diff --git a/.gitmodules b/.gitmodules index af6a0eab..4605a215 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,3 +4,6 @@ [submodule "website/themes/hugo-book"] path = website/themes/hugo-book url = https://github.com/alex-shpak/hugo-book +[submodule "telco5g-konflux"] + path = telco5g-konflux + url = https://github.com/openshift-kni/telco5g-konflux diff --git a/.konflux/Dockerfile.catalog b/.konflux/Dockerfile.catalog new file mode 100644 index 00000000..a8f50eab --- /dev/null +++ b/.konflux/Dockerfile.catalog @@ -0,0 +1,54 @@ + # The base image is expected to contain /bin/opm (with a serve subcommand) and /bin/grpc_health_probe +# +# CAVEAT +# +# For <= 4.14, use registry.redhat.io/openshift4/ose-operator-registry:v4.y +# For >= 4.15, use registry.redhat.io/openshift4/ose-operator-registry-rhel9:v4.y +# +# TODO: once available, migrate to: registry.redhat.io/openshift4/ose-operator-registry-rhel9:v4.y +ARG OPM_IMAGE=brew.registry.redhat.io/rh-osbs/openshift-ose-operator-registry-rhel9:v4.20 + +# build the catalog +FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_9_golang_1.24@sha256:b91431604c435f3cabec20ddb653c0537c8ba8097ada57960d54a1266f95a7c3 AS builder + +# create dir structure to generate the catalog +RUN mkdir -p /app/hack /app/.konflux/catalog + +COPY .konflux/hack/ /app/hack/ +COPY .konflux/catalog/ /app/.konflux/catalog/ +COPY telco5g-konflux /app/telco5g-konflux +COPY konflux.Makefile /app/Makefile + + +# generate the catalog + +# debug +RUN echo "root dir" && ls -lra $HOME + +WORKDIR /app +RUN --mount=type=secret,id=telco-5g-redhat-pull-secret/.dockerconfigjson \ + mkdir -p $HOME/.docker/ && \ + cp /run/secrets/telco-5g-redhat-pull-secret/.dockerconfigjson $HOME/.docker/config.json + +# debug +RUN echo "run secrets" && ls -lra /run/secrets/ && echo "docker dir" && ls -lra $HOME/.docker/ && cat $HOME/.docker/config.json + +ENV REGISTRY_AUTH_FILE=$HOME/.docker/config.json +# The fbc build is not hermetic, so make will download yq and opm +RUN make konflux-generate-catalog-production && \ + rm -f $HOME/.docker/config.json + +# run the catalog +FROM ${OPM_IMAGE} + +ENTRYPOINT ["/bin/opm"] +CMD ["serve", "/configs", "--cache-dir=/tmp/cache"] + +# ensure this correponds to olm.package name +ENV PACKAGE_NAME=openperouter-operator + +COPY --from=builder /app/.konflux/catalog/$PACKAGE_NAME/ /configs/$PACKAGE_NAME +# RUN ["/bin/opm", "validate", "/configs/openperouter-operator"] +RUN ["/bin/opm", "serve", "/configs", "--cache-dir=/tmp/cache", "--cache-only"] + +LABEL operators.operatorframework.io.index.configs.v1=/configs \ No newline at end of file diff --git a/.konflux/catalog/.gitignore b/.konflux/catalog/.gitignore new file mode 100644 index 00000000..c7ee7b61 --- /dev/null +++ b/.konflux/catalog/.gitignore @@ -0,0 +1 @@ +openperouter-operator/catalog.yaml \ No newline at end of file diff --git a/.konflux/catalog/bundle.builds.in.yaml b/.konflux/catalog/bundle.builds.in.yaml new file mode 100644 index 00000000..4976bbe8 --- /dev/null +++ b/.konflux/catalog/bundle.builds.in.yaml @@ -0,0 +1,3 @@ +--- +quay: quay.io/redhat-user-workloads/telco-5g-tenant/openperouter-operator-bundle-4-20@sha256:6bd0360775343a5ae8238c5d53bbfac1838e0c57e6f30c9c5df51633e720cbaf + diff --git a/.konflux/catalog/catalog-template.in.yaml b/.konflux/catalog/catalog-template.in.yaml new file mode 100644 index 00000000..ccd5d350 --- /dev/null +++ b/.konflux/catalog/catalog-template.in.yaml @@ -0,0 +1,21 @@ +--- +entries: + - defaultChannel: alpha + name: openperouter-operator + schema: olm.package + # Add 'replaces' after we ship 4.20.0 + - entries: + - name: openperouter-operator.v4.20.0 + skipRange: '>=4.9.0 <4.20.0' + name: alpha + package: openperouter-operator + schema: olm.channel + - entries: + - name: openperouter-operator.v4.20.0 + skipRange: '>=4.9.0 <4.20.0' + name: "4.20" + package: openperouter-operator + schema: olm.channel + - image: quay.io/redhat-user-workloads/telco-5g-tenant/openperouter-operator-bundle-4-20@sha256:bf6a076d5b7dea000a817eb9dc3155131ab1655657855719f6ca62d1e5794911 + schema: olm.bundle +schema: olm.template.basic \ No newline at end of file diff --git a/.konflux/catalog/fbc-images-resolvable-integration-test-idms.yaml b/.konflux/catalog/fbc-images-resolvable-integration-test-idms.yaml new file mode 100644 index 00000000..101ba441 --- /dev/null +++ b/.konflux/catalog/fbc-images-resolvable-integration-test-idms.yaml @@ -0,0 +1,14 @@ +# We use this IDMS to check if the images in the FBC are resolvable using the staging or production catalog. +# https://github.com/konflux-ci/community-catalog/tree/development/pipelines/validate-fbc-images-resolvable +apiVersion: operator.openshift.io/v1 +kind: ImageDigestMirrorSet +metadata: + name: fbc-images-resolvable-integration-test-idms +spec: + imageDigestMirrors: + - mirrors: + - registry.stage.redhat.io/openshift4-dev-preview-beta/openperouter-rhel9-operator + source: registry.redhat.io/openshift4-dev-preview-beta/openperouter-rhel9-operator + - mirrors: + - registry.stage.redhat.io/openshift4-dev-preview-beta/openperouter-operator-bundle + source: registry.redhat.io/openshift4-dev-preview-beta/openperouter-operator-bundle diff --git a/.konflux/catalog/openperouter-operator/.gitkeep b/.konflux/catalog/openperouter-operator/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/.konflux/hack/Dockerfile.markdownlint b/.konflux/hack/Dockerfile.markdownlint new file mode 100644 index 00000000..6cc78ee0 --- /dev/null +++ b/.konflux/hack/Dockerfile.markdownlint @@ -0,0 +1,7 @@ +# Following example of: https://github.com/openshift/enhancements/blob/master/hack/Dockerfile.markdownlint +FROM registry.access.redhat.com/ubi9/ubi:latest +WORKDIR /workdir +RUN dnf install -y git golang +COPY install-markdownlint.sh /tmp +RUN /tmp/install-markdownlint.sh +ENTRYPOINT /workdir/hack/markdownlint.sh diff --git a/.konflux/hack/boilerplate.go.txt b/.konflux/hack/boilerplate.go.txt new file mode 100644 index 00000000..52a76586 --- /dev/null +++ b/.konflux/hack/boilerplate.go.txt @@ -0,0 +1,5 @@ +/* +SPDX-FileCopyrightText: Red Hat + +SPDX-License-Identifier: Apache-2.0 +*/ diff --git a/.konflux/hack/catalog-undeploy.sh b/.konflux/hack/catalog-undeploy.sh new file mode 100755 index 00000000..35eb6fb1 --- /dev/null +++ b/.konflux/hack/catalog-undeploy.sh @@ -0,0 +1,83 @@ +#!/bin/bash +# +# SPDX-FileCopyrightText: Red Hat +# +# SPDX-License-Identifier: Apache-2.0 +# + +function usage { + cat <&2 +Paramaters: + --namespace + --package + --crd-search +EOF + exit 1 +} + +function cleanSubscription { + oc delete subscriptions.operators.coreos.com -n "${NAMESPACE}" "${PACKAGE}" + oc get csv -n "${NAMESPACE}" | grep "${PACKAGE}" | awk '{print $1}' \ + | xargs --no-run-if-empty oc delete csv -n "${NAMESPACE}" + oc get crd | grep "${CRD_SEARCH}" | awk '{print $1}' \ + | xargs --no-run-if-empty oc delete crd + oc delete ns "${NAMESPACE}" + oc get clusterrole.rbac.authorization.k8s.io | grep "${PACKAGE}" | awk '{print $1}' \ + | xargs --no-run-if-empty oc delete clusterrole.rbac.authorization.k8s.io + oc get clusterrolebinding.rbac.authorization.k8s.io | grep "${PACKAGE}" | awk '{print $1}' \ + | xargs --no-run-if-empty oc delete clusterrolebinding.rbac.authorization.k8s.io + + oc delete catalogsources.operators.coreos.com -n openshift-marketplace "${PACKAGE}" +} + +# +# Command-line processing +# +declare PACKAGE= +declare NAMESPACE= +declare CRD_SEARCH= + +longopts=( + "help" + "namespace:" + "package:" + "crd-search:" +) + +longopts_str=$(IFS=,; echo "${longopts[*]}") + +if ! OPTS=$(getopt -o "ho:" --long "${longopts_str}" --name "$0" -- "$@"); then + usage +fi + +eval set -- "${OPTS}" + +while :; do + case "$1" in + --namespace) + NAMESPACE="$2" + shift 2 + ;; + --package) + PACKAGE="$2" + shift 2 + ;; + --crd-search) + CRD_SEARCH="$2" + shift 2 + ;; + --) + shift + break + ;; + *) + usage + ;; + esac +done + +if [ -z "${NAMESPACE}" ] || [ -z "${PACKAGE}" ] || [ -z "${CRD_SEARCH}" ]; then + usage +fi + +cleanSubscription diff --git a/.konflux/hack/check-git-tree.sh b/.konflux/hack/check-git-tree.sh new file mode 100755 index 00000000..60d5f83c --- /dev/null +++ b/.konflux/hack/check-git-tree.sh @@ -0,0 +1,18 @@ +#!/bin/bash +# +# SPDX-FileCopyrightText: Red Hat +# +# SPDX-License-Identifier: Apache-2.0 +# + +RC=0 +if [ -n "$(git status --porcelain)" ]; then + echo "Unstaged or untracked changes exist:" + git status --porcelain + git diff + RC=1 +else + echo "git tree is clean" +fi + +exit ${RC} diff --git a/.konflux/hack/generate-catalog-deploy.sh b/.konflux/hack/generate-catalog-deploy.sh new file mode 100755 index 00000000..24595c49 --- /dev/null +++ b/.konflux/hack/generate-catalog-deploy.sh @@ -0,0 +1,159 @@ +#!/bin/bash +# +# SPDX-FileCopyrightText: Red Hat +# +# SPDX-License-Identifier: Apache-2.0 +# + +function usage { + cat <&2 +Paramaters: + --namespace + --package + --channel + --catalog-image + --install-mode +EOF + exit 1 +} + +function generateCatalogSource { + cat < --name --channel +EOF + exit 1 +} + +function cleanup { + if [ -n "${WORKDIR}" ] && [ -d "${WORKDIR}" ]; then + rm -rf "${WORKDIR}" + fi +} + +trap cleanup EXIT + +# +# Process cmdline arguments +# +declare OPM= +declare NAME= +declare CHANNEL= +declare VERSION= + +longopts=( + "help" + "opm:" + "name:" + "channel:" + "version:" +) + +longopts_str=$(IFS=,; echo "${longopts[*]}") + +if ! OPTS=$(getopt -o "h" --long "${longopts_str}" --name "$0" -- "$@"); then + usage +fi + +eval set -- "${OPTS}" + +while :; do + case "$1" in + --opm) + OPM="$2" + shift 2 + ;; + --name) + NAME="$2" + shift 2 + ;; + --channel) + CHANNEL="$2" + shift 2 + ;; + --version) + VERSION="$2" + shift 2 + ;; + --) + shift + break + ;; + *) + usage + ;; + esac +done + +if [ -z "${OPM}" ] || [ -z "${NAME}" ] || [ -z "${CHANNEL}" ] || [ -z "${VERSION}" ]; then + usage +fi + +WORKDIR=$(mktemp -d --tmpdir genindex.XXXXXX) + +${OPM} init ${NAME} --default-channel=${CHANNEL} --output=yaml > ${WORKDIR}/index.yaml +cat <> ${WORKDIR}/index.yaml +--- +schema: olm.channel +package: ${NAME} +name: ${CHANNEL} +entries: + - name: ${NAME}.v${VERSION} +EOF + +if [ ! -f catalog/index.yaml ] || ! cmp ${WORKDIR}/index.yaml catalog/index.yaml; then + mv ${WORKDIR}/index.yaml catalog/index.yaml +fi + diff --git a/.konflux/hack/install-markdownlint.sh b/.konflux/hack/install-markdownlint.sh new file mode 100755 index 00000000..896772c1 --- /dev/null +++ b/.konflux/hack/install-markdownlint.sh @@ -0,0 +1,24 @@ +#!