Skip to content

Commit 20834d4

Browse files
authored
Merge pull request #1599 from zregvart/issue/EC-392
Removes support for `task-bundles` in `ec track`
2 parents 558b3a1 + 3c727b7 commit 20834d4

8 files changed

Lines changed: 29 additions & 296 deletions

File tree

cmd/track/track_bundle.go

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -52,10 +52,6 @@ func trackBundleCmd(track trackBundleFn, pullImage pullImageFn, pushImage pushIm
5252
Long: hd.Doc(`
5353
Record tracking information about Tekton bundles
5454
55-
Given one or more Tekton Bundles, categorize each as "task-bundles",
56-
ignoring those that are not. Then, generate a YAML representation of
57-
this categorization.
58-
5955
Each Tekton Bundle is expected to be a proper OCI image reference. They
6056
may contain a tag, a digest, or both. If a digest is not provided, this
6157
command will query the registry to determine its value. Either a tag

docs/modules/ROOT/pages/ec_track_bundle.adoc

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,10 +4,6 @@ Record tracking information about Tekton bundles== Synopsis
44

55
Record tracking information about Tekton bundles
66

7-
Given one or more Tekton Bundles, categorize each as "task-bundles",
8-
ignoring those that are not. Then, generate a YAML representation of
9-
this categorization.
10-
117
Each Tekton Bundle is expected to be a proper OCI image reference. They
128
may contain a tag, a digest, or both. If a digest is not provided, this
139
command will query the registry to determine its value. Either a tag

features/__snapshots__/track_bundle.snap

Lines changed: 0 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,6 @@
11

22
[:stdout - 1]
33
/-/-/-/
4-
task-bundles:
5-
${REGISTRY}/acceptance/bundle:
6-
- digest: sha256:${REGISTRY_acceptance/bundle:tag_DIGEST}
7-
effective_on: "${TIMESTAMP}"
8-
tag: tag
94
trusted_tasks:
105
oci://${REGISTRY}/acceptance/bundle:tag:
116
- effective_on: "${TIMESTAMP}"
@@ -19,15 +14,6 @@ trusted_tasks:
1914

2015
[Fresh tags:stdout - 1]
2116
/-/-/-/
22-
task-bundles:
23-
${REGISTRY}/acceptance/bundle:
24-
- digest: sha256:${REGISTRY_acceptance/bundle:tag_DIGEST}
25-
effective_on: "${TIMESTAMP}"
26-
tag: tag
27-
- digest: sha256:0af8c4f92f4b252b3ef0cbd712e7352196bc33a96c58b6e1d891b26e171deae8
28-
effective_on: "2006-01-02T15:04:05Z"
29-
expires_on: "${TIMESTAMP}"
30-
tag: tag
3117
trusted_tasks:
3218
oci://${REGISTRY}/acceptance/bundle:tag:
3319
- effective_on: "${TIMESTAMP}"
@@ -44,11 +30,6 @@ trusted_tasks:
4430

4531
[Pipeline definition is ignored from mixed bundle:stdout - 1]
4632
/-/-/-/
47-
task-bundles:
48-
${REGISTRY}/acceptance/bundle:
49-
- digest: sha256:${REGISTRY_acceptance/bundle:tag_DIGEST}
50-
effective_on: "${TIMESTAMP}"
51-
tag: tag
5233
trusted_tasks:
5334
oci://${REGISTRY}/acceptance/bundle:tag:
5435
- effective_on: "${TIMESTAMP}"
@@ -85,11 +66,6 @@ trusted_tasks:
8566

8667
[track tekton-task alias:stdout - 1]
8768
/-/-/-/
88-
task-bundles:
89-
${REGISTRY}/acceptance/bundle:
90-
- digest: sha256:${REGISTRY_acceptance/bundle:tag_DIGEST}
91-
effective_on: "${TIMESTAMP}"
92-
tag: tag
9369
trusted_tasks:
9470
git+https://github.com/redhat-appstudio/build-definitions.git//task/buildah/0.1/buildah.yaml:
9571
- effective_on: "${TIMESTAMP}"
@@ -119,11 +95,6 @@ trusted_tasks:
11995

