Merge pull request #2117 from rnc/KJB11

Convert pre-build task to yaml.

Author: rnc

deploy/base-development.sh

@@ -42,15 +42,13 @@ fi
 # and if 'true' or 'false' is seen that is coerced to a bool which causes an issue
 export JBS_S3_SYNC_ENABLED="\"$JBS_S3_SYNC_ENABLED\""
 
-kubectl delete --ignore-not-found deployments.apps hacbs-jvm-operator -n jvm-build-service
-kubectl delete --ignore-not-found deployments.apps jvm-build-workspace-artifact-cache
-
 function cleanAllArtifacts() {
     # Following are created in CI code
     kubectl delete --ignore-not-found=true tasks.tekton.dev git-clone
     kubectl delete --ignore-not-found=true tasks.tekton.dev maven
     kubectl delete --ignore-not-found=true pipelines.tekton.dev sample-component-build
-    kubectl delete --ignore-not-found=true clusterrolebindings.rbac.authorization.k8s.io pipeline-test-jvm-namespace
+    kubectl delete --ignore-not-found=true clusterrolebindings.rbac.authorization.k8s.io pipeline-${JBS_WORKER_NAMESPACE}
+    kubectl delete --ignore-not-found=true deployments.apps jvm-build-maven-repo -n ${JBS_WORKER_NAMESPACE}
 
     kubectl delete --ignore-not-found=true artifactbuilds.jvmbuildservice.io --all
 
@@ -61,6 +59,9 @@ function cleanAllArtifacts() {
 echo -e "\033[0;32mSetting context to $JBS_WORKER_NAMESPACE with quay image $JBS_QUAY_ORG\033[0m"
 # Its possible to set context before namespaces have been created.
 kubectl config set-context --current --namespace=$JBS_WORKER_NAMESPACE
+kubectl delete --ignore-not-found deployments.apps hacbs-jvm-operator -n jvm-build-service
+kubectl delete --ignore-not-found deployments.apps jvm-build-workspace-artifact-cache
+
 
 if [ "$1" = "--clean" ]; then
     cleanAllArtifacts

deploy/tasks/maven-deployment.yaml

@@ -37,14 +37,10 @@ spec:
       type: string
       default: "quay.io/redhat-appstudio/hacbs-jvm-build-request-processor:dev"
   volumes:
-    - name: shared
-      emptyDir: {}
     - name: workdir
       emptyDir: {}
   stepTemplate:
     volumeMounts:
-      - mountPath: /shared
-        name: shared
       - mountPath: /var/workdir
         name: workdir
   steps:
@@ -70,10 +66,10 @@ spec:
         runAsUser: 0
       computeResources:
         limits:
-          cpu: "1"
-          memory: 2Gi
+          cpu: 300m
+          memory: 512Mi
         requests:
-          cpu: 50m
+          cpu: 10m
           memory: 512Mi
       env:
         - name: MVN_REPO