/bin/bash -xe +# +# SPDX-FileCopyrightText: Red Hat +# +# SPDX-License-Identifier: Apache-2.0 +# +# Following example of: https://github.com/openshift/enhancements/blob/master/hack/install-markdownlint.sh + +cat /etc/redhat-release || echo "No /etc/redhat-release" + +if grep -q 'Red Hat Enterprise Linux' /etc/redhat-release; then + # install the config file for the RPM repository with node 14 + # steps taken from https://rpm.nodesource.com/setup_14.x + yum module disable -y nodejs + curl -sL -o '/tmp/nodesource.rpm' 'https://rpm.nodesource.com/pub_14.x/el/8/x86_64/nodesource-release-el8-1.noarch.rpm' + rpm -i --nosignature --force /tmp/nodesource.rpm + yum -y install nodejs +else + # Fedora has a module we can use + dnf -y module enable nodejs:16 + dnf -y install nodejs +fi + +npm install -g markdownlint@v0.25.1 markdownlint-cli2@v0.4.0 diff --git a/.konflux/hack/install_test_deps.sh b/.konflux/hack/install_test_deps.sh new file mode 100755 index 00000000..bc6a579d --- /dev/null +++ b/.konflux/hack/install_test_deps.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# +# SPDX-FileCopyrightText: Red Hat +# +# SPDX-License-Identifier: Apache-2.0 +# + +set -ex + +go install github.com/onsi/ginkgo/v2/ginkgo@$(go list -f '{{.Version}}' -m github.com/onsi/ginkgo/v2) +go install go.uber.org/mock/mockgen@v0.3.0 + +if ! [ -x "$(command -v golangci-lint)" ]; then + echo "Downloading golangci-lint" + + curl -Lo tarball https://github.com/golangci/golangci-lint/releases/download/v2.3.0/golangci-lint-2.3.0-linux-amd64.tar.gz + echo b15f994fe7b9885e3862d394e159025fc2ca808d0dccf2ce3d6a242896c2be0c tarball | sha256sum -c + tar -C $(go env GOPATH)/bin --strip-components=1 -xf tarball golangci-lint-2.3.0-linux-amd64/golangci-lint + rm tarball +fi + + +if ! [ -x "$(command -v spectral)" ]; then + echo "Downloading spectral" + + curl -Lo spectral https://github.com/stoplightio/spectral/releases/download/v6.11.0/spectral-linux-x64 + echo 0e151d3dc5729750805428f79a152fa01dd4c203f1d9685ef19f4fd4696fcd5f spectral | sha256sum -c + chmod +x spectral + mv spectral $(go env GOPATH)/bin +fi diff --git a/.konflux/hack/markdownlint.sh b/.konflux/hack/markdownlint.sh new file mode 100755 index 00000000..c3e20651 --- /dev/null +++ b/.konflux/hack/markdownlint.sh @@ -0,0 +1,23 @@ +#!/bin/bash -ex +# +# SPDX-FileCopyrightText: Red Hat +# +# SPDX-License-Identifier: Apache-2.0 +# +# Following example of: https://github.com/openshift/enhancements/blob/master/hack/markdownlint.sh + +# trap errors, including the exit code from the command failed +trap 'handle_exit $?' EXIT + +function handle_exit { + # If the exit code we were given indicates an error, suggest that + # the author run the linter locally. + if [ "$1" != "0" ]; then + cat - <&2 + exit 1 +fi + +if ! cd "${rootdir}"; then + echo "Failed to cd to top level directory: ${rootdir}" >&2 + exit 1 +fi + +if [ -f go.work ]; then + echo "A go.work file already exists. Aborting sync" >&2 + exit 1 +fi + +echo "Creating workspace" +if ! go work init .; then + echo "Command failed: go work init" >&2 + exit 1 +fi + +for gomod in ./api/*/go.mod; do + submodule=$(dirname "$gomod") + echo "Adding ${submodule}" + if ! go work use "${submodule}"; then + echo "Command failed: go work use ${submodule}" >&2 + exit 1 + fi +done + +echo "Syncing API module dependencies" +if ! go work sync; then + echo "Command failed: go work sync" >&2 + exit 1 +fi + +for gomod in ./api/*/go.mod; do + submodule=$(dirname "$gomod") + echo "Tidying ${submodule}" + if ! pushd ${submodule} >/dev/null; then + echo "Command failed: pushd ${submodule}" >&2 + exit 1 + fi + + if ! go mod tidy -go="${PINNED_GO}"; then + echo "Command failed: go mod tidy -go=${PINNED_GO}" >&2 + exit 1 + fi + + if ! popd >/dev/null; then + echo "Command failed: popd" >&2 + exit 1 + fi +done + +rm -f "${rootdir}/go.work" "${rootdir}/go.work.sum" + +echo "Tidying main" +if ! go mod tidy -go="${PINNED_GO}"; then + echo "Command failed: go mod tidy -go=${PINNED_GO}" >&2 + exit 1 +fi + +if ! go mod vendor; then + echo "Command failed: go mod vendor" >&2 + exit 1 +fi + +echo "Done" +exit 0 + diff --git a/.konflux/hack/update_deps.sh b/.konflux/hack/update_deps.sh new file mode 100755 index 00000000..bfda5220 --- /dev/null +++ b/.konflux/hack/update_deps.sh @@ -0,0 +1,27 @@ +#!