCH=$(LOCAL_ARCH)
-build-image: $(GO) $(CONFIG_DOCKER_TARGET) licenses-dir ## Build the Operator manager image
+build-image: $(GO) licenses-dir ## Build the Operator manager image
 	@echo "Building manager binary for linux/$(TARGET_ARCH)"
 	@CGO_ENABLED=0 GOOS=linux GOARCH=$(TARGET_ARCH) $(GO) build -a -o build/_output/bin/manager cmd/main.go
 	@echo "Building manager image for linux/$(TARGET_ARCH)"
@@ -437,11 +433,13 @@ build-image-ppc64le: build-image
 build-image-s390x: TARGET_ARCH=s390x
 build-image-s390x: build-image
 
-images: $(CONFIG_DOCKER_TARGET)  ## Build the multi-arch manifest.
+images:
 	@${MAKE} build-image-amd64
 	@${MAKE} build-image-ppc64le
 	@${MAKE} build-image-s390x
-	@DOCKER_BUILDKIT=1 MAX_PULLING_RETRY=20 RETRY_INTERVAL=30 common/scripts/multiarch_image.sh $(REGISTRY) $(IMG) $(GIT_COMMIT_ID) $(VERSION)
+	@if [ "$(SPS_EVENT_TYPE)" = "push" ]; then \
+		DOCKER_BUILDKIT=1 MAX_PULLING_RETRY=20 RETRY_INTERVAL=30 common/scripts/multiarch_image.sh $(REGISTRY) $(IMG) $(GIT_COMMIT_ID) $(VERSION); \
+	fi
 
 ##@ Deployment
 

build_scripts/build_image.sh

@@ -0,0 +1,17 @@
+export BUILD_LOCALLY=0
+
+echo "***************** Install go *****************"
+
+GO_VERSION="1.24.5"
+curl -sLO "https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz"
+sudo rm -rf /usr/local/go
+sudo tar -C /usr/local -xzf "go${GO_VERSION}.linux-amd64.tar.gz"
+rm "go${GO_VERSION}.linux-amd64.tar.gz"
+
+grep -q '/usr/local/go/bin' ~/.bashrc || echo 'export PATH=$PATH:/usr/local/go/bin' >> ~/.bashrc
+source ~/.bashrc
+go version
+
+echo "**************** Building images ****************"
+
+make images

build_scripts/setup_env.sh

@@ -0,0 +1,20 @@
+# Set up Needed Variables
+export ARTIFACTORY_USERNAME="$(get_env ARTIFACTORY_USERNAME)"
+export ARTIFACTORY_TOKEN="$(get_env ARTIFACTORY_TOKEN)"
+export DOCKER_REGISTRY="$(get_env DOCKER_REGISTRY)"
+export DOCKER_USER="$(get_env DOCKER_USER)"
+export DOCKER_PASS="$(get_env DOCKER_PASS)"
+export GITHUB_TOKEN="$(get_env GITHUB_TOKEN)"
+export GITHUB_USER="$(get_env GITHUB_USER)"
+export SPS_EVENT_TYPE="$(get_env SPS_EVENT_TYPE)"
+
+# Configure Environment
+echo -e "machine github.ibm.com\n  login $GITHUB_TOKEN" >> ~/.netrc
+chmod 600 ~/.netrc
+git config --global --add safe.directory $WORKSPACE/$(load_repo app-repo path)
+# Output Paremeters
+echo "Current branch : $GIT_BRANCH"
+echo "Building commit $GIT_COMMIT"
+
+# Login to root artifactory (to cover both base images and build image)
+docker login docker-na-public.artifactory.swg-devops.com -u ARTIFACTORY_USERNAME -p ARTIFACTORY_TOKEN