📂 update OpenShift specific files

openshift-knative · Apr 5, 2024 · eb7969a · eb7969a
1 parent bc14637
commit eb7969a
Show file tree

Hide file tree

Showing 23 changed files with 9,480 additions and 8,509 deletions.
diff --git a/.github/workflows/test-e2e-oncluster-runtime.yaml b/.github/workflows/test-e2e-oncluster-runtime.yaml
@@ -25,6 +25,11 @@ jobs:
         run: ./hack/allocate.sh
       - name: Setup testing images
         run: ./hack/setup-testing-images.sh
+      - name: Install RH pull secrets for KinD cluster
+        env:
+          RH_REG_USR: ${{ secrets.RH_REG_USR }}
+          RH_REG_PWD: ${{ secrets.RH_REG_PWD }}
+        run: ./hack/install-pull-secrets.sh
       - name: Deploy Tekton
         run: ./hack/install-tekton.sh
       - name: Deploy Test Git Server

diff --git a/.github/workflows/test-e2e-oncluster.yaml b/.github/workflows/test-e2e-oncluster.yaml
@@ -23,6 +23,11 @@ jobs:
         run: ./hack/allocate.sh
       - name: Setup testing images
         run: ./hack/setup-testing-images.sh
+      - name: Install RH pull secrets for KinD cluster
+        env:
+          RH_REG_USR: ${{ secrets.RH_REG_USR }}
+          RH_REG_PWD: ${{ secrets.RH_REG_PWD }}
+        run: ./hack/install-pull-secrets.sh
       - name: Deploy Tekton
         run: ./hack/install-tekton.sh
       - name: Deploy Test Git Server

diff --git a/generate/zz_filesystem_generated.go b/generate/zz_filesystem_generated.go
diff --git a/hack/install-pull-secrets.sh b/hack/install-pull-secrets.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+main() {
+  local -r tmp_docker_config="$(mktemp config.json-XXXXXXXX)"
+
+  cat <<EOF > "${tmp_docker_config}"
+{
+  "auths": {
+    "registry.redhat.io": {
+      "auth": "$(echo -n "${RH_REG_USR}:${RH_REG_PWD}" | base64 -w0)"
+    }
+  }
+}
+EOF
+
+  local node
+  for node in $(kind get nodes --name "func"); do
+    tar -cf - "${tmp_docker_config}" --transform="flags=r;s|${tmp_docker_config}|config.json|" | \
+      docker cp - "${node}:/var/lib/kubelet/"
+  done
+  rm "${tmp_docker_config}"
+}
+
+main "$@"
diff --git a/hack/openshift-pipelines.sh b/hack/openshift-pipelines.sh
@@ -0,0 +1,85 @@
+#!/usr/bin/env bash
+
+# Copyright 2022 The OpenShift Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+# source of tasks (in this case to the project root folder)
+source_path=$(dirname $(cd $(dirname $0) && pwd ))
+
+openshift_pipelines() {
+  echo "Installing Openshift Pipelines..."
+
+  PIPELINE_OPERATOR_DEFAULT_CHANNEL=$(oc get packagemanifests openshift-pipelines-operator-rh -n openshift-marketplace -o json | jq '.status.defaultChannel' | tr -d '"')
+  PIPELINE_OPERATOR_CHANNEL=${PIPELINE_OPERATOR_CHANNEL:-${PIPELINE_OPERATOR_DEFAULT_CHANNEL}}
+  PIPELINE_TARGET_VERSION=$(oc get packagemanifests openshift-pipelines-operator-rh -n openshift-marketplace -o json | CHANNEL=$PIPELINE_OPERATOR_CHANNEL jq '.status.channels[] | select(.name==env.CHANNEL) | .currentCSV')
+
+  echo Channel: $PIPELINE_OPERATOR_CHANNEL Target Version: $PIPELINE_TARGET_VERSION 
+
+  cat << EOF | oc apply -f -
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: openshift-pipelines-operator-rh
+  namespace: openshift-operators
+spec:
+  channel: $PIPELINE_OPERATOR_CHANNEL
+  name: openshift-pipelines-operator-rh
+  source: redhat-operators
+  sourceNamespace: openshift-marketplace
+EOF
+
+}
+
+wait_pipelines_ready() {
+  echo "Waiting for Openshift Pipeline to get ready..."
