Fix konflux index and bundle cel expressions to avoid build loops (#2924

) * [release-1.35] Sync Konflux configurations * Long string fix Signed-off-by: Pierangelo Di Pilato <[email protected]> --------- Signed-off-by: Pierangelo Di Pilato <[email protected]> Co-authored-by: serverless-qe <[email protected]>
openshift-knative · Oct 8, 2024 · 5f36e53 · 5f36e53
1 parent b48e36f
commit 5f36e53
Show file tree

Hide file tree

Showing 22 changed files with 87 additions and 85 deletions.
diff --git a/.tekton/docker-build.yaml b/.tekton/docker-build.yaml
@@ -50,6 +50,10 @@ spec:
     - name: workspace
       workspace: workspace
   params:
+  - default: --all-projects --org=3e1a4cca-ebfb-495f-b64c-3cc960d566b4 --exclude=test*,vendor,third_party
+    description: Append arguments to Snyk code command.
+    name: snyk-args
+    type: string
   - default: "true"
     description: Build a source image.
     name: build-source-image
@@ -128,6 +132,33 @@ spec:
     name: CHAINS-GIT_COMMIT
     value: $(tasks.clone-repository.results.commit)
   tasks:
+  - name: sast-snyk-check
+    params:
+    - name: ARGS
+      value: $(params.snyk-args)
+    - name: image-digest
+      value: $(tasks.build-image-index.results.IMAGE_DIGEST)
+    - name: image-url
+      value: $(tasks.build-image-index.results.IMAGE_URL)
+    runAfter:
+    - build-image-index
+    taskRef:
+      params:
+      - name: name
+        value: sast-snyk-check
+      - name: bundle
+        value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2@sha256:82c42d27c9c59db6cf6c235e89f7b37f5cdfc75d0d361ca0ee91ae703ba72301
+      - name: kind
+        value: task
+      resolver: bundles
+    when:
+    - input: $(params.skip-checks)
+      operator: in
+      values:
+      - "false"
+    workspaces:
+    - name: workspace
+      workspace: workspace
   - name: prefetch-dependencies
     params:
     - name: dev-package-managers
@@ -378,31 +409,6 @@ spec:
       operator: in
       values:
       - "false"
-  - name: sast-snyk-check
-    params:
-    - name: image-digest
-      value: $(tasks.build-image-index.results.IMAGE_DIGEST)
-    - name: image-url
-      value: $(tasks.build-image-index.results.IMAGE_URL)
-    runAfter:
-    - build-image-index
-    taskRef:
-      params:
-      - name: name
-        value: sast-snyk-check
-      - name: bundle
-        value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.2@sha256:82c42d27c9c59db6cf6c235e89f7b37f5cdfc75d0d361ca0ee91ae703ba72301
-      - name: kind
-        value: task
-      resolver: bundles
-    when:
-    - input: $(params.skip-checks)
-      operator: in
-      values:
-      - "false"
-    workspaces:
-    - name: workspace
-      workspace: workspace
   - name: clamav-scan
     params:
     - name: image-digest