12096
[Track tekton-task alias:stdout - 1]
12197
/-/-/-/
122-
task-bundles:
123-
${REGISTRY}/acceptance/bundle:
124-
- digest: sha256:${REGISTRY_acceptance/bundle:tag_DIGEST}
125-
effective_on: "${TIMESTAMP}"
126-
tag: tag
12798
trusted_tasks:
12899
git+https://github.com/redhat-appstudio/build-definitions.git//task/buildah/0.1/buildah.yaml:
129100
- effective_on: "${TIMESTAMP}"

features/track_bundle.feature

Lines changed: 4 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -20,11 +20,6 @@ Feature: track bundles
2020
Then registry image "tracked/bundle:tag" should contain a layer with
2121
"""
2222
---
23-
task-bundles:
24-
${REGISTRY}/acceptance/bundle:
25-
- digest: sha256:0af8c4f92f4b252b3ef0cbd712e7352196bc33a96c58b6e1d891b26e171deae8
26-
effective_on: "${TODAY_PLUS_30_DAYS}"
27-
tag: tag
2823
trusted_tasks:
2924
oci://${REGISTRY}/acceptance/bundle:tag:
3025
- effective_on: "${TODAY_PLUS_30_DAYS}"
@@ -43,14 +38,6 @@ Feature: track bundles
4338
Then registry image "tracked/bundle:tag" should contain a layer with
4439
"""
4540
---
46-
task-bundles:
47-
${REGISTRY}/acceptance/bundle:
48-
- digest: sha256:7af058b8a7adb24b74875411d625afbf90af6b4ed41b740606032edf1c4a0d1d
49-
effective_on: "${TODAY_PLUS_30_DAYS}"
50-
tag: "1.1"
51-
- digest: sha256:0af8c4f92f4b252b3ef0cbd712e7352196bc33a96c58b6e1d891b26e171deae8
52-
effective_on: "${TODAY_PLUS_30_DAYS}"
53-
tag: "1.0"
5441
trusted_tasks:
5542
oci://${REGISTRY}/acceptance/bundle:1.0:
5643
- effective_on: "${TODAY_PLUS_30_DAYS}"
@@ -68,11 +55,6 @@ Feature: track bundles
6855
Then running conftest "pull oci://${REGISTRY}/tracked/bundle:tag" produces "policy/data/data/trusted_tekton_tasks.yml" containing:
6956
"""
7057
---
71-
task-bundles:
72-
${REGISTRY}/acceptance/bundle:
73-
- digest: sha256:0af8c4f92f4b252b3ef0cbd712e7352196bc33a96c58b6e1d891b26e171deae8
74-
effective_on: "${TODAY_PLUS_30_DAYS}"
75-
tag: tag
7658
trusted_tasks:
7759
oci://${REGISTRY}/acceptance/bundle:tag:
7860
- effective_on: "${TODAY_PLUS_30_DAYS}"
@@ -86,11 +68,10 @@ Feature: track bundles
8668
And a track bundle file named "${TMPDIR}/bundles.yaml" containing
8769
"""
8870
---
89-
task-bundles:
90-
${REGISTRY}/acceptance/bundle:
91-
- digest: sha256:${REGISTRY_acceptance/bundle:tag_DIGEST}
92-
effective_on: 2006-01-02T15:04:05Z
93-
tag: tag
71+
trusted_tasks:
72+
oci://${REGISTRY}/acceptance/bundle:tag:
73+
- effective_on: 2006-01-02T15:04:05Z
74+
ref: sha256:${REGISTRY_acceptance/bundle:tag_DIGEST}
9475
"""
9576
And a tekton bundle image named "acceptance/bundle:tag" containing
9677
| Task | task1-updated |

internal/tracker/bundle_info.go

Lines changed: 7 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -20,40 +20,31 @@ import (
2020
"context"
2121

2222
"github.com/tektoncd/pipeline/pkg/remote/oci"
23-
"k8s.io/apimachinery/pkg/util/sets"
2423

2524
"github.com/enterprise-contract/ec-cli/internal/image"
2625
)
2726

28-
type bundleInfo struct {
29-
ref image.ImageReference
30-
collections sets.Set[string] // Set of collection where the bundle should be tracked under.
31-
}
32-
33-
// newBundleInfo returns information about the bundle, such as which collections it should
34-
// be added to.
35-
func newBundleInfo(ctx context.Context, ref image.ImageReference) (*bundleInfo, error) {
36-
info := bundleInfo{ref: ref, collections: sets.New[string]()}
37-
27+
// containsTask returns if the bundle contains a Tekton Task
28+
func containsTask(ctx context.Context, ref image.ImageReference) (bool, error) {
3829
client := NewClient(ctx)
39-
img, err := client.GetImage(ctx, info.ref.Ref())
30+
img, err := client.GetImage(ctx, ref.Ref())
4031
if err != nil {
41-
return nil, err
32+
return false, err
4233
}
4334

