@@ -131,6 +131,62 @@ spec:
131131 description : The name of the ConfigMap to read CA bundle data from.
132132 type : string
133133 default : trusted-ca
134+ - name : BUILD_IMAGE
135+ description : The buildah image to use.
136+ type : string
137+ default : quay.io/konflux-ci/buildah-task:latest@sha256:b2d6c32d1e05e91920cd4475b2761d58bb7ee11ad5dff3ecb59831c7572b4d0c
138+ - name : ENABLE_DOMAIN_PROXY
139+ description : Determines if domain proxy will be used when hermetic mode is enabled.
140+ type : string
141+ default : " false"
142+ - name : DOMAIN_PROXY_BYTE_BUFFER_SIZE
143+ description : The byte buffer size to use for the domain proxy.
144+ type : string
145+ default : 32768
146+ - name : DOMAIN_PROXY_DOMAIN_SOCKET
147+ description : The domain socket to use for the domain proxy.
148+ type : string
149+ default : /tmp/domain-socket.sock
150+ - name : DOMAIN_PROXY_CONNECTION_TIMEOUT
151+ description : The connection timeout in milliseconds to use for the domain proxy.
152+ type : string
153+ default : 10000
154+ - name : DOMAIN_PROXY_IDLE_TIMEOUT
155+ description : The idle timeout in milliseconds to use for the domain proxy.
156+ type : string
157+ default : 30000
158+ - name : DOMAIN_PROXY_TARGET_WHITELIST
159+ description : Comma separated whitelist of target hosts for the domain proxy.
160+ type : string
161+ default : " "
162+ - name : DOMAIN_PROXY_ENABLE_INTERNAL_PROXY
163+ description : Determines if internal proxy will be used when domain proxy is enabled.
164+ type : string
165+ default : " false"
166+ - name : DOMAIN_PROXY_INTERNAL_PROXY_HOST
167+ description : Host of proxy used internally by the domain proxy.
168+ type : string
169+ default : " "
170+ - name : DOMAIN_PROXY_INTERNAL_PROXY_PORT
171+ description : Port of proxy used internally by the domain proxy.
172+ type : string
173+ default : " "
174+ - name : DOMAIN_PROXY_INTERNAL_PROXY_USER
175+ description : User of proxy used internally by the domain proxy.
176+ type : string
177+ default : " "
178+ - name : DOMAIN_PROXY_INTERNAL_PROXY_PASSWORD
179+ description : Password of proxy used internally by the domain proxy.
180+ type : string
181+ default : " "
182+ - name : DOMAIN_PROXY_INTERNAL_NON_PROXY_HOSTS
183+ description : Comma separated list of target hosts that bypass the proxy used internally by the domain proxy.
184+ type : string
185+ default : " "
186+ - name : DOMAIN_PROXY_HTTP_PORT
187+ description : The HTTP port to use for the domain proxy.
