Skip to content

Commit 66be6f9

Browse files
nsinglansingla
authored
Merge pull request #68 from nsingla/RHOAIENG-59984-odh
ci: Adding support for Hermetic Builds
2 parents b0ca633 + 6df3cc2 commit 66be6f9

8 files changed

Lines changed: 187 additions & 7 deletions

.github/workflows/sync-requirements.yml

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
---
2+
name: Check requirements.txt
3+
4+
on:
5+
pull_request:
6+
paths:
7+
- pyproject.toml
8+
- uv.lock
9+
- requirements.txt
10+
11+
permissions:
12+
contents: read
13+
14+
concurrency:
15+
group: check-requirements-${{ github.head_ref }}
16+
cancel-in-progress: true
17+
18+
jobs:
19+
check:
20+
runs-on: ubuntu-latest
21+
steps:
22+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
23+
24+
- uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
25+
26+
- name: Verify requirements.txt is up-to-date
27+
run: |
28+
make requirements
29+
git diff --exit-code requirements.txt \
30+
|| { echo ""; echo "requirements.txt is out of sync."; echo "Run 'make requirements' and commit the result."; exit 1; }

.pre-commit-config.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,12 @@ repos:
88
language: system
99
files: (^pyproject\.toml$|^uv\.lock$)
1010
pass_filenames: false
11+
- id: sync-requirements
12+
name: sync requirements
13+
entry: make requirements
14+
language: system
15+
files: (^pyproject\.toml$|^uv\.lock$)
16+
pass_filenames: false
1117
- id: ruff-format
1218
name: ruff format
1319
# --force-exclude respects pyproject.toml excludes when files are passed directly

.tekton/odh-pipelines-components-ci-on-pull-request.yaml

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ metadata:
66
build.appstudio.redhat.com/commit_sha: '{{revision}}'
77
build.appstudio.redhat.com/target_branch: '{{target_branch}}'
88
build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}'
9-
pipelinesascode.tekton.dev/cancel-in-progress: "false"
9+
pipelinesascode.tekton.dev/cancel-in-progress: "true"
1010
pipelinesascode.tekton.dev/max-keep-runs: "3"
1111
pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
1212
== "main"
@@ -26,9 +26,17 @@ spec:
2626
- name: output-image
2727
value: quay.io/opendatahub/odh-pipelines-components:odh-pr
2828
- name: dockerfile
29-
value: Dockerfile
29+
value: Dockerfile.konflux.pipelines-components
3030
- name: path-context
3131
value: .
32+
- name: hermetic
33+
value: 'true'
34+
- name: prefetch-input
35+
value: >-
36+
{"type": "pip", "path": ".",
37+
"requirements_files": ["requirements.txt"],
38+
"requirements_build_files": ["requirements-build.txt"],
39+
"binary": {"arch": ":all:"}}
3240
- name: additional-tags
3341
value:
3442
- 'odh-pr-{{revision}}'

.tekton/odh-pipelines-components-ci-on-push.yaml

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -25,13 +25,17 @@ spec:
2525
- name: output-image
2626
value: quay.io/opendatahub/odh-pipelines-components:odh-stable
2727
- name: dockerfile
28-
value: Dockerfile
28+
value: Dockerfile.konflux.pipelines-components
2929
- name: path-context
3030
value: .
31-
- name: build-platforms
32-
value:
33-
- linux/x86_64
34-
- linux/aarch64
31+
- name: hermetic
32+
value: 'true'
33+
- name: prefetch-input
34+
value: >-
35+
{"type": "pip", "path": ".",
36+
"requirements_files": ["requirements.txt"],
37+
"requirements_build_files": ["requirements-build.txt"],
38+
"binary": {"arch": ":all:"}}
3539
pipelineRef:
3640
resolver: git
3741
params:

Dockerfile.konflux.pipelines-components

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
FROM registry.redhat.io/ubi9/python-312@sha256:ff373f4b42b662e99954adea770ca87b4ea963186cc752174ccb94aa08fa702d
2+
3+
WORKDIR /app
4+
5+
USER root
6+
7+
COPY requirements.txt ./
8+
RUN pip install --no-cache-dir -r requirements.txt
9+
10+
COPY pyproject.toml __init__.py ./
11+
COPY components/ components/
12+
COPY pipelines/ pipelines/
13+
COPY scripts/ scripts/
14+
COPY utils/ utils/
15+
16+
RUN chown -R 1001:1001 /app
17+
USER 1001
18+
19+
RUN pip install --no-cache-dir --no-deps .
20+
21+
RUN python -m scripts.generate_managed_pipelines.generate_managed_pipelines
22+
23+
CMD ["python", "-m", "scripts.init_managed_pipelines.init_managed_pipelines"]

Makefile

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -105,3 +105,18 @@ readme:
105105

