From 8968af6f7053f372161452a4f3399dbe1fed17f8 Mon Sep 17 00:00:00 2001 From: Nick Cross Date: Wed, 23 Oct 2024 11:56:53 +0100 Subject: [PATCH 1/5] Use single pipeline. Modify workspace. Make settings.xml available to deploy --- deploy/tasks/maven-deployment.yaml | 28 ++++--- .../preprocessor/AbstractPreprocessor.java | 6 +- .../v1alpha1/systemconfig_types.go | 2 +- .../dependencybuild/buildrecipeyaml.go | 79 +++++++++++++++++-- .../dependencybuild/dependencybuild.go | 11 +-- 5 files changed, 104 insertions(+), 22 deletions(-) diff --git a/deploy/tasks/maven-deployment.yaml b/deploy/tasks/maven-deployment.yaml index eb4acd4a6..6ade9d038 100644 --- a/deploy/tasks/maven-deployment.yaml +++ b/deploy/tasks/maven-deployment.yaml @@ -32,23 +32,33 @@ spec: description: Name of the processor image. Useful to override for development. type: string default: "quay.io/redhat-appstudio/hacbs-jvm-build-request-processor:dev" - volumes: - - name: workdir - emptyDir: {} - stepTemplate: - volumeMounts: - - mountPath: /var/workdir - name: workdir + workspaces: + - description: Workspace. + name: source + mountPath: /var/workdir +# volumes: +# - name: workdir +# emptyDir: {} +# stepTemplate: +# volumeMounts: +# - mountPath: /var/workdir +# name: workdir steps: - name: restore-trusted-artifact image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:81c4864dae6bb11595f657be887e205262e70086a05ed16ada827fd6391926ac script: | + echo "Restoring artifacts to workspace" + ls -laR /var/workdir + echo "Root" + ls -laR $HOME echo "Restoring artifacts to workspace" URL=$IMAGE_URL DIGEST=$IMAGE_DIGEST AARCHIVE=$(oras manifest fetch $ORAS_OPTIONS $URL@$DIGEST | jq --raw-output '.layers[0].digest') echo "URL $URL DIGEST $DIGEST AARCHIVE $AARCHIVE" - use-archive oci:$URL@$AARCHIVE=/var/workdir/artifacts + use-archive oci:$URL@$AARCHIVE=/var/workdir/ + ls -laR /var/workdir + echo "DONE" env: - name: IMAGE_DIGEST value: $(params.IMAGE_DIGEST) @@ -77,6 +87,6 @@ spec: key: mavenpassword args: - deploy - - --directory=/var/workdir/artifacts + - --directory=/var/workdir/deployment - --mvn-repo=$(params.MVN_REPO) - --mvn-username=$(params.MVN_USERNAME) diff --git a/java-components/build-request-processor/src/main/java/com/redhat/hacbs/container/build/preprocessor/AbstractPreprocessor.java b/java-components/build-request-processor/src/main/java/com/redhat/hacbs/container/build/preprocessor/AbstractPreprocessor.java index 3720f89ec..bae06ec21 100644 --- a/java-components/build-request-processor/src/main/java/com/redhat/hacbs/container/build/preprocessor/AbstractPreprocessor.java +++ b/java-components/build-request-processor/src/main/java/com/redhat/hacbs/container/build/preprocessor/AbstractPreprocessor.java @@ -105,7 +105,7 @@ public void run() { export MAVEN_HOME=${MAVEN_HOME:=/opt/maven/3.8.8} export GRADLE_USER_HOME="${JBS_WORKDIR}/software/settings/.gradle" - mkdir -p ${JBS_WORKDIR}/logs ${JBS_WORKDIR}/packages ${HOME}/.sbt/1.0 ${GRADLE_USER_HOME} ${HOME}/.m2 + mkdir -p ${JBS_WORKDIR}/logs ${JBS_WORKDIR}/packages ${JBS_WORKDIR}/settings ${HOME}/.sbt/1.0 ${GRADLE_USER_HOME} ${HOME}/.m2 cd ${JBS_WORKDIR}/source if [ -n "${JAVA_HOME}" ]; then @@ -119,6 +119,7 @@ public void run() { runBuild += getMavenSetup(); runBuild += """ + cp -a ${HOME}/.m2/*.xml ${JBS_WORKDIR}/settings fi if [ -n "${GRADLE_HOME}" ]; then @@ -190,7 +191,8 @@ private String getContainerFile() { COPY --from=0 /var/workdir/ /var/workdir/ RUN /opt/jboss/container/java/run/run-java.sh copy-artifacts --source-path=/var/workdir/workspace/source --deploy-path=/var/workdir/workspace/artifacts FROM scratch - COPY --from=1 /var/workdir/workspace/artifacts / + COPY --from=1 /var/workdir/workspace/settings / + COPY --from=1 /var/workdir/workspace/artifacts /deployment/ """.formatted(buildRequestProcessorImage); } else { containerFile += diff --git a/pkg/apis/jvmbuildservice/v1alpha1/systemconfig_types.go b/pkg/apis/jvmbuildservice/v1alpha1/systemconfig_types.go index 8f6a33fd7..944995ff4 100644 --- a/pkg/apis/jvmbuildservice/v1alpha1/systemconfig_types.go +++ b/pkg/apis/jvmbuildservice/v1alpha1/systemconfig_types.go @@ -49,5 +49,5 @@ const ( KonfluxGitDefinition = "https://raw.githubusercontent.com/konflux-ci/build-definitions/refs/heads/main/task/git-clone/0.1/git-clone.yaml" KonfluxPreBuildDefinitions = "https://raw.githubusercontent.com/redhat-appstudio/jvm-build-service/main/deploy/tasks/pre-build.yaml" KonfluxBuildDefinitions = "https://raw.githubusercontent.com/konflux-ci/build-definitions/refs/heads/main/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml" - KonfluxMavenDeployDefinitions = "https://raw.githubusercontent.com/redhat-appstudio/jvm-build-service/main/deploy/tasks/maven-deployment.yaml" + KonfluxMavenDeployDefinitions = "https://raw.githubusercontent.com/rnc/jvm-build-service/PIPELINE/deploy/tasks/maven-deployment.yaml" ) diff --git a/pkg/reconciler/dependencybuild/buildrecipeyaml.go b/pkg/reconciler/dependencybuild/buildrecipeyaml.go index 0f0b995cd..6a7faf911 100644 --- a/pkg/reconciler/dependencybuild/buildrecipeyaml.go +++ b/pkg/reconciler/dependencybuild/buildrecipeyaml.go @@ -137,7 +137,7 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi verifyBuiltArtifactsArgs := verifyParameters(jbsConfig, recipe) deployArgs := []string{ "verify", - "--path=$(workspaces.source.path)/artifacts", + "--path=$(workspaces.source.path)/verify-artifacts", "--logs-path=$(workspaces.source.path)/logs", "--task-run-name=$(context.taskRun.name)", "--build-id=" + buildId, @@ -463,7 +463,7 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi } // Note - its also possible to refer to a remote pipeline ref as well as a task. - resolver := tektonpipeline.ResolverRef{ + buildResolver := tektonpipeline.ResolverRef{ // We can use either a http or git resolver. Using http as avoids cloning an entire repository. Resolver: "http", Params: []tektonpipeline.Param{ @@ -483,7 +483,7 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi RunAfter: runAfter, TaskRef: &tektonpipeline.TaskRef{ // Can't specify name and resolver as they clash. - ResolverRef: resolver, + ResolverRef: buildResolver, }, Timeout: &v12.Duration{Duration: time.Hour * v1alpha1.DefaultTimeout}, Params: []tektonpipeline.Param{ @@ -556,7 +556,7 @@ URL=%s DIGEST=$(tasks.