188+ type : string
189+ default : 8080
134190 results :
135191 - name : IMAGE_DIGEST
136192 description : Digest of the image just built
@@ -214,6 +270,32 @@ spec:
214270 value : $(params.YUM_REPOS_D_SRC)
215271 - name : YUM_REPOS_D_TARGET
216272 value : $(params.YUM_REPOS_D_TARGET)
273+ - name : ENABLE_DOMAIN_PROXY
274+ value : $(params.ENABLE_DOMAIN_PROXY)
275+ - name : DOMAIN_PROXY_BYTE_BUFFER_SIZE
276+ value : $(params.DOMAIN_PROXY_BYTE_BUFFER_SIZE)
277+ - name : DOMAIN_PROXY_DOMAIN_SOCKET
278+ value : $(params.DOMAIN_PROXY_DOMAIN_SOCKET)
279+ - name : DOMAIN_PROXY_CONNECTION_TIMEOUT
280+ value : $(params.DOMAIN_PROXY_CONNECTION_TIMEOUT)
281+ - name : DOMAIN_PROXY_IDLE_TIMEOUT
282+ value : $(params.DOMAIN_PROXY_IDLE_TIMEOUT)
283+ - name : DOMAIN_PROXY_TARGET_WHITELIST
284+ value : $(params.DOMAIN_PROXY_TARGET_WHITELIST)
285+ - name : DOMAIN_PROXY_ENABLE_INTERNAL_PROXY
286+ value : $(params.DOMAIN_PROXY_ENABLE_INTERNAL_PROXY)
287+ - name : DOMAIN_PROXY_INTERNAL_PROXY_HOST
288+ value : $(params.DOMAIN_PROXY_INTERNAL_PROXY_HOST)
289+ - name : DOMAIN_PROXY_INTERNAL_PROXY_PORT
290+ value : $(params.DOMAIN_PROXY_INTERNAL_PROXY_PORT)
291+ - name : DOMAIN_PROXY_INTERNAL_PROXY_USER
292+ value : $(params.DOMAIN_PROXY_INTERNAL_PROXY_USER)
293+ - name : DOMAIN_PROXY_INTERNAL_PROXY_PASSWORD
294+ value : $(params.DOMAIN_PROXY_INTERNAL_PROXY_PASSWORD)
295+ - name : DOMAIN_PROXY_INTERNAL_NON_PROXY_HOSTS
296+ value : $(params.DOMAIN_PROXY_INTERNAL_NON_PROXY_HOSTS)
297+ - name : DOMAIN_PROXY_HTTP_PORT
298+ value : $(params.DOMAIN_PROXY_HTTP_PORT)
217299 volumeMounts :
218300 - mountPath : /shared
219301 name : shared
@@ -227,7 +309,7 @@ spec:
227309 - $(params.SOURCE_ARTIFACT)=/var/workdir/source
228310 - $(params.CACHI2_ARTIFACT)=/var/workdir/cachi2
229311 - name : build
230- image : quay.io/konflux-ci/buildah-task:latest@sha256:b2d6c32d1e05e91920cd4475b2761d58bb7ee11ad5dff3ecb59831c7572b4d0c
312+ image : $(params.BUILD_IMAGE)
231313 args :
232314 - --build-args
233315 - $(params.BUILD_ARGS[*])
@@ -515,7 +597,43 @@ spec:
515597 # disable host subcription manager integration
516598 find /usr/share/rhel/secrets -type l -exec unlink {} \;
517599
518- unshare -Uf "${UNSHARE_ARGS[@]}" --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -w "${SOURCE_CODE_DIR}/$CONTEXT" -- sh -c "$command"
600+ if [ "${HERMETIC}" == "true" ] && [ "${ENABLE_DOMAIN_PROXY}" == "true" ]; then
601+ echo "Build will be executed with domain proxy"
602+ /app/domain-proxy-server &
603+ server_pid=$!
604+
605+ # Without expansion
606+ cat >> /app/build-script.sh << 'EOF'
607+ #!/bin/sh
608+ /app/domain-proxy-client &
609+ client_pid=$!
610+ EOF
611+
612+ # With expansion
613+ cat >> /app/build-script.sh << EOF
614+ $command
615+ EOF
616+
617+ # Without expansion
618+ cat >> /app/build-script.sh << 'EOF'
619+ set +e
620+ kill $client_pid
621+ wait $client_pid
622+ set -e
623+ EOF
624+
625+ cat /app/build-script.sh
626+ chmod +x /app/build-script.sh
627+
628+ unshare -Uf "${UNSHARE_ARGS[@]}" --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -w "${SOURCE_CODE_DIR}/$CONTEXT" -- /app/build-script.sh
629+
630+ set +e
631+ kill $server_pid
632+ wait $server_pid
633+ set -e
634+ else
635+ unshare -Uf "${UNSHARE_ARGS[@]}" --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -w "${SOURCE_CODE_DIR}/$CONTEXT" -- sh -c "$command"
636+ fi
519637
520638 container=$(buildah from --pull-never "$IMAGE")
521639 buildah mount $container | tee /shared/container_path
0 commit comments