RHOAIENG-18400: chore(konflux): create helper scripts to generate konflux configs (opendatahub-io#903)

* NO-JIRA: chore(konflux): create helper scripts to generate konflux configs

* Update ci/cached-builds/gha_pr_changed_files.py

Co-authored-by: Jan Stourac <[email protected]>

---------

Co-authored-by: Jan Stourac <[email protected]>

Author: jiridanek

.tekton/image-registry.yaml

@@ -0,0 +1,72 @@
+---
+# List of images referenced from the Python code generation scripts for Tekton pipelines.
+#
+# The structure of this file must be compatible with
+# https://docs.renovatebot.com/modules/manager/tekton/
+#
+# Specifically, see `function getDeps` and `function getBundleValue()` in
+# https://github.com/renovatebot/renovate/blob/main/lib/modules/manager/tekton/extract.ts
+#
+# This is using the 'older-style' bundle references (see ^^^), because they are a bit less verbose
+#
+# Konflux (MintMaker) will then update the hashes in this yaml together with the generated Tekton pipelines
+# because the default renovate.json config includes `.tekton/**.yaml` (and `.yml`) files
+# https://github.com/konflux-ci/mintmaker/blob/289fefb5c7ac18c978b96080c2628d55d0712e83/config/renovate/renovate.json#L62-L70
+items:
+  - spec:
+      taskRef:
+        bundle: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:3e01d3870212cfa0a5f947abcd74348adb80591a2f0828c64bb29323dff7225d
+  - spec:
+      taskRef:
+        bundle: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:04f15cbce548e1db7770eee3f155ccb2cc0140a6c371dc67e9a34d83673ea0c0
+  - spec:
+      taskRef:
+        bundle: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:63eb4a4c0cfb491276bff86fdad1c96bf238506388848e79001058450a8e843a
+  - spec:
+      taskRef:
+        bundle: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:aab5f0f4906ba2c2a64a67b591c7ecf57018d066f1206ebc56158476e29f2cf3
+  - spec:
+      taskRef:
+        bundle: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:752230a646483aebd465a942aef4f35c08e67185609ac26e19a3b931de9b7b0a
+  - spec:
+      taskRef:
+        bundle: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:24feb32a91fb9960aa0a2d3a982dd549bad2d40074e1e5e3f9ae9739a66174b8
+  - spec:
+      taskRef:
+        bundle: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.2@sha256:183b28fc7c3ca8bc81b00d695517cd2e0b7c31e13365bcfd7e3c758ce13c489c
+  - spec:
+      taskRef:
+        bundle: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:a0a5b05286e3df5045432b3da3cc11224a831e05bc77c927cbfd00381f7f6235
+  - spec:
+      taskRef:
+        bundle: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:c45aae9e7d4449e1ea3ef0fc59dec84b77831329ae2b03c1578e02bd051a2863
+  - spec:
+      taskRef:
+        bundle: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:df8a25a3431a70544172ed4844f9d0c6229d39130633960729f825a031a7dea9
+  - spec:
+      taskRef:
+        bundle: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:6673cbd19e4f1872dd194c91d0b1fe14cacd3768050f6516d3888f660e0732de
+  - spec:
+      taskRef:
+        bundle: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:7595ba07e6bf3737a7ce51e0d75e43bd2658a9b9c5b59e161c005029ac758b3d
+  - spec:
+      taskRef:
+        bundle: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.2@sha256:61a4b5afd0c49cd999fbe60b36e2d92750c7fb337942015929b3d3f393e3bde5
+  - spec:
+      taskRef:
+        bundle: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:d6b15fa9874cceb1e68f564942507939499971d17108b5540990de035d1a8266
+  - spec:
+      taskRef:
+        bundle: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:b1b78cb0b9eb6b6e333b35f90db182d4e86ef8e93acb4f3450dd1ad88ea3fab2
+  - spec:
+      taskRef:
+        bundle: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.1@sha256:a8e5bec59687de42b77c579e931827de755623244a2c006701b4f9e08a3713b1
+  - spec:
+      taskRef:
+        bundle: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:5e5f290359fd34ae4cc77cbbba6ef8c9907d752572d6dc2a00f5a4c504eb48bb
+  - spec:
+      taskRef:
+        bundle: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:443e665458bd44f029c8e44e8d4c44e4faa8c533f129014ccb3c4c51fd89bbfc
+  - spec:
+      taskRef:
+        bundle: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:5bc61290c6d56cb3d61409efdf522574e7d08a497f362d7456ed33d56189c4f9

.tekton/jupyter-minimal-ubi9-python-3-11-pull-request.yaml

@@ -1,14 +1,15 @@
 # yamllint disable-file
+# This file is autogenerated by ci/cached-builds/konflux_generate_component_build_pipelines.py
 apiVersion: tekton.dev/v1
 kind: PipelineRun
 metadata:
   annotations:
-    build.appstudio.openshift.io/repo: https://github.com/opendatahub-io/notebooks?rev={{revision}}
+    build.appstudio.openshift.io/repo: 'https://github.com/opendatahub-io/notebooks?rev={{revision}}'
     build.appstudio.redhat.com/commit_sha: '{{revision}}'
     build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}'
     build.appstudio.redhat.com/target_branch: '{{target_branch}}'
     pipelinesascode.tekton.dev/cancel-in-progress: "true"
-    pipelinesascode.tekton.dev/max-keep-runs: "3"
+    pipelinesascode.tekton.dev/max-keep-runs: '3'
     pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
       == "main" && has(body.repository) && body.repository.full_name == "opendatahub-io/notebooks"
   creationTimestamp: null
@@ -25,7 +26,7 @@ spec:
   - name: revision
     value: '{{revision}}'
   - name: output-image
-    value: quay.io/redhat-user-workloads/rhoai-ide-konflux-tenant/jupyter-minimal-ubi9-python-3-11:on-pr-{{revision}}
+    value: 'quay.io/redhat-user-workloads/rhoai-ide-konflux-tenant/jupyter-minimal-ubi9-python-3-11:on-pr-{{revision}}'
   - name: image-expires-after
     value: 5d
   - name: build-platforms