+  rc=1
+  set +e
+  for i in $(seq 5); do
+    oc wait subscription.operators.coreos.com/openshift-pipelines-operator-rh -n openshift-operators --for=jsonpath='{.status.state}'="AtLatestKnown" --timeout=60s && \
+        oc wait pod --for=condition=Ready --timeout=180s -n openshift-pipelines -l "app=tekton-pipelines-controller" && \
+        oc wait pod --for=condition=Ready --timeout=180s -n openshift-pipelines -l "app=tekton-pipelines-webhook" && \
+        rc=0 && break || (echo "Conditions are not matched. Retrying in 10 secs" && sleep 10)
+  done
+  set -e
+  if (( $rc )); then
+    echo "Installing Openshift pipelines has failed"
+    exit 1
+  fi
+}
+
+tekton_tasks() {
+  echo "Creating Pipeline tasks..."
+  oc apply -f ${source_path}/pkg/pipelines/resources/tekton/task/func-deploy/0.1/func-deploy.yaml
+  oc apply -f ${source_path}/pkg/pipelines/resources/tekton/task/func-s2i/0.1/func-s2i.yaml
+  oc apply -f ${source_path}/pkg/pipelines/resources/tekton/task/func-buildpacks/0.1/func-buildpacks.yaml
+}
+
+tasks_only=false
+if [[ $# -ge 1 && "$1" == "--tasks-only" ]]; then
+  tasks_only=true
+elif [[ $# -ge 1 ]]; then
+  echo "Unknown parameters, use '--tasks-only' to only install Tekton Tasks"
+fi
+
+if [ $tasks_only = false ] ; then
+  openshift_pipelines
+  wait_pipelines_ready
+fi
+tekton_tasks
+
+echo Done
diff --git a/openshift/patches/0001-default-build.patch b/openshift/patches/0001-default-build.patch
@@ -0,0 +1,13 @@
+diff --git a/pkg/builders/builders.go b/pkg/builders/builders.go
+index e172834c..44d00311 100644
+--- a/pkg/builders/builders.go
++++ b/pkg/builders/builders.go
+@@ -16,7 +16,7 @@ const (
+ 	Host    = "host"
+ 	Pack    = "pack"
+ 	S2I     = "s2i"
+-	Default = Pack
++	Default = S2I
+ )
+
+ // Known builder names with a pretty-printed string representation
diff --git a/openshift/patches/0005-tekton-pipelines.patch b/openshift/patches/0005-tekton-pipelines.patch
@@ -0,0 +1,42 @@
+diff --git a/pkg/pipelines/resources/tekton/task/func-buildpacks/0.1/func-buildpacks.yaml b/pkg/pipelines/resources/tekton/task/func-buildpacks/0.1/func-buildpacks.yaml
+index ee227cf7..ac42d639 100644
+--- a/pkg/pipelines/resources/tekton/task/func-buildpacks/0.1/func-buildpacks.yaml
++++ b/pkg/pipelines/resources/tekton/task/func-buildpacks/0.1/func-buildpacks.yaml
+@@ -1,6 +1,6 @@
+ ---
+ apiVersion: tekton.dev/v1beta1
+-kind: Task
++kind: ClusterTask
+ metadata:
+   name: func-buildpacks
+   labels:
+diff --git a/pkg/pipelines/resources/tekton/task/func-deploy/0.1/func-deploy.yaml b/pkg/pipelines/resources/tekton/task/func-deploy/0.1/func-deploy.yaml
+index c58ff568..4658f04f 100644
+--- a/pkg/pipelines/resources/tekton/task/func-deploy/0.1/func-deploy.yaml
++++ b/pkg/pipelines/resources/tekton/task/func-deploy/0.1/func-deploy.yaml
+@@ -1,5 +1,5 @@
+ apiVersion: tekton.dev/v1beta1
+-kind: Task
++kind: ClusterTask
+ metadata:
+   name: func-deploy
+   labels:
+diff --git a/pkg/pipelines/resources/tekton/task/func-s2i/0.1/func-s2i.yaml b/pkg/pipelines/resources/tekton/task/func-s2i/0.1/func-s2i.yaml
+index bf90adfa..7f9fe8fc 100644
+--- a/pkg/pipelines/resources/tekton/task/func-s2i/0.1/func-s2i.yaml
++++ b/pkg/pipelines/resources/tekton/task/func-s2i/0.1/func-s2i.yaml
+@@ -1,5 +1,5 @@
+ apiVersion: tekton.dev/v1beta1
+-kind: Task
++kind: ClusterTask
+ metadata:
+   name: func-s2i
+   labels:
+@@ -26,6 +26,7 @@ spec:
+       description: Reference of the image S2I will produce.
