Add DOMAIN_PROXY, BYTE_BUFFER_SIZE, PROXY_TARGET_WHITELIST params to buildah-oci-ta. Correct naming of domain proxy tmp directory.

Author: tecarter94

deploy/tasks/buildah-oci-ta.yaml

@@ -135,6 +135,16 @@ spec:
       description: The buildah image to use.
       type: string
       default: quay.io/konflux-ci/buildah-task:latest@sha256:5cbd487022fb7ac476cbfdea25513b810f7e343ec48f89dc6a4e8c3c39fa37a2
+    - name: DOMAIN_PROXY
+      description: Determines if domain proxy will be used when hermetic mode is enabled.
+      type: string
+      default: "false"
+    - name: BYTE_BUFFER_SIZE
+      description: The byte buffer size to use for the domain proxy.
+      type: string
+    - name: PROXY_TARGET_WHITELIST
+      description: Comma separated whitelist of target hosts for the domain proxy.
+      type: string
   results:
     - name: IMAGE_DIGEST
       description: Digest of the image just built
@@ -354,6 +364,8 @@ spec:
         )
 
         BUILDAH_ARGS=()
+        use_domain_proxy=false
+        DOMAIN_PROXY_ARGS=()
 
         if [ "${HERMETIC}" == "true" ]; then
           BUILDAH_ARGS+=("--pull=never")
@@ -362,8 +374,19 @@ spec:
             unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull $image
           done
           echo "Build will be executed with network isolation"
-          /app/domain-proxy-server-runner &
-          server_pid=$!
+          if [ "${DOMAIN_PROXY}" == "true" ]; then
+            use_domain_proxy=true
+            if [ -n "${BYTE_BUFFER_SIZE}" ]; then
+              DOMAIN_PROXY_ARGS+=("BYTE_BUFFER_SIZE=${BYTE_BUFFER_SIZE}")
+            fi
+            if [ -n "${PROXY_TARGET_WHITELIST}" ]; then
+              DOMAIN_PROXY_ARGS+=("PROXY_TARGET_WHITELIST=${PROXY_TARGET_WHITELIST}")
+            fi
+            echo "Build will be executed with domain proxy"
+            echo ${DOMAIN_PROXY_ARGS[@]} # TODO remove
+            ${DOMAIN_PROXY_ARGS[@]} /app/domain-proxy-server-runner &
+            server_pid=$!
+          fi
         fi
 
         if [ -n "${TARGET_STAGE}" ]; then
@@ -460,12 +483,16 @@ spec:
         # Prevent ShellCheck from giving a warning because 'image' is defined and 'IMAGE' is not.
         declare IMAGE
 
-        if [ "${HERMETIC}" == "true" ]; then
-          # Without expansion
-          cat > /app/build-script.sh << 'EOF'
+        if [ "$use_domain_proxy" == "true" ]; then
+          # With expansion
+          cat >> /app/build-script.sh << EOF
         #!/bin/sh
         ip link set lo up
-        /app/domain-proxy-client-runner &
+        ${DOMAIN_PROXY_ARGS[@]} /app/domain-proxy-client-runner &
+        EOF
+
+        # Without expansion
+          cat > /app/build-script.sh << 'EOF'
         client_pid=$!
         EOF
 

java-components/domain-proxy/client/src/main/resources/application.properties

@@ -1,3 +1,3 @@
-client-domain-socket=${DOMAIN_SOCKET:/tmp/domainserver}
+client-domain-socket=${DOMAIN_SOCKET:/tmp/domain-server}
 client-http-port=8080
 byte-buffer-size=${BYTE_BUFFER_SIZE:1024}

java-components/domain-proxy/server/src/main/resources/application.properties

@@ -1,4 +1,4 @@
-server-domain-socket=${DOMAIN_SOCKET:/tmp/domainserver}
+server-domain-socket=${DOMAIN_SOCKET:/tmp/domain-server}
 server-http-port=2000
 byte-buffer-size=${BYTE_BUFFER_SIZE:1024}
 proxy-target-whitelist=${PROXY_TARGET_WHITELIST:repo.maven.apache.org,repository.jboss.org,packages.confluent.io,jitpack.io,repo.gradle.org,plugins.gradle.org}

pkg/reconciler/dependencybuild/buildrecipeyaml.go

@@ -523,6 +523,13 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi
 						},
 					},
 				},
+				{
+					Name: "HERMETIC",
+					Value: tektonpipeline.ParamValue{
+						Type:      tektonpipeline.ParamTypeString,
+						StringVal: "true",
+					},
+				},
 				{
 					Name: "BUILD_IMAGE",
 					Value: tektonpipeline.ParamValue{
@@ -531,12 +538,26 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi
 					},
 				},
 				{
-					Name: "HERMETIC",
+					Name: "DOMAIN_PROXY",
 					Value: tektonpipeline.ParamValue{
 						Type:      tektonpipeline.ParamTypeString,
 						StringVal: "true",
 					},
 				},
+				{
+					Name: "BYTE_BUFFER_SIZE", // TODO remove
+					Value: tektonpipeline.ParamValue{
+						Type:      tektonpipeline.ParamTypeString,
+						StringVal: "1024",
+					},
+				},
+				{
+					Name: "PROXY_TARGET_WHITELIST",
+					Value: tektonpipeline.ParamValue{
+						Type:      tektonpipeline.ParamTypeString,
+						StringVal: cacheUrl,
+					},
+				},
 			},
 		}}, ps.Tasks...)