diff --git a/tasks/managed/collect-charon-params/collect-charon-params.yaml b/tasks/managed/collect-charon-params/collect-charon-params.yaml index e3933723e6..d2c09fb4f8 100644 --- a/tasks/managed/collect-charon-params/collect-charon-params.yaml +++ b/tasks/managed/collect-charon-params/collect-charon-params.yaml @@ -127,57 +127,32 @@ spec: - name: sourceDataArtifact value: $(params.sourceDataArtifact) - name: collect-charon-params - image: quay.io/konflux-ci/release-service-utils@sha256:5546fa78d3c88d7b6a2e8cff8902f7757f00541d0bbaf113b9f293133894afa3 + image: quay.io/lgallovi-test/release-service-utils@sha256:d3c28f245cd0ade0ce825c17c6986f14153cc49043fd168f5ced30bbdaba52e2 computeResources: limits: - memory: 128Mi + memory: 192Mi requests: - memory: 128Mi - cpu: 50m - script: | - #!/usr/bin/env bash - set -eux - - WORK_DIR=$(params.dataDir) - cd "$WORK_DIR" - - DATA_FILE="$WORK_DIR/$(params.dataJsonPath)" - CHARON_ENV_FILE_PATH="$(dirname "$(params.dataJsonPath)")/charon.env" - - environment="$(jq -re '.charon.environment' "$DATA_FILE")" - release="$(jq -re '.charon.release' "$DATA_FILE")" - packageType="$(jq -re '.charon.packageType // "maven"' "$DATA_FILE")" - target="$environment-$packageType-$release" - echo "export CHARON_TARGET=$target" >> "$CHARON_ENV_FILE_PATH" - - productName="$(jq -re '.releaseNotes.product_name' "$DATA_FILE")" - productVersion="$(jq -re '.releaseNotes.product_version' "$DATA_FILE")" - echo "export CHARON_PRODUCT_NAME=\"$productName\"" >> "$CHARON_ENV_FILE_PATH" - echo "export CHARON_PRODUCT_VERSION=\"$productVersion\"" >> "$CHARON_ENV_FILE_PATH" - - sign_key="$(jq -re '.charon.signing.signKey // ""' "$DATA_FILE")" - if [ "$sign_key" != "" ]; then - echo "export CHARON_SIGN_KEY=\"$sign_key\"" >> "$CHARON_ENV_FILE_PATH" - fi - - SNAPSHOT_PATH="$WORK_DIR/$(params.snapshotPath)" - ociRegistries="$(jq -re '[.components[].containerImage] | join("%")' "$SNAPSHOT_PATH")" - echo "export CHARON_OCI_REGISTRY=\"$ociRegistries\"" >> "$CHARON_ENV_FILE_PATH" - - awsSecret="$(jq -re '.charon.awsSecret' "$DATA_FILE")" - echo -n "$awsSecret" > "$(results.charonAWSSecret.path)" - - sign_ca_secret="$(jq -re '.charon.signing.signCASecret // ""' "$DATA_FILE")" - echo -n "$sign_ca_secret" > "$(results.charonSignCASecret.path)" - - AUTHOR=$(jq -re '.status.attribution.author' "$WORK_DIR/$(params.releasePath)") - echo "export CHARON_AUTHOR=\"$AUTHOR\"" >> "$CHARON_ENV_FILE_PATH" - - echo -n "$CHARON_ENV_FILE_PATH" > "$(results.charonParamFilePath.path)" - - CHARON_CFG_FILE_PATH="$(dirname "$(params.dataJsonPath)")/charon-config.yaml" - jq -re '.charon.config' "$DATA_FILE" > "$CHARON_CFG_FILE_PATH" - echo -n "$CHARON_CFG_FILE_PATH" > "$(results.charonConfigFilePath.path)" + memory: 192Mi + cpu: 100m + command: ["/home/scripts/python/tasks/managed/collect_charon_params.py"] + args: + - "--work-dir" + - "$(params.dataDir)" + - "--data-json-path" + - "$(params.dataJsonPath)" + - "--snapshot-path" + - "$(params.snapshotPath)" + - "--release-path" + - "$(params.releasePath)" + env: + - name: RESULT_CHARON_PARAM_FILE_PATH + value: $(results.charonParamFilePath.path) + - name: RESULT_CHARON_CONFIG_FILE_PATH + value: $(results.charonConfigFilePath.path) + - name: RESULT_CHARON_AWS_SECRET + value: $(results.charonAWSSecret.path) + - name: RESULT_CHARON_SIGN_CA_SECRET + value: $(results.charonSignCASecret.path) - name: create-trusted-artifact computeResources: limits: diff --git a/tasks/managed/collect-charon-params/tests/test-collect-charon-params-fail-no-data.yaml b/tasks/managed/collect-charon-params/tests/test-collect-charon-params-fail-no-data.yaml deleted file mode 100644 index 631a1f01a4..0000000000 --- a/tasks/managed/collect-charon-params/tests/test-collect-charon-params-fail-no-data.yaml +++ /dev/null @@ -1,105 +0,0 @@ ---- -apiVersion: tekton.dev/v1 -kind: Pipeline -metadata: - name: test-collect-charon-params-fail-no-data - annotations: - test/assert-task-failure: "run-task" -spec: - description: | - Run the collect-charon-params task with no data file and verify the taks fails as expected - params: - - name: ociStorage - description: The OCI repository where the Trusted Artifacts are stored. - type: string - - name: ociArtifactExpiresAfter - description: Expiration date for the trusted artifacts created in the - OCI repository. An empty string means the artifacts do not expire. - type: string - default: "1d" - - name: orasOptions - description: oras options to pass to Trusted Artifacts calls - type: string - default: "--insecure" - - name: trustedArtifactsDebug - description: Flag to enable debug logging in trusted artifacts. Set to a non-empty string to enable. - type: string - default: "" - - name: dataDir - description: The location where data will be stored - type: string - tasks: - - name: setup - taskSpec: - results: - - name: sourceDataArtifact - type: string - volumes: - - name: workdir - emptyDir: {} - stepTemplate: - volumeMounts: - - mountPath: /var/workdir - name: workdir - env: - - name: IMAGE_EXPIRES_AFTER - value: $(params.ociArtifactExpiresAfter) - - name: "ORAS_OPTIONS" - value: "$(params.orasOptions)" - - name: "DEBUG" - value: "$(params.trustedArtifactsDebug)" - steps: - - name: setup-values - image: quay.io/konflux-ci/release-service-utils@sha256:5546fa78d3c88d7b6a2e8cff8902f7757f00541d0bbaf113b9f293133894afa3 - script: | - #!/usr/bin/env sh - set -eux - - mkdir -p "$(params.dataDir)/$(context.pipelineRun.uid)" - cat > "$(params.dataDir)/$(context.pipelineRun.uid)/snapshot_spec.json" << EOF - { - "application": "test", - "components": [ - { - "containerImage": "quay.io/test/test.zip@sha256:02b0c8aadf2b7c69", - "name": "test-0.0.1" - } - ] - } - EOF - - name: create-trusted-artifact - ref: - name: create-trusted-artifact - params: - - name: ociStorage - value: $(params.ociStorage) - - name: workDir - value: $(params.dataDir) - - name: sourceDataArtifact - value: $(results.sourceDataArtifact.path) - - name: run-task - taskRef: - name: collect-charon-params - params: - - name: dataJsonPath - value: $(context.pipelineRun.uid)/data.json - - name: snapshotPath - value: $(context.pipelineRun.uid)/snapshot_spec.json - - name: ociStorage - value: $(params.ociStorage) - - name: orasOptions - value: $(params.orasOptions) - - name: sourceDataArtifact - value: "$(tasks.setup.results.sourceDataArtifact)=$(params.dataDir)" - - name: dataDir - value: $(params.dataDir) - - name: trustedArtifactsDebug - value: $(params.trustedArtifactsDebug) - - name: taskGitUrl - value: "http://localhost" - - name: taskGitRevision - value: "main" - - name: releasePath - value: $(context.pipelineRun.uid)/release.json - runAfter: - - setup diff --git a/tasks/managed/collect-charon-params/tests/test-collect-charon-params-fail-no-snapshot.yaml b/tasks/managed/collect-charon-params/tests/test-collect-charon-params-fail-no-snapshot.yaml deleted file mode 100644 index 9cabad13f1..0000000000 --- a/tasks/managed/collect-charon-params/tests/test-collect-charon-params-fail-no-snapshot.yaml +++ /dev/null @@ -1,108 +0,0 @@ ---- -apiVersion: tekton.dev/v1 -kind: Pipeline -metadata: - name: test-collect-charon-params-fail-no-snapshot - annotations: - test/assert-task-failure: "run-task" -spec: - description: | - Run the collect-charon-params task with no snapshot file and verify the taks fails as expected - params: - - name: ociStorage - description: The OCI repository where