+     - name: REGISTRY
+       description: The registry associated with the function image.
++      default: ""
+     - name: PATH_CONTEXT
+       description: The location of the path to run s2i from.
+       default: .
diff --git a/openshift/patches/0006-s2i-task-images.patch b/openshift/patches/0006-s2i-task-images.patch
@@ -0,0 +1,22 @@
+diff --git a/pkg/pipelines/resources/tekton/task/func-s2i/0.1/func-s2i.yaml b/pkg/pipelines/resources/tekton/task/func-s2i/0.1/func-s2i.yaml
+index 696699580..7c25d5b67 100644
+--- a/pkg/pipelines/resources/tekton/task/func-s2i/0.1/func-s2i.yaml
++++ b/pkg/pipelines/resources/tekton/task/func-s2i/0.1/func-s2i.yaml
+@@ -60,7 +60,7 @@ spec:
+       description: Digest of the image just built.
+   steps:
+     - name: generate
+-      image: quay.io/boson/s2i:latest
++      image: registry.redhat.io/ocp-tools-4-tech-preview/source-to-image-rhel8@sha256:98d8cb3a255641ca6a1bce854e5e2460c20de9fb9b28e3cc67eb459f122873dd
+       workingDir: $(workspaces.source.path)
+       args: ["$(params.ENV_VARS[*])"]
+       script: |
+@@ -99,7 +99,7 @@ spec:
+         - mountPath: /env-vars
+           name: env-vars
+     - name: build
+-      image: quay.io/buildah/stable:v1.31.0
++      image: registry.redhat.io/rhel8/buildah@sha256:a1e5cc0fb334e333e5eab69689223e8bd1f0c060810d260603b26cf8c0da2023
+       workingDir: /gen-source
+       script: |
+         TLS_VERIFY_FLAG=""
diff --git a/openshift/patches/0007-rh-reg-pull-secrets b/openshift/patches/0007-rh-reg-pull-secrets
@@ -0,0 +1,66 @@
+diff --git a/.github/workflows/test-e2e-oncluster-runtime.yaml b/.github/workflows/test-e2e-oncluster-runtime.yaml
+index 97f2e263..ff96125a 100644
+--- a/.github/workflows/test-e2e-oncluster-runtime.yaml
++++ b/.github/workflows/test-e2e-oncluster-runtime.yaml
+@@ -25,6 +25,11 @@ jobs:
+         run: ./hack/allocate.sh
+       - name: Setup testing images
+         run: ./hack/setup-testing-images.sh
++      - name: Install RH pull secrets for KinD cluster
++        env:
++          RH_REG_USR: ${{ secrets.RH_REG_USR }}
++          RH_REG_PWD: ${{ secrets.RH_REG_PWD }}
++        run: ./hack/install-pull-secrets.sh
+       - name: Deploy Tekton
+         run: ./hack/install-tekton.sh
+       - name: Deploy Test Git Server
+diff --git a/.github/workflows/test-e2e-oncluster.yaml b/.github/workflows/test-e2e-oncluster.yaml
+index 62e6d024..565b4020 100644
+--- a/.github/workflows/test-e2e-oncluster.yaml
++++ b/.github/workflows/test-e2e-oncluster.yaml
+@@ -23,6 +23,11 @@ jobs:
+         run: ./hack/allocate.sh
+       - name: Setup testing images
+         run: ./hack/setup-testing-images.sh
++      - name: Install RH pull secrets for KinD cluster
++        env:
++          RH_REG_USR: ${{ secrets.RH_REG_USR }}
++          RH_REG_PWD: ${{ secrets.RH_REG_PWD }}
++        run: ./hack/install-pull-secrets.sh
+       - name: Deploy Tekton
+         run: ./hack/install-tekton.sh
+       - name: Deploy Test Git Server
+diff --git a/hack/install-pull-secrets.sh b/hack/install-pull-secrets.sh
+new file mode 100755
+index 00000000..33ac051c