106106
sync-packages:
107107
@$(UVRUN) python -m scripts.sync_packages.sync_packages
108+
109+
AIPCC_INDEX_URL := https://console.redhat.com/api/pypi/public-rhai/rhoai/3.4/cpu-ubi9/simple
110+
111+
requirements:
112+
echo "--index-url $(AIPCC_INDEX_URL)" > requirements.txt
113+
echo "" >> requirements.txt
114+
uv pip compile pyproject.toml --generate-hashes --no-header --no-annotate \
115+
--no-emit-package kfp-components \
116+
--python-version 3.12 \
117+
--index-url $(AIPCC_INDEX_URL) >> requirements.txt
118+
echo "--index-url $(AIPCC_INDEX_URL)" > requirements-build.txt
119+
echo "" >> requirements-build.txt
120+
printf 'setuptools\nwheel\n' | uv pip compile --generate-hashes --no-header --no-annotate \
121+
--python-version 3.12 \
122+
--index-url $(AIPCC_INDEX_URL) - >> requirements-build.txt

requirements-build.txt

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
--index-url https://console.redhat.com/api/pypi/public-rhai/rhoai/3.4/cpu-ubi9/simple
2+
3+
packaging==26.2 \
4+
--hash=sha256:31c96589d316a65625213114e0a1c9707c47a620bf0e89c19e6c062c946a760f
5+
setuptools==80.10.2 \
6+
--hash=sha256:05ef2ee3d34409715c7d0589a3a0c6064a2b117f8489a5b512aef078173d1faf
7+
wheel==0.47.0 \
8+
--hash=sha256:8593705d08f649098548a620edff8cceee09e57cb953f78a94c1aa3b9c051704