diff --git a/.tekton/fbc-builder.yaml b/.tekton/fbc-builder.yaml
@@ -86,7 +86,7 @@ spec:
     description: Skip checks against built image
     name: skip-checks
     type: string
-  - default: "false"
+  - default: "true"
     description: Execute the build with network isolation
     name: hermetic
     type: string
@@ -116,39 +116,6 @@ spec:
     name: CHAINS-GIT_COMMIT
     value: $(tasks.clone-repository.results.commit)
   tasks:
-  - name: build-container
-    params:
-    - name: HERMETIC
-      value: $(params.hermetic)
-    - name: IMAGE
-      value: $(params.output-image)
-    - name: DOCKERFILE
-      value: $(params.dockerfile)
-    - name: CONTEXT
-      value: $(params.path-context)
-    - name: IMAGE_EXPIRES_AFTER
-      value: $(params.image-expires-after)
-    - name: COMMIT_SHA
-      value: $(tasks.clone-repository.results.commit)
-    runAfter:
-    - clone-repository
-    taskRef:
-      params:
-      - name: name
-        value: buildah
-      - name: bundle
-        value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.2@sha256:a523f60203d90e149f96ec776b47ce85a7acfd6d634ddfc18f4a03f14e08ea0e
-      - name: kind
-        value: task
-      resolver: bundles
-    when:
-    - input: $(tasks.init.results.build)
-      operator: in
-      values:
-      - "true"
-    workspaces:
-    - name: source
-      workspace: workspace
   - name: apply-tags
     params:
     - name: ADDITIONAL_TAGS
@@ -210,6 +177,39 @@ spec:
       workspace: workspace
     - name: basic-auth
       workspace: git-auth
+  - name: build-container
+    params:
+    - name: IMAGE
+      value: $(params.output-image)
+    - name: DOCKERFILE
+      value: $(params.dockerfile)
+    - name: CONTEXT
+      value: $(params.path-context)
+    - name: HERMETIC
+      value: $(params.hermetic)
+    - name: IMAGE_EXPIRES_AFTER
+      value: $(params.image-expires-after)
+    - name: COMMIT_SHA
+      value: $(tasks.clone-repository.results.commit)
+    runAfter:
+    - clone-repository
+    taskRef:
+      params:
+      - name: name
+        value: buildah
+      - name: bundle
+        value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.2@sha256:a523f60203d90e149f96ec776b47ce85a7acfd6d634ddfc18f4a03f14e08ea0e
+      - name: kind
+        value: task
+      resolver: bundles
+    when:
+    - input: $(tasks.init.results.build)
+      operator: in
+      values:
+      - "true"
+    workspaces:
+    - name: source
+      workspace: workspace
   - name: build-image-index
     params:
     - name: IMAGE

diff --git a/.tekton/serverless-bundle-135-pull-request.yaml b/.tekton/serverless-bundle-135-pull-request.yaml
@@ -7,8 +7,7 @@ metadata:
     build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}'
     build.appstudio.redhat.com/target_branch: '{{target_branch}}'
     pipelinesascode.tekton.dev/max-keep-runs: "3"
-    pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
-      == "main" 
+    pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main" && ( files.all.exists(x, x.matches('^olm-catalog/serverless-operator/')) || files.all.exists(x, x.matches('^.tekton/')) )
   creationTimestamp: null
   labels:
     appstudio.openshift.io/application: serverless-operator-135

diff --git a/.tekton/serverless-bundle-135-push.yaml b/.tekton/serverless-bundle-135-push.yaml
@@ -6,8 +6,7 @@ metadata:
     build.appstudio.redhat.com/commit_sha: '{{revision}}'
     build.appstudio.redhat.com/target_branch: '{{target_branch}}'
     pipelinesascode.tekton.dev/max-keep-runs: "3"
-    pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
-      == "main" 
+    pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main" && ( files.all.exists(x, x.matches('^olm-catalog/serverless-operator/')) || files.all.exists(x, x.matches('^.tekton/')) )
   creationTimestamp: null
   labels:
     appstudio.openshift.io/application: serverless-operator-135

diff --git a/.tekton/serverless-index-135-pull-request.yaml b/.tekton/serverless-index-135-pull-request.yaml
@@ -7,8 +7,7 @@ metadata:
     build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}'
     build.appstudio.redhat.com/target_branch: '{{target_branch}}'
     pipelinesascode.tekton.dev/max-keep-runs: "3"
-    pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
-      == "main" 
+    pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "main" && ( files.all.exists(x, x.matches('^olm-catalog/serverless-operator-index/')) || files.all.exists(x, x.matches('^.tekton/')) )
   creationTimestamp: null
   labels:
     appstudio.openshift.io/application: serverless-operator-135
@@ -19,7 +18,7 @@ metadata:
 spec:
   params:
     - name: dockerfile
-      value: olm-catalog/serverless-operator/index/Dockerfile
+      value: olm-catalog/serverless-operator-index/Dockerfile
     - name: build-args
       value: [ VERSION=1.35.0, ]
     - name: git-url

