feat(RELEASE-1387): use trusted artifacts #784
Conversation
|
Skipping CI for Draft Pull Request. |
scoheb
force-pushed
the
use-trusted-artifacts
branch
28 times, most recently
from
c5831b5 to
92310a3
Compare
scoheb
changed the title
scoheb
force-pushed
the
use-trusted-artifacts
branch
4 times, most recently
from
4adff68 to
8779560
Compare
scoheb
force-pushed
the
use-trusted-artifacts
branch
from
8779560 to
09144e8
Compare
| | sourceDataArtifact | Location of trusted artifacts to be used to populate data directory | No | - | | ||
| | subdirectory | Subdirectory inside the workspace to be used | No | - | | ||
|
|
||
| ## Changes in 1.10.0 |
There was a problem hiding this comment.
I think this definitely warrants going to 2.0.0
| | snapshotPath | Path to the JSON string of the Snapshot spec in the config workspace to apply the mapping to | No | - | | ||
| | dataPath | Path to the JSON string of the merged data to use in the data workspace | No | - | | ||
| | failOnEmptyResult | Fail the task if the resulting snapshot contains zero components | Yes | false | | ||
| | ociStorage | The OCI repository where the Trusted Artifacts are stored. | No | - | |
There was a problem hiding this comment.
This and line 34 are the only ones with . at the end. Probably don't need it
| - name: subdirectory | ||
| description: Subdirectory inside the workspace to be used | ||
| type: string | ||
| default: "" |
There was a problem hiding this comment.
The README says this isn't optional and has no default
| #!/usr/bin/env bash | ||
| set -eo pipefail | ||
|
|
||
| if [ "$(params.ociStorage)" == "empty" ]; then |
There was a problem hiding this comment.
Should empty be the default for this parameter then?
| @@ -353,3 +391,29 @@ spec: | |||
| "${SNAPSHOT_SPEC_FILE}" > /tmp/temp && mv /tmp/temp "${SNAPSHOT_SPEC_FILE}" | |||
| fi | |||
| done | |||
| - name: create-trusted-artifact | |||
There was a problem hiding this comment.
The first step says we will skip trusted-artifacts steps if the param is empty, but I don't see any when condition on this step. Is that intended?
| @@ -54,40 +68,98 @@ spec: | |||
| ] | |||
| } | |||
| EOF | |||
| - name: skip-trusted-artifact-operations | |||
There was a problem hiding this comment.
Why are these steps here? They look the same as the one added in the task
- in an effort to move away from PVCs, we are trying
trusted artifacts.
- this PR makes the following changes:
- PipelineRun uses an EmptyDir now for the workspace
- the subDirectory parameter is removed
- the data path is now saved as an artifact in quay
- the check-result task then uses it for testing
- a local registry is installed on the cluster under test
in order to create and use trusted artifacts during testing
- If we go ahead with this, then we would create a new task
called `collect-data-oci-ta` alongside `collect-data`
and gradually build up new `-oci-ta` pipelines.
Signed-off-by: Scott Hebert <[email protected]>
Signed-off-by: Scott Hebert <[email protected]>
Signed-off-by: Scott Hebert <[email protected]>
Signed-off-by: Scott Hebert <[email protected]>
Signed-off-by: Scott Hebert <[email protected]>
Signed-off-by: Scott Hebert <[email protected]>
Signed-off-by: Scott Hebert <[email protected]>
Signed-off-by: Scott Hebert <[email protected]>
Signed-off-by: Scott Hebert <[email protected]>
Signed-off-by: Scott Hebert <[email protected]>
Signed-off-by: Scott Hebert <[email protected]>
Signed-off-by: Scott Hebert <[email protected]>
Signed-off-by: Scott Hebert <[email protected]>
Signed-off-by: Scott Hebert <[email protected]>
Signed-off-by: Scott Hebert <[email protected]>
Signed-off-by: Scott Hebert <[email protected]>
- 1 run as PVC based - 1 run as Trusted Artifacts based if found Signed-off-by: Scott Hebert <[email protected]>
- remove DEBUG env vars Signed-off-by: Scott Hebert <[email protected]>
Signed-off-by: Scott Hebert <[email protected]>
Signed-off-by: Scott Hebert <[email protected]>
Signed-off-by: Scott Hebert <[email protected]>
scoheb
force-pushed
the
use-trusted-artifacts
branch
from
09144e8 to
6bef15b
Compare
|
@scoheb: The following test has Failed, say /retest to rerun failed tests.
Inspecting Test ArtifactsTo inspect your test artifacts, follow these steps:
mkdir -p oras-artifacts
cd oras-artifacts
oras pull quay.io/konflux-test-storage/konflux-team/release-service-catalog:konflux-e2e-tests-catalog-ljnwvTest results analysis🚨 Error occurred while running the E2E tests, list of failed Spec(s): ➡️ [ Click to view logsError when waiting for a release pipelinerun for release push-pyxis-dnud-tenant/snapshot-sample-jszf-xfb6h to finish
Expected success, but got an error:
<*errors.errorString | 0xc001597d60>:
Pipelinerun 'managed-fbl8j' didn't succeed
{
s: "Pipelinerun 'managed-fbl8j' didn't succeed\n",
}➡️ [ Click to view logsPipelineRun managed-b4twn failed
Expected
: Pipelinerun 'managed-b4twn' didn't succeed\n
to equal
: ➡️ [ Click to view logsPipelineRun managed-fknn4 failed
Expected
: Pipelinerun 'managed-fknn4' didn't succeed\n
to equal
: ➡️ [ Click to view logsPipelineRun managed-dmhk9 failed
Expected
: Pipelinerun 'managed-dmhk9' didn't succeed\n
to equal
: ➡️ [ Click to view logsPipelineRun managed-hv6zz failed
Expected
: Pipelinerun 'managed-hv6zz' didn't succeed\n
to equal
: ➡️ [ Click to view logsPipelineRun managed-g4cp2 failed
Expected
: Pipelinerun 'managed-g4cp2' didn't succeed\n
to equal
: ➡️ [ Click to view logsError when waiting for a release pipelinerun for release ex-registry-liiu-tenant/snapshot-sample-gwvk-94m8h to finish
Expected success, but got an error:
<*errors.errorString | 0xc000ef5c00>:
Pipelinerun 'managed-cphc8' didn't succeed
{
s: "Pipelinerun 'managed-cphc8' didn't succeed\n",
} |
Describe your changes
trusted artifacts based on https://github.com/konflux-ci/build-trusted-artifacts/tree/main
requires konflux-ci/release-service@c92d422 for use on real clusters
Relevant Jira
Checklist before requesting a review
do not mergelabel if there's a dependency PRrelease-service-maintainershandle if you are unsure who to tagSigned-off-by: My name <email>