1515 - name : interceptorImages
1616 description : List of cmd/* paths to be published as images in release manifest interceptors.yaml
1717 default : " interceptors"
18+ - name : koExtraArgs
19+ description : Extra args to be passed to ko
20+ default : " --preserve-import-paths"
1821 - name : versionTag
1922 description : The vX.Y.Z version that the artifacts should be tagged with (including `v`)
2023 - name : imageRegistry
2528 - name : imageRegistryRegions
2629 description : The target image registry regions
2730 default : " us eu asia"
31+ - name : imageRegistryUser
32+ description : Username to be used to login to the container registry
33+ default : " _json_key"
2834 - name : releaseAsLatest
2935 description : Whether to tag and publish this release as Triggers' latest
3036 default : " true"
@@ -49,41 +55,45 @@ spec:
4955 env :
5056 - name : " PROJECT_ROOT"
5157 value : " $(workspaces.source.path)"
52- - name : CONTAINER_REGISTY_CREDENTIALS
58+ - name : CONTAINER_REGISTRY_CREDENTIALS
5359 value : " $(workspaces.release-secret.path)/$(params.serviceAccountPath)"
5460 - name : CONTAINER_REGISTRY
5561 value : " $(params.imageRegistry)/$(params.imageRegistryPath)"
62+ - name : CONTAINER_REGISTRY_USER
63+ value : " $(params.imageRegistryUser)"
5664 - name : REGIONS
5765 value : " $(params.imageRegistryRegions)"
5866 - name : OUTPUT_RELEASE_DIR
5967 value : " $(workspaces.output.path)/$(params.versionTag)"
68+ - name : KO_EXTRA_ARGS
69+ value : " $(params.koExtraArgs)"
6070 results :
6171 # IMAGES result is picked up by Tekton Chains to sign the release.
6272 # See https://github.com/tektoncd/plumbing/blob/main/docs/signing.md for more info.
6373 - name : IMAGES
6474 steps :
6575
6676 - name : container-registy-auth
67- image : gcr.io/go-containerregistry /crane:debug
77+ image : cgr.dev/chainguard /crane:latest-dev@sha256:8ebcdd154abd06371886fee6583c7c9bbc4e88a2999c493266b1580f605e0e7c
6878 script : |
69- #!/busybox /sh
79+ #!/bin /sh
7080 set -ex
7181
7282 # Login to the container registry
73- DOCKER_CONFIG=$(cat ${CONTAINER_REGISTY_CREDENTIALS } | \
74- crane auth login -u _json_key --password-stdin $(params.imageRegistry) 2>&1 | \
83+ DOCKER_CONFIG=$(cat ${CONTAINER_REGISTRY_CREDENTIALS } | \
84+ crane auth login -u ${CONTAINER_REGISTRY_USER} --password-stdin $(params.imageRegistry) 2>&1 | \
7585 sed 's,^.*logged in via \(.*\)$,\1,g')
7686
7787 # Auth with account credentials for all regions.
7888 for region in ${REGIONS}
7989 do
8090 HOSTNAME=${region}.$(params.imageRegistry)
81- cat ${CONTAINER_REGISTY_CREDENTIALS } | crane auth login -u _json_key --password-stdin ${HOSTNAME}
91+ cat ${CONTAINER_REGISTRY_CREDENTIALS } | crane auth login -u ${CONTAINER_REGISTRY_USER} --password-stdin ${HOSTNAME}
8292 done
8393 cp ${DOCKER_CONFIG} /workspace/docker-config.json
8494
8595 - name : run-ko
86- image : gcr.io/tekton-releases/dogfooding/ko@sha256:9ee3ae5273b1f55bf01ba71bd79b5a4a9d357c51c0fdabf1efec8bd7e7087983
96+ image : gcr.io/tekton-releases/dogfooding/ko@sha256:8c4dbc57bcfd4c0a68f62c42da3f22932b0f3f54d4724c65841ad78406bc09ad
8797 env :
8898 - name : KO_DOCKER_REPO
8999 value : $(params.imageRegistry)/$(params.imageRegistryPath)
@@ -104,7 +114,7 @@ spec:
104114 # For each cmd/* directory, include a full gzipped tar of all source in
105115 # vendor/. This is overkill. Some deps' licenses require the source to be
106116 # included in the container image when they're used as a dependency.