%s.results.IMAGE_DIGEST) AARCHIVE=$(oras manifest fetch $ORAS_OPTIONS $URL@$DIGEST | jq --raw-output '.layers[0].digest') echo "URL $URL DIGEST $DIGEST AARCHIVE $AARCHIVE" -use-archive oci:$URL@$AARCHIVE=$(workspaces.source.path)/artifacts`, orasOptions, registryArgsWithDefaults(jbsConfig, ""), BuildTaskName), +use-archive oci:$URL@$AARCHIVE=$(workspaces.source.path)/verify-artifacts`, orasOptions, registryArgsWithDefaults(jbsConfig, ""), BuildTaskName), }, { Name: "verify-and-check-for-contaminates", @@ -586,11 +586,80 @@ use-archive oci:$URL@$AARCHIVE=$(workspaces.source.path)/artifacts`, orasOptions }, }} ps.Tasks = append(pipelineTask, ps.Tasks...) - for _, i := range postBuildTask.Results { ps.Results = append(ps.Results, tektonpipeline.PipelineResult{Name: i.Name, Description: i.Description, Value: tektonpipeline.ResultValue{Type: tektonpipeline.ParamTypeString, StringVal: "$(tasks." + PostBuildTaskName + ".results." + i.Name + ")"}}) } + deployResolver := tektonpipeline.ResolverRef{ + // We can use either a http or git resolver. Using http as avoids cloning an entire repository. + Resolver: "http", + Params: []tektonpipeline.Param{ + { + Name: "url", + Value: tektonpipeline.ParamValue{ + Type: tektonpipeline.ParamTypeString, + StringVal: v1alpha1.KonfluxMavenDeployDefinitions, + }, + }, + }, + } + ps.Tasks = append([]tektonpipeline.PipelineTask{ + { + Name: DeployTaskName, + RunAfter: append(runAfterBuild, PostBuildTaskName), + Workspaces: []tektonpipeline.WorkspacePipelineTaskBinding{ + {Name: WorkspaceSource, Workspace: WorkspaceSource}, + }, + TaskRef: &tektonpipeline.TaskRef{ + // Can't specify name and resolver as they clash. + ResolverRef: deployResolver, + }, + Params: []tektonpipeline.Param{ + { + Name: PipelineResultImage, + Value: tektonpipeline.ParamValue{ + Type: tektonpipeline.ParamTypeString, + StringVal: "$(tasks." + BuildTaskName + ".results." + PipelineResultImage + ")", + }, + }, + { + Name: PipelineResultImageDigest, + Value: tektonpipeline.ParamValue{ + Type: tektonpipeline.ParamTypeString, + StringVal: "$(tasks." + BuildTaskName + ".results." + PipelineResultImageDigest + ")", + }, + }, + { + Name: "MVN_REPO", + Value: tektonpipeline.ParamValue{ + Type: tektonpipeline.ParamTypeString, + StringVal: jbsConfig.Spec.MavenDeployment.Repository, + }, + }, + { + Name: "MVN_USERNAME", + Value: tektonpipeline.ParamValue{ + Type: tektonpipeline.ParamTypeString, + StringVal: jbsConfig.Spec.MavenDeployment.Username, + }, + }, + { + Name: "MVN_PASSWORD", + Value: tektonpipeline.ParamValue{ + Type: tektonpipeline.ParamTypeString, + StringVal: v1alpha1.MavenSecretName, + }, + }, + { + Name: "JVM_BUILD_SERVICE_REQPROCESSOR_IMAGE", + Value: tektonpipeline.ParamValue{ + Type: tektonpipeline.ParamTypeString, + StringVal: buildRequestProcessorImage, + }, + }, + }, + }}, ps.Tasks...) + for _, i := range pipelineParams { ps.Params = append(ps.Params, tektonpipeline.ParamSpec{Name: i.Name, Description: i.Description, Default: i.Default, Type: i.Type}) var value tektonpipeline.ResultValue diff --git a/pkg/reconciler/dependencybuild/dependencybuild.go b/pkg/reconciler/dependencybuild/dependencybuild.go index 0b3cee018..6a750e823 100644 --- a/pkg/reconciler/dependencybuild/dependencybuild.go +++ b/pkg/reconciler/dependencybuild/dependencybuild.go @@ -140,8 +140,8 @@ func (r *ReconcileDependencyBuild) Reconcile(ctx context.Context, request reconc return reconcile.Result{}, nil case v1alpha1.DependencyBuildStateBuilding: return r.handleStateBuilding(ctx, &db) - case v1alpha1.DependencyBuildStateDeploying: - return r.handleStateDeploying(ctx, &db) + //case v1alpha1.DependencyBuildStateDeploying: + // return r.handleStateDeploying(ctx, &db) case v1alpha1.DependencyBuildStateContaminated: return r.handleStateContaminated(ctx, &db) case v1alpha1.DependencyBuildStateComplete: @@ -168,8 +168,8 @@ func (r *ReconcileDependencyBuild) Reconcile(ctx context.Context, request reconc return r.handleAnalyzeBuildPipelineRunReceived(ctx, &pr) case PipelineTypeBuild: return r.handleBuildPipelineRunReceived(ctx, &pr) - case PipelineTypeDeploy: - return r.handleDeployPipelineRunReceived(ctx, &pr) + //case PipelineTypeDeploy: + // return r.handleDeployPipelineRunReceived(ctx, &pr) } } @@ -849,7 +849,7 @@ func (r *ReconcileDependencyBuild) handleBuildPipelineRunReceived(ctx context.Co problemContaminates := db.Status.ProblemContaminates() if len(problemContaminates) == 0 { - return reconcile.Result{}, r.updateDependencyBuildState(ctx, db, v1alpha1.DependencyBuildStateDeploying, "build was completed") + return reconcile.Result{}, r.updateDependencyBuildState(ctx, db, v1alpha1.DependencyBuildStateComplete, "build was completed") } else { msg := "The DependencyBuild %s/%s was contaminated with community dependencies" log.Info(fmt.Sprintf(msg, db.Namespace, db.Name)) @@ -1364,6 +1364,7 @@ func (r *ReconcileDependencyBuild) removePipelineFinalizer(ctx context.Context, func (r *ReconcileDependencyBuild) handleStateDeploying(ctx context.Context, db *v1alpha1.DependencyBuild) (reconcile.Result, error) { log, _ := logr.FromContext(ctx) + log.Info(fmt.Sprintf("### handleStateDeploying %#v", db.Name)) //first we check to see if the pipeline exists pr := tektonpipeline.PipelineRun{} From 9eb1ca0a05042031ddea39b9e877440fc7ed6b4b Mon Sep 17 00:00:00 2001 From: Nick Cross Date: Wed, 23 Oct 2024 16:58:47 +0100 Subject: [PATCH 2/5] Use emptyDir volumeSource for verify task. Copy settings.xml for OCI archiving --- deploy/tasks/maven-deployment.yaml | 7 ------- .../build/preprocessor/AbstractPreprocessor.java | 7 +++++-- pkg/reconciler/dependencybuild/buildrecipeyaml.go | 13 +++++++++---- 3 files changed, 14 insertions(+), 13 deletions(-) diff --git a/deploy/tasks/maven-deployment.yaml b/deploy/tasks/maven-deployment.yaml index 6ade9d038..5b893e3d9 100644 --- a/deploy/tasks/maven-deployment.yaml +++ b/deploy/tasks/maven-deployment.yaml @@ -36,13 +36,6 @@ spec: - description: Workspace. name: source mountPath: /var/workdir -# volumes: -# - name: workdir -# emptyDir: {} -# stepTemplate: -# volumeMounts: -# - mountPath: /var/workdir -# name: workdir steps: - name: restore-trusted-artifact image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:81c4864dae6bb11595f657be887e205262e70086a05ed16ada827fd6391926ac diff --git a/java-components/build-request-processor/src/main/java/com/redhat/hacbs/container/build/preprocessor/AbstractPreprocessor.java b/java-components/build-request-processor/src/main/java/com/redhat/hacbs/container/build/preprocessor/AbstractPreprocessor.java index bae06ec21..b1cae3364 100644 --- a/java-components/build-request-processor/src/main/java/com/redhat/hacbs/container/build/preprocessor/AbstractPreprocessor.java +++ b/java-components/build-request-processor/src/main/java/com/redhat/hacbs/container/build/preprocessor/AbstractPreprocessor.java @@ -191,17 +191,20 @@ private String getContainerFile() { COPY --from=0 /var/workdir/ /var/workdir/ RUN /opt/jboss/container/java/run/run-java.sh copy-artifacts --source-path=/var/workdir/workspace/source --deploy-path=/var/workdir/workspace/artifacts FROM scratch - COPY --from=1 /var/workdir/workspace/settings / + COPY --from=1 /var/workdir/workspace/settings /settings/ COPY --from=1 /var/workdir/workspace/artifacts /deployment/ """.formatted(buildRequestProcessorImage); } else { containerFile += """ FROM scratch - COPY --from=0 /var/workdir/workspace/artifacts / + COPY --from=0 /var/workdir/workspace/settings /settings/ + COPY --from=0 /var/workdir/workspace/artifacts /deployment/ """; } + Log.warnf("### containerFile is\n%s", containerFile); + return containerFile; } diff --git a/pkg/reconciler/dependencybuild/buildrecipeyaml.go b/pkg/reconciler/dependencybuild/buildrecipeyaml.go index 6a7faf911..2c677ae85 100644 --- a/pkg/reconciler/dependencybuild/buildrecipeyaml.go +++ b/pkg/reconciler/dependencybuild/buildrecipeyaml.go @@ -19,6 +19,7 @@ import ( ) const ( + PostBuildVolume = "post-build-volume" WorkspaceSource = "source" WorkspaceMount = "/var/workdir" WorkspaceTls = "tls" @@ -137,7 +138,7 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi verifyBuiltArtifactsArgs := verifyParameters(jbsConfig, recipe) deployArgs := []string{ "verify", - "--path=$(workspaces.source.path)/verify-artifacts", + "--path=$(workspaces.source.path)/artifacts", "--logs-path=$(workspaces.source.path)/logs", "--task-run-name=$(context.taskRun.name)", "--build-id=" + buildId, @@ -533,8 +534,10 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi ps.Results = append(ps.Results, tektonpipeline.PipelineResult{Name: PipelineResultImageDigest, Value: tektonpipeline.ResultValue{Type: tektonpipeline.ParamTypeString, StringVal: "$(tasks." + BuildTaskName + ".results." + PipelineResultImageDigest + ")"}}) postBuildTask := tektonpipeline.TaskSpec{ - Workspaces: []tektonpipeline.WorkspaceDeclaration{{Name: WorkspaceSource, MountPath: WorkspaceMount}, {Name: WorkspaceTls}}, - Params: append(pipelineParams, tektonpipeline.ParamSpec{Name: PipelineResultPreBuildImageDigest, Type: tektonpipeline.ParamTypeString}), + // Using a default emptyDir volume as this task is unique to JBS and don't want it interfering with + // the shared workspace. + Volumes: []v1.Volume{{Name: PostBuildVolume, VolumeSource: v1.VolumeSource{EmptyDir: &v1.EmptyDirVolumeSource{}}}}, + Params: append(pipelineParams, tektonpipeline.ParamSpec{Name: PipelineResultPreBuildImageDigest, Type: tektonpipeline.ParamTypeString}), Results: []tektonpipeline.TaskResult{ {Name: PipelineResultContaminants}, {Name: PipelineResultDeployedResources}, @@ -544,6 +547,7 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi Steps: []tektonpipeline.Step{ { Name: "restore-post-build-artifacts", + VolumeMounts: []v1.VolumeMount{{Name: PostBuildVolume, MountPath: WorkspaceMount}}, Image: strings.TrimSpace(strings.Split(buildTrustedArtifacts, "FROM")[1]), ImagePullPolicy: v1.PullIfNotPresent, SecurityContext: &v1.SecurityContext{RunAsUser: &zero}, @@ -556,7 +560,7 @@ URL=%s DIGEST=$(tasks.