diff --git a/.tekton/serverless-index-135-push.yaml b/.tekton/serverless-index-135-push.yaml
@@ -6,8 +6,7 @@ metadata:
     build.appstudio.redhat.com/commit_sha: '{{revision}}'
     build.appstudio.redhat.com/target_branch: '{{target_branch}}'
     pipelinesascode.tekton.dev/max-keep-runs: "3"
-    pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
-      == "main" 
+    pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main" && ( files.all.exists(x, x.matches('^olm-catalog/serverless-operator-index/')) || files.all.exists(x, x.matches('^.tekton/')) )
   creationTimestamp: null
   labels:
     appstudio.openshift.io/application: serverless-operator-135
@@ -18,7 +17,7 @@ metadata:
 spec:
   params:
     - name: dockerfile
-      value: olm-catalog/serverless-operator/index/Dockerfile
+      value: olm-catalog/serverless-operator-index/Dockerfile
     - name: build-args
       value: [ VERSION=1.35.0, ]
     - name: git-url

diff --git a/.tekton/serverless-ingress-135-pull-request.yaml b/.tekton/serverless-ingress-135-pull-request.yaml
@@ -8,7 +8,7 @@ metadata:
     build.appstudio.redhat.com/target_branch: '{{target_branch}}'
     pipelinesascode.tekton.dev/max-keep-runs: "3"
     pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
-      == "main" 
+      == "main" && ( files.all.exists(x, !x.matches('^olm-catalog/')) || files.all.exists(x, x.matches('^.tekton/')) )
   creationTimestamp: null
   labels:
     appstudio.openshift.io/application: serverless-operator-135

diff --git a/.tekton/serverless-ingress-135-push.yaml b/.tekton/serverless-ingress-135-push.yaml
@@ -7,7 +7,7 @@ metadata:
     build.appstudio.redhat.com/target_branch: '{{target_branch}}'
     pipelinesascode.tekton.dev/max-keep-runs: "3"
     pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
-      == "main" 
+      == "main" && ( files.all.exists(x, !x.matches('^olm-catalog/')) || files.all.exists(x, x.matches('^.tekton/')) )
   creationTimestamp: null
   labels:
     appstudio.openshift.io/application: serverless-operator-135

diff --git a/.tekton/serverless-kn-operator-135-pull-request.yaml b/.tekton/serverless-kn-operator-135-pull-request.yaml
@@ -8,7 +8,7 @@ metadata:
     build.appstudio.redhat.com/target_branch: '{{target_branch}}'
     pipelinesascode.tekton.dev/max-keep-runs: "3"
     pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
-      == "main" && files.all.exists(x, !x.matches('^olm-catalog/|^openshift-knative-operator/'))
+      == "main" && ( files.all.exists(x, !x.matches('^olm-catalog/')) || files.all.exists(x, x.matches('^.tekton/')) )
   creationTimestamp: null
   labels:
     appstudio.openshift.io/application: serverless-operator-135

diff --git a/.tekton/serverless-kn-operator-135-push.yaml b/.tekton/serverless-kn-operator-135-push.yaml
@@ -7,7 +7,7 @@ metadata:
     build.appstudio.redhat.com/target_branch: '{{target_branch}}'
     pipelinesascode.tekton.dev/max-keep-runs: "3"
     pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
-      == "main" && files.all.exists(x, !x.matches('^olm-catalog/|^openshift-knative-operator/'))
+      == "main" && ( files.all.exists(x, !x.matches('^olm-catalog/')) || files.all.exists(x, x.matches('^.tekton/')) )
   creationTimestamp: null
   labels:
     appstudio.openshift.io/application: serverless-operator-135