.tekton/jupyter-minimal-ubi9-python-3-11-push.yaml

@@ -1,13 +1,14 @@
 # yamllint disable-file
+# This file is autogenerated by ci/cached-builds/konflux_generate_component_build_pipelines.py
 apiVersion: tekton.dev/v1
 kind: PipelineRun
 metadata:
   annotations:
-    build.appstudio.openshift.io/repo: https://github.com/opendatahub-io/notebooks?rev={{revision}}
+    build.appstudio.openshift.io/repo: 'https://github.com/opendatahub-io/notebooks?rev={{revision}}'
     build.appstudio.redhat.com/commit_sha: '{{revision}}'
     build.appstudio.redhat.com/target_branch: '{{target_branch}}'
     pipelinesascode.tekton.dev/cancel-in-progress: "false"
-    pipelinesascode.tekton.dev/max-keep-runs: "3"
+    pipelinesascode.tekton.dev/max-keep-runs: '3'
     pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
       == "main" && has(body.repository) && body.repository.full_name == "opendatahub-io/notebooks"
   creationTimestamp: null
@@ -24,7 +25,7 @@ spec:
   - name: revision
     value: '{{revision}}'
   - name: output-image
-    value: quay.io/redhat-user-workloads/rhoai-ide-konflux-tenant/jupyter-minimal-ubi9-python-3-11:{{revision}}
+    value: 'quay.io/redhat-user-workloads/rhoai-ide-konflux-tenant/jupyter-minimal-ubi9-python-3-11:{{revision}}'
   - name: image-expires-after
     value: 28d
   - name: build-platforms

Makefile

@@ -94,6 +94,7 @@ endef
 #
 # PUSH_IMAGES: allows skipping podman push
 define image
+	$(info #*# Image build Dockerfile: <$(2)> #(MACHINE-PARSED LINE)#*#...)
 	$(eval BUILD_DIRECTORY := $(shell echo $(2) | sed 's/\/Dockerfile.*//'))
 	$(info #*# Image build directory: <$(BUILD_DIRECTORY)> #(MACHINE-PARSED LINE)#*#...)
 

ci/cached-builds/gha_pr_changed_files.py

@@ -28,25 +28,34 @@ def list_changed_files(from_ref: str, to_ref: str) -> list[str]:
     return files
 
 
-def get_build_directory(make_target) -> str:
-    directories = []
+def _query_build(make_target: str, query: str) -> str:
+    results = []
 
-    pattern = re.compile(r"#\*# Image build directory: <(?P<dir>[^>]+)> #\(MACHINE-PARSED LINE\)#\*#\.\.\.")
+    pattern = re.compile(r"#\*# " + query + r": <(?P<result>[^>]+)> #\(MACHINE-PARSED LINE\)#\*#\.\.\.")
     try:
         logging.debug(f"Running make in --just-print mode for target {make_target}")
         for line in subprocess.check_output([MAKE, make_target, "--just-print"], encoding="utf-8",
                                             cwd=PROJECT_ROOT).splitlines():
             if m := pattern.match(line):
-                directories.append(m["dir"])
+                results.append(m["result"])
     except subprocess.CalledProcessError as e:
         print(e.stderr, e.stdout)
         raise
 
-    if len(directories) != 1:
-        raise Exception(f"Expected a single build directory for target '{make_target}': {directories}")
+    if len(results) != 1:
+        raise Exception(f"Expected a single query result for target '{make_target}': {results}")
+
+    logging.debug(f"Target {make_target} builds from {results[0]}")
+    return results[0]
+
+
+def get_build_directory(make_target) -> str:
+    return _query_build(make_target, "Image build directory")
+
+
+def get_build_dockerfile(make_target) -> str:
+    return _query_build(make_target, "Image build Dockerfile")
 
-    logging.debug(f"Target {make_target} buildes from {directories[0]}")
-    return directories[0]
 
 def find_dockerfiles(directory: str) -> list:
     """Finds and returns a list of files matching the pattern 'Dockerfile*' in the specified directory."""
@@ -67,10 +76,9 @@ def should_build_target(changed_files: list[str], target_directory: str) -> str:
             return changed_file
     # detect change in any of the files outside
     dockerfiles = find_dockerfiles(target_directory)
-    results = ""
     for dockerfile in dockerfiles:
         stdout = subprocess.check_output([PROJECT_ROOT / "bin/buildinputs", target_directory + "/" + dockerfile],
-                                        text=True, cwd=PROJECT_ROOT)
+                                         text=True, cwd=PROJECT_ROOT)
         logging.debug(f"{target_directory=} {dockerfile=} {stdout=}")
         if stdout == "\n":
             # no dependencies
@@ -106,5 +114,9 @@ def test_get_build_directory(self):
         directory = get_build_directory("rocm-jupyter-pytorch-ubi9-python-3.11")
         assert directory == "jupyter/rocm/pytorch/ubi9-python-3.11"
 
+    def test_get_build_dockerfile(self):
+        dockerfile = get_build_dockerfile("rocm-jupyter-pytorch-ubi9-python-3.11")
+        assert dockerfile == "jupyter/rocm/pytorch/ubi9-python-3.11/Dockerfile.rocm"
+
     def test_should_build_target(self):
         assert "" == should_build_target(["README.md"], "jupyter/datascience/ubi9-python-3.11")