Skip to content

Commit 48833ea

Browse files
authored
Merge pull request #32 from redhat-developer/add-konflux-tekton-updates-skill
feat(skills): add konflux-tekton-updates for...
2 parents 765026f + 600a15a commit 48833ea

4 files changed

Lines changed: 170 additions & 0 deletions

File tree

README.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,16 @@ Manage plugins in the [rhdh-plugin-export-overlays](https://github.com/redhat-de
2828

2929
- **[overlay](./skills/overlay/SKILL.md)** — Onboard new plugins, update versions, fix CI failures, triage and analyze PRs, trigger `/publish`. Covers both plugin-owner and core-team workflows.
3030

31+
### Konflux / Tekton
32+
33+
Update Konflux task digests and apply `MIGRATION.md` pipeline changes in [rhdh-plugin-catalog](https://gitlab.cee.redhat.com/rhidp/rhdh-plugin-catalog) or [rhdh](https://gitlab.cee.redhat.com/rhidp/rhdh) midstream.
34+
35+
- **[konflux-tekton-updates](./skills/konflux-tekton-updates/SKILL.md)** — Run `.tekton/updateDigests.sh --minor --no-push`, apply [build-definitions](https://github.com/konflux-ci/build-definitions) task migrations, update shared pipelines/templates and PLR generators. Repo-specific file lists: [plugin-catalog](./skills/konflux-tekton-updates/references/plugin-catalog.md), [RHDH midstream](./skills/konflux-tekton-updates/references/rhdh-midstream.md).
36+
37+
```bash
38+
npx skills add redhat-developer/rhdh-skill --skill konflux-tekton-updates
39+
```
40+
3141
### Local Testing
3242