+--- /dev/null
++++ b/hack/install-pull-secrets.sh
+@@ -0,0 +1,28 @@
++#!/usr/bin/env bash
++
++set -o errexit
++set -o nounset
++set -o pipefail
++
++main() {
++  local -r tmp_docker_config="$(mktemp config.json-XXXXXXXX)"
++
++  cat <<EOF > "${tmp_docker_config}"
++{
++  "auths": {
++    "registry.redhat.io": {
++      "auth": "$(echo -n "${RH_REG_USR}:${RH_REG_PWD}" | base64 -w0)"
++    }
++  }
++}
++EOF
++
++  local node
++  for node in $(kind get nodes --name "func"); do
++    tar -cf - "${tmp_docker_config}" --transform="flags=r;s|${tmp_docker_config}|config.json|" | \
++      docker cp - "${node}:/var/lib/kubelet/"
++  done
++  rm "${tmp_docker_config}"
++}
++
++main "$@"
diff --git a/openshift/release/update-to-head.sh b/openshift/release/update-to-head.sh
@@ -0,0 +1,82 @@
+#!/usr/bin/env bash
+
+# Copyright 2019 The OpenShift Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# The local git repo must have a remote "upstream" pointing
+# to knative-sandbox/kn-plugin-func, and a remote "openshift"
+# pointing to openshift-knative/kn-plugin-func.
+
+# Synchs the release-next branch to main and then triggers CI
+# Usage: update-to-head.sh
+
+set -e
+REPO_NAME=$(basename $(git rev-parse --show-toplevel))
+
+# Custom files
+custom_files=$(cat <<EOT | tr '\n' ' '
+openshift
+EOT
+)
+openshift_files_msg=":open_file_folder: update OpenShift specific files"
+robot_trigger_msg=":robot: triggering CI on branch 'release-next' after synching from upstream/main"
+
+# Reset release-next to upstream/main.
+git fetch upstream main
+git checkout upstream/main -B release-next
+
+# Update openshift's main and take all needed files from there.
+git fetch openshift main
+git checkout openshift/main $custom_files
+
+# Apply midstream patches
+if [[ -d openshift/patches ]]; then
+  git apply openshift/patches/*
+fi
+# Apply midstream overrides
+if [[ -d openshift/overrides ]]; then
+  cp -r openshift/overrides/. .
+  rm -rf openshift/overrides
+fi
+# Apply midstream patches using scripts
+if [[ -d openshift/scripts ]]; then
+  for script in openshift/scripts/*.sh; do
+    "$script"
+  done
+fi
+git add .
+
+make generate/zz_filesystem_generated.go
+git add $custom_files generate/zz_filesystem_generated.go templates/certs/ca-certificates.crt 
+git commit -m "${openshift_files_msg}"
+
+git push -f openshift release-next
+
+# Trigger CI
+git checkout release-next -B release-next-ci
+date > ci
+git add ci
+git commit -m "${robot_trigger_msg}"
+git push -f openshift release-next-ci
+
+if hash hub 2>/dev/null; then
+   # Test if there is already a sync PR in 
+   COUNT=$(hub api -H "Accept: application/vnd.github.v3+json" repos/openshift-knative/${REPO_NAME}/pulls --flat \
+    | grep -c "${robot_trigger_msg}") || true
+   if [ "$COUNT" = "0" ]; then
+      hub pull-request --no-edit -l "kind/sync-fork-to-upstream,approved,lgtm" -b openshift-knative/${REPO_NAME}:release-next -h openshift-knative/${REPO_NAME}:release-next-ci -m "${robot_trigger_msg}"
+   fi
+else
+   echo "hub (https://github.com/github/hub) is not installed, so you'll need to create a PR manually."
+fi