/bin/bash +# +# SPDX-FileCopyrightText: Red Hat +# +# SPDX-License-Identifier: Apache-2.0 +# + +set -e + +PINNED_GO="1.24.0" + +# Handle the exported api/hardwaremanagement submodule first +pushd api/hardwaremanagement >/dev/null +go mod tidy -go="${PINNED_GO}" +popd >/dev/null + +pushd api/provisioning >/dev/null +go mod tidy -go="${PINNED_GO}" +popd >/dev/null + +pushd api/inventory >/dev/null +go mod tidy -go="${PINNED_GO}" +popd >/dev/null + +go mod vendor +go mod tidy -go="${PINNED_GO}" + diff --git a/.tekton/images-mirror-set.yaml b/.tekton/images-mirror-set.yaml new file mode 100644 index 00000000..91c8527d --- /dev/null +++ b/.tekton/images-mirror-set.yaml @@ -0,0 +1,14 @@ +# We use this IDMS in the Conforma tests to check for fips compliance. +# https://github.com/konflux-ci/build-definitions/tree/main/task/fbc-fips-check-oci-ta/0.1 +apiVersion: operator.openshift.io/v1 +kind: ImageDigestMirrorSet +metadata: + name: openperouter-operator-image-digest-mirror-set +spec: + imageDigestMirrors: + - mirrors: + - quay.io/redhat-user-workloads/telco-5g-tenant/openperouter-operator-4-20 + source: registry.redhat.io/openshift4-dev-preview-beta/openperouter-rhel9-operator + - mirrors: + - quay.io/redhat-user-workloads/telco-5g-tenant/openperouter-operator-bundle-4-20 + source: registry.redhat.io/openshift4-dev-preview-beta/openperouter-operator-bundle diff --git a/.tekton/openperouter-operator-fbc-4-20-pull-request.yaml b/.tekton/openperouter-operator-fbc-4-20-pull-request.yaml new file mode 100644 index 00000000..30832dd1 --- /dev/null +++ b/.tekton/openperouter-operator-fbc-4-20-pull-request.yaml @@ -0,0 +1,434 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/openshift-kni/openperouter?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/cancel-in-progress: "true" + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch + == "main" + creationTimestamp: null + labels: + appstudio.openshift.io/application: openperouter-operator-fbc-4-20 + appstudio.openshift.io/component: openperouter-operator-fbc-4-20 + pipelines.appstudio.openshift.io/type: build + name: openperouter-operator-fbc-4-20-on-pull-request + namespace: telco-5g-tenant +spec: + params: + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/redhat-user-workloads/telco-5g-tenant/openperouter-operator-fbc-4-20:on-pr-{{revision}} + - name: image-expires-after + value: 5d + - name: build-platforms + value: + - linux/x86_64 + - name: dockerfile + value: .konflux/Dockerfile.catalog + # We have configured an fbc exception for hermetic builds on the release repo. + - name: hermetic + value: "false" + pipelineSpec: + description: | + This pipeline is ideal for building and verifying [file-based catalogs](https://konflux-ci.dev/docs/end-to-end/building-olm/#building-the-file-based-catalog). + + _Uses `buildah` to create a container image. Its build-time tests are limited to verifying the included catalog and do not scan the image. + This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-fbc-builder?tab=tags)_ + finally: + - name: show-sbom + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + taskRef: + params: + - name: name + value: show-sbom + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:beb0616db051952b4b861dd8c3e00fa1c0eccbd926feddf71194d3bb3ace9ce7 + - name: kind + value: task + resolver: bundles + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: Path to the source code of an application's component from where + to build image. + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile inside the context specified by parameter + path-context + name: dockerfile + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "true" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched by Cachi2 + name: prefetch-input + type: string + - default: "" + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. + name: image-expires-after + type: string + - default: "false" + description: Build a source image. + name: build-source-image + type: string + - default: "true" + description: Add built image into an OCI image index + name: build-image-index + type: string + - default: [] + description: Array of --build-arg values ("arg=value" strings) for buildah + name: build-args + type: array + - default: "" + description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file + name: build-args-file + type: string + - default: + - linux/x86_64 + description: List of platforms to build the container images on. The available + set of values is determined by the configuration of the multi-platform-controller. + name: build-platforms + type: array + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + tasks: + - name: init + params: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: skip-checks + value: $(params.skip-checks) + taskRef: + params: + - name: name + value: init + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:08e18a4dc5f947c1d20e8353a19d013144bea87b72f67236b165dd4778523951 + - name: kind + value: task + resolver: bundles + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + - name: ociStorage + value: $(params.output-image).git + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) + runAfter: + - init + taskRef: + params: + - name: name + value: git-clone-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:be82c55346e8810bd1edc5547f864064da6945979baccca7dfc99990b392a02b + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: basic-auth + workspace: git-auth + - name: run-opm-command + params: + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image).opm + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) + - name: OPM_ARGS + value: [] + - name: OPM_OUTPUT_PATH + value: "" + - name: IDMS_PATH + value: "" + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: run-opm-command-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-run-opm-command-oci-ta:0.1@sha256:14ff1a3b59655326d178ac29323f064e11d51912155b83cdfb3eee0dc75462a9 + - name: kind + value: task + resolver: bundles + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + - name: SOURCE_ARTIFACT + value: $(tasks.run-opm-command.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image).prefetch + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) + runAfter: + - run-opm-command + taskRef: + params: + - name: name + value: prefetch-dependencies-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:63448dd12b8ace978df27c155b3662cb1a8b285906843e03da99ce483d50f1eb + - name: kind + value: task + resolver: bundles + workspaces: + - name: git-basic-auth + workspace: git-auth + - name: netrc + workspace: netrc + - matrix: + params: + - name: PLATFORM + value: + - $(params.build-platforms) + name: build-images + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + - name: IMAGE_APPEND_PLATFORM + value: "true" + - name: ADDITIONAL_SECRET + value: telco-5g-redhat-pull-secret + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: buildah-remote-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:bbcd0f1ef282950c8349b893b19694bd7a21889251529d5da126c0946a4ca045 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - name: build-image-index + params: + - name: IMAGE + value: $(params.output-image) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: ALWAYS_BUILD_INDEX + value: $(params.build-image-index) + - name: IMAGES + value: + - $(tasks.build-images.results.IMAGE_REF[*]) + runAfter: + - build-images + taskRef: + params: + - name: name + value: build-image-index + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:72f77a8c62f9d6f69ab5c35170839e4b190026e6cc3d7d4ceafa7033fc30ad7b + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - name: deprecated-base-image-check + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:f485ef8bfdaf6e6d8d7795eb2e25f9c5ee8619d52220f4d64b5e28078d568c89 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: apply-tags + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:70881c97a4c51ee1f4d023fa1110e0bdfcfd2f51d9a261fa543c3862b9a4eee9 + - name: kind + value: task + resolver: bundles + - name: validate-fbc + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: validate-fbc + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-validate-fbc:0.1@sha256:5ad28ce898a5b4bcaaf3b17d80f30fb377e7229f43219076bb2579c52e241bdb + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: fbc-target-index-pruning-check + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: TARGET_INDEX + value: registry.redhat.io/redhat/redhat-operator-index + - name: RENDERED_CATALOG_DIGEST + value: $(tasks.validate-fbc.results.RENDERED_CATALOG_DIGEST) + runAfter: + - validate-fbc + taskRef: + params: + - name: name + value: fbc-target-index-pruning-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-fbc-target-index-pruning-check:0.1@sha256:6f1d1edb746a7b20ad4fe523344c5515a259403b8314f5208d96ea0c6ec06169 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: fbc-fips-check-oci-ta + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: fbc-fips-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-fbc-fips-check-oci-ta:0.1@sha256:4ff3a82892cc75c05fdf895898849094544439bfe8aa23c340548f2d01710cc0 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: git-auth + optional: true + - name: netrc + optional: true + taskRunTemplate: + serviceAccountName: build-pipeline-openperouter-operator-fbc-4-20 + workspaces: + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} diff --git a/.tekton/openperouter-operator-fbc-4-20-push.yaml b/.tekton/openperouter-operator-fbc-4-20-push.yaml new file mode 100644 index 00000000..9ff03d2e --- /dev/null +++ b/.tekton/openperouter-operator-fbc-4-20-push.yaml @@ -0,0 +1,431 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/openshift-kni/openperouter?