4435
manifest, err := img.Manifest()
4536
if err != nil {
46-
return nil, err
37+
return false, err
4738
}
4839

4940
for _, layer := range manifest.Layers {
5041
if kind, ok := layer.Annotations[oci.KindAnnotation]; ok {
5142
switch kind {
5243
case "task":
53-
info.collections.Insert(taskCollection)
44+
return true, nil
5445
}
5546
}
5647
}
5748

58-
return &info, nil
49+
return false, nil
5950
}

internal/tracker/tracker.go

Lines changed: 3 additions & 105 deletions
Original file line numberDiff line numberDiff line change
@@ -20,20 +20,17 @@ import (
2020
"bytes"
2121
"context"
2222
"fmt"
23-
"sort"
2423
"strings"
2524
"time"
2625

2726
"github.com/google/go-containerregistry/pkg/name"
2827
log "github.com/sirupsen/logrus"
2928
"github.com/stuart-warren/yamlfmt"
30-
"k8s.io/apimachinery/pkg/util/sets"
3129
"sigs.k8s.io/yaml"
3230

3331
"github.com/enterprise-contract/ec-cli/internal/image"
3432
)
3533

36-
const taskCollection = "task-bundles"
3734
const ociPrefix = "oci://"
3835

3936
type taskRecord struct {
@@ -46,20 +43,8 @@ type taskRecord struct {
4643
Repository string `json:"-"`
4744
}
4845

49-
type bundleRecord struct {
50-
Digest string `json:"digest"`
51-
EffectiveOn time.Time `json:"effective_on"`
52-
// ExpiresOn should be omitted if there isn't a value. Not using a pointer means it will always
53-
// have a value, e.g. 0001-01-01T00:00:00Z.
54-
ExpiresOn *time.Time `json:"expires_on,omitempty"`
55-
Tag string `json:"tag"`
56-
Repository string `json:"-"`
57-
}
58-
5946
type Tracker struct {
60-
// TaskBundles is deprecated and will be removed in the future. Use TrustedTasks instead.
61-
TaskBundles map[string][]bundleRecord `json:"task-bundles,omitempty"`
62-
TrustedTasks map[string][]taskRecord `json:"trusted_tasks,omitempty"`
47+
TrustedTasks map[string][]taskRecord `json:"trusted_tasks,omitempty"`
6348
}
6449

6550
// newTracker returns a new initialized instance of Tracker. If path
@@ -83,9 +68,6 @@ func (t *Tracker) setDefaults() {
8368
if t.TrustedTasks == nil {
8469
t.TrustedTasks = map[string][]taskRecord{}
8570
}
86-
if t.TaskBundles == nil {
87-
t.TaskBundles = map[string][]bundleRecord{}
88-
}
8971
}
9072

9173
// addTrustedTaskRecord includes the given Tekton bundle Task record in the tracker.
@@ -104,18 +86,6 @@ func (t *Tracker) addTrustedTaskRecord(prefix string, record taskRecord) {
10486
}
10587
}
10688

107-
// addBundleRecord includes the given bundle record to the tracker.
108-
func (t *Tracker) addBundleRecord(record bundleRecord) {
109-
collection := t.TaskBundles
110-
111-
newRecords := []bundleRecord{record}
112-
if _, ok := collection[record.Repository]; !ok {
113-
collection[record.Repository] = newRecords
114-
} else {
115-
collection[record.Repository] = append(newRecords, collection[record.Repository]...)
116-
}
117-
}
118-
11989
// Output serializes the Tracker state as YAML
12090
func (t Tracker) Output() ([]byte, error) {
12191
out, err := yaml.Marshal(t)
@@ -137,23 +107,6 @@ func Track(ctx context.Context, urls []string, input []byte, prune bool, freshen
137107
return nil, err
138108
}
139109