107- # Rather than trying to determine which deps have this requirement (an(params.imageRegistryd
117+ # Rather than trying to determine which deps have this requirement (and
108118 # probably get it wrong), we'll just targz up the whole vendor tree and
109119 # include it. As of 9/20/2019, this amounts to about 11MB of additional
110120 # data in each image.
@@ -116,60 +126,99 @@ spec:
116126 fi
117127 done
118128
119- # Rewrite "devel" to params.versionTag
120- sed -i -e 's/\(triggers.tekton.dev\/release\): "devel"/\1: "$(params.versionTag)"/g' -e 's/\(app.kubernetes.io\/version\): "devel"/\1: "$(params.versionTag)"/g' -e 's/\(version\): "devel"/\1: "$(params.versionTag)"/g' ${PROJECT_ROOT}/config/*.yaml
121- sed -i -e 's/\(triggers.tekton.dev\/release\): "devel"/\1: "$(params.versionTag)"/g' -e 's/\(app.kubernetes.io\/version\): "devel"/\1: "$(params.versionTag)"/g' -e 's/\(version\): "devel"/\1: "$(params.versionTag)"/g' ${PROJECT_ROOT}/config/interceptors/*.yaml
122129 # Publish images and create release.yaml
123130 mkdir -p $OUTPUT_RELEASE_DIR
124131
125- ko resolve --platform=$(params.platforms) --preserve-import-paths -t $(params.versionTag) -f ${PROJECT_ROOT}/config/ > $OUTPUT_RELEASE_DIR/release.yaml
126- ko resolve --platform=$(params.platforms) --preserve-import-paths -t $(params.versionTag) -f ${PROJECT_ROOT}/config/interceptors > $OUTPUT_RELEASE_DIR/interceptors.yaml
132+ # Make a local git tag to make git status happy :)
133+ # The real "tagging" will happen with the "create-release" pipeline.
134+ git tag $(params.versionTag)
135+
136+ ko resolve \
137+ --image-label=org.opencontainers.image.source=https://$(params.package) \
138+ --platform=$(params.platforms) \
139+ -t $(params.versionTag) ${KO_EXTRA_ARGS} \
140+ -f ${PROJECT_ROOT}/config/ > $OUTPUT_RELEASE_DIR/release.yaml
141+ ko resolve \
142+ --image-label=org.opencontainers.image.source=https://$(params.package) \
143+ --platform=$(params.platforms) ${KO_EXTRA_ARGS} \
144+ -t $(params.versionTag) \
145+ -f ${PROJECT_ROOT}/config/interceptors > $OUTPUT_RELEASE_DIR/interceptors.yaml
146+
127147 # Publish images and create release.notags.yaml
128148 # This is useful if your container runtime doesn't support the `image-reference:tag@digest` notation
129149 # This is currently the case for `cri-o` (and most likely others)
130- ko resolve --platform=$(params.platforms) --preserve-import-paths -t $(params.versionTag) -f ${PROJECT_ROOT}/config/ > $OUTPUT_RELEASE_DIR/release.notags.yaml
131- ko resolve --platform=$(params.platforms) --preserve-import-paths -t $(params.versionTag) -f ${PROJECT_ROOT}/config/interceptors > $OUTPUT_RELEASE_DIR/interceptors.notags.yaml
150+ ko resolve \
151+ --image-label=org.opencontainers.image.source=https://$(params.package) \
152+ --platform=$(params.platforms) ${KO_EXTRA_ARGS} \
153+ -f ${PROJECT_ROOT}/config/ > $OUTPUT_RELEASE_DIR/release.notags.yaml
154+ ko resolve \
155+ --image-label=org.opencontainers.image.source=https://$(params.package) \
156+ --platform=$(params.platforms) ${KO_EXTRA_ARGS} \
157+ -f ${PROJECT_ROOT}/config/interceptors > $OUTPUT_RELEASE_DIR/interceptors.notags.yaml
132158
159+ # Rewrite "devel" to params.versionTag
160+ sed -i -e 's/\(triggers.tekton.dev\/release\): "devel"/\1: "$(params.versionTag)"/g' -e 's/\(app.kubernetes.io\/version\): "devel"/\1: "$(params.versionTag)"/g' -e 's/\(version\): "devel"/\1: "$(params.versionTag)"/g' ${OUTPUT_RELEASE_DIR}/release.yaml