%s.results.IMAGE_DIGEST) AARCHIVE=$(oras manifest fetch $ORAS_OPTIONS $URL@$DIGEST | jq --raw-output '.layers[0].digest') echo "URL $URL DIGEST $DIGEST AARCHIVE $AARCHIVE" -use-archive oci:$URL@$AARCHIVE=$(workspaces.source.path)/verify-artifacts`, orasOptions, registryArgsWithDefaults(jbsConfig, ""), BuildTaskName), +use-archive oci:$URL@$AARCHIVE=$(workspaces.source.path)/artifacts`, orasOptions, registryArgsWithDefaults(jbsConfig, ""), BuildTaskName), }, { Name: "verify-and-check-for-contaminates", @@ -564,6 +568,7 @@ use-archive oci:$URL@$AARCHIVE=$(workspaces.source.path)/verify-artifacts`, oras ImagePullPolicy: pullPolicy, SecurityContext: &v1.SecurityContext{RunAsUser: &zero}, Env: secretVariables, + VolumeMounts: []v1.VolumeMount{{Name: PostBuildVolume, MountPath: WorkspaceMount}}, ComputeResources: v1.ResourceRequirements{ Requests: v1.ResourceList{"memory": limits.defaultBuildRequestMemory, "cpu": limits.defaultRequestCPU}, Limits: v1.ResourceList{"memory": limits.defaultBuildRequestMemory, "cpu": limits.defaultLimitCPU}, From 76a4d3edc5679a5c60e2ae9741aa7657f53b4d77 Mon Sep 17 00:00:00 2001 From: Nick Cross Date: Wed, 23 Oct 2024 18:01:00 +0100 Subject: [PATCH 3/5] Remove tls workspace from pipeline. Normalize tls references. --- deploy/tasks/maven-deployment.yaml | 3 +-- deploy/tasks/pre-build.yaml | 1 - .../v1alpha1/systemconfig_types.go | 2 +- .../dependencybuild/buildrecipeyaml.go | 7 +----- .../dependencybuild/dependencybuild.go | 25 ++++++++++--------- 5 files changed, 16 insertions(+), 22 deletions(-) diff --git a/deploy/tasks/maven-deployment.yaml b/deploy/tasks/maven-deployment.yaml index 5b893e3d9..304b813b5 100644 --- a/deploy/tasks/maven-deployment.yaml +++ b/deploy/tasks/maven-deployment.yaml @@ -33,8 +33,7 @@ spec: type: string default: "quay.io/redhat-appstudio/hacbs-jvm-build-request-processor:dev" workspaces: - - description: Workspace. - name: source + - name: source mountPath: /var/workdir steps: - name: restore-trusted-artifact diff --git a/deploy/tasks/pre-build.yaml b/deploy/tasks/pre-build.yaml index 12fa9dde2..c008377a8 100644 --- a/deploy/tasks/pre-build.yaml +++ b/deploy/tasks/pre-build.yaml @@ -67,7 +67,6 @@ spec: - description: The git repo will be cloned onto the volume backing this Workspace. name: source mountPath: /var/workdir - - name: tls steps: - name: preprocessor image: $(params.JVM_BUILD_SERVICE_REQPROCESSOR_IMAGE) diff --git a/pkg/apis/jvmbuildservice/v1alpha1/systemconfig_types.go b/pkg/apis/jvmbuildservice/v1alpha1/systemconfig_types.go index 944995ff4..368c7b3b3 100644 --- a/pkg/apis/jvmbuildservice/v1alpha1/systemconfig_types.go +++ b/pkg/apis/jvmbuildservice/v1alpha1/systemconfig_types.go @@ -47,7 +47,7 @@ type SystemConfigList struct { const ( KonfluxGitDefinition = "https://raw.githubusercontent.com/konflux-ci/build-definitions/refs/heads/main/task/git-clone/0.1/git-clone.yaml" - KonfluxPreBuildDefinitions = "https://raw.githubusercontent.com/redhat-appstudio/jvm-build-service/main/deploy/tasks/pre-build.yaml" + KonfluxPreBuildDefinitions = "https://raw.githubusercontent.com/rnc/jvm-build-service/PIPELINE/deploy/tasks/pre-build.yaml" KonfluxBuildDefinitions = "https://raw.githubusercontent.com/konflux-ci/build-definitions/refs/heads/main/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml" KonfluxMavenDeployDefinitions = "https://raw.githubusercontent.com/rnc/jvm-build-service/PIPELINE/deploy/tasks/maven-deployment.yaml" ) diff --git a/pkg/reconciler/dependencybuild/buildrecipeyaml.go b/pkg/reconciler/dependencybuild/buildrecipeyaml.go index 2c677ae85..c915d9583 100644 --- a/pkg/reconciler/dependencybuild/buildrecipeyaml.go +++ b/pkg/reconciler/dependencybuild/buildrecipeyaml.go @@ -273,7 +273,7 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi runAfterBuild = append(runAfter, BuildTaskName) ps := &tektonpipeline.PipelineSpec{ - Workspaces: []tektonpipeline.PipelineWorkspaceDeclaration{{Name: WorkspaceSource}, {Name: WorkspaceTls}}, + Workspaces: []tektonpipeline.PipelineWorkspaceDeclaration{{Name: WorkspaceSource}}, } if preBuildImageRequired { @@ -345,7 +345,6 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi }, Workspaces: []tektonpipeline.WorkspacePipelineTaskBinding{ {Name: WorkspaceSource, Workspace: WorkspaceSource}, - {Name: WorkspaceTls, Workspace: WorkspaceTls}, }, Params: []tektonpipeline.Param{ { @@ -585,10 +584,6 @@ use-archive oci:$URL@$AARCHIVE=$(workspaces.source.path)/artifacts`, orasOptions }, Timeout: &v12.Duration{Duration: time.Hour * v1alpha1.DefaultTimeout}, Params: []tektonpipeline.Param{{Name: PipelineResultPreBuildImageDigest, Value: tektonpipeline.ParamValue{Type: tektonpipeline.ParamTypeString, StringVal: preBuildImage}}}, - Workspaces: []tektonpipeline.WorkspacePipelineTaskBinding{ - {Name: WorkspaceSource, Workspace: WorkspaceSource}, - {Name: WorkspaceTls, Workspace: WorkspaceTls}, - }, }} ps.Tasks = append(pipelineTask, ps.Tasks...) for _, i := range postBuildTask.Results { diff --git a/pkg/reconciler/dependencybuild/dependencybuild.go b/pkg/reconciler/dependencybuild/dependencybuild.go index 6a750e823..35581c749 100644 --- a/pkg/reconciler/dependencybuild/dependencybuild.go +++ b/pkg/reconciler/dependencybuild/dependencybuild.go @@ -236,9 +236,9 @@ func (r *ReconcileDependencyBuild) handleStateNew(ctx context.Context, db *v1alp return reconcile.Result{}, err } if !jbsConfig.Spec.CacheSettings.DisableTLS { - pr.Spec.Workspaces = []tektonpipeline.WorkspaceBinding{{Name: "tls", ConfigMap: &v1.ConfigMapVolumeSource{LocalObjectReference: v1.LocalObjectReference{Name: v1alpha1.TlsConfigMapName}}}} + pr.Spec.Workspaces = []tektonpipeline.WorkspaceBinding{{Name: WorkspaceTls, ConfigMap: &v1.ConfigMapVolumeSource{LocalObjectReference: v1.LocalObjectReference{Name: v1alpha1.TlsConfigMapName}}}} } else { - pr.Spec.Workspaces = []tektonpipeline.WorkspaceBinding{{Name: "tls", EmptyDir: &v1.EmptyDirVolumeSource{}}} + pr.Spec.Workspaces = []tektonpipeline.WorkspaceBinding{{Name: WorkspaceTls, EmptyDir: &v1.EmptyDirVolumeSource{}}} } pr.Namespace = db.Namespace pr.Name = fmt.Sprintf("%s-build-discovery-%d", db.Name, db.Status.PipelineRetries) @@ -644,11 +644,12 @@ func (r *ReconcileDependencyBuild) handleStateBuilding(ctx context.Context, db * }, }} } - if !jbsConfig.Spec.CacheSettings.DisableTLS { - pr.Spec.Workspaces = append(pr.Spec.Workspaces, tektonpipeline.WorkspaceBinding{Name: "tls", ConfigMap: &v1.ConfigMapVolumeSource{LocalObjectReference: v1.LocalObjectReference{Name: v1alpha1.TlsConfigMapName}}}) - } else { - pr.Spec.Workspaces = append(pr.Spec.Workspaces, tektonpipeline.WorkspaceBinding{Name: "tls", EmptyDir: &v1.EmptyDirVolumeSource{}}) - } + // TODO: DisableTLS defaults to true. Further the tls workspace has been removed from the build pipeline so an alternate method would be needed. + //if !jbsConfig.Spec.CacheSettings.DisableTLS { + // pr.Spec.Workspaces = append(pr.Spec.Workspaces, tektonpipeline.WorkspaceBinding{Name: WorkspaceTls, ConfigMap: &v1.ConfigMapVolumeSource{LocalObjectReference: v1.LocalObjectReference{Name: v1alpha1.TlsConfigMapName}}}) + //} else { + // pr.Spec.Workspaces = append(pr.Spec.Workspaces, tektonpipeline.WorkspaceBinding{Name: WorkspaceTls, EmptyDir: &v1.EmptyDirVolumeSource{}}) + //} pr.Spec.Timeouts = &tektonpipeline.TimeoutFields{Pipeline: &v12.Duration{Duration: time.Hour * v1alpha1.DefaultTimeout}} if err := controllerutil.SetOwnerReference(db, &pr, r.scheme); err != nil { return reconcile.Result{}, err @@ -1207,7 +1208,7 @@ func (r *ReconcileDependencyBuild) createLookupBuildInfoPipeline(ctx context.Con envVars = append(envVars, v1.EnvVar{Name: "REGISTRY_TOKEN", ValueFrom: &v1.EnvVarSource{SecretKeyRef: &v1.SecretKeySelector{LocalObjectReference: v1.LocalObjectReference{Name: jbsConfig.ImageRegistry().SecretName}, Key: v1alpha1.ImageSecretTokenKey, Optional: &secretOptional}}}) } buildInfoTask := tektonpipeline.TaskSpec{ - Workspaces: []tektonpipeline.WorkspaceDeclaration{{Name: "tls"}}, + Workspaces: []tektonpipeline.WorkspaceDeclaration{{Name: WorkspaceTls}}, Results: []tektonpipeline.TaskResult{{Name: BuildInfoPipelineResultBuildInfo}}, Steps: []tektonpipeline.Step{ { @@ -1237,12 +1238,12 @@ func (r *ReconcileDependencyBuild) createLookupBuildInfoPipeline(ctx context.Con } buildInfoTask.Steps[0].Script = artifactbuild.InstallKeystoreIntoBuildRequestProcessor(args) return &tektonpipeline.PipelineSpec{ - Workspaces: []tektonpipeline.PipelineWorkspaceDeclaration{{Name: "tls"}}, + Workspaces: []tektonpipeline.PipelineWorkspaceDeclaration{{Name: WorkspaceTls}}, Results: []tektonpipeline.PipelineResult{{Name: BuildInfoPipelineResultBuildInfo, Value: tektonpipeline.ResultValue{Type: tektonpipeline.ParamTypeString, StringVal: "$(tasks.task.results." + BuildInfoPipelineResultBuildInfo + ")"}}}, Tasks: []tektonpipeline.PipelineTask{ { Name: "task", - Workspaces: []tektonpipeline.WorkspacePipelineTaskBinding{{Name: "tls", Workspace: "tls"}}, + Workspaces: []tektonpipeline.WorkspacePipelineTaskBinding{{Name: WorkspaceTls, Workspace: WorkspaceTls}}, TaskSpec: &tektonpipeline.EmbeddedTask{ TaskSpec: buildInfoTask, }, @@ -1427,9 +1428,9 @@ func (r *ReconcileDependencyBuild) handleStateDeploying(ctx context.Context, db pr.Spec.Workspaces = []tektonpipeline.WorkspaceBinding{} if !jbsConfig.Spec.CacheSettings.DisableTLS { - pr.Spec.Workspaces = append(pr.Spec.Workspaces, tektonpipeline.WorkspaceBinding{Name: "tls", ConfigMap: &v1.ConfigMapVolumeSource{LocalObjectReference: v1.LocalObjectReference{Name: v1alpha1.TlsConfigMapName}}}) + pr.Spec.Workspaces = append(pr.Spec.Workspaces, tektonpipeline.WorkspaceBinding{Name: WorkspaceTls, ConfigMap: &v1.ConfigMapVolumeSource{LocalObjectReference: v1.LocalObjectReference{Name: v1alpha1.TlsConfigMapName}}}) } else { - pr.Spec.Workspaces = append(pr.Spec.Workspaces, tektonpipeline.WorkspaceBinding{Name: "tls", EmptyDir: &v1.EmptyDirVolumeSource{}}) + pr.Spec.Workspaces = append(pr.Spec.Workspaces, tektonpipeline.WorkspaceBinding{Name: WorkspaceTls, EmptyDir: &v1.EmptyDirVolumeSource{}}) } pr.Spec.Timeouts = &tektonpipeline.TimeoutFields{Pipeline: &v12.Duration{Duration: time.Hour * v1alpha1.DefaultTimeout}} if jbsConfig.Annotations != nil && jbsConfig.Annotations[jbsconfig.TestRegistry] == "true" { From c824577b05525988afcad2777567f6d986b92a1c Mon Sep 17 00:00:00 2001 From: Nick Cross Date: Thu, 24 Oct 2024 09:21:01 +0100 Subject: [PATCH 4/5] Fix isolated volume for verify task. --- deploy/tasks/maven-deployment.yaml | 6 ----- .../dependencybuild/buildrecipeyaml.go | 23 ++++++++++--------- .../dependencybuild/dependencybuild.go | 3 +-- 3 files changed, 13 insertions(+), 19 deletions(-) diff --git a/deploy/tasks/maven-deployment.yaml b/deploy/tasks/maven-deployment.yaml index 304b813b5..b8aa1361e 100644 --- a/deploy/tasks/maven-deployment.yaml +++ b/deploy/tasks/maven-deployment.yaml @@ -39,18 +39,12 @@ spec: - name: restore-trusted-artifact image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:81c4864dae6bb11595f657be887e205262e70086a05ed16ada827fd6391926ac script: | - echo "Restoring artifacts to workspace" - ls -laR /var/workdir - echo "Root" - ls -laR $HOME echo "Restoring artifacts to workspace" URL=$IMAGE_URL DIGEST=$IMAGE_DIGEST AARCHIVE=$(oras manifest fetch $ORAS_OPTIONS $URL@$DIGEST | jq --raw-output '.layers[0].digest') echo "URL $URL DIGEST $DIGEST AARCHIVE $AARCHIVE" use-archive oci:$URL@$AARCHIVE=/var/workdir/ - ls -laR /var/workdir - echo "DONE" env: - name: IMAGE_DIGEST value: $(params.IMAGE_DIGEST) diff --git