deploy/tasks/pre-build.yaml

@@ -0,0 +1,147 @@
+---
+apiVersion: tekton.dev/v1
+kind: Task
+metadata:
+  name: pre-build
+  annotations:
+    tekton.dev/pipelines.minVersion: 0.12.1
+    tekton.dev/tags: image-build, konflux
+  labels:
+    app.kubernetes.io/version: "0.1"
+    build.appstudio.redhat.com/build_type: docker
+spec:
+  description: |-
+    Sets up pre-build running the preprocessor, pushing the source and creating the OCI image.
+  params:
+    - name: IMAGE_URL
+      description: URL of the OCI image to use.
+      type: string
+    - name: NAME
+      description: Name of the pipeline run (i.e. unique dependency build name)
+      type: string
+    - name: GIT_SCRIPT
+      description: Git clone commands
+      type: string
+    - name: GIT_IDENTITY
+      description: Git username
+      type: string
+    - name: GIT_URL
+      description: URL to determine whether we're using gitlab or github
+      type: string
+    - name: GIT_DEPLOY_TOKEN
+      description: Name of jvm-build-git-repo-secrets secret containing git password/token to use.
+      type: string
+    - name: GIT_SSL_VERIFICATION
+      description: Whether to disable ssl verification
+      type: string
+      default: "false"
+    - name: GIT_REUSE_REPOSITORY
+      description: Whether to reuse existing git repository or create new one
+      type: string
+    - name: SCM_URL
+      description: Reference to the git repository
+      type: string
+    - name: SCM_HASH
+      description: Git hash
+      type: string
+    - name: RECIPE_IMAGE
+      description: The image from the build recipe to use
+    - name: BUILD_SCRIPT
+      description: The build script to embed with the Containerfile
+    - name: PREPROCESSOR_ARGS
+      description: The arguments for the build preprocessor
+    - name: ORAS_OPTIONS
+      type: string
+      description: Optional environment variable string for build-trusted-artifacts
+      default: ""
+    - name: JVM_BUILD_SERVICE_REQPROCESSOR_IMAGE
+      description: Name of the processor image. Useful to override for development.
+      type: string
+      default: "quay.io/redhat-appstudio/hacbs-jvm-build-request-processor:dev"
+  results:
+    - name: PRE_BUILD_IMAGE_DIGEST
+      description: Digest of the image just built
+    - name: GIT_ARCHIVE
+      description: Git archive information
+  workspaces:
+    - description: The git repo will be cloned onto the volume backing this Workspace.
+      name: source
+      mountPath: /var/workdir
+    - name: tls
+  steps:
+    # Should we use our own git clone task? Or embed (somehow) Konflux's version?
+    - name: git-clone
+      image: $(params.RECIPE_IMAGE)
+      computeResources:
+        limits:
+          cpu: 300m
+          memory: 512Mi
+        requests:
+          cpu: 10m
+          memory: 512Mi
+      securityContext:
+        runAsUser: 0
+      env:
+        - name: GIT_TOKEN
+          valueFrom:
+            secretKeyRef:
+              optional: true
+              name: jvm-build-git-secrets
+              key: .git-credentials
+      script: |
+        $(params.GIT_SCRIPT)
+    - name: preprocessor
+      image: $(params.JVM_BUILD_SERVICE_REQPROCESSOR_IMAGE)
+      securityContext:
+        runAsUser: 0
+      computeResources:
+        limits:
+          cpu: 300m
+          memory: 512Mi
+        requests:
+          cpu: 10m
+          memory: 512Mi
+      script: |
+        $(params.BUILD_SCRIPT)
+        /opt/jboss/container/java/run/run-java.sh $(params.PREPROCESSOR_ARGS)
+    - name: create-pre-build-source
+      image: $(params.JVM_BUILD_SERVICE_REQPROCESSOR_IMAGE)
+      securityContext:
+        runAsUser: 0
+      computeResources:
+        limits:
+          cpu: 300m
+          memory: 512Mi
+        requests:
+          cpu: 10m
+          memory: 512Mi
+      env:
+        - name: GIT_DEPLOY_TOKEN
+          valueFrom:
+            secretKeyRef:
+              optional: true
+              name: $(params.GIT_DEPLOY_TOKEN)
+              key: gitdeploytoken
+      args:
+        - deploy-pre-build-source
+        - --source-path=$(workspaces.source.path)/source
+        - --task-run-name=$(context.taskRun.name)
+        - --scm-uri=$(params.SCM_URL)
+        - --scm-commit=$(params.SCM_HASH)
+        - --image-id=$(params.NAME)
+        - --git-identity=$(params.GIT_IDENTITY)
+        - --git-url=$(params.GIT_URL)
+        - --git-disable-ssl-verification=$(params.GIT_SSL_VERIFICATION)
+        - --git-reuse-repository=$(params.GIT_REUSE_REPOSITORY)
+    - name: create-pre-build-image
+      image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:d6f57d97d19008437680190908fe5444cda380f9c77d0e9efde7153720412e05
+      script: |
+        echo "Creating pre-build-image archive"
+        export ORAS_OPTIONS="$ORAS_OPTIONS --image-spec=v1.0 --artifact-type application/vnd.oci.image.config.v1+json"
+        create-archive --store $(params.IMAGE_URL) $(results.PRE_BUILD_IMAGE_DIGEST.path)=$(workspaces.source.path)/source
+      env:
+        - name: ORAS_OPTIONS
+          value: $(params.ORAS_OPTIONS)
+        - name: IMAGE_URL
+          value: $(params.IMAGE_URL)
+

java-components/build-request-processor/src/main/java/com/redhat/hacbs/container/deploy/git/GitHub.java

@@ -32,11 +32,11 @@ enum Type {
     public GitHub(String endpoint, String identity, String token, boolean ssl)
             throws IOException {
         if (isNotEmpty(token)) {
-            github = new GitHubBuilder().withEndpoint(endpoint == null ? GITHUB_URL : endpoint)
+            github = new GitHubBuilder().withEndpoint(isNotEmpty(endpoint) ? endpoint : GITHUB_URL)
                     .withOAuthToken(token)
                     .build();
         } else {
-            github = new GitHubBuilder().withEndpoint(endpoint == null ? GITHUB_URL : endpoint)
+            github = new GitHubBuilder().withEndpoint(isNotEmpty(endpoint) ? endpoint : GITHUB_URL)
                     .build();
         }
         owner = identity;