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/cancel-in-progress: "false" + pipelinesascode.tekton.dev/max-keep-runs: "3" + pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch + == "main" + creationTimestamp: null + labels: + appstudio.openshift.io/application: openperouter-operator-fbc-4-20 + appstudio.openshift.io/component: openperouter-operator-fbc-4-20 + pipelines.appstudio.openshift.io/type: build + name: openperouter-operator-fbc-4-20-on-push + namespace: telco-5g-tenant +spec: + params: + - name: git-url + value: '{{source_url}}' + - name: revision + value: '{{revision}}' + - name: output-image + value: quay.io/redhat-user-workloads/telco-5g-tenant/openperouter-operator-fbc-4-20:{{revision}} + - name: build-platforms + value: + - linux/x86_64 + - name: dockerfile + value: .konflux/catalog/Dockerfile.catalog + # We have configured an fbc exception for hermetic builds on the release repo. + - name: hermetic + value: "false" + pipelineSpec: + description: | + This pipeline is ideal for building and verifying [file-based catalogs](https://konflux-ci.dev/docs/end-to-end/building-olm/#building-the-file-based-catalog). + + _Uses `buildah` to create a container image. Its build-time tests are limited to verifying the included catalog and do not scan the image. + This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-fbc-builder?tab=tags)_ + finally: + - name: show-sbom + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + taskRef: + params: + - name: name + value: show-sbom + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:beb0616db051952b4b861dd8c3e00fa1c0eccbd926feddf71194d3bb3ace9ce7 + - name: kind + value: task + resolver: bundles + params: + - description: Source Repository URL + name: git-url + type: string + - default: "" + description: Revision of the Source Repository + name: revision + type: string + - description: Fully Qualified Output Image + name: output-image + type: string + - default: . + description: Path to the source code of an application's component from where + to build image. + name: path-context + type: string + - default: Dockerfile + description: Path to the Dockerfile inside the context specified by parameter + path-context + name: dockerfile + type: string + - default: "false" + description: Force rebuild image + name: rebuild + type: string + - default: "false" + description: Skip checks against built image + name: skip-checks + type: string + - default: "true" + description: Execute the build with network isolation + name: hermetic + type: string + - default: "" + description: Build dependencies to be prefetched by Cachi2 + name: prefetch-input + type: string + - default: "" + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. + name: image-expires-after + type: string + - default: "false" + description: Build a source image. + name: build-source-image + type: string + - default: "true" + description: Add built image into an OCI image index + name: build-image-index + type: string + - default: [] + description: Array of --build-arg values ("arg=value" strings) for buildah + name: build-args + type: array + - default: "" + description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file + name: build-args-file + type: string + - default: + - linux/x86_64 + description: List of platforms to build the container images on. The available + set of values is determined by the configuration of the multi-platform-controller. + name: build-platforms + type: array + results: + - description: "" + name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + tasks: + - name: init + params: + - name: image-url + value: $(params.output-image) + - name: rebuild + value: $(params.rebuild) + - name: skip-checks + value: $(params.skip-checks) + taskRef: + params: + - name: name + value: init + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:08e18a4dc5f947c1d20e8353a19d013144bea87b72f67236b165dd4778523951 + - name: kind + value: task + resolver: bundles + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + - name: ociStorage + value: $(params.output-image).git + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) + runAfter: + - init + taskRef: + params: + - name: name + value: git-clone-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:be82c55346e8810bd1edc5547f864064da6945979baccca7dfc99990b392a02b + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + workspaces: + - name: basic-auth + workspace: git-auth + - name: run-opm-command + params: + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image).opm + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) + - name: OPM_ARGS + value: [] + - name: OPM_OUTPUT_PATH + value: "" + - name: IDMS_PATH + value: "" + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: run-opm-command-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-run-opm-command-oci-ta:0.1@sha256:14ff1a3b59655326d178ac29323f064e11d51912155b83cdfb3eee0dc75462a9 + - name: kind + value: task + resolver: bundles + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + - name: SOURCE_ARTIFACT + value: $(tasks.run-opm-command.