a/pkg/reconciler/dependencybuild/buildrecipeyaml.go b/pkg/reconciler/dependencybuild/buildrecipeyaml.go index c915d9583..96280c893 100644 --- a/pkg/reconciler/dependencybuild/buildrecipeyaml.go +++ b/pkg/reconciler/dependencybuild/buildrecipeyaml.go @@ -19,10 +19,10 @@ import ( ) const ( - PostBuildVolume = "post-build-volume" - WorkspaceSource = "source" - WorkspaceMount = "/var/workdir" - WorkspaceTls = "tls" + PostBuildVolume = "post-build-volume" + PostBuildVolumeMount = "/var/workdir" + WorkspaceSource = "source" + WorkspaceTls = "tls" GitTaskName = "git-clone" PreBuildTaskName = "pre-build" @@ -138,8 +138,8 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi verifyBuiltArtifactsArgs := verifyParameters(jbsConfig, recipe) deployArgs := []string{ "verify", - "--path=$(workspaces.source.path)/artifacts", - "--logs-path=$(workspaces.source.path)/logs", + fmt.Sprintf("--path=%s/artifacts", PostBuildVolumeMount), + fmt.Sprintf("--logs-path=%s/logs", PostBuildVolumeMount), "--task-run-name=$(context.taskRun.name)", "--build-id=" + buildId, "--scm-uri=" + db.Spec.ScmInfo.SCMURL, @@ -543,23 +543,25 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi {Name: PipelineResultPassedVerification}, {Name: PipelineResultVerificationResult}, }, + StepTemplate: &tektonpipeline.StepTemplate{ + VolumeMounts: []v1.VolumeMount{{Name: PostBuildVolume, MountPath: PostBuildVolumeMount}}, + }, Steps: []tektonpipeline.Step{ { Name: "restore-post-build-artifacts", - VolumeMounts: []v1.VolumeMount{{Name: PostBuildVolume, MountPath: WorkspaceMount}}, Image: strings.TrimSpace(strings.Split(buildTrustedArtifacts, "FROM")[1]), ImagePullPolicy: v1.PullIfNotPresent, SecurityContext: &v1.SecurityContext{RunAsUser: &zero}, Env: secretVariables, // While the manifest digest is available we need the manifest of the layer within the archive hence // using 'oras manifest fetch' to extract the correct layer. - Script: fmt.Sprintf(`echo "Restoring artifacts to workspace : $(workspaces.source.path)" + Script: fmt.Sprintf(`echo "Restoring artifacts" export ORAS_OPTIONS="%s" URL=%s DIGEST=$(tasks.%s.results.IMAGE_DIGEST) AARCHIVE=$(oras manifest fetch $ORAS_OPTIONS $URL@$DIGEST | jq --raw-output '.layers[0].digest') echo "URL $URL DIGEST $DIGEST AARCHIVE $AARCHIVE" -use-archive oci:$URL@$AARCHIVE=$(workspaces.source.path)/artifacts`, orasOptions, registryArgsWithDefaults(jbsConfig, ""), BuildTaskName), +use-archive oci:$URL@$AARCHIVE=%s/artifacts`, orasOptions, registryArgsWithDefaults(jbsConfig, ""), BuildTaskName, PostBuildVolumeMount), }, { Name: "verify-and-check-for-contaminates", @@ -567,7 +569,6 @@ use-archive oci:$URL@$AARCHIVE=$(workspaces.source.path)/artifacts`, orasOptions ImagePullPolicy: pullPolicy, SecurityContext: &v1.SecurityContext{RunAsUser: &zero}, Env: secretVariables, - VolumeMounts: []v1.VolumeMount{{Name: PostBuildVolume, MountPath: WorkspaceMount}}, ComputeResources: v1.ResourceRequirements{ Requests: v1.ResourceList{"memory": limits.defaultBuildRequestMemory, "cpu": limits.defaultRequestCPU}, Limits: v1.ResourceList{"memory": limits.defaultBuildRequestMemory, "cpu": limits.defaultLimitCPU}, @@ -855,7 +856,7 @@ func verifyParameters(jbsConfig *v1alpha1.JBSConfig, recipe *v1alpha1.BuildRecip verifyBuiltArtifactsArgs := []string{ "verify-built-artifacts", "--repository-url=$(params." + PipelineParamProxyUrl + ")", - "--deploy-path=$(workspaces.source.path)/artifacts", + fmt.Sprintf("--deploy-path=%s/artifacts", PostBuildVolumeMount), "--task-run-name=$(context.taskRun.name)", "--results-file=$(results." + PipelineResultPassedVerification + ".path)", } diff --git a/pkg/reconciler/dependencybuild/dependencybuild.go b/pkg/reconciler/dependencybuild/dependencybuild.go index 35581c749..3e6005b97 100644 --- a/pkg/reconciler/dependencybuild/dependencybuild.go +++ b/pkg/reconciler/dependencybuild/dependencybuild.go @@ -1362,10 +1362,9 @@ func (r *ReconcileDependencyBuild) removePipelineFinalizer(ctx context.Context, return reconcile.Result{}, nil } +// TODO: ### Either remove or replace with verification step *but* the contaminants/verification is all tied to the build pipeline in dependencybuild.go func (r *ReconcileDependencyBuild) handleStateDeploying(ctx context.Context, db *v1alpha1.DependencyBuild) (reconcile.Result, error) { - log, _ := logr.FromContext(ctx) - log.Info(fmt.Sprintf("### handleStateDeploying %#v", db.Name)) //first we check to see if the pipeline exists pr := tektonpipeline.PipelineRun{} From 63ced54b881f899cd73f1fc703215abd58b7ca32 Mon Sep 17 00:00:00 2001 From: Nick Cross Date: Thu, 24 Oct 2024 10:12:26 +0100 Subject: [PATCH 5/5] Fix tests --- .../container/deploy/BuildVerifyCommand.java | 3 - .../dependencybuild/buildrecipeyaml.go | 11 ++- .../dependencybuild/dependencybuild.go | 2 + .../dependencybuild/dependencybuild_test.go | 86 ++++++++++--------- 4 files changed, 54 insertions(+), 48 deletions(-) diff --git a/java-components/build-request-processor/src/main/java/com/redhat/hacbs/container/deploy/BuildVerifyCommand.java b/java-components/build-request-processor/src/main/java/com/redhat/hacbs/container/deploy/BuildVerifyCommand.java index 16d63d706..d1787b31e 100644 --- a/java-components/build-request-processor/src/main/java/com/redhat/hacbs/container/deploy/BuildVerifyCommand.java +++ b/java-components/build-request-processor/src/main/java/com/redhat/hacbs/container/deploy/BuildVerifyCommand.java @@ -53,9 +53,6 @@ public class BuildVerifyCommand implements Runnable { @CommandLine.Option(names = "--task-run-name") String taskRun; - @CommandLine.Option(names = "--logs-path") - Path logsPath; - @CommandLine.Option(required = true, names = "--scm-uri") String scmUri; diff --git a/pkg/reconciler/dependencybuild/buildrecipeyaml.go b/pkg/reconciler/dependencybuild/buildrecipeyaml.go index 96280c893..dcdc84966 100644 --- a/pkg/reconciler/dependencybuild/buildrecipeyaml.go +++ b/pkg/reconciler/dependencybuild/buildrecipeyaml.go @@ -55,6 +55,8 @@ var buildEntryScript string //go:embed scripts/Dockerfile.build-trusted-artifacts var buildTrustedArtifacts string +// TODO: ### Either remove or replace with verification step *but* the contaminants/verification is all tied to the build pipeline in dependencybuild.go +/* func createDeployPipelineSpec(jbsConfig *v1alpha1.JBSConfig, buildRequestProcessorImage string) (*tektonpipeline.PipelineSpec, error) { // Original deploy pipeline used to run maven deployment and also tag the images using 'oras tag' // with the SHA256 encoded sum of the GAVs. @@ -129,6 +131,8 @@ func createDeployPipelineSpec(jbsConfig *v1alpha1.JBSConfig, buildRequestProcess } return ps, nil } +*/ + func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfig *v1alpha1.JBSConfig, systemConfig *v1alpha1.SystemConfig, recipe *v1alpha1.BuildRecipe, db *v1alpha1.DependencyBuild, paramValues []tektonpipeline.Param, buildRequestProcessorImage string, buildId string, existingImages map[string]string, orasOptions string) (*tektonpipeline.PipelineSpec, string, error) { // Rather than tagging with hash of json build recipe, buildrequestprocessor image and db.Name as the former two @@ -138,8 +142,7 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi verifyBuiltArtifactsArgs := verifyParameters(jbsConfig, recipe) deployArgs := []string{ "verify", - fmt.Sprintf("--path=%s/artifacts", PostBuildVolumeMount), - fmt.Sprintf("--logs-path=%s/logs", PostBuildVolumeMount), + fmt.Sprintf("--path=%s/deployment", PostBuildVolumeMount), "--task-run-name=$(context.taskRun.name)", "--build-id=" + buildId, "--scm-uri=" + db.Spec.ScmInfo.SCMURL, @@ -561,7 +564,7 @@ URL=%s DIGEST=$(tasks.%s.results.IMAGE_DIGEST) AARCHIVE=$(oras manifest fetch $ORAS_OPTIONS $URL@$DIGEST | jq --raw-output '.layers[0].digest') echo "URL $URL DIGEST $DIGEST AARCHIVE $AARCHIVE" -use-archive oci:$URL@$AARCHIVE=%s/artifacts`, orasOptions, registryArgsWithDefaults(jbsConfig, ""), BuildTaskName, PostBuildVolumeMount), +use-archive oci:$URL@$AARCHIVE=%s`, orasOptions, registryArgsWithDefaults(jbsConfig, ""), BuildTaskName, PostBuildVolumeMount), }, { Name: "verify-and-check-for-contaminates", @@ -856,7 +859,7 @@ func verifyParameters(jbsConfig *v1alpha1.JBSConfig, recipe *v1alpha1.BuildRecip verifyBuiltArtifactsArgs := []string{ "verify-built-artifacts", "--repository-url=$(params." + PipelineParamProxyUrl + ")", - fmt.Sprintf("--deploy-path=%s/artifacts", PostBuildVolumeMount), + fmt.Sprintf("--deploy-path=%s/deployment", PostBuildVolumeMount), "--task-run-name=$(context.taskRun.name)", "--results-file=$(results." + PipelineResultPassedVerification + ".path)", } diff --git a/pkg/reconciler/dependencybuild/dependencybuild.go b/pkg/reconciler/dependencybuild/dependencybuild.go index 3e6005b97..b377f59de 100644 --- a/pkg/reconciler/dependencybuild/dependencybuild.go +++ b/pkg/reconciler/dependencybuild/dependencybuild.go @@ -1363,6 +1363,7 @@ func (r *ReconcileDependencyBuild) removePipelineFinalizer(ctx context.Context, } // TODO: ### Either remove or replace with verification step *but* the contaminants/verification is all tied to the build pipeline in dependencybuild.go +/* func (r *ReconcileDependencyBuild) handleStateDeploying(ctx context.Context, db *v1alpha1.DependencyBuild) (reconcile.Result, error) { log, _ := logr.FromContext(ctx) //first we check to see if the pipeline exists @@ -1498,6 +1499,7 @@ func (r *ReconcileDependencyBuild) handleDeployPipelineRunReceived(ctx context.C } return reconcile.Result{}, nil } +*/ // This is to remove any '#xxx' fragment from a URI so that git clone commands don't need separate adjustment func modifyURLFragment(log logr.Logger, scmURL string) string { diff --git a/pkg/reconciler/dependencybuild/dependencybuild_test.go b/pkg/reconciler/dependencybuild/dependencybuild_test.go index 2ce668d63..3fb743c90 100644 --- a/pkg/reconciler/dependencybuild/dependencybuild_test.go +++ b/pkg/reconciler/dependencybuild/dependencybuild_test.go @@ -287,12 +287,14 @@ func getBuildPipelineNo(client runtimeclient.Client, g *WithT, no int) *tektonpi return &build } +/* func getDeployPipeline(client runtimeclient.Client, g *WithT) *tektonpipeline.PipelineRun { ctx := context.TODO() build := tektonpipeline.PipelineRun{} g.Expect(client.Get(ctx, types.NamespacedName{Namespace: metav1.NamespaceDefault, Name: "test-deploy"}, &build)).Should(BeNil()) return &build } +*/ func getBuildInfoPipeline(client runtimeclient.Client, g *WithT) *tektonpipeline.PipelineRun { return getBuildInfoPipelineNo(client, g, 0) @@ -380,19 +382,19 @@ func TestStateBuilding(t *testing.T) { setup(g) runSuccessfulBuild(g, client, ctx, reconciler, taskRunName) - pr := getDeployPipeline(client, g) - pr.Status.CompletionTime = &metav1.Time{Time: time.Now()} - pr.Status.SetCondition(&apis.Condition{ - Type: apis.ConditionSucceeded, - Status: "True", - LastTransitionTime: apis.VolatileTime{Inner: metav1.Time{Time: time.Now()}}, - }) - pr.Status.Results = []tektonpipeline.PipelineRunResult{{Name: PipelineResultDeployedResources, Value: tektonpipeline.ResultValue{Type: tektonpipeline.ParamTypeString, StringVal: TestArtifact}}} - g.Expect(client.Status().Update(ctx, pr)).Should(BeNil()) + //pr := getDeployPipeline(client, g) + //pr.Status.CompletionTime = &metav1.Time{Time: time.Now()} + //pr.Status.SetCondition(&apis.Condition{ + // Type: apis.ConditionSucceeded, + // Status: "True", + // LastTransitionTime: apis.VolatileTime{Inner: metav1.Time{Time: time.Now()}}, + //}) + //pr.Status.Results = []tektonpipeline.PipelineRunResult{{Name: PipelineResultDeployedResources, Value: tektonpipeline.ResultValue{Type: tektonpipeline.ParamTypeString, StringVal: TestArtifact}}} + //g.Expect(client.Status().Update(ctx, pr)).Should(BeNil()) + //db := getBuild(client, g) + //g.Expect(reconciler.Reconcile(ctx, reconcile.Request{NamespacedName: types.NamespacedName{Name: pr.Name, Namespace: pr.Namespace}})) + //g.Expect(reconciler.Reconcile(ctx, reconcile.Request{NamespacedName: types.NamespacedName{Name: db.Name, Namespace: db.Namespace}})) db := getBuild(client, g) - g.Expect(reconciler.Reconcile(ctx, reconcile.Request{NamespacedName: types.NamespacedName{Name: pr.Name, Namespace: pr.Namespace}})) - g.Expect(reconciler.Reconcile(ctx, reconcile.Request{NamespacedName: types.NamespacedName{Name: db.Name, Namespace: db.Namespace}})) - db = getBuild(client, g) g.Expect(db.Status.State).Should(Equal(v1alpha1.DependencyBuildStateComplete)) g.Expect(db.Status.DeployedArtifacts).Should(ContainElement(TestArtifact)) @@ -400,45 +402,47 @@ func TestStateBuilding(t *testing.T) { g.Expect(client.Get(ctx, types.NamespacedName{Name: artifactbuild.CreateABRName(TestArtifact), Namespace: metav1.NamespaceDefault}, &ra)).Should(Succeed()) g.Expect(ra.Spec.GAV).Should(Equal(TestArtifact)) g.Expect(ra.Spec.Image).ShouldNot(BeNil()) - pr = getBuildPipeline(client, g) + pr := getBuildPipeline(client, g) g.Expect(len(pr.Finalizers)).Should(Equal(1)) g.Expect(client.Delete(ctx, pr)).Should(BeNil()) g.Expect(reconciler.Reconcile(ctx, reconcile.Request{NamespacedName: types.NamespacedName{Namespace: db.Namespace, Name: pr.Name}})) g.Expect(client.Get(ctx, types.NamespacedName{Name: pr.Name, Namespace: pr.Namespace}, pr)).ShouldNot(Succeed()) }) + // TODO: ### Either remove or replace with verification step *but* the contaminants/verification is all tied to the build pipeline in dependencybuild.go + /* + t.Run("Test reconcile building DependencyBuild with failed deploy pipeline", func(t *testing.T) { + g := NewGomegaWithT(t) + setup(g) + runSuccessfulBuild(g, client, ctx, reconciler, taskRunName) + + pr := getDeployPipeline(client, g) + pr.Status.CompletionTime = &metav1.Time{Time: time.Now()} + pr.Status.SetCondition(&apis.Condition{ + Type: apis.ConditionSucceeded, + Status: "False", + LastTransitionTime: apis.VolatileTime{Inner: metav1.Time{Time: time.Now()}}, + }) + g.Expect(client.Status().Update(ctx, pr)).Should(BeNil()) + g.Expect(reconciler.Reconcile(ctx, reconcile.Request{NamespacedName: types.NamespacedName{Name: pr.Name, Namespace: pr.Namespace}})) + db := getBuild(client, g) + g.Expect(db.Status.State).Should(Equal(v1alpha1.DependencyBuildStateFailed)) - t.Run("Test reconcile building DependencyBuild with failed deploy pipeline", func(t *testing.T) { - g := NewGomegaWithT(t) - setup(g) - runSuccessfulBuild(g, client, ctx, reconciler, taskRunName) - - pr := getDeployPipeline(client, g) - pr.Status.CompletionTime = &metav1.Time{Time: time.Now()} - pr.Status.SetCondition(&apis.Condition{ - Type: apis.ConditionSucceeded, - Status: "False", - LastTransitionTime: apis.VolatileTime{Inner: metav1.Time{Time: time.Now()}}, }) - g.Expect(client.Status().Update(ctx, pr)).Should(BeNil()) - g.Expect(reconciler.Reconcile(ctx, reconcile.Request{NamespacedName: types.NamespacedName{Name: pr.Name, Namespace: pr.Namespace}})) - db := getBuild(client, g) - g.Expect(db.Status.State).Should(Equal(v1alpha1.DependencyBuildStateFailed)) - }) + t.Run("Test reconcile building DependencyBuild with deleted deploy pipeline", func(t *testing.T) { + g := NewGomegaWithT(t) + setup(g) + runSuccessfulBuild(g, client, ctx, reconciler, taskRunName) - t.Run("Test reconcile building DependencyBuild with deleted deploy pipeline", func(t *testing.T) { - g := NewGomegaWithT(t) - setup(g) - runSuccessfulBuild(g, client, ctx, reconciler, taskRunName) + pr := getDeployPipeline(client, g) + g.Expect(client.Delete(ctx, pr)).Should(Succeed()) + g.Expect(reconciler.Reconcile(ctx, reconcile.Request{NamespacedName: types.NamespacedName{Name: pr.Name, Namespace: pr.Namespace}})) + db := getBuild(client, g) + g.Expect(db.Status.State).Should(Equal(v1alpha1.DependencyBuildStateFailed)) - pr := getDeployPipeline(client, g) - g.Expect(client.Delete(ctx, pr)).Should(Succeed()) - g.Expect(reconciler.Reconcile(ctx, reconcile.Request{NamespacedName: types.NamespacedName{Name: pr.Name, Namespace: pr.Namespace}})) - db := getBuild(client, g) - g.Expect(db.Status.State).Should(Equal(v1alpha1.DependencyBuildStateFailed)) - - }) + }) + */ t.Run("Test reconcile building DependencyBuild with failed pipeline", func(t *testing.T) { g := NewGomegaWithT(t) setup(g) @@ -583,7 +587,7 @@ func runSuccessfulBuild(g *WithT, client runtimeclient.Client, ctx context.Conte g.Expect(client.Status().Update(ctx, pr)).Should(BeNil()) g.Expect(reconciler.Reconcile(ctx, reconcile.Request{NamespacedName: taskRunName})) db := getBuild(client, g) - g.Expect(db.Status.State).Should(Equal(v1alpha1.DependencyBuildStateDeploying)) + g.Expect(db.Status.State).Should(Equal(v1alpha1.DependencyBuildStateComplete)) g.Expect(reconciler.Reconcile(ctx, reconcile.Request{NamespacedName: types.NamespacedName{Name: db.Name, Namespace: db.Namespace}})) }