161+ sed -i -e 's/\(triggers.tekton.dev\/release\): "devel"/\1: "$(params.versionTag)"/g' -e 's/\(app.kubernetes.io\/version\): "devel"/\1: "$(params.versionTag)"/g' -e 's/\(version\): "devel"/\1: "$(params.versionTag)"/g' ${OUTPUT_RELEASE_DIR}/release.notags.yaml
162+ sed -i -e 's/\(triggers.tekton.dev\/release\): "devel"/\1: "$(params.versionTag)"/g' -e 's/\(app.kubernetes.io\/version\): "devel"/\1: "$(params.versionTag)"/g' -e 's/\(version\): "devel"/\1: "$(params.versionTag)"/g' ${OUTPUT_RELEASE_DIR}/interceptors.yaml
163+ sed -i -e 's/\(triggers.tekton.dev\/release\): "devel"/\1: "$(params.versionTag)"/g' -e 's/\(app.kubernetes.io\/version\): "devel"/\1: "$(params.versionTag)"/g' -e 's/\(version\): "devel"/\1: "$(params.versionTag)"/g' ${OUTPUT_RELEASE_DIR}/interceptors.notags.yaml
133164 - name : koparse
134- image : gcr.io/tekton-releases/dogfooding/koparse:latest
165+ image : gcr.io/tekton-releases/dogfooding/koparse@sha256:ae363d70e3c2fb75e96aaeb561dcea20383c27a47f0266c8179bbb72b89c2430
135166 script : |
136167 set -ex
137168
138- IMAGES_PATH=${CONTAINER_REGISTRY}/$(params.package)
169+ # Find "--preserve-import-paths" in a list of args
170+ function find_preserve_import_path() {
171+ for arg in $@; do
172+ if [[ "$arg" == "--preserve-import-paths" ]]; then
173+ return 0
174+ fi
175+ done
176+ return 1
177+ }
178+
179+ # If "--preserve-import-paths" is used, include "package" in the expected path
180+ find_preserve_import_path \
181+ $(echo $KO_EXTRA_ARGS) && \
182+ PRESERVE_IMPORT_PATH="--preserve-path" || \
183+ PRESERVE_IMPORT_PATH="--no-preserve-path"
139184
140185 for cmd in $(params.images)
141186 do
142- IMAGES="${IMAGES} ${IMAGES_PATH} /cmd/${cmd}:$(params.versionTag)"
187+ IMAGES="${IMAGES} $(params.package) /cmd/${cmd}:$(params.versionTag)"
143188 done
144189
145190 # Parse the built images from the release.yaml generated by ko
146191 koparse \
147192 --path $OUTPUT_RELEASE_DIR/release.yaml \
148- --base ${IMAGES_PATH} --images ${IMAGES} > /workspace/built_images
193+ --base $(params.package) \
194+ --container-registry ${CONTAINER_REGISTRY} \
195+ --images ${IMAGES} \
196+ ${PRESERVE_IMPORT_PATH} > /workspace/built_images
149197
150198 for cmd in $(params.interceptorImages)
151199 do
152- INTERCEPTOR_IMAGES="${INTERCEPTOR_IMAGES} ${IMAGES_PATH} /cmd/${cmd}:$(params.versionTag)"
200+ INTERCEPTOR_IMAGES="${INTERCEPTOR_IMAGES} $(params.package) /cmd/${cmd}:$(params.versionTag)"
153201 done
154202
155203 # Parse the built images from the interceptor.yaml generated by ko
156204 koparse \
157205 --path $OUTPUT_RELEASE_DIR/interceptors.yaml \
158- --base ${IMAGES_PATH} --images ${INTERCEPTOR_IMAGES} >> /workspace/built_images
206+ --base $(params.package) \
207+ --container-registry ${CONTAINER_REGISTRY} \
208+ --images ${INTERCEPTOR_IMAGES} \
209+ ${PRESERVE_IMPORT_PATH} >> /workspace/built_images
159210
160211 - name : tag-images
161- image : gcr.io/go-containerregistry /crane:debug
212+ image : cgr.dev/chainguard /crane:latest-dev@sha256:8ebcdd154abd06371886fee6583c7c9bbc4e88a2999c493266b1580f605e0e7c
162213 script : |
163- #!/busybox /sh
214+ #!/bin /sh
164215 set -ex
165216
166217 # Setup docker-auth
167218 DOCKER_CONFIG=~/.docker
168219 mkdir -p ${DOCKER_CONFIG}
169220 cp /workspace/docker-config.json ${DOCKER_CONFIG}/config.json
170221
171- REGIONS="us eu asia"
172-
173222 # Tag the images and put them in all the regions
174223 for IMAGE in $(cat /workspace/built_images)
175224 do
0 commit comments