requirements.txt

Lines changed: 86 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,86 @@
1+
--index-url https://console.redhat.com/api/pypi/public-rhai/rhoai/3.4/cpu-ubi9/simple
2+
3+
certifi==2026.4.22 \
4+
--hash=sha256:4816271fa423d44b8424b2b6e31f86f57d62ef584e6718a97f61d1f0f3b4bee7
5+
cffi==2.0.0 \
6+
--hash=sha256:0da4710514a0ef0e6d2555dd8a0f4c09ec6ebbdb2b8cd090a94dc63c98316be5 \
7+
--hash=sha256:51e641fbaafb9e786ee91c957d68a34d27fcdd1c5a790bc4cc73418dba413872 \
8+
--hash=sha256:9dca0f661e032048781d6ecff83ffd9f1244eddf44542b664564dac2c4fc8a88 \
9+
--hash=sha256:cd8bd4690cb0957cbb040e7a8079f5b5e3cfeb3886ac9a0e757c5b8f59391645
10+
charset-normalizer==3.4.7 \
11+
--hash=sha256:fedf0c87b67e3fd4fda37c0c64e840bb7e5df197a5d537253632578961a8ce10
12+
click==8.3.3 \
13+
--hash=sha256:995dd2a234834f230cdcf8a0f22d62384063114be330f29cae5e2ea8113901b0
14+
click-option-group==0.5.7 \
15+
--hash=sha256:d6a3f4aacbf550153b112ce5dae7d99ea3fc83cc4fda268e9c5f174c26bb1550
16+
cryptography==46.0.7 \
17+
--hash=sha256:3b900c1b09ae2a71c7a1ab5e8f41a030078e82bf4d81e5ade4cfe8ca6784acf2 \
18+
--hash=sha256:6efa0e3724a7cd7f2ea5f3bc197fff02c3db7be15e3f219dc28376364a8c59a9 \
19+
--hash=sha256:876da9c3a3479d766c4e47d86d274cf7d1caae90784e1be54dca8bae80847948 \
20+
--hash=sha256:a34baa60ae4f96b6710a4bcfd89bb2ebfe43a4219e47d4e42fc249c99df88435
21+
docstring-parser==0.18.0 \
22+
--hash=sha256:ad8ed234ea2dab23080526bd8eaa457a8b1cbabab7c3348723ec5a35a07a0040
23+
durationpy==0.10 \
24+
--hash=sha256:ce86a86c56333ed4a1c71ad2f1a0138e6a91ad4144ee31223ac0a08eed8486f3
25+
google-api-core==2.30.3 \
26+
--hash=sha256:e6c1fe933af45247a34d4be5de322b8b8003d2412cfaea62b5b98402bf3b1f87
27+
google-auth==2.50.0 \
28+
--hash=sha256:16eb937863ec3ebee9006c8d918d6e844c4670ad96f57caad33813cd90678782
29+
google-cloud-core==2.5.1 \
30+
--hash=sha256:1d26664d0e8aff4ab73fa881b81fb181edae2df57c2b50740376ddfb9614a69d
31+
google-cloud-storage==3.10.1 \
32+
--hash=sha256:f6c2a0226558a91b2c41e6154be3ab85cea87a154ed67c25540fa516d7fe6856
33+
google-crc32c==1.8.0 \
34+
--hash=sha256:edfdfaaf68a74fdd3cb96b6c32d0252d75d1a600f91cdc209de1f83e9efb2326
35+
google-resumable-media==2.8.2 \
36+
--hash=sha256:75454aa7c656878f62f386c5a093a5fe41a03b3f69c35dda8a12a2919afc9b3a
37+
googleapis-common-protos==1.74.0 \
38+
--hash=sha256:3ad314d4749d7f460d42039a22ac3e762bdae10bc26d4281a930cdd6d8f1e4b9
39+
idna==3.13 \
40+
--hash=sha256:dca7f2ff2269802615148420ce18a161aa32c2456a40c7e8d86bd9839e8c6531
41+
kfp==2.16.1 \
42+
--hash=sha256:bb7aa559827e72e8b7fdb42fc2c5d699e631184c36db6c135879261a35a1dd0f
43+
kfp-kubernetes==2.16.1 \
44+
--hash=sha256:7071eab31e206b2ac32ad43f691d7128db0d911d03a091aa17c2f2667c481a84
45+
kfp-pipeline-spec==2.16.1 \
46+
--hash=sha256:2806800f7ad42b301da4d869cf2ddfa85b1efe9d779786f7ff32853778dc121b
47+
kfp-server-api==2.16.1 \
48+
--hash=sha256:2dca26deff17b13893e5b65ccde8313e886cd4e92bb22f0d911d4f22a509346f
49+
kubernetes==35.0.0 \
50+
--hash=sha256:9f8dfdaf76cb2b36b2cff1b2f4e65ab0b329f7ac4b7d48525595c3bceb6ae24f
51+
oauthlib==3.3.1 \
52+
--hash=sha256:1bf73c8e0aead3761794f6e5b15228bee706cda020facd0df347c145843adf40
53+
proto-plus==1.27.2 \
54+
--hash=sha256:29b3786055a3d01e64f40acbc3d3b925aeaed4811330a5ea65435deda44c4aff
55+
protobuf==6.33.6 \
56+
--hash=sha256:3aba0a6c9264e9f2e3e8cd3b3cdbbf0bbbea6dd62ec377342ce0f4f600f50a2a \
57+
--hash=sha256:895b160b3a10eb8f3b6eabfed447d896c780ed00dcffa5f52d7bb24825bc1dff \
58+
--hash=sha256:c6e1ea700f5e031c9669bd535a87f694f09b74e8b83885ab2759ae2bd2cbbd94 \
59+
--hash=sha256:df80a6563854e01cd6672f462b18d7ffff7f23caca920a972a93ba14cd20af1e
60+
pyasn1==0.6.3 \
61+
--hash=sha256:51194c7b4281edb039247c23e11f5280b4c9713ec246fda1fa9b5d960b860e51
62+
pyasn1-modules==0.4.2 \
63+
--hash=sha256:789033a94c5074562252314a4362858e2c173b04c7ae8dc1173ac69ce1f5cd7e
64+
pycparser==3.0 \
65+
--hash=sha256:abc09eabddd4d1d5d1606f6e113c0176507c75805c97e0e2af2c99c76eefbb9d
66+
python-dateutil==2.9.0.post0 \
67+
--hash=sha256:89e5d6f444e51ac0a18370406b265fa1f51c88824476fd08c56db669dd317775
68+
pyyaml==6.0.3 \
69+
--hash=sha256:62d61b1a5a6b7b9da8136582e111cd8e3991ddfb5d1e96e491aac5db15658588 \
70+
--hash=sha256:bc86d036b894d19df854a1c7cfc840aab27a6c6ccc27956256d91ce7b003847d \
71+
--hash=sha256:e647b656314603fe964279e192001153683e6a5574a3011f6c4efa6f821a416c \
72+
--hash=sha256:fc30b3ff55268f3ae334b94073d189f32cded01ccbcd177b7537dff511fbe54b
73+
requests==2.33.1 \
74+
--hash=sha256:9c2503525e436b4ffd8ac71815590e2048603adcc72e4b5d3218ee1e622deb03
75+
requests-oauthlib==2.0.0 \
76+
--hash=sha256:6fc02f497fb599e42b5811806e49498d26ebb58b6195a37962c8ea1557b44205
77+
requests-toolbelt==1.0.0 \
78+
--hash=sha256:3b8db9e1e64c559059b34851b461cd9d1d7c5914025389003343dffb9f65961d
79+
six==1.17.0 \
80+
--hash=sha256:be25bf700236019335048807404f5f0a00b67b20ce1091ccb7bbd42b7beded23
81+
tabulate==0.10.0 \
82+
--hash=sha256:fc9b49298a10c6cca931828963e093e59a17b96e53099ac930a2bcc5aa832273
83+
urllib3==2.6.3 \
84+
--hash=sha256:e0260bcb8dc9a00766b1263632d4cea3d51ce498787c24062ef187f6ce351fdc
85+
websocket-client==1.9.0 \
86+
--hash=sha256:c1370b3fea1c97189614828173ec02a8feaab0004782381f03456e1db4c60f19

0 commit comments

Comments
 (0)