diff --git a/.tekton/serverless-metadata-webhook-135-pull-request.yaml b/.tekton/serverless-metadata-webhook-135-pull-request.yaml
@@ -8,7 +8,7 @@ metadata:
     build.appstudio.redhat.com/target_branch: '{{target_branch}}'
     pipelinesascode.tekton.dev/max-keep-runs: "3"
     pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
-      == "main" 
+      == "main" && ( files.all.exists(x, !x.matches('^olm-catalog/')) || files.all.exists(x, x.matches('^.tekton/')) )
   creationTimestamp: null
   labels:
     appstudio.openshift.io/application: serverless-operator-135

diff --git a/.tekton/serverless-metadata-webhook-135-push.yaml b/.tekton/serverless-metadata-webhook-135-push.yaml
@@ -7,7 +7,7 @@ metadata:
     build.appstudio.redhat.com/target_branch: '{{target_branch}}'
     pipelinesascode.tekton.dev/max-keep-runs: "3"
     pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
-      == "main" 
+      == "main" && ( files.all.exists(x, !x.matches('^olm-catalog/')) || files.all.exists(x, x.matches('^.tekton/')) )
   creationTimestamp: null
   labels:
     appstudio.openshift.io/application: serverless-operator-135

diff --git a/.tekton/serverless-openshift-kn-operator-135-pull-request.yaml b/.tekton/serverless-openshift-kn-operator-135-pull-request.yaml
@@ -8,7 +8,7 @@ metadata:
     build.appstudio.redhat.com/target_branch: '{{target_branch}}'
     pipelinesascode.tekton.dev/max-keep-runs: "3"
     pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
-      == "main" && files.all.exists(x, !x.matches('^olm-catalog/|^knative-operator/'))
+      == "main" && ( files.all.exists(x, !x.matches('^olm-catalog/')) || files.all.exists(x, x.matches('^.tekton/')) )
   creationTimestamp: null
   labels:
     appstudio.openshift.io/application: serverless-operator-135

diff --git a/.tekton/serverless-openshift-kn-operator-135-push.yaml b/.tekton/serverless-openshift-kn-operator-135-push.yaml
@@ -7,7 +7,7 @@ metadata:
     build.appstudio.redhat.com/target_branch: '{{target_branch}}'
     pipelinesascode.tekton.dev/max-keep-runs: "3"
     pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
-      == "main" && files.all.exists(x, !x.matches('^olm-catalog/|^knative-operator/'))
+      == "main" && ( files.all.exists(x, !x.matches('^olm-catalog/')) || files.all.exists(x, x.matches('^.tekton/')) )
   creationTimestamp: null
   labels:
     appstudio.openshift.io/application: serverless-operator-135

diff --git a/Makefile b/Makefile
@@ -303,9 +303,9 @@ release-files: install-tool-sobranch install-tool-skopeo
 		openshift/ci-operator/build-image/Dockerfile
 	./hack/generate/dockerfile.sh \
  		templates/index.Dockerfile \
-		olm-catalog/serverless-operator/index/Dockerfile
+		olm-catalog/serverless-operator-index/Dockerfile
 	./hack/generate/index.sh \
-		olm-catalog/serverless-operator/index/configs/index.yaml
+		olm-catalog/serverless-operator-index/configs/index.yaml
 	./hack/generate/quickstart.sh \
 		templates/serverless-application-quickstart.yaml \
 		knative-operator/deploy/resources/quickstart/serverless-application-quickstart.yaml

diff --git a/hack/lib/catalogsource.bash b/hack/lib/catalogsource.bash
@@ -65,7 +65,7 @@ function install_catalogsource {
     # will push images to ${OLM_NAMESPACE} namespace, allow the ${OPERATORS_NAMESPACE} namespace to pull those images.
     oc adm policy add-role-to-group system:image-puller system:serviceaccounts:"${OPERATORS_NAMESPACE}" --namespace "${OLM_NAMESPACE}"
 