the Trusted Artifacts are stored. - type: string - - name: ociArtifactExpiresAfter - description: Expiration date for the trusted artifacts created in the - OCI repository. An empty string means the artifacts do not expire. - type: string - default: "1d" - - name: orasOptions - description: oras options to pass to Trusted Artifacts calls - type: string - default: "--insecure" - - name: trustedArtifactsDebug - description: Flag to enable debug logging in trusted artifacts. Set to a non-empty string to enable. - type: string - default: "" - - name: dataDir - description: The location where data will be stored - type: string - tasks: - - name: setup - taskSpec: - results: - - name: sourceDataArtifact - type: string - volumes: - - name: workdir - emptyDir: {} - stepTemplate: - volumeMounts: - - mountPath: /var/workdir - name: workdir - env: - - name: IMAGE_EXPIRES_AFTER - value: $(params.ociArtifactExpiresAfter) - - name: "ORAS_OPTIONS" - value: "$(params.orasOptions)" - - name: "DEBUG" - value: "$(params.trustedArtifactsDebug)" - steps: - - name: setup-values - image: quay.io/konflux-ci/release-service-utils@sha256:5546fa78d3c88d7b6a2e8cff8902f7757f00541d0bbaf113b9f293133894afa3 - script: | - #!/usr/bin/env sh - set -eux - - mkdir -p "$(params.dataDir)/$(context.pipelineRun.uid)" - cat > "$(params.dataDir)/$(context.pipelineRun.uid)/data.json" << EOF - { - "releaseNotes": { - "product_name": "test", - "product_version": "0.0.1" - }, - "charon": { - "config":"charon-config", - "awsSecret": "charon-aws-credentials", - "environment": "dev", - "release": "ga" - } - } - EOF - - name: create-trusted-artifact - ref: - name: create-trusted-artifact - params: - - name: ociStorage - value: $(params.ociStorage) - - name: workDir - value: $(params.dataDir) - - name: sourceDataArtifact - value: $(results.sourceDataArtifact.path) - - name: run-task - taskRef: - name: collect-charon-params - params: - - name: dataJsonPath - value: $(context.pipelineRun.uid)/data.json - - name: snapshotPath - value: $(context.pipelineRun.uid)/snapshot_spec.json - - name: ociStorage - value: $(params.ociStorage) - - name: orasOptions - value: $(params.orasOptions) - - name: sourceDataArtifact - value: "$(tasks.setup.results.sourceDataArtifact)=$(params.dataDir)" - - name: dataDir - value: $(params.dataDir) - - name: trustedArtifactsDebug - value: $(params.trustedArtifactsDebug) - - name: taskGitUrl - value: "http://localhost" - - name: taskGitRevision - value: "main" - - name: releasePath - value: $(context.pipelineRun.uid)/release.json - runAfter: - - setup diff --git a/tasks/managed/collect-charon-params/tests/test-collect-charon-params.yaml b/tasks/managed/collect-charon-params/tests/test-collect-charon-params.yaml index 8c4967a736..103a34ad30 100644 --- a/tasks/managed/collect-charon-params/tests/test-collect-charon-params.yaml +++ b/tasks/managed/collect-charon-params/tests/test-collect-charon-params.yaml @@ -48,7 +48,7 @@ spec: value: "$(params.trustedArtifactsDebug)" steps: - name: setup-values - image: quay.io/konflux-ci/release-service-utils@sha256:5546fa78d3c88d7b6a2e8cff8902f7757f00541d0bbaf113b9f293133894afa3 + image: quay.io/lgallovi-test/release-service-utils@sha256:d3c28f245cd0ade0ce825c17c6986f14153cc49043fd168f5ced30bbdaba52e2 script: | #!/usr/bin/env sh set -eux @@ -182,7 +182,7 @@ spec: - name: sourceDataArtifact value: $(params.sourceDataArtifact) - name: check-result - image: quay.io/konflux-ci/release-service-utils@sha256:5546fa78d3c88d7b6a2e8cff8902f7757f00541d0bbaf113b9f293133894afa3 + image: quay.io/lgallovi-test/release-service-utils@sha256:d3c28f245cd0ade0ce825c17c6986f14153cc49043fd168f5ced30bbdaba52e2 script: | #!/usr/bin/env bash set -eux