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image).prefetch + - name: ociArtifactExpiresAfter + value: $(params.image-expires-after) + runAfter: + - run-opm-command + taskRef: + params: + - name: name + value: prefetch-dependencies-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:63448dd12b8ace978df27c155b3662cb1a8b285906843e03da99ce483d50f1eb + - name: kind + value: task + resolver: bundles + workspaces: + - name: git-basic-auth + workspace: git-auth + - name: netrc + workspace: netrc + - matrix: + params: + - name: PLATFORM + value: + - $(params.build-platforms) + name: build-images + params: + - name: IMAGE + value: $(params.output-image) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - $(params.build-args[*]) + - name: BUILD_ARGS_FILE + value: $(params.build-args-file) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + - name: IMAGE_APPEND_PLATFORM + value: "true" + - name: ADDITIONAL_SECRET + value: telco-5g-redhat-pull-secret + runAfter: + - clone-repository + taskRef: + params: + - name: name + value: buildah-remote-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:bbcd0f1ef282950c8349b893b19694bd7a21889251529d5da126c0946a4ca045 + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - name: build-image-index + params: + - name: IMAGE + value: $(params.output-image) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: ALWAYS_BUILD_INDEX + value: $(params.build-image-index) + - name: IMAGES + value: + - $(tasks.build-images.results.IMAGE_REF[*]) + runAfter: + - build-images + taskRef: + params: + - name: name + value: build-image-index + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:72f77a8c62f9d6f69ab5c35170839e4b190026e6cc3d7d4ceafa7033fc30ad7b + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: + - "true" + - name: deprecated-base-image-check + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:f485ef8bfdaf6e6d8d7795eb2e25f9c5ee8619d52220f4d64b5e28078d568c89 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: apply-tags + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:70881c97a4c51ee1f4d023fa1110e0bdfcfd2f51d9a261fa543c3862b9a4eee9 + - name: kind + value: task + resolver: bundles + - name: validate-fbc + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: validate-fbc + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-validate-fbc:0.1@sha256:5ad28ce898a5b4bcaaf3b17d80f30fb377e7229f43219076bb2579c52e241bdb + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: fbc-target-index-pruning-check + params: + - name: IMAGE_URL + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: TARGET_INDEX + value: registry.redhat.io/redhat/redhat-operator-index + - name: RENDERED_CATALOG_DIGEST + value: $(tasks.validate-fbc.results.RENDERED_CATALOG_DIGEST) + runAfter: + - validate-fbc + taskRef: + params: + - name: name + value: fbc-target-index-pruning-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-fbc-target-index-pruning-check:0.1@sha256:6f1d1edb746a7b20ad4fe523344c5515a259403b8314f5208d96ea0c6ec06169 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + - name: fbc-fips-check-oci-ta + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: fbc-fips-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-fbc-fips-check-oci-ta:0.1@sha256:4ff3a82892cc75c05fdf895898849094544439bfe8aa23c340548f2d01710cc0 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: git-auth + optional: true + - name: netrc + optional: true + taskRunTemplate: + serviceAccountName: build-pipeline-openperouter-operator-fbc-4-20 + workspaces: + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' +status: {} diff --git a/konflux.Makefile b/konflux.Makefile new file mode 100644 index 00000000..48b7ebf8 --- /dev/null +++ b/konflux.Makefile @@ -0,0 +1,132 @@ +PROJECT_DIR := $(shell dirname $(abspath $(firstword $(MAKEFILE_LIST)))) + +# VERSION defines the project version for the bundle. +# Update this value when you upgrade the version of your project. +# To re-generate a bundle for another specific version without changing the standard setup, you can: +# - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) +# - use environment variables to overwrite this value (e.g export VERSION=0.0.2) +VERSION ?= 4.20.0 + +# OPERATOR_SDK_VERSION defines the operator-sdk version to download from GitHub releases. +OPERATOR_SDK_VERSION ?= v1.41.1 + +# YQ_VERSION defines the yq version to download from GitHub releases. +YQ_VERSION ?= v4.45.4 + +# OPM_VERSION defines the opm version to download from GitHub releases. +OPM_VERSION ?= v1.52.0 + +## Tool Binaries + +LOCALBIN ?= $(shell pwd)/bin +$(LOCALBIN): + mkdir -p $(LOCALBIN) + +OPERATOR_SDK ?= $(LOCALBIN)/operator-sdk +OPM ?= $(LOCALBIN)/opm +YQ ?