3343
Test plugins in a local RHDH instance before deploying.
Lines changed: 93 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,93 @@
1+
---
2+
name: konflux-tekton-updates
3+
description: >-
4+
Bumps Konflux Tekton task digests with .tekton/updateDigests.sh --minor --no-push,
5+
applies konflux-ci/build-definitions MIGRATION.md pipeline fixes, and regenerates
6+
PipelineRuns. Use for rhdh-plugin-catalog, RHDH midstream (4-rhdh), Konflux task
7+
minor bumps, prefetch-dependencies-oci-ta, build-image-index, or updateDigests.sh.
8+
---
9+
10+
# Konflux Tekton updates
11+
12+
## Goal
13+
14+
After a **minor** Konflux task tag bump, update `.tekton` pipelines and generators so builds keep working. Apply what each `MIGRATION.md` says; do **not** add drift tests that block future Konflux updates.
15+
16+
## Prerequisites
17+
18+
`skopeo`, `jq` (>= 1.7), `yq`. Optional: `gh` for PR creation from scripts.
19+
20+
## Commit locally; never push without human review
21+
22+
| Script | Flag | Effect |
23+
|--------|------|--------|
24+
| `updateDigests.sh` | `--no-push` / `--nopush` (`-p`) | Commit locally; no push/PR |
25+
| `updateDigests.sh` | `--minor` | Disables push; use with `--no-push` for clarity |
26+
| `updateDigests.sh` | `--no-commit` / `-n` | Preview only |
27+
| `generatePipelineRunsForPlugins.sh` | `--nopush` | Commit locally; no push |
28+
| `generatePipelineRunsForPlugins.sh` | `--nocommit` | Write YAML only |
29+
30+
`generatePipelineRuns.sh` does not commit or push.
31+
32+
**Do not** run digest/generator scripts without `--no-push` / `--nopush` unless the user explicitly requests a push.
33+
34+
## Detect repo layout
35+
36+
| Marker in repo | Read |
37+
|----------------|------|
38+
| `.tekton/generatePipelineRunsForPlugins.sh` | [references/plugin-catalog.md](references/plugin-catalog.md) |
39+
| `.tekton-templates/rhdh-pipeline.yaml` | [references/rhdh-midstream.md](references/rhdh-midstream.md) |
40+
41+
If both exist, apply changes for the repo you are working in.
42+
43+
## Workflow
44+
45+
### 1. Bump digests
46+
47+
```bash
48+
cd .tekton
49+
./updateDigests.sh --minor --no-push
50+
```
51+
52+
- Updates `tag@sha256` in `*.yaml` (and `.tekton-templates/*.yaml` in RHDH midstream).
53+
- Tag changes list `MIGRATION.md` URLs under `konflux-ci/build-definitions`.
54+
- Digest-only: `./updateDigests.sh --no-push -q`
55+
56+
Review `git diff` for `quay.io/konflux-ci/tekton-catalog/task-*` changes.
57+
58+
### 2. Apply migrations
59+
60+
For each URL from `updateDigests.sh` (or from the diff):
61+
62+
1. Read `MIGRATION.md`.
63+
2. Apply **only** documented user actions.
64+
3. Skip “no action required” sections.
65+
66+
### 3. Regenerate (optional)
67+
68+
After fixing shared pipelines/templates and generator scripts:
69+
70+
- **plugin-catalog:** `./generatePipelineRunsForPlugins.sh -v <x.y.z> --nopush`
71+
- **RHDH midstream:** `./generatePipelineRuns.sh -t <x.y>`
72+
73+
### 4. Human review and push
74+
75+
Human reviews the full diff, then `git push` or opens a PR.
76+
77+
## Known migration patterns
78+
79+
Use live `MIGRATION.md` as source of truth. Common cases:
80+
81+
| Task | Action |
82+
|------|--------|
83+
| `prefetch-dependencies-oci-ta` 0.2→0.3 | Remove `dev-package-managers`; add pipeline param `enable-package-registry-proxy` (default `"true"`) and pass to prefetch task |
84+
| `build-image-index` 0.2→0.3 | Remove `COMMIT_SHA` / `IMAGE_EXPIRES_AFTER` from **build-image-index** task only; keep `image-expires-after` on buildah/prefetch |
85+
| `init` 0.3→0.4 | No pipeline changes |
86+
| `init` 0.4.1→0.4.2 | Remove broken auto-added `sast-target-dirs` pipeline param if present |
87+
88+
## Anti-patterns
89+
90+
- Pushing without `--no-push` / `--nopush` and human sign-off.
91+
- Leaving removed task params (`dev-package-managers`, `COMMIT_SHA` on `build-image-index`).
92+
- Adding `verify_*` guards that fail on the next Konflux bump.
93+
- Dropping `image-expires-after` from PLRs only because `build-image-index` no longer uses it.
Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
# rhdh-plugin-catalog layout
2+
3+
## Files to update
4+
5+
| Location | When to edit |
6+
|----------|----------------|
7+
| `.tekton/oci-plugin-build-pipeline.yaml` | Shared `Pipeline`; most PLRs use `pipelineRef` |
8+
| `.tekton/plugin-catalog-index-*-push.yaml` | Inline `pipelineSpec` (catalog index) |
9+
| `.tekton/plugin-catalog-builder-*-{push,pull}.yaml` | Inline `pipelineSpec` (catalog builder) |
10+
| `.tekton/*-push.yaml` (many components) | Usually `spec.params` only when migration adds pipeline params |
11+
| `.tekton/*-pull.yaml` | Same when present |
12+
| `.tekton/generatePipelineRunsForPlugins.sh` | Heredoc for regenerated PLRs + `*.Containerfile` |
13+
| `.tekton/updateToStableBranch.py` | Version renames only — not Konflux migrations |
14+
15+
Plugin PLRs with `pipelineRef: oci-plugin-build-pipeline` inherit task wiring from the shared pipeline; add PLR `spec.params` when migrations require explicit pipeline parameters.
16+
17+
## Regenerate
18+
19+
```bash
20+
cd .tekton
21+
./generatePipelineRunsForPlugins.sh -v <x.y.z> --nopush
22+
```
23+
24+
## Generator: new pipeline params
25+
26+
Add to the PipelineRun heredoc `spec.params` when `oci-plugin-build-pipeline` gains a param, e.g.:
27+
28+
```yaml
29+
- name: enable-package-registry-proxy
30+
value: "true"
31+
```
32+
33+
Do not embed full `pipelineSpec` in the generator.
Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
# RHDH midstream layout (4-rhdh)
2+
3+
`updateDigests.sh` also updates `.tekton-templates/*.yaml` via `TEMPLATEPATH`.
4+
5+
## Files to update
6+
7+
Edit **templates first**, then regenerate or patch PLRs.
8+
9+
| Location | When to edit |
10+
|----------|----------------|
11+
| `.tekton-templates/rhdh-pipeline.yaml` | hub, operator, must-gather |
12+
| `.tekton-templates/rhdh-operator-bundle.yaml` | operator-bundle (different task set) |
13+
| `.tekton-templates/components.yaml` | Metadata for `generatePipelineRuns.sh` |
14+
| `.tekton/rhdh-hub-<N>-{push,pull}.yaml` | From `rhdh-pipeline.yaml` |
15+
| `.tekton/rhdh-operator-<N>-{push,pull}.yaml` | From `rhdh-pipeline.yaml` |
16+
| `.tekton/rhdh-must-gather-<N>-{push,pull}.yaml` | From `rhdh-pipeline.yaml` |
17+
| `.tekton/rhdh-operator-bundle-<N>-{push,pull}.yaml` | From `rhdh-operator-bundle.yaml` |
18+
| `.tekton/rhdh-rag-content-<N>-{push,pull}.yaml` | Inline `pipelineSpec` — edit directly |
19+
| `.tekton/fbc-<version>-push.yaml` | FBC pipelines; often `build-image-index` without prefetch |
20+
| `.tekton/images-mirror-set.yaml` | Only if task bundles are referenced |
21+
22+
## Regenerate
23+
24+
```bash
25+
cd .tekton
26+
./generatePipelineRuns.sh -t <x.y>
27+
```
28+
29+
Updates `rhdh-*-{push,pull}.yaml` and FBC `target_branch` placeholders in `fbc-*-push.yaml`.
30+
31+
## Generator: template changes
32+
33+
- Edit `pipelineSpec.params` and task `params` in `rhdh-pipeline.yaml` / `rhdh-operator-bundle.yaml`.
34+
- `components.yaml` only if extending `generatePipelineRuns.sh` placeholders for per-component PLR params.

0 commit comments

Comments
 (0)