Guard Task execution via changed directories

The new Task in `.tekton/tasks/changed-dirs.yaml` produces a list of changed directories for a particular pull request as an array result. Given this result guards can be done, e.g. using CEL expressions to limit when a Task on the Pipeline needs to run. This way we can skip expensive Tasks that are unrelated to the change done in the pull request. Similar to work in #1188 and #524, with the distinction that the PipelineRun is executed, only potentially not in full.
konflux-ci · Oct 31, 2024 · e646f15 · e646f15
1 parent 295cc76
commit e646f15
Show file tree

Hide file tree

Showing 3 changed files with 84 additions and 3 deletions.
diff --git a/.tekton/pull-request.yaml b/.tekton/pull-request.yaml
@@ -5,7 +5,7 @@ metadata:
   name: build-definitions-pull-request
   annotations:
     pipelinesascode.tekton.dev/on-cel-expression: (event == "pull_request" && target_branch == "main" && ( !has(body.pull_request) || !body.pull_request.draft) ) || (event == "push" && target_branch.startsWith("gh-readonly-queue/main/"))
-    pipelinesascode.tekton.dev/task: "[task/git-clone/0.1/git-clone.yaml, .tekton/tasks/buildah.yaml, .tekton/tasks/task-lint.yaml, .tekton/tasks/e2e-test.yaml, task/sast-snyk-check/0.2/sast-snyk-check.yaml, task/sast-unicode-check/0.1/sast-unicode-check.yaml]"
+    pipelinesascode.tekton.dev/task: "[task/git-clone/0.1/git-clone.yaml, .tekton/tasks/buildah.yaml, .tekton/tasks/task-lint.yaml, .tekton/tasks/e2e-test.yaml, task/sast-snyk-check/0.2/sast-snyk-check.yaml, task/sast-unicode-check/0.1/sast-unicode-check.yaml, .tekton/tasks/changed-dirs.yaml]"
     pipelinesascode.tekton.dev/max-keep-runs: "5"
 spec:
   params:
@@ -36,6 +36,17 @@ spec:
             value: $(params.revision)
           - name: depth
             value: "0"
+      - name: changed-dirs
+        taskRef:
+          name: changed-dirs
+        params:
+          - name: pr_number
+            value: "{{ pull_request_number }}"
+          - name: utils_image
+            value: quay.io/konflux-ci/pull-request-builds:appstudio-utils-{{revision}}
+        runAfter:
+          - fetch-repository
+          - build-appstudio-utils
       - name: task-lint-check
         runAfter:
           - fetch-repository
@@ -74,6 +85,10 @@ spec:
           - name: source
             workspace: workspace
       - name: check-partner-tasks
+        when:
+          - input: "partners"
+            operator: "in"
+            values: ["$(tasks.changed-dirs.results.changed_directories[*])"]
         runAfter:
           - build-appstudio-utils
         taskSpec:
@@ -125,13 +140,15 @@ spec:
           - name: source
             workspace: workspace
       - name: build-bundles
+        when:
+          - input: "task"
+            operator: "in"
+            values: ["$(tasks.changed-dirs.results.changed_directories[*])"]
         params:
           - name: revision
             value: "{{ revision }}"
           - name: e2e_test_namespace
             value: $(params.e2e_test_namespace)
-        runAfter:
-          - build-appstudio-utils
         workspaces:
           - name: source
             workspace: workspace
@@ -174,6 +191,10 @@ spec:
           workspaces:
             - name: source
       - name: e2e-tests
+        when:
+          - input: "task"
+            operator: "in"
+            values: ["$(tasks.changed-dirs.results.changed_directories[*])"]
         params:
           - name: e2e_test_namespace
             value: $(params.e2e_test_namespace)
@@ -198,6 +219,10 @@ spec:
         # Added a timeout due to https://issues.redhat.com/browse/STONEBLD-2265
         timeout: "2h"
       - name: check-task-pipeline-repo-existence
+        when:
+          - input: "task"
+            operator: "in"
+            values: ["$(tasks.changed-dirs.results.changed_directories[*])"]
         runAfter:
           - build-bundles
         taskSpec:
@@ -214,6 +239,10 @@ spec:
           - name: source
             workspace: workspace
       - name: ec-task-checks
+        when:
+          - input: "task"
+            operator: "in"
+            values: ["$(tasks.changed-dirs.results.changed_directories[*])"]
         runAfter:
           - fetch-repository
         taskRef:
@@ -222,6 +251,10 @@ spec:
           - name: source
             workspace: workspace
       - name: check-task-migration-md
+        when:
+          - input: "task"
+            operator: "in"
+            values: ["$(tasks.changed-dirs.results.changed_directories[*])"]
         runAfter:
           - fetch-repository
         taskSpec:

diff --git a/.tekton/tasks/changed-dirs.yaml b/.tekton/tasks/changed-dirs.yaml
@@ -0,0 +1,47 @@
+apiVersion: tekton.dev/v1
+kind: Task
+metadata:
+  name: changed-dirs
+  labels:
+    app.kubernetes.io/version: "0.1"
+  annotations:
+    tekton.dev/pipelines.minVersion: "0.12.1"
+    tekton.dev/displayName: "Lists changed files"
+    tekton.dev/platforms: "linux/amd64"
+spec:
+  description: Produces a list of changed top-level directories
+  params:
+    - name: pr_number
+      type: string
+    - name: utils_image
+      type: string
+  results:
+    - name: changed_directories
+      type: array
+  steps:
+    - name: list-changed-files
+      image: $(params.utils_image)
+      env:
+        - name: GITHUB_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: "{{ git_auth_secret }}"
+              key: "git-provider-token"
+      script: |
+        #!/bin/bash
+        set -o errexit
+        set -o nounset
+        set -o pipefail
+
+        dirs=()
+        # collect all directories changed in a PR
+        for path in $(gh pr view "https://github.com/konflux-ci/build-definitions/pull/$(params.pr_number)" --json files --jq '.files.[].path'); do
+          dirs+=("${path%%/*}")
+        done
+        # deduplicate dirs
+        readarray -t dirs < <(printf '%s\n' "${dirs[@]}" | sort -u)
+        # join $dirs with '","', e.g. (a b c) -> 'a","b","c","'
+        escaped_json="$(printf '%s\",\"' "${dirs[@]}")"
+        # add the square brackets and remove the trailing ',"'
+        escaped_json="[\"${escaped_json::-2}]"
+        echo -n "${escaped_json}" > "$(results.changed_directories.path)"
diff --git a/appstudio-utils/Dockerfile b/appstudio-utils/Dockerfile
@@ -8,6 +8,7 @@ RUN curl -L https://github.com/tektoncd/cli/releases/download/v0.32.2/tkn_0.32.2
 RUN curl -L https://github.com/sigstore/rekor/releases/download/v0.5.0/rekor-cli-linux-amd64 -o /usr/bin/rekor-cli && chmod +x /usr/bin/rekor-cli
 RUN curl -L https://github.com/open-policy-agent/conftest/releases/download/v0.32.0/conftest_0.32.0_Linux_x86_64.tar.gz | tar -xz --no-same-owner -C /usr/bin
 RUN curl -L https://github.com/enterprise-contract/ec-cli/releases/download/snapshot/ec_linux_amd64 -o /usr/bin/ec && chmod +x /usr/bin/ec && ec version
+RUN curl -L https://github.com/cli/cli/releases/download/v2.60.1/gh_2.60.1_linux_amd64.tar.gz | tar -xz  -C /usr/bin --wildcards "gh_*/bin/gh" --strip-components=2 --no-same-owner
 
 RUN dnf -y --setopt=tsflags=nodocs install \
     git \