= $(LOCALBIN)/yq + +.PHONY: yq +yq: ## Download yq locally if necessary + @echo "Downloading yq..." + $(MAKE) -C $(PROJECT_DIR)/telco5g-konflux/scripts/download download-yq DOWNLOAD_INSTALL_DIR=$(PROJECT_DIR)/bin + $(YQ) --version + @cp $(YQ) /usr/bin/yq + @echo "Yq downloaded successfully." + +.PHONY: yq-sort-and-format +yq-sort-and-format: yq ## Sort keys/reformat all yaml files + @echo "Sorting keys and reformatting YAML files..." + @find . -name "*.yaml" -o -name "*.yml" | grep -v -E "(telco5g-konflux/|target/|vendor/|bin/|\.git/)" | while read file; do \ + echo "Processing $$file..."; \ + $(YQ) -i '.. |= sort_keys(.)' "$$file"; \ + done + @echo "YAML sorting and formatting completed successfully." + +operator-sdk: ## Download operator-sdk locally if necessary + @$(MAKE) -C $(PROJECT_DIR)/telco5g-konflux/scripts/download download-operator-sdk \ + DOWNLOAD_INSTALL_DIR=$(PROJECT_DIR)/bin \ + DOWNLOAD_OPERATOR_SDK_VERSION=$(OPERATOR_SDK_VERSION) + @echo "Operator sdk downloaded successfully." + +.PHONY: opm +opm: ## Download opm locally if necessary + @$(MAKE) -C $(PROJECT_DIR)/telco5g-konflux/scripts/download download-opm \ + DOWNLOAD_INSTALL_DIR=$(PROJECT_DIR)/bin \ + DOWNLOAD_OPM_VERSION=$(OPM_VERSION) + $(OPM) version + @cp $(OPM) /usr/bin/opm + @echo "Opm downloaded successfully." + +##@ Konflux +PACKAGE_NAME_KONFLUX = openperouter-operator +CATALOG_TEMPLATE_KONFLUX = .konflux/catalog/catalog-template.in.yaml +CATALOG_KONFLUX = .konflux/catalog/$(PACKAGE_NAME_KONFLUX)/catalog.yaml +BUNDLE_NAME_SUFFIX = bundle-4-20 +PRODUCTION_BUNDLE_NAME = bundle +PRODUCTION_NAMESPACE = openshift4-dev-preview-beta + +# You can use podman or docker as a container engine. Notice that there are some options that might be only valid for one of them. +ENGINE ?= docker + +.PHONY: konflux-validate-catalog-template-bundle ## validate the last bundle entry on the catalog template file +konflux-validate-catalog-template-bundle: yq operator-sdk + $(MAKE) -C $(PROJECT_DIR)/telco5g-konflux/scripts/catalog konflux-validate-catalog-template-bundle \ + CATALOG_TEMPLATE_KONFLUX=$(PROJECT_DIR)/$(CATALOG_TEMPLATE_KONFLUX) PRODUCTION_NAMESPACE=$(PRODUCTION_NAMESPACE) \ + YQ=$(YQ) \ + OPERATOR_SDK=$(OPERATOR_SDK) \ + ENGINE=$(ENGINE) + +.PHONY: konflux-validate-catalog +konflux-validate-catalog: opm ## validate the current catalog file + $(MAKE) -C $(PROJECT_DIR)/telco5g-konflux/scripts/catalog konflux-validate-catalog \ + CATALOG_KONFLUX=$(PROJECT_DIR)/$(CATALOG_KONFLUX) PRODUCTION_NAMESPACE=$(PRODUCTION_NAMESPACE) \ + OPM=$(OPM) + +.PHONY: konflux-generate-catalog ## generate a quay.io catalog +konflux-generate-catalog: yq opm + $(MAKE) -C $(PROJECT_DIR)/telco5g-konflux/scripts/catalog konflux-generate-catalog \ + CATALOG_TEMPLATE_KONFLUX=$(PROJECT_DIR)/$(CATALOG_TEMPLATE_KONFLUX) \ + CATALOG_KONFLUX=$(PROJECT_DIR)/$(CATALOG_KONFLUX) PRODUCTION_NAMESPACE=$(PRODUCTION_NAMESPACE) \ + PACKAGE_NAME_KONFLUX=$(PACKAGE_NAME_KONFLUX) \ + BUNDLE_BUILDS_FILE=$(PROJECT_DIR)/.konflux/catalog/bundle.builds.in.yaml \ + OPM=$(OPM) \ + YQ=$(YQ) + $(MAKE) konflux-validate-catalog + +.PHONY: konflux-generate-catalog-production ## generate a registry.redhat.io catalog +konflux-generate-catalog-production: yq opm + $(MAKE) -C $(PROJECT_DIR)/telco5g-konflux/scripts/catalog konflux-generate-catalog-production \ + CATALOG_TEMPLATE_KONFLUX=$(PROJECT_DIR)/$(CATALOG_TEMPLATE_KONFLUX) \ + CATALOG_KONFLUX=$(PROJECT_DIR)/$(CATALOG_KONFLUX) PRODUCTION_NAMESPACE=$(PRODUCTION_NAMESPACE) \ + PACKAGE_NAME_KONFLUX=$(PACKAGE_NAME_KONFLUX) \ + BUNDLE_NAME_SUFFIX=$(BUNDLE_NAME_SUFFIX) \ + PRODUCTION_BUNDLE_NAME=$(PRODUCTION_BUNDLE_NAME) \ + BUNDLE_BUILDS_FILE=$(PROJECT_DIR)/.konflux/catalog/bundle.builds.in.yaml \ + OPM=$(OPM) \ + YQ=$(YQ) + $(MAKE) konflux-validate-catalog + +.PHONY: konflux-filter-unused-redhat-repos +konflux-filter-unused-redhat-repos: ## Filter unused repositories from redhat.repo files in runtime lock folder + @echo "Filtering unused repositories from runtime lock folder..." + $(MAKE) -C $(PROJECT_DIR)/telco5g-konflux/scripts/rpm-lock filter-unused-repos REPO_FILE=$(PROJECT_DIR)/.konflux/lock-runtime/redhat.repo + @echo "Filtering completed for runtime lock folder." + +.PHONY: konflux-update-tekton-task-refs +konflux-update-tekton-task-refs: ## Update task references in Tekton pipeline files + @echo "Updating task references in Tekton pipeline files..." + $(MAKE) -C $(PROJECT_DIR)/telco5g-konflux/scripts/tekton update-task-refs PIPELINE_FILES="$(shell find $(PROJECT_DIR)/.tekton -name '*.yaml' -not -name 'OWNERS' | tr '\n' ' ')" + @echo "Task references updated successfully." + +.PHONY: konflux-compare-catalog +konflux-compare-catalog: ## Compare generated catalog with upstream FBC image + @echo "Comparing generated catalog with upstream FBC image..." + $(MAKE) -C $(PROJECT_DIR)/telco5g-konflux/scripts/catalog konflux-compare-catalog \ + CATALOG_KONFLUX=$(PROJECT_DIR)/$(CATALOG_KONFLUX) PRODUCTION_NAMESPACE=$(PRODUCTION_NAMESPACE) \ + PACKAGE_NAME_KONFLUX=$(PACKAGE_NAME_KONFLUX) \ + UPSTREAM_FBC_IMAGE=quay.io/redhat-user-workloads/telco-5g-tenant/$(PACKAGE_NAME_KONFLUX)-fbc-4-20:latest + +.PHONY: konflux-all +konflux-catalog-all: konflux-validate-catalog-template-bundle konflux-generate-catalog-production konflux-compare-catalog ## Run all konflux catalog logic + @echo "All Konflux targets completed successfully." \ No newline at end of file diff --git a/telco5g-konflux b/telco5g-konflux new file mode 160000 index 00000000..5c42274c --- /dev/null +++ b/telco5g-konflux @@ -0,0 +1 @@ +Subproject commit 5c42274c353890fc9ae98d458fa660cd6a20a1fd