-    local index_dorkerfile_path="olm-catalog/serverless-operator/index/Dockerfile"
+    local index_dorkerfile_path="olm-catalog/serverless-operator-index/Dockerfile"
 
     logger.debug "Create a backup of the index Dockerfile."
     cp "${index_dorkerfile_path}" "${rootdir}/_output/bkp.Dockerfile"

diff --git a/hack/lib/serverless.bash b/hack/lib/serverless.bash
@@ -17,7 +17,7 @@ function ensure_serverless_installed {
   local csv
   if [[ "${INSTALL_OLDEST_COMPATIBLE}" == "true" ]]; then
     rootdir="$(dirname "$(dirname "$(dirname "$(realpath "${BASH_SOURCE[0]}")")")")"
-    csv=$(yq read --doc 0 "$rootdir/olm-catalog/serverless-operator/index/configs/index.yaml" 'entries[-1].name')
+    csv=$(yq read --doc 0 "$rootdir/olm-catalog/serverless-operator-index/configs/index.yaml" 'entries[-1].name')
   elif [[ "${INSTALL_PREVIOUS_VERSION}" == "true" ]]; then
     csv="$PREVIOUS_CSV"
   else

diff --git a/hack/verify-diff.sh b/hack/verify-diff.sh
@@ -3,7 +3,7 @@
 # Define the files to exclude
 readonly EXCLUDE_FILES=(
   'olm-catalog/serverless-operator/manifests/serverless-operator.clusterserviceversion.yaml'
-  'olm-catalog/serverless-operator/index/Dockerfile'
+  'olm-catalog/serverless-operator-index/Dockerfile'
   'test/images-rekt.yaml'
 )
 # Define the patterns to exclude

diff --git a/...alog/serverless-operator/index/Dockerfile → ...alog/serverless-operator-index/Dockerfile b/...alog/serverless-operator/index/Dockerfile → ...alog/serverless-operator-index/Dockerfile
@@ -5,7 +5,7 @@ FROM registry.access.redhat.com/ubi9/ubi-minimal as builder
 COPY --from=opm /bin/opm /bin/opm
 
 # Copy declarative config root into image at /configs
-COPY olm-catalog/serverless-operator/index/configs /configs
+COPY olm-catalog/serverless-operator-index/configs /configs
 
 RUN /bin/opm init serverless-operator --default-channel=stable --output yaml >> /configs/index.yaml
 RUN /bin/opm render --skip-tls-verify -o yaml \

diff --git a/...verless-operator/index/configs/index.yaml → ...verless-operator-index/configs/index.yaml b/...verless-operator/index/configs/index.yaml → ...verless-operator-index/configs/index.yaml
diff --git a/templates/index.Dockerfile b/templates/index.Dockerfile
@@ -5,7 +5,7 @@ FROM registry.access.redhat.com/ubi9/ubi-minimal as builder
 COPY --from=opm /bin/opm /bin/opm
 
 # Copy declarative config root into image at /configs
-COPY olm-catalog/serverless-operator/index/configs /configs
+COPY olm-catalog/serverless-operator-index/configs /configs
 
 RUN /bin/opm init serverless-operator --default-channel=__DEFAULT_CHANNEL__ --output yaml >> /configs/index.yaml
 RUN /bin/opm render --skip-tls-verify -o yaml \

diff --git a/test/lib.bash b/test/lib.bash
@@ -539,7 +539,7 @@ EOF
 function kitchensink_csvs {
   local csvs csvs_rev
   # shellcheck disable=SC2034,SC2207
-  csvs=( $(yq read --doc 0 "$rootdir/olm-catalog/serverless-operator/index/configs/index.yaml" 'entries[*].name') )
+  csvs=( $(yq read --doc 0 "$rootdir/olm-catalog/serverless-operator-index/configs/index.yaml" 'entries[*].name') )
 
   array.reverse csvs csvs_rev
   # Remove first CSV as this is already installed.