140-
if len(t.TrustedTasks) == 0 && len(t.TaskBundles) > 0 {
141-
log.Debug("converting deprecated task-bundles format to trusted_tasks")
142-
for repo, bundles := range t.TaskBundles {
143-
for i := len(bundles) - 1; i >= 0; i-- {
144-
bundle := bundles[i]
145-
t.addTrustedTaskRecord(ociPrefix, taskRecord{
146-
Ref: bundle.Digest,
147-
Tag: bundle.Tag,
148-
EffectiveOn: bundle.EffectiveOn,
149-
ExpiresOn: bundle.ExpiresOn,
150-
Repository: repo,
151-
})
152-
}
153-
}
154-
}
155-
t.TaskBundles = map[string][]bundleRecord{}
156-
157110
imageUrls, gitUrls := groupUrls(urls)
158111

159112
if err := t.trackImageReferences(ctx, imageUrls, freshen); err != nil {
@@ -168,10 +121,6 @@ func Track(ctx context.Context, urls []string, input []byte, prune bool, freshen
168121

169122
t.setExpiration()
170123

171-
if err := t.convertToOldFormat(); err != nil {
172-
return nil, err
173-
}
174-
175124
return t.Output()
176125
}
177126

@@ -208,12 +157,12 @@ func (t *Tracker) trackImageReferences(ctx context.Context, urls []string, fresh
208157
effective_on := effectiveOn()
209158
for _, ref := range refs {
210159
log.Debugf("Processing bundle %q", ref.String())
211-
info, err := newBundleInfo(ctx, ref)
160+
hasTask, err := containsTask(ctx, ref)
212161
if err != nil {
213162
return err
214163
}
215164

216-
for range sets.List(info.collections) {
165+
if hasTask {
217166
t.addTrustedTaskRecord(ociPrefix, taskRecord{
218167
Ref: ref.Digest,
219168
Tag: ref.Tag,
@@ -392,57 +341,6 @@ func (t *Tracker) setExpiration() {
392341
}
393342
}
394343

395-
func (t *Tracker) convertToOldFormat() error {
396-
for group, tasks := range t.TrustedTasks {
397-
repo := ociRefFromGroup(group)
398-
if repo == "" {
399-
// Not an OCI group
400-
continue
401-
}
402-
for _, task := range tasks {
403-
ref, err := name.NewTag(repo)
404-
if err != nil {
405-
return fmt.Errorf("cannot parse existing repo as a tag ref: %w", err)
406-
}
407-
t.addBundleRecord(bundleRecord{
408-
Digest: task.Ref,
409-
Tag: ref.TagStr(),
410-
Repository: ref.Repository.Name(),
411-
EffectiveOn: task.EffectiveOn,
412-
ExpiresOn: task.ExpiresOn,
413-
})
414-
}
415-
}
416-
417-
for _, bundles := range t.TaskBundles {
418-
// Sort the task bundles in reverse order. The first bundle being the most recent one. The
419-
// sorting function returns true if the bundle at "i" is considered newer than the bundle at
420-
// "j". It is assumed that every bundle has an EffectiveOn date and a Tag, but some bundles
421-
// may not have an ExpiresOn date.
422-
sort.SliceStable(bundles, func(i, j int) bool {
423-
if !bundles[i].EffectiveOn.Equal(bundles[j].EffectiveOn) {
424-
return bundles[i].EffectiveOn.After(bundles[j].EffectiveOn)
425-
}
426-
427-
iExpiresOn := bundles[i].ExpiresOn
428-
jExpiresOn := bundles[j].ExpiresOn
429-
// A missing ExpiresOn value is always considered to be newer than an explicit value.
430-
// Only one defines an expiration date. "i" is newer if it is the one that is null.
431-
if (iExpiresOn == nil || jExpiresOn == nil) && iExpiresOn != jExpiresOn {
432-
return iExpiresOn == nil
433-
}
434-
if iExpiresOn != nil && jExpiresOn != nil && !iExpiresOn.Equal(*jExpiresOn) {
435-
return iExpiresOn.After(*jExpiresOn)
436-
}
437-
438-
// Records are pretty similar. Use the tag as a tie breaker to produce a stable order.
439-
return bundles[i].Tag > bundles[j].Tag
440-
})
441-
}
442-
443-
return nil
444-
}
445-
446344
// ociRefFromGroup returns the OCI image reference from the given group, e.g.
447345
// oci://registry.local/spam:latest -> registry.local/spam:latest
448346
// If the group does not represent an OCI image reference, an empty string is returned.

0 commit comments

Comments
 (0)